Hygiene-based computer security
First Claim
1. A method of providing computer security, comprising:
- using a computer to perform steps comprising;
determining hygiene scores associated with a plurality of clients, the hygiene scores changing over time and representing assessments of trustworthiness of the clients, the plurality of clients including first clients and a second client;
receiving data describing an entity encountered by the first clients of the plurality of clients;
calculating a reputation score for the entity responsive to the client hygiene scores of the first clients of the plurality of clients that encountered the entity, the reputation score representing an assessment of whether the entity is malicious; and
providing the reputation score for the entity to the second client of the plurality of clients, the second client of the plurality of clients encountering the entity and being associated with one of the hygiene scores.
5 Assignments
0 Petitions
Accused Products
Abstract
A reputation server is coupled to multiple clients via a network. Each client has a security module that detect malware at the client. The security module computes a hygiene score based on detected malware and provides it to the reputation server. The security module monitors client encounters with entities such as files, programs, and websites. When a client encounters an entity, the security module obtains a reputation score for the entity from the reputation server. The security module evaluates the reputation score and optionally cancels an activity involving the entity. The reputation server computes reputation scores for the entities based on the clients'"'"' hygiene scores and operations performed in response to the evaluations. The reputation server prioritizes malware submissions from the client security modules based on the reputation scores.
77 Citations
32 Claims
-
1. A method of providing computer security, comprising:
using a computer to perform steps comprising; determining hygiene scores associated with a plurality of clients, the hygiene scores changing over time and representing assessments of trustworthiness of the clients, the plurality of clients including first clients and a second client; receiving data describing an entity encountered by the first clients of the plurality of clients; calculating a reputation score for the entity responsive to the client hygiene scores of the first clients of the plurality of clients that encountered the entity, the reputation score representing an assessment of whether the entity is malicious; and providing the reputation score for the entity to the second client of the plurality of clients, the second client of the plurality of clients encountering the entity and being associated with one of the hygiene scores. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A system for providing computer security, comprising:
-
a non-transitory computer readable medium with computer program instructions embodied therein, the computer program instructions comprising instructions for; determining hygiene scores associated with a plurality of clients, the hygiene scores changing over time and representing assessments of trustworthiness of the clients, the plurality of clients including first clients and a second client; receiving data describing an entity encountered by the first clients of the plurality of clients; calculating a reputation score for the entity responsive to the client hygiene scores of the first clients of the plurality of clients that encountered the entity, the reputation score representing an assessment of whether the entity is malicious; and providing the reputation score for the entity to the second client of the plurality of clients, the second client of the plurality of clients encountering the entity and being associated with one of the hygiene scores; and a processor for executing the instructions. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method of providing security for a client, comprising:
-
monitoring a state of the client to detect an encounter with an entity; receiving, at the client, a reputation score for the entity encountered by the client from a reputation server, the reputation score representing an assessment of whether the entity is malicious and calculated responsive to hygiene scores of other clients that encountered the entity, the hygiene scores changing over time and representing assessments of trustworthiness of the other clients, wherein the client receiving the reputation score is associated with a hygiene score representing an assessment of trustworthiness of the client; and evaluating the reputation score for the entity to determine whether the entity is malicious. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A computer program product having a non-transitory computer-readable medium with computer program instructions embodied therein for providing security on a client, the computer program instructions comprising instructions for:
-
monitoring a state of the client to detect an encounter with an entity; receiving, at the client, a reputation score for the entity encountered by the client from a reputation server, the reputation score representing an assessment of whether the entity is malicious and calculated responsive to hygiene scores of other clients, the hygiene scores changing over time and representing assessments of trustworthiness of the other clients, wherein the client receiving the reputation score is associated with a hygiene score representing an assessment of trustworthiness of the client; and evaluating the reputation score for the entity to determine whether the entity is malicious. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32)
-
Specification