Error detection/correction and fault detection/recovery – Data processing system error or fault handling – Reliability and availability
Patent
1997-04-16
1999-10-12
An, Meng-Al T.
Error detection/correction and fault detection/recovery
Data processing system error or fault handling
Reliability and availability
714 28, 712227, H04L 900
Patent
active
059648899
ABSTRACT:
A computer-implemented apparatus and method for countering attempts of polymorphic viruses to evade detection by emulation-based scanners. Such attempts try to exploit differences between the real and virtual execution of instructions. The invention includes a fault manager (158) integrated into the CPU emulator (154) of a virus scanner software product. Before each instruction is emulated by the CPU emulator (154), the fault manager (158) examines the opcode of the instruction to determine (310) whether a "fault" is triggered. If a fault is triggered, the fault manager (158) saves (314) a state record on a fault stack (162), then interrupts (316) to a corresponding fault handler routine (160). The criteria for triggering a fault and the corresponding fault handler routine (160) may be obtained from an updatable data file (164).
REFERENCES:
patent: 4819234 (1989-04-01), Huber
patent: 4926322 (1990-05-01), Stimac et al.
patent: 4975950 (1990-12-01), Lentz
patent: 5121345 (1992-06-01), Lentz
patent: 5144660 (1992-09-01), Rose
patent: 5319776 (1994-06-01), Hile et al.
patent: 5321840 (1994-06-01), Ahlin et al.
patent: 5349655 (1994-09-01), Mann
patent: 5359659 (1994-10-01), Rosenthal
patent: 5398196 (1995-03-01), Chambers
patent: 5408642 (1995-04-01), Mann
patent: 5421006 (1995-05-01), Jablon et al.
patent: 5440723 (1995-08-01), Arnold et al.
patent: 5442699 (1995-08-01), Arnold et al.
patent: 5485575 (1996-01-01), Chess et al.
patent: 5765030 (1998-06-01), Nachenberg et al.
patent: 5826013 (1998-10-01), Nachenberg
patent: 5854916 (1998-12-01), Nachenberg
"Automated Program Analysis for Computer Virus Detection", IBM Technical Disclosure Buletin, vol. 34, No. 2, Jul. 1991, pp. 415-416.
"Artificial Immunity for Personal Computers", IBM Technical Disclosure Bulletin, vol. 34, No. 2, Jul. 1991, pp. 150-154.
Marshall G., "Pest Control", LAN Magazine, Jun. 1995, pp. 54-67.
Digitext, "Dr. Solomon's Anti-Virus Toolkit for Windows and DOS", S&S International PLC, Jan. 1995, pp. 1-15, 47-65, 77-77, 91-95, 113-115, and 123-142, United Kingdom.
Veldman, Frans, "Virus Writing Is High-Tech Infosecurity Warfare", Security on the I-Way '95, 1995, pp. L-1, L-16, U.S.A.
Symantec Corporation, "Norton AntiVirus for Windows 95 & Special Subscription Offer", 1995 U.S.A.
ThunderBYTE B.V., "User Manual", 1995, pp. 1-191, Wijchen, The Netherlands.
"Virus Infection Techniques: Part 3", Virus Bulletin, 1995, pp. 006-007, Oxfordshire, England.
Cohen, Federick B., "A Short Course on Computer Virus--2d Ed.", John Wiley & Sons, Inc., pp. 54-55, 199-209, 1994, U.S.A.
Veldman, Frans, "Heuristic Anti-Virus Technology", Proceedings of the International Virus Protection and Information Security Council, Apr. 1, 1994.
Wells, Joseph, "Viruses in the Wild", Proceedings of the International Virus Protection and Information Security Council, Apr. 1, 1994.
Gordon, Scott, "Viruses & Netware", Proceedings of the International Virus Protection and Information Security Council, Mar. 31, 1994.
Solomon, Alan, "Viruses & Polymorphism", Proceedings of the International Virus Protection and Information Security Council, Mar. 31, 1994.
Case, Tori, "Viruses: An Executive Brief", Proceedings of the International Virus Protection and Information Security Council, Mar. 31, 1994.
Skulason, Fridrik, "For Programmers", Virus Bulletin, Jul. 1990, pp. 10-11, Oxon, England.
Gotlieb, L., "End Users and Responsible Computing", CMA--the Management Accounting Magazine, vol. 67, No. 7, Sep. 1993, pp. 13.
Karney, J., "Changing the Rules on Viruses", PC Magazine, vol. 13, No. 14, Aug. 1994, pp,.NE36.
Schnaidt, P., "Security", LAN Magazine, vol. 7, No. 3, Mar. 1992, pp. 19.
"UK-Sophos Intros Unix Virus Detection Software Jan. 26, 1995", Newsbytes News Network, Jan. 26, 1995.
"Anti-Virus Company Claims Polymorphic Breakthrough Jul. 10, 1992", Newsbytes News Network, Jul. 10, 1992.
"LAN Buyers Guide: Network Management", LAN Magazine, vol. 7, No. 8, Aug. 1992, pp. 188.
An Meng-Al T.
Ciccozzi John
Symantec Corporation
LandOfFree
Method to analyze a program for presence of computer viruses by does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method to analyze a program for presence of computer viruses by , we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method to analyze a program for presence of computer viruses by will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-648083