Scheduling malware signature updates in relation to threat awareness and environmental safety

US 8,726,391 B1
Filed: 10/10/2008
Issued: 05/13/2014
Est. Priority Date: 10/10/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of retrieving a set of malware signatures comprising:

receiving, at a client, client safety scores from a set of peer clients associated with the client, a client safety score for a peer client having a value indicating a mode of operation associated with the peer client, the value normalized as a ratio of a number of malware threat detections on the peer client to a number of software applications found on the peer client;

calculating, by the client, an environmental safety score associated with the client based, at least in part, on the client safety scores received from the set of peer clients, wherein the environmental safety score indicates a likelihood that the client is exposed to malware threats;

identifying a plurality of different time intervals respectively associated with a plurality of different environmental safety scores;

selecting a time interval of the plurality of different time intervals associated with the calculated environmental safety score;

retrieving a set of malware signatures from a server at a time determined responsive to the environmental safety score and the selected time interval; and

storing the set of malware signatures.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Information is received from a set of peer clients associated with a client, the information indicating likelihoods of peer client exposure to malware threats. An environmental safety score associated with the client is determined based, at least in part, on the information received from the set of peer clients, wherein the environmental safety score indicates a likelihood that the client is exposed to malware threats. A set of malware signatures is retrieved from the server at a time determined responsive to the environmental safety score and stored.

Citations

16 Claims

1. A computer-implemented method of retrieving a set of malware signatures comprising:
- receiving, at a client, client safety scores from a set of peer clients associated with the client, a client safety score for a peer client having a value indicating a mode of operation associated with the peer client, the value normalized as a ratio of a number of malware threat detections on the peer client to a number of software applications found on the peer client;
  
  calculating, by the client, an environmental safety score associated with the client based, at least in part, on the client safety scores received from the set of peer clients, wherein the environmental safety score indicates a likelihood that the client is exposed to malware threats;
  
  identifying a plurality of different time intervals respectively associated with a plurality of different environmental safety scores;
  
  selecting a time interval of the plurality of different time intervals associated with the calculated environmental safety score;
  
  retrieving a set of malware signatures from a server at a time determined responsive to the environmental safety score and the selected time interval; and
  
  storing the set of malware signatures.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, wherein calculating the environmental safety score associated with the client based, at least in part, on the client safety scores received from the peer clients comprises:
    - determining a client safety score associated with the client, wherein the client safety score indicates a likelihood of client exposure to malware threats;
      
      andcalculating the environmental safety score associated with the client based, at least in part, on the client safety score associated with the client and the client safety scores received from the set of peer clients.
  - 3. The computer-implemented method of claim 2, wherein calculating the environment safety score associated with the client based, at least in part, on the client safety score associated with the client and the client safety scores received from the set of peer clients comprises:
    - selecting one of the client safety score associated with the client and a client safety score received from a peer client indicating a highest likelihood of exposure to malware threats as the environmental safety score.
  - 4. The computer-implemented method of claim 1, wherein a length of the selected time interval associated with the calculated environmental safety score associated with the client is inversely proportional to the likelihood that the client is exposed to malware threats indicated by the environmental safety score.
  - 5. The computer-implemented method of claim 1, further comprising:
    - identifying a malware threat detection event at the client based on the retrieved set of malware signatures;
      
      determining a client safety score associated with the malware threat detection event; and
      
      providing the client safety score associated with the malware threat detection event to the peer client.
  - 6. The computer-implemented method of claim 1, wherein the value of the client safety score is further based on a number of software applications stored at the peer client having unknown reputations.
  - 7. The computer-implemented method of claim 1, wherein the value of the client safety score is further based on security settings of a browser stored at the peer client.
  - 8. The computer-implemented method of claim 1, wherein the value of the client safety score is selected from a continuous range of scores.

