Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-07-08
2002-02-12
Beausoleil, Robert (Department: 2184)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
Reexamination Certificate
active
06347375
ABSTRACT:
TECHNICAL FIELD OF THE INVENTION
The present invention relates, in general, to an apparatus and/or method for remotely scanning and repairing viral infections on a local computer data storage devices and/or media.
BACKGROUND OF THE INVENTION
The value of a computing system to a user, especially a corporation, professional association or government entity is not limited to the actual cost of the hardware and software components which comprise that system, but also includes the value of the data represented within that system. Indeed, it is quite common that the accounting data, intellectual property, design and manufacturing information, and/or other records which are stored on computing systems in personal and business use are ultimately of a value which far exceeds the value of the computing equipment itself.
Loss of the ability to access data on a computer storage device, such as a disk drive, can occur, often as a result of acts of sabotage by the unauthorized activity of a computer virus. In the vast majority of cases, the user is unaware that a computer virus has infected the computer system. This can result in the virus spreading, and going undetected, until an event occurs, such as the catastrophic loss of valuable computer data or the loss of accessibility to the data by the normal operating environment.
A computer virus is almost impossible to define because new types are continually developed that do not meet or conform to specific rules. These new types of viruses are being developed and spread at alarming rates. Generally, a computer virus is a clandestine program written specifically to attach itself parasitically to existing programs, and subsequently alter the existing program. A broader definition of a virus is simply a computer program that is able to spawn replication of itself. Nearly all viruses posses at least four identifiable attributes such as replication, protection, trigger, and payload.
The replication mechanism of a virus consists simply of computer executable instructions, or code, that enables the virus to attach itself to another, often legitimate program or list of normal executable instructions and replicate itself. To replicate itself, a virus may seek out uninfected executable files in the computer system, and append a representation of itself to that file; or a virus may remain in memory and target specific events such as the execution of certain files; or there also exists the possibility of even more complex mechanisms for the virus to accomplish its replication task, such as a specific date or event occurring independently of an executable file.
The protection mechanism is another attribute of a virus. It has the ability to attempt to hide from detection, thereby making it more difficult for virus detection software to find them. Some of the more complex viruses employ sophisticated stealth techniques. The more advanced of these are known as polymorphic viruses and actually mutate each time they replicate in order to hide their existence. The reason for this is that authors of viruses are aware of the virus scanning software techniques for identifying and locating viruses. Therefore, the authors employ sophisticated encryption techniques to make the viruses undetectable. One example is the use of Simulated Metamorphic Encryption Engines to add stealth to the virus, thus prohibiting its detection and allowing the virus to change its main body of code during each replication.
Yet another attribute of computer viruses is their ability to begin duplicating themselves on the occurrence of a specific event, known as a trigger. The trigger may be one or a combination of many events including booting the computer one or several times, executing a specific program a certain number of times, simply executing a particular program, at a specific time read from the computer's clock, or at a specific date. It seems that the list of events is only limited to the imagination of the author of the virus.
The payload is the final and most dangerous of all attributes of viruses because of the destruction they cause at the time a trigger event occurs. In most cases, the virus simply replicates itself, however the cruelest and most damaging viruses overwrite key files on a local computer hard disk drive or corrupt the entire computer system or network, leading to loss of normal operating programs and valuable data.
There are generally three types of viruses, the boot sector infectors, traditional file or document infectors, and macro infectors. However, newer viruses are being developed every day at rates of 200 per month adding to the population of roughly 7,500 viruses that are known to exist. In fact, rouge programmers have developed, and are making widely available, a number of virus authoring application programs easing the creation process on behalf of the author. In addition, thousands of viruses are being sold and made readily available to virus developers on CD-ROMs.
Subsequently, because of the proliferation of computer viruses, there exists today companies that specialize in the manufacture of virus detection and eradication software, commonly referred to as anti-virus software. Examples of anti-virus software are Network Associate's VirusScan and WebScan, Symantec's Norton Anti-Virus, SecureWay by IBM, ThunderByte Anti-Virus from ThunderByte, and Vet anti-virus from Cybec Pty Ltd. A common medium for Anti-Virus software is a floppy computer diskette, however, today CD-ROM is likely the most common medium. Recently, the anti-virus software vendors have made their products available on Internet. The difficulty with these mediums is the need to constantly update the virus signature files to scan and repair the latest viruses infiltrating the computer community. This may lead to significant expense for a corporation or private individual in terms of anti-virus software maintenance and management cost.
Today, with the availability of virus development software tool kits, the increase in general computer usage, and the increasing popularity of Internet, new, cruel, devastating and variant types of viruses are being spread quickly and efficiently, thus widening the gap between the set of known viruses and newly developed viruses in circulation that are yet undetected. An example of the spreading efficiency that could be obtained is illustrated by the spread of the Internet Worm in November of 1988. In a matter of hours, the Worm infected hundreds, and probably thousands, of computers on the Internet, leading to substantial costs of eradication and general loss of productivity. This reinforces the need to constantly maintain up-to-date anti-virus software to scan and detect the latest viruses—again leading to added cost of doing business and purchasing obsolete protection.
Further, if a computer cannot boot, as a result of a virus or other problem, it cannot access Anti-Virus software or virus signature files that reside on the hard disk drive or that may be available via Internet.
Still, even if a computer is able to boot, it may not have access to virus scanning and repair software or the latest signature files, e. g. a laptop computer. It is appreciated that it is a burdonsome task to constantly update the virus scanning and repair software with the latest virus signature files. It is likely the case that a computer may never have an up-to-date virus signature file on the computer system. In fact, anti-virus software is likely to be obsolete at the time it is purchased and used because of the proliferation of new viruses in the computer community. New viruses are created and spread well before anti-virus scanning and repair programs can be developed and distributed to users.
Thus, if the computer will not boot, the computer user needs an independent boot mechanism for scanning and repairing viruses. Some virus scanning software packages do provide a boot disk. Still, other versions of software available on CD-ROM may require the user to build a diskette boot utility. Of course failure to build a boot utility will most likely leave the us
Reinert James Richard
Rogers Michael William
Stevens Gary Scott
Beausoleil Robert
Bonzo Bryce P.
Merchant & Gould P,C,
Ontrack Data International, INC
LandOfFree
Apparatus and method for remote virus diagnosis and repair does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Apparatus and method for remote virus diagnosis and repair, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Apparatus and method for remote virus diagnosis and repair will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2959933