Electrical computers and digital processing systems: support – Computer virus detection by cryptography
Reexamination Certificate
2011-04-12
2011-04-12
Pyzocha, Michael (Department: 2437)
Electrical computers and digital processing systems: support
Computer virus detection by cryptography
C713S187000, C713S190000, C726S023000, C726S024000
Reexamination Certificate
active
07925888
ABSTRACT:
A virus detection system (VDS) (400) operates under the control of P-code to detect the presence of a virus in a file (100) having multiple entry points. P-code is an intermediate instruction format that uses primitives to perform certain functions related to the file (100). The VDS (400) executes the P-code, which provides Turing-equivalent capability to the VDS. The VDS (400) has a P-code data file (410) for holding the P-code, a virus definition file (VDF) (412) for holding signatures of known viruses, and an engine (414) for controlling the VDS. The engine (414) contains a P-code interpreter (418) for interpreting the P-code, a scanning module (424) for scanning regions of the file (100) for the virus signatures in the VDF (412), and an emulating module (426) for emulating entry points of the file. When executed, the P-code examines the file (100), posts (514) regions that may be infected by a virus for scanning, and posts (518) entry points that may be infected by a virus for emulating. The P-code can also detect (520) certain viruses algorithmically. Then, the posted regions and entry points of the file (100) are scanned (526) and emulated (534) to determine if the file is infected with a virus. This technique allows the VDS (400) to perform sophisticated analysis of files having multiple entry points in a relatively brief amount of time. In addition, the functionality of the VDS (400) can be changed by changing the P-code, reducing the need for burdensome engine updates.
REFERENCES:
patent: 5386523 (1995-01-01), Crook et al.
patent: 5398196 (1995-03-01), Chambers
patent: 5696822 (1997-12-01), Nachenberg
patent: 5796989 (1998-08-01), Morley et al.
patent: 5826013 (1998-10-01), Nachenberg
patent: 5842002 (1998-11-01), Schnurer et al.
patent: 5854916 (1998-12-01), Nachenberg
patent: 5881151 (1999-03-01), Yamamoto
patent: 5960170 (1999-09-01), Chen et al.
patent: 5964889 (1999-10-01), Nachenberg
patent: 5999723 (1999-12-01), Nachenberg
patent: 6021510 (2000-02-01), Nachenberg
patent: 6067410 (2000-05-01), Nachenberg
patent: 6088803 (2000-07-01), Tso et al.
patent: 6094731 (2000-07-01), Waldin et al.
patent: 6311277 (2001-10-01), Takaragi et al.
patent: 6357008 (2002-03-01), Nachenberg
patent: WO 97/12322 (1997-03-01), None
Padawer, “Microsoft P-Code Technology,” [online]. Apr. 1992 [retrieved on Nov. 13, 2003]. Retrieved from the Internet: <URL: http://msdn.Microsoft.com/archive/en-us/dnarvc/html/msdn—c7pcode2.asp?frame=true.>, 6 pages.
“Frequently Asked Questions on Virus-L/comp.virus,” [online]. Oct. 9, 1995 [retrieved on Nov. 25, 2003]. Retrieved from the Internet: <URL: http://www.claws-and-paws.com/virus/faqs/vlfaq200.shtml>, 53 pages.
LeCharlier et al., “Dynamic Detection and Classification of Computer Viruses Using General Behavior Patterns,” Proceedings of the Fifth International Virus Bulletin Conference, Boston, Mass., Sep. 20-22, 1995, 22 pages.
McCanne et al., “The BSD Packet Filter: A new Architecture for User-level Packet Capture,” Preprint Dec. 19, 1992, 1993 Winter USENIX conference, San Diego, California, Jan. 25-29, 1993, 11 pages.
Leitold et al, “VIRus Searching and KILling Language.” Proceedings of the Second International Virus Bulletin Conference, Sep. 1992, 15 pages.
Taubes, “An Immune System for Cyberspace,” Think Research [online], vol. 34, No. 4, 1996 (retrieved on Dec. 15, 2003). Retrieved from the Internet: <URL: http://domino.research.ibm.com/comm./wwwr—thinkresearch.nsf/pages/antivirus496.html>, 9 pages.
Ször, “Memory Scanning Under Windows NT,” Virus Bulletin Conference, Sep. 1999, 22 pages.
Ször, “Attacks on Win32,” Virus Bulletin Conference, Oct. 1998, 84 pages.
Symantec, “Understanding Heuristics”, Symantec's Bloodhound Technology, 1997, Symantec White Paper Series, vol. XXXIV.
Trend Mirco, Inc., “Eliminating Viruses in the Lotus Notes Environment”, 1999, Trend Micro Product Paper.
Parkhouse, Jayne, “Pelican SafeTNet 2.0” [online], Jun. 2000. SC Magazine Product Review, [retrieved on Dec. 1, 2003]. Retrieved from the Internet: <URL: http://www.scmagazine.com/scmagazine/standalone/pelican/sc—pelican.html.
Callahan Paul
Fenwick & West LLP
Pyzocha Michael
Symantec Corporation
LandOfFree
Data driven detection of viruses does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Data driven detection of viruses, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Data driven detection of viruses will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2702154