Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2002-02-08
2004-08-03
Morse, Gregory (Department: 2137)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S151000, C713S153000, C713S154000, C714S015000, C370S902000
Reexamination Certificate
active
06772345
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to a method, system, and computer program product for detecting computer malwares that scans network traffic at the protocol level.
BACKGROUND OF THE INVENTION
As the popularity of the Internet has grown, the proliferation of computer malware has become more common. A typical computer malware is a program or piece of code that is loaded onto a computer and/or performs some undesired actions on a computer without the knowledge or consent of the computer operator. The most widespread, well-known and dangerous type of computer malware are computer viruses, that is, programs or pieces of code that replicate themselves and load themselves onto other connected computers. Once the virus has been loaded onto the computer, it is activated and may proliferate further and/or damage the computer or other computers.
Along with the proliferation of computer viruses and other malware has come a proliferation of software to detect and remove such viruses and other malware. This software is generically known as anti-virus software or programs. In order to detect a virus or other malicious program, an anti-virus program typically scans files stored on disk in a computer system and/or data that is being transferred or downloaded to a computer system, or that is being accessed on a computer system, and compares the data being scanned with profiles that identify various kinds of malware. The anti-virus program may then take corrective action, such as notifying a user or administrator of the computer system of the virus, isolating the file or data, deleting the file or data, etc.
Typically, anti-virus programs scan data that is being transferred or downloaded to a computer system for computer malwares at the operating system level. In other words, the data is scanned after the data is output from the communications protocols and drivers and is available to application programs running on the computer system. While this level of scanning is adequate to detect many of the malwares in existence, operating system level scanning may not successfully block the spread of all malwares. For example, the well-known “Nimbda” and “CodeRed” malwares may have already replicated themselves by the time they are detected by an operating system level scan.
A need arises for a technique by which malware scanning of data that is being transferred or downloaded to a computer system can be performed so as to block the spread of malwares that may not be blocked by operating system level scanning.
SUMMARY OF THE INVENTION
The present invention is a method, system, and computer program product for malware scanning of data that is being transferred or downloaded to a computer system that is performed at the protocol level. The present invention is capable of blocking the spread of malwares that may not be blocked by operating system level scanning. In one embodiment of the present invention, a method of detecting a malware comprises the steps of: a) receiving a data stream, b) scanning the data stream at a protocol level to detect a malware, c) removing the detected malware from the data stream, and d) transmitting the data stream without the malware. The data stream may be received from a communications network. The communications network may be the Internet. The protocol level may include a protocol including at least one of: Post Office Protocol, HyperText Transfer Protocol, File Transfer Protocol, Trivial File Transfer Protocol, Simple Mail Transfer Protocol, Internet Message Access Protocol, or Network News Transfer Protocol.
In one aspect of the present invention, steps a)-d) are performed on a workstation computer system. The receiving step may comprise the step of receiving a data stream from a local area network or a wide area network connected to the workstation computer system. The transmitting step may comprise the step of transmitting the data stream without the malware to an operating system and/or application programs running on the workstation computer system. The protocol level may includes a protocol including at least one of Post Office Protocol, HyperText Transfer Protocol, File Transfer Protocol, Trivial File Transfer Protocol, Simple Mail Transfer Protocol, Internet Message Access Protocol, or Network News Transfer Protocol.
In one aspect of the present invention, steps a)-d) are performed on a gateway computer system. The receiving step may comprise the step of receiving a data stream from a network to the gateway computer system or from a network via a router/firewall connected to the gateway computer system. The transmitting step may comprise the step of transmitting the data stream without the malware to a computer system via a local area network or a wide area network connected to the gateway computer system. The protocol level may include a protocol including at least one of Post Office Protocol, HyperText Transfer Protocol, File Transfer Protocol, Trivial File Transfer Protocol, Simple Mail Transfer Protocol, Internet Message Access Protocol, or Network News Transfer Protocol.
REFERENCES:
patent: 5319776 (1994-06-01), Hile et al.
patent: 5559883 (1996-09-01), Williams
patent: 5606668 (1997-02-01), Shwed
patent: 5623600 (1997-04-01), Ji et al.
patent: 5835726 (1998-11-01), Shwed et al.
patent: 5884025 (1999-03-01), Baehr et al.
patent: 5889943 (1999-03-01), Ji et al.
patent: 5935245 (1999-08-01), Sherer
patent: 5960170 (1999-09-01), Chen et al.
patent: 6131163 (2000-10-01), Wiegel
Netscape Communications: “Protocol Plug-in Programming Guide,” Published 1999 <http://developer.netscape.com/docs/manuals>.*
Netscape Communications: “Messaging Server Administrators Guide,” Published 1999 <http://developer.netscape.com/docs/manuals>.
Callahan Paul
Hamaty Christopher J.
Morse Gregory
Networks Associates Technology Inc.
Swidler Berlin Shereff & Friedman, LLP
LandOfFree
Protocol-level malware scanner does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Protocol-level malware scanner, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Protocol-level malware scanner will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3342566