Malicious mobile code runtime monitoring system and methods
First Claim
1. A method for protecting a computer from malicious downloadables, comprising:
- receiving, by a first computer, an incoming downloadable, the downloadable including a security profile including a list of suspicious instructions that was attached thereto by a second computer;
extracting the security profile from the received downloadable;
comparing the security profile with a security policy to determine if the downloadable violates the security policy; and
taking an additional action related to execution of the downloadable if the downloadable violates the security policy.
6 Assignments
0 Petitions
Accused Products
Abstract
Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java TN applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides for monitoring information received, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information. An MPC embodiment further provides, within a Downloadable-destination, for initiating the Downloadable, enabling malicious Downloadable operation attempts to be received by the MPC, and causing (predetermined) corresponding operations to be executed in response to the attempts.
-
Citations
32 Claims
-
1. A method for protecting a computer from malicious downloadables, comprising:
-
receiving, by a first computer, an incoming downloadable, the downloadable including a security profile including a list of suspicious instructions that was attached thereto by a second computer; extracting the security profile from the received downloadable; comparing the security profile with a security policy to determine if the downloadable violates the security policy; and taking an additional action related to execution of the downloadable if the downloadable violates the security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for protecting a computer from malicious downloadables, comprising:
-
receiving, by a first computer, an incoming downloadable, the downloadable including a security profile including a list of suspicious instructions that was attached by a second computer; searching for the security profile within the received downloadable and if a security profile is found, extracting the security profile from the received downloadable; comparing the security profile with a security policy to determine if the downloadable violates the security policy; and taking an additional action related to execution of the downloadable if the downloadable violates the security policy.
-
-
15. A method for protecting a computer from malicious downloadables, comprising:
-
receiving an incoming downloadable; deriving a security profile for the downloadable, the security profile including a list of suspicious computer operations that may be attempted by the downloadable, wherein deriving comprises inspecting the downloadable by at least one software inspection method; and attaching the security profile to the downloadable. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A system for protecting a computer from malicious downloadables, comprising a first computer comprising:
-
a receiver for receiving an incoming downloadable, the downloadable including a security profile including a list of suspicious instructions that was appended by a second computer; a profile extractor for extracting the security profile from the received downloadable; a comparator for comparing the security profile with a security policy, to determine if the downloadable violates the security policy; and a prevention module for preventing execution of the downloadable by a third computer when said comparator determines that the downloadable violates the security policy. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
Specification