Application reputation service
First Claim
1. A method performed on at least one computing device, the method comprising:
- receiving, by the computing device from a second computing device over a network, a set of identities that corresponds to an unverified application attempting to install or execute itself on the second computing device, where each identity in the set corresponds to the unverified application with a corresponding degree of specificity;
ranking, by the computing device, the identities in the received set by relevance, where the relevance of each identity is a function of its corresponding degree of specificity;
matching, by the computing device, each of at least some of the ranked identities in the set to any corresponding reputation in a knowledge base of established application reputations;
determining, by the computing device based on the ranked identities and the matching any corresponding reputations, a reputation of the unverified application based on the any corresponding reputations; and
communicating, by the computing device to the second computing device over the network, the determined reputation of the unverified application.
2 Assignments
0 Petitions
Accused Products
Abstract
Technologies for an application reputation service to assist users with minimizing their computerized machines'"'"' exposure to and infection from malware, including an application reputation service that contains the reputations for elements (e.g., applications) that are known to be non-malicious as well as those known to be malicious. In one example, when a user attempts to install or execute a new application, the service is queried by the user'"'"'s machine with a set of identities for the element. The service determines the reputation of the application by referencing a knowledge base of known reputations and returns an indication (e.g., an overall rating, or a flag) of how safe that application would be to install and run on the user'"'"'s computer.
70 Citations
15 Claims
-
1. A method performed on at least one computing device, the method comprising:
-
receiving, by the computing device from a second computing device over a network, a set of identities that corresponds to an unverified application attempting to install or execute itself on the second computing device, where each identity in the set corresponds to the unverified application with a corresponding degree of specificity; ranking, by the computing device, the identities in the received set by relevance, where the relevance of each identity is a function of its corresponding degree of specificity; matching, by the computing device, each of at least some of the ranked identities in the set to any corresponding reputation in a knowledge base of established application reputations; determining, by the computing device based on the ranked identities and the matching any corresponding reputations, a reputation of the unverified application based on the any corresponding reputations; and communicating, by the computing device to the second computing device over the network, the determined reputation of the unverified application. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising at least one computing device and software that are together configured for performing actions comprising:
-
receiving, by the computing device from a second computing device over a network, a set of identities that corresponds to an unverified application attempting to install or execute itself on the second computing device, where each identity in the set corresponds to the unverified application with a corresponding degree of specificity; ranking, by the computing device, the identities in the received set by relevance, where the relevance of each identity is a function of its corresponding degree of specificity; matching, by the computing device, each of at least some of the ranked identities in the set to any corresponding reputation in a knowledge base of established application reputations; determining, by the computing device based on the ranked identities and the matching any corresponding reputations, a reputation of the unverified application based on the any corresponding reputations; and communicating, by the computing device to the second computing device over the network, the determined reputation of the unverified application. - View Dependent Claims (7, 8, 9, 10)
-
-
11. At least one computer memory comprising instructions that, when executed by at least one computing device, cause the at least one computing device to perform actions comprising:
-
receiving, by the computing device from a second computing device over a network, a set of identities that corresponds to an unverified application attempting to install or execute itself on the second computing device, where each identity in the set corresponds to the unverified application with a corresponding degree of specificity; ranking, by the computing device, the identities in the received set by relevance, where the relevance of each identity is a function of its corresponding degree of specificity; matching, by the computing device, each of at least some of the ranked identities in the set to any corresponding reputation in a knowledge base of established application reputations; determining, by the computing device based on the ranked identities and the matching any corresponding reputations, a reputation of the unverified application based on the any corresponding reputations; and communicating, by the computing device to the second computing device over the network, the determined reputation of the unverified application. - View Dependent Claims (12, 13, 14, 15)
-
Specification