Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-12-01
2004-04-27
Moise, Emmanuel L. (Department: 2133)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C714S026000, C714S038110
Reexamination Certificate
active
06728886
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates to methods and apparatuses for detecting viruses that may be transferred between a distributed computer network, such as the Internet, and a host computer connected thereto. More particularly, the present invention relates to improved techniques for permitting a host computer to perform its own virus scanning on HTTP transferred data using executables downloaded to its browser upon startup.
With the rising popularity of the Internet, there are now millions of users connecting to the Internet daily from their host computers to conduct e-commerce transactions, perform searches for information and/or download executable programs to enhance the capability and performance of their own host computers. The interaction between these users and the other host servers on the Internet generally involves the transfer of some amount of data, which may include both static displayable information and executable codes. Generally speaking, static displayable information refers to static information to be displayed at the host computer while executable codes or executables refer to computer instructions configured to be executed at the host computer to perform some task thereat.
In general, the vast majority of the downloadable data from the Internet represents useful or at least non-harmful content material. However, there exists a class of executable codes which, if downloaded and executed at host computers, may wreak havoc with the operating system, the hardware, and/or other software of the host computers. These executable codes are popularly known as viruses.
To combat viruses, users and administrators of computer networks (such as corporate local area networks or wide area networks) have long employed a variety of tools designed to detect and block the downloading of harmful viruses from the Internet. In a corporate local area network (LAN), for example, network administrators may employ proxy servers, which are disposed between the host computers of the LAN and the Internet, to perform virus scanning and blocking. By channeling the data transfers between the host computers of the LAN and the Internet through proxy servers, and performing virus scanning at the proxy servers, viruses may be removed from the transferred data prior to reaching the host computers where they may cause harm.
To illustrate,
FIG. 1
depicts, in a simplified schematic format, a corporate environment
102
within which multiple host computers
104
,
106
, and
108
are interconnected via a local area network (LAN)
110
. LAN
110
, in addition to allowing the host computers to exchange data among themselves and/or other I/O devices or storage devices connected thereto, also facilitates data transfer between the host computers and the distributed computer network
112
(such as the Internet). As shown in
FIG. 1
, a proxy server
114
is interposed between LAN
110
and distributed computer network
112
to monitor data transfers between distributed computer network
112
and the host computers connected to LAN
110
.
In the current art, one of the more popular application protocols for data transfers via the world wide web (WWW) is the Hypertext Transfer Protocol (HTTP). Thus, for data transfers via the world wide web, proxy server
114
typically implements the HTTP protocol. There is also shown in proxy server
114
a scan engine
116
, representing the software and/or hardware portion configured to detect viruses that may be present in the HTTP data transfers. When a host computer, such as host computer
104
, wishes to download data from one of the web servers connected to distributed computer network
112
, e.g., one of web servers
120
,
122
, or
124
, the data transfer therefrom traverses proxy server
114
and is scanned by scan engine
116
to ensure that the data transfer is free of viruses.
Although the virus detection arrangement of
FIG. 1
performs quite well for some corporate environments, it is recognized that, for some other corporate environments or individual users, it may not be desirable to perform virus scanning only at one or more proxy servers interposed between the host computers and the Internet. This is particularly true in cases where no separate central scan engine/proxy server is available or where there is a large number of host computers connected to each scan engine/proxy server. The latter situation may occur in, for example, organizations that employ few proxy servers, for economic or maintenance-related reasons, for a large number of users. In this situation, a few scan engine/proxy servers must perform virus scanning for a high volume of transferred data associated with a large number of host computers, resulting in a high server load and/or long delays for the data transfers. The high server load and/or long delay problems are compounded if some or most of the data transfers involve the transfers of large or multimedia files, which are increasingly offered as high speed, broad band technologies become more accessible.
One way to alleviate the bottleneck associated with the centralized virus scanning arrangement of
FIG. 1
involves the use of more powerful centrally located proxy servers. However, this solution tends to be uneconomical since powerful computers tend to be specialized and expensive. Other products such as ViruScan (version 4.0.3, for example) by Network Associates of Santa Clara, Calif. employ the host computers themselves to perform the virus scanning. This approach has the advantage of leveraging on the processing and I/O resources of the host computers themselves to perform virus scanning, thereby relieving the processing bottleneck and the concomitant data transfer delays associated with centralized virus scanning arrangements. However, these products tend to be file-based, i.e., they operate by invoking file system hooks for detecting viruses residing in the persistent storage areas of the host computers (e.g., the hard or floppy drives). If the virus is not saved onto the persistent storage areas but is instead executed from the host computer's high speed, volatile memory after downloading, these file-based virus detection products tend to be ineffective. Such products cannot generally deal with network traffic directly.
A further disadvantage associated with the prior art file-based virus detection arrangement (such as the aforementioned VirusScan) relates to the requirement that the user or network administrator must manually install each copy on each host machine. Furthermore, because new viruses are introduced every now and then, the user or network administrator must also perform maintenance and upgrade frequently at each host machine to ensure that the virus detection program is properly updated to detect the latest viruses. As can be appreciated by those skilled in the art, such a requirement disadvantageously increases the workload of the human network administrators and/or leaves open the possibility that the virus scanning products are not always timely updated to detect the latest viruses.
In view of the foregoing, there are desired improved techniques for enabling distributed virus scanning on data transfers between a distributed computer network and the host computers. The improved distributed virus scanning techniques preferably employ the processing and I/O resources of the host computers themselves to alleviate processing bottleneck issues associated with the centralized virus scanning approach while substantially eliminating the burden of maintaining and updating the scanning product at each host computer individually.
SUMMARY OF THE INVENTION
The present invention relates to at least one method and apparatus for detecting viruses that may be transferred between a distributed computer network, such as the Internet, and a host computer connected thereto. More particularly, the present invention relates to improved techniques for permitting a host computer to perform its own virus scanning on HTTP transferred data using executables downloaded to its browser upon startup.
Acco
Ji Shuang
Tao Renkui
Beyer Weaver & Thomas LLP
Moise Emmanuel L.
Trend Micro Incorporated
LandOfFree
Distributed virus scanning arrangements and methods therefor does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Distributed virus scanning arrangements and methods therefor, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Distributed virus scanning arrangements and methods therefor will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3240252