Malicious mobile code runtime monitoring system and methods
DCFirst Claim
1. A processor-based method, comprising:
- receiving at a host server downloadable-information including a combination of non-executable and executable code;
analyzing by a detection engine the downloadable-information to detect the executable code; and
causing by a packaging engine mobile protection code to be communicated to at least one information-destination of the downloadable-information, when the executable code is detected in the downloadable-information,wherein the causing mobile protection code to be communicated comprises forming the packaging engine a sandboxed package including the mobile protection code and the downloadable-information, and causing the sandboxed package to be communicated to the at least one information-destination.
6 Assignments
Litigations
1 Petition
Accused Products
Abstract
Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java TN applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides for monitoring information received, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information. An MPC embodiment further provides, within a Downloadable-destination, for initiating the Downloadable, enabling malicious Downloadable operation attempts to be received by the MPC, and causing (predetermined) corresponding operations to be executed in response to the attempts.
329 Citations
30 Claims
-
1. A processor-based method, comprising:
-
receiving at a host server downloadable-information including a combination of non-executable and executable code; analyzing by a detection engine the downloadable-information to detect the executable code; and causing by a packaging engine mobile protection code to be communicated to at least one information-destination of the downloadable-information, when the executable code is detected in the downloadable-information, wherein the causing mobile protection code to be communicated comprises forming the packaging engine a sandboxed package including the mobile protection code and the downloadable-information, and causing the sandboxed package to be communicated to the at least one information-destination. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A processor-based method, comprising:
-
receiving, at an information re-communicator, downloadable-information, including a combination of non-executable and executable code; non-passively determining by a detection engine that the downloadable-information includes executable code; and causing by a packaging engine mobile protection code to be executed by a mobile code executor at a downloadable-information destination such that one or more operations of the executable code at the destination, if attempted, will be processed by the mobile protection code, wherein the causing is accomplished by forming by the packaging a sandboxed package including the mobile protection code and the downloadable-information, and causing the sandboxed package to be delivered to the downloadable-information destination. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A processor-based method, comprising:
- receiving by a server downloadable-information;
analyzing the downloadable-information by a content inspection engine associated with the server to determine whether the downloadable-information includes executable code, wherein determining whether the downloadable-information includes executable code includes analyzing downloadable information for one or more operations to be executed on a computer; if the downloadable-information is determined to include executable code, generating by a mobile protection code generator associated with the server, mobile protection code such that the one or more operations of the executable code, if attempted, will be processed by the mobile protection code; and communicating, by a transfer engine associated with the server, the mobile protection code to at least one information-destination of the downloadable-information. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
- receiving by a server downloadable-information;
-
25. A processor-based method for protecting one or more network accessible devices from malicious operations effectuated by remotely operable code, comprising:
-
receiving by a server downloadable-information destined for a computer, wherein the downloadable-information includes one of a combination of non-executable and executable code or non-executable code; analyzing by a content inspection engine associated with the server whether the downloadable-information includes executable code, wherein determining whether the downloadable-information includes executable code includes analyzing downloadable-information for one or more operations to be executed on the computer; and causing by a transfer engine associated with the server mobile protection code to be communicated to the computer, if the downloadable-information is determined to include executable code, wherein the causing mobile protection code to be communicated comprises forming by a packaging engine a sandboxed package including at least the mobile protection code and the downloadable-information, and causing by the transfer engine the sandboxed package to be communicated to the computer. - View Dependent Claims (26, 27, 28, 29, 30)
-
Specification