Systems and methods for computer program update protection

US 8,819,655 B1
Filed: 09/17/2007
Issued: 08/26/2014
Est. Priority Date: 09/17/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

detecting, at a computing device that comprises at least one processor, an installation of a computer program onto the computing device;

in response to detecting the installation of the computer program, determining, by causing the computing device to automatically conduct a patch analysis for the computer program, that the computer program is missing at least one applicable patch;

determining, based on the results of the patch analysis, that the computer program is vulnerable, wherein;

the computer program is determined to be vulnerable based on the at least one applicable patch being associated with a predetermined classification that indicates that the applicable patch is at least one of critical, mandatory, and recommended;

an administrator causes the predetermined classification to signify vulnerability;

in response to the determination that the computer program is vulnerable, blocking the computer program from executing on the computing device;

while the computer program is blocked from executing on the computing device, iteratively identifying and applying at least one applicable patch to the computer program until the computer program is no longer vulnerable;

upon determining that the computer program is no longer vulnerable, allowing the computer program to execute on the computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosure is directed to systems and methods for computer program update protection. In one example, a patch analysis is conducted for a computer program and a determination is made based on the patch analysis as to whether the computer program is vulnerable. Execution of the computer program is permitted if the computer program is determined not to be vulnerable. Execution of the computer program is prevented if the computer program is determined to be vulnerable. In certain embodiments, the computer program is updated if it is determined to be vulnerable. In certain embodiments, an occurrence of a trigger event associated with the computer program is detected and used to initiate the patch analysis, determination of vulnerability, and permitting or preventing of execution of the computer program.

47 Citations

View as Search Results

19 Claims

1. A computer-implemented method comprising:
- detecting, at a computing device that comprises at least one processor, an installation of a computer program onto the computing device;
  
  in response to detecting the installation of the computer program, determining, by causing the computing device to automatically conduct a patch analysis for the computer program, that the computer program is missing at least one applicable patch;
  
  determining, based on the results of the patch analysis, that the computer program is vulnerable, wherein;
  
  the computer program is determined to be vulnerable based on the at least one applicable patch being associated with a predetermined classification that indicates that the applicable patch is at least one of critical, mandatory, and recommended;
  
  an administrator causes the predetermined classification to signify vulnerability;
  
  in response to the determination that the computer program is vulnerable, blocking the computer program from executing on the computing device;
  
  while the computer program is blocked from executing on the computing device, iteratively identifying and applying at least one applicable patch to the computer program until the computer program is no longer vulnerable;
  
  upon determining that the computer program is no longer vulnerable, allowing the computer program to execute on the computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising determining that the computer program was installed subsequent to a prior patch deployment.
  - 3. The method of claim 1, wherein applying the at least one applicable patch to the computer program comprises at least one of:
    - receiving the at least one applicable patch from a remote patch management subsystem;
      
      applying the at least one applicable patch to the computer program using local resources.
  - 4. The method of claim 1, further comprising determining, prior to blocking the computer program from executing on the computing device, that the computer program cannot be updated using local resources.
  - 5. The method of claim 1, wherein detecting the installation of the computer program comprises detecting at least one of:
    - execution of a software installation package;
      
      creation or modification of a specific file type.
  - 6. The method of claim 1, wherein blocking the computer program from executing on the computing device comprises:
    - notifying a user that the computer program is vulnerable;
      
      receiving an instruction from the user to block the computer program.
  - 7. The method of claim 1, wherein determining that the computer program is vulnerable comprises determining that the computer program satisfies a predetermined vulnerability threshold.

