Methods and apparatus for dealing with malware
DCFirst Claim
Patent Images
1. A method comprising:
- receiving, at a base computer, details uniquely identifying one or more security products operating at a point in time on a remote computer;
receiving, at the base computer, details uniquely identifying one or more security products operating on other remote computers in communication with the base computer;
receiving, at the base computer, details of a process that has been executed by at least one of the other remote computers;
determining, by the base computer and based on the received details of the process that has been executed by the least one of the other remote computers, that the process is a malware process not identified by the one or more security products operating on the at least one of the other remote computers; and
determining, by the base computer, that the remote computer is vulnerable to the malware process, wherein the determination is based on the at least one of the other remote computers having a same or similar combination of security products as the combination of security products operating on the remote computer.
10 Assignments
Litigations
1 Petition
Accused Products
Abstract
In one aspect, a method of determining the protection that a remote computer has from malware includes receiving at a base computer, details of all or selected security products operating on a remote computer, receiving similar information from other remote computers, and identifying malware process that were not identified by the security products installed on the other remote computers and having a same or similar combination of security products installed on the remote computer.
-
Citations
16 Claims
-
1. A method comprising:
-
receiving, at a base computer, details uniquely identifying one or more security products operating at a point in time on a remote computer; receiving, at the base computer, details uniquely identifying one or more security products operating on other remote computers in communication with the base computer; receiving, at the base computer, details of a process that has been executed by at least one of the other remote computers; determining, by the base computer and based on the received details of the process that has been executed by the least one of the other remote computers, that the process is a malware process not identified by the one or more security products operating on the at least one of the other remote computers; and determining, by the base computer, that the remote computer is vulnerable to the malware process, wherein the determination is based on the at least one of the other remote computers having a same or similar combination of security products as the combination of security products operating on the remote computer. - View Dependent Claims (2, 3, 7, 8, 9, 10, 11, 14)
-
-
4. An apparatus comprising:
-
a base computer constructed and arranged to receive details uniquely identifying one or more security products operating at a point in time on a remote computer; the base computer being constructed and arranged to receive details uniquely identifying one or more security products operating on other remote computers in communication with the base computer; the base computer being constructed and arranged to receive details of a process that has been executed by at least one of the other remote computers; the base computer being constructed and arranged to determine, based on the received details of the process that has been executed by the least one of the other remote computers, that the process is a malware process not identified by the one or more security products operating on the at least one of the other remote computers; and the base computer being constructed and arranged to determine that the remote computer is vulnerable to the malware process, wherein the determination is based on the at least one of the other remote computers having the same or similar combination of security products as the combination of security products operating on the remote computers. - View Dependent Claims (5, 6, 12, 15)
-
-
13. A method comprising:
-
receiving, at a base computer, details uniquely identifying one or more security products operating at a point in time on a remote computer; receiving, at the base computer, details uniquely identifying one or more security products operating on other remote computers in communication with the base computer; receiving, at the base computer, details of a process that has been executed by at least one of the other remote computers; determining, by the base computer and based on the received details of the process that has been executed by the least one of the other remote computers, that the process is a malware process; determining, by the base computer, that the remote computer is vulnerable to the malware process, wherein the determination is based on the at least one of the other remote computers having a same or similar combination of security products as the combination of security products operating on the remote computer; identifying, by the base computer, one or more of the other remote computers having the same or similar combination of security products and settings as the combination of security products operating on the remote computer; and identifying, by the base computer, one or more malware processes that were not identified by the combination of security products and settings operating on the one or more of the other remote computers having the same or similar combination of security products as the combination of security products operating on the remote computer.
-
-
16. A method comprising:
-
receiving, at a base computer, details of one or more security products operating at a point in time on a remote computer; receiving, at the base computer, details of one or more security products operating on other remote computers in communication with the base computer; receiving, at the base computer, details of a process that has been executed by at least one of the other remote computers; determining, by the base computer and based on the received details of the process that has been executed by the least one of the other remote computers, that the process is a malware process; determining, by the base computer, that the remote computer is vulnerable to the malware process, wherein the determination is based on the at least one of the other remote computers having a same or similar combination of security products as the combination of security products operating on the remote computer; identifying, by the base computer, one or more of the other remote computers having the same or similar combination of security products and settings as the combination of security products operating on the remote computer; and identifying, by the base computer, one or more malware processes that were not identified by the combination of security products and settings operating on the one or more of the other remote computers having the same or similar combination of security products as the combination of security products operating on the remote computer.
-
Specification