Hygiene based computer security
First Claim
1. A method for computer security comprising:
- determining client hygiene scores associated with a plurality of clients that represent assessments of abilities of the clients in avoiding malware threats, the client hygiene scores based on amounts of malware detected at the clients;
receiving data describing one of a computer file that is downloaded, installed, or executed by one or more clients of the plurality of clients or a website that is visited by the one or more clients of the plurality of clients;
calculating, by a processor, a reputation score for the computer file or website responsive to the client hygiene scores of the one or more clients of the plurality of clients that downloaded, installed, or executed the computer file or visited the website, the client hygiene scores of the one or more clients used as an input in calculating the reputation score, the reputation score representing an assessment of whether the computer file or website is malicious; and
providing the reputation score for the computer file or website to a client of the plurality of clients for providing computer security at the client.
5 Assignments
0 Petitions
Accused Products
Abstract
A reputation server is coupled to multiple clients via a network. Each client has a security module that detect malware at the client. The security module computes a hygiene score based on detected malware and provides it to the reputation server. The security module monitors client encounters with entities such as files, programs, and websites. When a client encounters an entity, the security module obtains a reputation score for the entity from the reputation server. The security module evaluates the reputation score and optionally cancels an activity involving the entity. The reputation server computes reputation scores for the entities based on the clients'"'"' hygiene scores and operations performed in response to the evaluations. The reputation server prioritizes malware submissions from the client security modules based on the reputation scores.
104 Citations
16 Claims
-
1. A method for computer security comprising:
-
determining client hygiene scores associated with a plurality of clients that represent assessments of abilities of the clients in avoiding malware threats, the client hygiene scores based on amounts of malware detected at the clients; receiving data describing one of a computer file that is downloaded, installed, or executed by one or more clients of the plurality of clients or a website that is visited by the one or more clients of the plurality of clients; calculating, by a processor, a reputation score for the computer file or website responsive to the client hygiene scores of the one or more clients of the plurality of clients that downloaded, installed, or executed the computer file or visited the website, the client hygiene scores of the one or more clients used as an input in calculating the reputation score, the reputation score representing an assessment of whether the computer file or website is malicious; and providing the reputation score for the computer file or website to a client of the plurality of clients for providing computer security at the client. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system, comprising:
-
a non-transitory computer readable medium with computer program instructions embodied thereon, the computer program instructions comprising instructions to; determine client hygiene scores associated with a plurality of clients that represent assessments of abilities of the clients in avoiding malware threats, the client hygiene scores based on amounts of malware detected at the clients; receive data describing one of a computer file that is downloaded, installed, or executed by one or more clients of the plurality of clients or a website that is visited by the one or more clients of the plurality of clients; calculate a reputation score for the computer file or website responsive to the client hygiene scores of the one or more clients of the plurality of clients that downloaded, installed, or executed the computer file or visited the website, the client hygiene scores of the one or more clients used as an input in calculating the reputation score, the reputation score representing an assessment of whether the computer file or website is malicious; and provide the reputation score for the computer file or website to a client of the plurality of clients for providing computer security at the client; and a hardware processor for executing the computer program instructions. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory computer-readable medium with computer program instructions embodied therein, the computer program instructions comprising instructions that when executed by a processor causes the processor to:
-
monitor a state of a client to detect one of a computer file that is downloaded, installed, or executed by the client or a website that is visited by the client; receive a reputation score for the computer file or website from a reputation server, the reputation score representing an assessment of whether the computer file or website is malicious and calculated responsive to client hygiene scores of other clients that downloaded, installed, or executed the computer file or visited the website by using the client hygiene scores as an input in calculating the reputation score, the client hygiene scores representing assessments of abilities of the other clients in avoiding malware threats, the client hygiene scores based on amounts of malware detected at the other clients; evaluate the reputation score for the computer file or website to determine whether the computer file or website is malicious; and cancel an activity involving the computer file or website responsive to the computer file or website being malicious. - View Dependent Claims (12, 13, 14, 15, 16)
-
Specification