System and method for comprehensive general electric protection for computers against malicious programs that may steal information and/or cause damages

US 9,213,836 B2
Filed: 10/20/2004
Issued: 12/15/2015
Est. Priority Date: 05/28/2000
Status: Active Grant

First Claim

Patent Images

1. A security system for a computer comprising:

a. a processor;

b. a monitoring and capturing system that is configured to conduct, using the processor, constant statistical analyses of various events in the computer to define normal behavior to be able to subsequently identify significant deviations from the normal behavior;

c. storage;

d. a security rules database that is configured to store statistics of the normal behavior continuously during operation, the security rules database residing in the storage; and

e. a user interface that is configured to interact with a user of the computer regarding acceptable behavior patterns and to warn the user of perceived dangers;

wherein the security system prevents applications and/or drivers from accessing without user permission at least one of Fax sending functions and other TAPI functions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In the prior art of computer security by default programs are allowed to do whatever they like to other programs or to their data files or to critical files of the operating system, which is as absurd as letting a guest in a hotel bother other guests as he pleases, steal their property or copy it or destroy it, or have free access to the hotel'"'"'s management resources. The present concept is based on automatic segregation between programs. This is preferably done by creating automatically an unlimited number of Virtual Environments (VEs) with virtual sharing of resources, so that the programs in each VE think that they are alone on the computer, and (unless explicitly allowed by the user) any changes that they think they made in virtually shared resources are in reality only made in their own VE, while the user preferably has an integrated view of the computer.

Citations

13 Claims

1. A security system for a computer comprising:
- a. a processor;
  
  b. a monitoring and capturing system that is configured to conduct, using the processor, constant statistical analyses of various events in the computer to define normal behavior to be able to subsequently identify significant deviations from the normal behavior;
  
  c. storage;
  
  d. a security rules database that is configured to store statistics of the normal behavior continuously during operation, the security rules database residing in the storage; and
  
  e. a user interface that is configured to interact with a user of the computer regarding acceptable behavior patterns and to warn the user of perceived dangers;
  
  wherein the security system prevents applications and/or drivers from accessing without user permission at least one of Fax sending functions and other TAPI functions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 11, 12, 13)
- - 2. The system of claim 1 wherein by default a monitored program is segregated within a Virtual Environment (VE).
  - 3. The system of claim 2 wherein the user sees a merged view of the desktop regardless of the VE (Virtual Environment) boundaries.
  - 4. The system of claim 2 wherein when running virus-scan programs, the virus-scan program can access freely all the real files and directories.
  - 5. The system claim 2 wherein embedded objects or plug-ins are executed each at a separate VE but appear visually integrated.
  - 6. The system of claim 2 wherein separate VEs with virtual sharing are used to enforce better segregation between users, so that each user has at least one VE of his/her own, and/or to enforce different profiles or configurations for the same users.
  - 7. The system of claim 1 wherein virtual sharing is done so that, unless explicitly allowed by the user, when an executable tries to change a shared resource, it is given the illusion that it has accessed it, but in reality the executable is redirected to a separate private sub-directory which only it can access.
  - 8. The system of claim 1 wherein at least one general trusted area and at least one non-trusted area are enforced by creating at least two VEs, one for the trusted area and one for the non-trusted area, and enforcing the virtual sharing of resources between them, so that each VE sees only itself and the OS.
  - 11. The security system of claim 1, wherein the deviations from the normal behavior include sending out significantly more data than usual.
  - 12. The security system of claim 1, wherein the deviations from the normal behavior include accessing more files than usual.
  - 13. The security system of claim 1, wherein the monitoring and capturing system monitors programs that have been authorized for use of the communication channels.

9. A security system for a computer comprising:
- a. a processor;
  
  b. a monitoring and capturing system that is configured to conduct, using the processor, constant statistical analyses of various events in the computer to define normal behavior to be able to subsequently identify significant deviations from the normal behavior;
  
  c. storage;
  
  d. a security rules database that is configured to store statistics of the normal behavior continuously during operation, the security rules database residing in the storage; and
  
  c. a user interface that is configured to interact with a user of the computer regarding acceptable behavior patterns and to warn the user of perceived dangers;
  
  wherein the security system prevents applications and/or drivers from accessing without user permission also USB devices.

10. A security system for a computer comprising:
- a. a processor;
  
  b. a monitoring and capturing system that is configured to conduct, using the processor, constant statistical analyses of various events in the computer to define normal behavior to be able to subsequently identify significant deviations from the normal behavior;
  
  c. storage;
  
  d. a security rules database that is configured to store statistics of the normal behavior continuously during operation, the security rules database residing in the storage; and
  
  c. a user interface that is configured to interact with a user of the computer regarding acceptable behavior patterns and to warn the user of perceived dangers;
  
  wherein the security system prevents applications and/or drivers from accessing without user permission also at least one of Bluetooth communication devices, infra-red, and other wireless communication channels.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Batya Barhon Mayer
Original Assignee
Batya Barhon Mayer
Inventors
Mayer, Yaron, Dechovich, Zak
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
KAPLAN, BENJAMIN A

Application Number

US10/968,022
Publication Number

US 20050120242A1
Time in Patent Office

4,073 Days
Field of Search

726/4, 726/24
US Class Current

1/1
CPC Class Codes

G06F 21/55 Detecting local intrusion o...

G06F 21/56 Computer malware detection ...

System and method for comprehensive general electric protection for computers against malicious programs that may steal information and/or cause damages

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for comprehensive general electric protection for computers against malicious programs that may steal information and/or cause damages

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links