Error detection/correction and fault detection/recovery – Data processing system error or fault handling – Reliability and availability
Reexamination Certificate
2000-01-11
2001-07-31
Shalwala, Bipin (Department: 2673)
Error detection/correction and fault detection/recovery
Data processing system error or fault handling
Reliability and availability
C713S152000
Reexamination Certificate
active
06269456
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to computer systems and computer networks. In particular, the present invention relates to a method and system for maintaining and updating antivirus applications in computers attached to a computer network.
BACKGROUND OF THE INVENTION
The generation and spread of computer viruses is a major problem in modern day computing. Generally, a computer virus is a program that is capable of attaching to other programs or sets of computer instructions, replicating itself, and performing unsolicited or malicious actions on a computer system. Generally, computer viruses are designed to spread by attaching to floppy disks or data transmissions between computer users, and are designed to do damage while remaining undetected. The damage done by computer viruses may range from mild interference with a program, such as the display of an unwanted political message in a dialog box, to the complete destruction of data on a user's hard drive. It is estimated that new viruses are created at a rate of over 100 per month.
A variety of programs have been developed to detect and destroy computer viruses. As is known in the art, a common method of detecting viruses is to use a virus scanning engine to scan for known computer viruses in executable files, application macro files, disk boot sectors, etc. Generally, computer viruses are comprised of binary sequences called “virus signatures.” Upon the detection of a virus signature by the virus scanning engine, a virus disinfection program may then be used to extract the harmful information from the infected code, thereby disinfecting that code. Common virus scanning software allows for boot-sector scanning upon system bootup, on-demand scanning at the explicit request of the user, and/or on-access scanning of a file when that file is accessed by the operating system or an application.
In order to detect computer viruses, a virus scanning engine is generally provided in conjunction with one or more files called “virus signature files”. The virus scanning engine scans a user's computer files via a serial comparison of each file against the virus signature files. Importantly, if the signature of a certain virus is not contained in any of the virus signature files, that virus will not be detected by the virus scanning engine.
By way of example, and not by way of limitation, one leading antivirus program and its accompanying virus signature files is described. It is emphasized that this example is presented only for clarity of presentation, and does not limit the scope or context of the preferred embodiments to certain software packages, software types, or operating system types. Indeed, the preferred embodiments are advantageously applied to many different types of antivirus software programs on many different types of operating systems and computing configurations.
A leading antivirus application, produced by McAfee Associates, is called VirusScan™. VirusScan™ is a software application offered for sale in a variety of outlets and forms. VirusScan™ is accompanied by documentation in printed form (see, e.g., “VirusScan Quick Start Guide”, McAfee Associates 1997, accompanying the CD-ROM version of VirusScan for Windows 95, NT, 3.1x, DOS and OS/2), in computer-readable form (see, e.g., the directory \MANUALS on the CD-ROM version of VirusScan for Windows 95, NT, 3.1x, DOS and OS/2), and on the World Wide Web at http://www.mcafee.com. The contents of these documents are hereby incorporated by reference into the present application.
In one form, the VirusScan™ application is adapted for use on a user's client computer running on a Windows 95™ platform. A main routine used by this antivirus application is “SCAN.EXE”, a program file that is typically placed in the directory C:\PROGRAM_FILES\MCAFEE\VIRUSSCAN on the user's hard drive. The program SCAN.EXE is adapted to be used for any of the following types of virus scanning: virus scanning of system boot-sectors at startup, on-demand virus scanning at the explicit request of the user, and on-access virus scanning of a file when that file is accessed by the operating system or an application. In the Windows 95™ environment, the Registry files are often modified such that SCAN.EXE is run at computer startup, and also remains resident for scanning all files upon file access.
In a typical configuration, VirusScan™ is used in conjunction with a set of virus signature files having the names CLEAN.DAT, MCALYZE.DAT, NAMES.DAT, and SCAN.DAT. As of McAfee's Oct. 15, 1997 release of version 3010 of its VirusScan™ signature file updates, these virus signature files collectively comprise over 1.6 MB of virus information.
In a typical configuration, the files CLEAN.DAT, MCALYZE.DAT, NAMES.DAT, and SCAN.DAT are also placed in the directory C:\PROGRAM_FILES\MCAFEE\VIRUSSCAN on the user's hard drive.
For purposes of clarity and simplicity in describing the background and preferred embodiments, this disclosure will refer to a generic antivirus program “Antivirus_Application.exe” and a generic antivirus signature file VIRUS_SIGNATURES.DAT.
Generally speaking, a recent trend is for manufacturers of antivirus applications to update their virus signature files VIRUS_SIGNATURES.DAT as new viruses are discovered and as cures for these viruses are developed, and to make these updated signature files available to users on a periodic basis (e.g. monthly, quarterly, etc.). For example, an antivirus program manufacturer may post the update file VIRUS_SIGNATURES.DAT on a bulletin board system, on an FTP (File Transfer Protocol) site, or on a World Wide Web site for downloading by users.
FIG. 1
illustrates one serious problem that arises from the constant onslaught of new v ruses.
FIG. 1
shows a flowchart of steps
100
which can occur when a typical user purchases and loads an antivirus program equipped with virus signature files, but neglects to keep its virus signature files current. At step
102
, on a first date such as Apr. 1, Year 0 (4/1/00), the user acquires and loads the antivirus application Antivirus_Application.EXE and the signature files VIRUS_SIGNATURES.DAT, the file VIRUS_SIGNATURES.DAT having a last-revised date, for example, of Feb. 1, 2000. At step
104
, the Antivirus_Application.exe routine and the VIRUS_SIGNATURES.DAT file are successfully run on the user's computer. The user, being satisfied that he or she has adequately protected the computer, does not update the VIRUS_SIGNATURES.DAT file.
However, in the meantime, as shown in
FIG. 1
at step
106
, on May 15, 2000 a third-party “hacker” develops and begins the distribution and spreading of BAD_APPLE.V, a new virus which replicates itself and destroys user data. At step
108
, on Jul. 15, 2000, the antivirus manufacturer who makes Antivirus_Application.exe discovers BAD_APPLE.V. At step
110
, that day the manufacturer develops a fix for BAD_APPLE.V and writes its virus signature (along with data to implement the fix) into the next release of VIRUS_SIGNATURES.DAT. At step
112
, the antivirus manufacturer releases an updated VIRUS_SIGNATURES.DAT dated Sep. 1, 2000. In addition to containing other virus signatures and fixes, the new VIRUS_SIGNATURES.DAT file contains the virus signature and fix for BAD_APPLE.V.
At step
114
, on Jan. 13, 2001, the user from step
104
finally becomes infected by the BAD_APPLE.DAT virus. For example, the user may have borrowed a floppy disk infected with BAD_APPLE.V from a friend, or may have downloaded an application infected with BAD_APPLE.V from the Internet. At that very time, at step
116
, the program Antivirus_Application.exe scans the infected program. However, at step
116
the BAD_APPLE.V virus goes undetected by Antivirus_Application.exe because the VIRUS_SIGNATURE.DAT file being used is an old one dated Feb. 1, 2000 and therefore it does not contain the virus signature for BAD_APPLE.V. Because it has remained undetected, at step
118
on Jan. 19, 2001, the BAD_APPLE.V virus destroys data on the
Hodges Vernon
O'Donnell Shawn
Network Associates, Inc.
Patel Nitin
Pennie & Edmonds LLP
Shalwala Bipin
LandOfFree
Method and system for providing automated updating and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for providing automated updating and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for providing automated updating and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2484181