Methods and apparatus for dealing with malware

US 8,763,123 B2
Filed: 07/08/2012
Issued: 06/24/2014
Est. Priority Date: 06/30/2005
Status: Active Grant

- Alert
- Pin

First Claim

Patent Images

1. A method comprising:

receiving, at a base computer, details uniquely identifying one or more security products operating at a point in time on a remote computer;

receiving, at the base computer, details uniquely identifying one or more security products operating on other remote computers in communication with the base computer;

receiving, at the base computer, details of a process that has been executed by at least one of the other remote computers;

determining, by the base computer and based on the received details of the process that has been executed by the least one of the other remote computers, that the process is a malware process not identified by the one or more security products operating on the at least one of the other remote computers; and

determining, by the base computer, that the remote computer is vulnerable to the malware process, wherein the determination is based on the at least one of the other remote computers having a same or similar combination of security products as the combination of security products operating on the remote computer.

View all claims

10 Assignments

Timeline View

Assignment View

Litigations

1 Petition

Accused Products

Abstract

In one aspect, a method of determining the protection that a remote computer has from malware includes receiving at a base computer, details of all or selected security products operating on a remote computer, receiving similar information from other remote computers, and identifying malware process that were not identified by the security products installed on the other remote computers and having a same or similar combination of security products installed on the remote computer.

Citations

16 Claims

1. A method comprising:
- receiving, at a base computer, details uniquely identifying one or more security products operating at a point in time on a remote computer;
  
  receiving, at the base computer, details uniquely identifying one or more security products operating on other remote computers in communication with the base computer;
  
  receiving, at the base computer, details of a process that has been executed by at least one of the other remote computers;
  
  determining, by the base computer and based on the received details of the process that has been executed by the least one of the other remote computers, that the process is a malware process not identified by the one or more security products operating on the at least one of the other remote computers; and
  
  determining, by the base computer, that the remote computer is vulnerable to the malware process, wherein the determination is based on the at least one of the other remote computers having a same or similar combination of security products as the combination of security products operating on the remote computer.
- View Dependent Claims (2, 3, 7, 8, 9, 10, 11, 14)
- - 2. The method according to claim 1, further comprising:
    - providing information to the user of the remote computer that the remote computer may be susceptible to attack by the malware processes.
  - 3. The method according to claim 1, wherein the details of the one or more security products includes the name of the security products, versions, and loaded signature files.
  - 7. A computer program recorded on a non-transitory computer readable medium comprising program instructions for causing a computer to perform a method according to claim 1.
  - 8. A computer program recorded on a non-transitory computer readable medium comprising program instructions for causing a computer to perform a method according to claim 2.
  - 9. A computer program recorded on a non-transitory computer readable medium comprising program instructions for causing a computer to perform a method according to claim 3.
  - 10. The method according to claim 3, wherein the details of all or selected security products further includes settings at a particular point in time.
  - 11. The method according to claim 1, further comprising:
    - identifying, by the base computer, one or more of the other remote computers having the same or similar combination of security products as the combination of security products operating on the at least one of the other remote computers; and
      
      determining, by the base computer, that the identified one or more of the other remote computers having the same or similar combination of security products as the combination of security products operating on the at least one of the other remote computers is vulnerable to the malware process.
  - 14. The method according to claim 1, wherein the one or more security products include a firewall product and an antivirus product.

4. An apparatus comprising:
- a base computer constructed and arranged to receive details uniquely identifying one or more security products operating at a point in time on a remote computer;
  
  the base computer being constructed and arranged to receive details uniquely identifying one or more security products operating on other remote computers in communication with the base computer;
  
  the base computer being constructed and arranged to receive details of a process that has been executed by at least one of the other remote computers;
  
  the base computer being constructed and arranged to determine, based on the received details of the process that has been executed by the least one of the other remote computers, that the process is a malware process not identified by the one or more security products operating on the at least one of the other remote computers; and
  
  the base computer being constructed and arranged to determine that the remote computer is vulnerable to the malware process, wherein the determination is based on the at least one of the other remote computers having the same or similar combination of security products as the combination of security products operating on the remote computers.
- View Dependent Claims (5, 6, 12, 15)
- - 5. The apparatus according to claim 4, wherein the base computer is constructed and arranged to provide information to the user of the remote computer that the remote computer may be susceptible to attack by the malware process.
  - 6. The apparatus according to claim 4, wherein the details of the one or more security products includes the name of the security products, versions, and loaded signature files.
  - 12. The apparatus according to claim 6, wherein the details of all or selected security products further includes settings at a point in time.
  - 15. The apparatus according to claim 4, wherein the one or more security products include a firewall product and an antivirus product.

13. A method comprising:
- receiving, at a base computer, details uniquely identifying one or more security products operating at a point in time on a remote computer;
  
  receiving, at the base computer, details uniquely identifying one or more security products operating on other remote computers in communication with the base computer;
  
  receiving, at the base computer, details of a process that has been executed by at least one of the other remote computers;
  
  determining, by the base computer and based on the received details of the process that has been executed by the least one of the other remote computers, that the process is a malware process;
  
  determining, by the base computer, that the remote computer is vulnerable to the malware process, wherein the determination is based on the at least one of the other remote computers having a same or similar combination of security products as the combination of security products operating on the remote computer;
  
  identifying, by the base computer, one or more of the other remote computers having the same or similar combination of security products and settings as the combination of security products operating on the remote computer; and
  
  identifying, by the base computer, one or more malware processes that were not identified by the combination of security products and settings operating on the one or more of the other remote computers having the same or similar combination of security products as the combination of security products operating on the remote computer.

16. A method comprising:
- receiving, at a base computer, details of one or more security products operating at a point in time on a remote computer;
  
  receiving, at the base computer, details of one or more security products operating on other remote computers in communication with the base computer;
  
  receiving, at the base computer, details of a process that has been executed by at least one of the other remote computers;
  
  determining, by the base computer and based on the received details of the process that has been executed by the least one of the other remote computers, that the process is a malware process;
  
  determining, by the base computer, that the remote computer is vulnerable to the malware process, wherein the determination is based on the at least one of the other remote computers having a same or similar combination of security products as the combination of security products operating on the remote computer;
  
  identifying, by the base computer, one or more of the other remote computers having the same or similar combination of security products and settings as the combination of security products operating on the remote computer; and
  
  identifying, by the base computer, one or more malware processes that were not identified by the combination of security products and settings operating on the one or more of the other remote computers having the same or similar combination of security products as the combination of security products operating on the remote computer.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Carbonite LLC (Open Text Corporation)
Original Assignee
Prevx Ltd (Open Text Corporation)
Inventors
Morris, Melvyn, Stubbs, Paul, Hartwig, Markus, Harter, Darren
Primary Examiner(s)
Zecher, Cordelia
Assistant Examiner(s)
LAKHIA, VIRAL S

Application Number

US13/543,865
Publication Number

US 20120278891A1
Time in Patent Office

716 Days
Field of Search

726/1, 726/23, 726/24
US Class Current

726/23
CPC Class Codes

G06F 21/56 Computer malware detection ...

G06F 21/577 Assessing vulnerabilities a...

Methods and apparatus for dealing with malware

First Claim

10 Assignments

Litigations

1 Petition

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for dealing with malware

First Claim

10 Assignments

Subscription Required

Subscription Required

Litigations

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links