8. A system comprising at least one processor configured to execute at least one module that is programmed to:
- detect, at a computing device, an installation of a computer program onto the computing device;
  
  in response to detecting the installation of the computer program, determining, by causing the computing device to automatically conduct a patch analysis for the computer program, that the computer program is missing at least one applicable patch;
  
  determine, based on the results of the patch analysis, that the computer program is vulnerable, wherein;
  
  the computer program is determined to be vulnerable based on the at least one applicable patch being associated with a predetermined classification that indicates that the applicable patch is at least one of critical, mandatory, and recommended;
  
  an administrator causes the predetermined classification to signify vulnerability;
  
  in response to the determination that the computer program is vulnerable, block the computer program from executing on the computing device;
  
  while the computer program is blocked from executing on the computing device, iteratively identify and apply at least one applicable patch to the computer program until the computer program is no longer vulnerable;
  
  upon determining that the computer program is no longer vulnerable, allow the computer program to execute on the computing device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the at least one module is further programmed to determine that the computer program was installed subsequent to a prior patch deployment.
  - 10. The system of claim 8, wherein the at least one module is programmed to apply the at least one applicable patch to the computer program by at least one of:
    - receiving the at least one applicable patch from a remote patch management subsystem;
      
      applying the at least one applicable patch to the computer program using local resources.
  - 11. The system of claim 8, wherein the at least one module is further programmed to determine, prior to blocking the computer program from executing on the computing device, that the computer program cannot be updated using local resources.
  - 12. The system of claim 8, wherein detecting the installation of the computer program comprises detecting at least one of:
    - execution of a software installation package;
      
      creation or modification of a specific file type.
  - 13. The system of claim 8, wherein blocking the computer program from executing on the computing device comprises:
    - notifying a user that the computer program is vulnerable;
      
      receiving an instruction from the user to block the computer program.
  - 14. The system of claim 8, wherein determining that the computer program is vulnerable comprises determining that the computer program satisfies a predetermined vulnerability threshold.

15. A computer program product embodied in at least one non-transitory computer readable medium and comprising computer instructions executable by at least one processor of at least one computing device to perform the functions of:
- detecting, at the computing device, an installation of a computer program onto the computing device;
  
  in response to detecting the installation of the computer program, determining, by causing the computing device to automatically conduct a patch analysis for the computer program, that the computer program is missing at least one applicable patch;
  
  determining, based on the results of the patch analysis, that the computer program is vulnerable, wherein;
  
  the computer program is determined to be vulnerable based on the at least one applicable patch being associated with a predetermined classification that indicates that the applicable patch is at least one of critical, mandatory, and recommended;
  
  an administrator causes the predetermined classification to signify vulnerability;
  
  in response to the determination that the computer program is vulnerable, blocking the computer program from executing on the computing device;
  
  while the computer program is blocked from executing on the computing device, iteratively identifying and applying at least one applicable patch to the computer program until the computer program is no longer vulnerable;
  
  upon determining that the computer program is no longer vulnerable, allowing the computer program to execute on the computing device.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The computer program product of claim 15, further comprising computer instructions executable by the at least one processor of the at least one computing device to perform the function of determining that the computer program was installed subsequent to a prior patch deployment.
  - 17. The computer program product of claim 15, wherein applying the at least one applicable patch to the computer program comprises at least one of:
    - receiving the at least one applicable patch from a remote patch management subsystem;
      
      applying the at least one applicable patch to the computer program using local resources.
  - 18. The computer program product of claim 15, further comprising computer instructions executable by the at least one processor of the at least one computing device to perform the function of determining, prior to blocking the computer program from executing on the computing device, that the computer program cannot be updated using local resources.
  - 19. The computer program product of claim 15, wherein determining that the computer program is vulnerable comprises determining that the computer program satisfies a predetermined vulnerability threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Hopwood, Scott G., Greenwood, Mark A.
Primary Examiner(s)
Dao, Thuy
Assistant Examiner(s)
HAYIM, SAMUEL E

Application Number

US11/901,436
Time in Patent Office

2,535 Days
Field of Search

None
US Class Current

717/168
CPC Class Codes

G06F 8/658 Incremental updates; Differ...

Systems and methods for computer program update protection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for computer program update protection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links