9. A non-transitory computer-readable storage medium encoded with executable computer program code for retrieving a set of malware signatures, the program code comprising program code for:
- receiving, at a client, client safety scores from a set of peer clients associated with the client, a client safety score for a peer client having a value indicating a mode of operation associated with the peer client, the value normalized as a ratio of a number of malware threat detections on the peer client to a number of software applications found on the peer client;
  
  calculating, by the client, an environmental safety score associated with the client based, at least in part, on the client safety scores received from the set of peer clients, wherein the environmental safety score indicates a likelihood that the client is exposed to malware threats;
  
  identifying a plurality of different time intervals respectively associated with a plurality of different environmental safety scores;
  
  selecting a time interval of the plurality of different time intervals associated with the calculated environmental safety score associated with the client;
  
  retrieving a set of malware signatures from a server at a time determined responsive to the environmental safety score and the selected time interval; and
  
  storing the set of malware signatures.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The non-transitory computer-readable storage medium of claim 9, wherein program code for calculating the environmental safety score associated with the client based, at least in part, on the client safety scores received from the peer clients comprises program code for:
    - determining a client safety score associated with the client, wherein the client safety score indicates a likelihood of client exposure to malware threats; and
      
      calculating the environmental safety score associated with the client based, at least in part, on the client safety score associated with the client and the client safety scores received from the set of peer clients.
  - 11. The non-transitory computer-readable storage medium of claim 10, wherein program code for calculating the environment safety score associated with the client based, at least in part, on the client safety score associated with the client and the client safety scores received from the set of peer clients comprises:
    - selecting one of the client safety score associated with the client and a client safety score received from a peer client indicating a highest likelihood of exposure to malware threats as the environmental safety score.
  - 12. The non-transitory computer-readable storage medium of claim 9, wherein a length of the selected time interval associated with the calculated environmental safety score associated with the client is inversely proportional to the likelihood that the client is exposed to malware threats indicated by the environmental safety score.
  - 13. The non-transitory computer-readable storage medium of claim 9, further comprising program code for:
    - identifying a malware threat detection event at the client based on the retrieved set of malware signatures;
      
      determining a client safety score associated with the malware threat detection event; and
      
      providing the client safety score associated with the malware threat detection event to the peer client.

14. A computer system for retrieving a set of malware signatures, the system comprising:
- a processor for executing computer program code; and
  
  a computer-readable storage medium encoded with executable computer program code comprising;
  
  a peer reporting module adapted to receive, at a client, client safety scores from a set of peer clients associated with the client, a client safety score for a peer client having a value indicating a mode of operation associated with the peer client, the value normalized as a ratio of a number of malware threat detections on the peer client to a number of software applications found on the peer client;
  
  an environmental score module adapted to calculate, by the client, an environmental safety score associated with the client based, at least in part, on the client safety scores received from the set of peer clients, wherein the environmental safety score indicates a likelihood that the client is exposed to malware threats;
  
  a signature update module adapted to;
  
  identify a plurality of different time intervals respectively associated with a plurality of different environmental safety scores;
  
  select a time interval of the plurality of different time intervals associated with the calculated environmental safety score associated with the client;
  
  retrieve a set of malware signatures from a server at a time determined responsive to the environmental safety score and the selected time interval; and
  
  store the set of malware signatures.
- View Dependent Claims (15, 16)
- - 15. The computer system of claim 14, further comprising a client safety score module adapted to determine a client safety score associated with the client, wherein the client safety score indicates a likelihood of client exposure to malware threats, wherein:
    - the environmental score module is further adapted to calculate the environmental safety score associated with the client based, at least in part, on the client safety score associated with the client and the client safety scores received from the set of peer clients.
  - 16. The computer system of claim 14, wherein the selected time interval associated with the calculated environmental safety score associated with the client is inversely proportional to the likelihood that the client is exposed to malware threats indicated by the environmental safety score.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NortonLifeLock Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Zhong, Gary, Cooley, Shaun P.
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Turchen, James

Application Number

US12/249,801
Time in Patent Office

2,041 Days
Field of Search

726/25
US Class Current

726/25
CPC Class Codes

G06F 21/56 Computer malware detection ...

Scheduling malware signature updates in relation to threat awareness and environmental safety

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Scheduling malware signature updates in relation to threat awareness and environmental safety

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links