Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-09-23
2002-06-04
Hayes, Gail (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S188000, C713S152000, C714S038110
Reexamination Certificate
active
06401210
ABSTRACT:
BACKGROUND
1. Field
The present invention relates generally to information processing systems and, more specifically, to management of files infected by a computer virus.
2. Description
In the past few years, computer viruses have caused damage to processing systems throughout the world. A computer virus is a program capable of operation on a system (such as a personal computer) that is self-replicating and that can “infect” other programs by modifying them or their environment such that a call to an infected program implies a call to a possibly evolved, and in most cases, functionally similar version of the virus. Detection, identification, and handling of computer viruses is the focus of commercial software products called “anti-virus” programs.
Anti-virus programs typically scan files on a processing system word by word or byte by byte to detect a virus by identifying a “signature string” of digital values in a file. The detection of a particular signature string indicates that identifiable virus code is present in the file. Once the virus is detected and identified, the anti-virus program responds in one of several ways. The anti-virus program may simply delete the file from the computer system, thereby removing the virus, but this action also destroys the file's original contents. This result may entail considerable and possibly irreparable damage to a user's data, programs or file systems. Alternatively, the anti-virus program may attempt to “clean” the infected file by removing virus code from the file, thereby restoring the file to its original functional state. A method often used to clean the file is to simply overwrite suspected virus code with a string of zeroes. This destroys the virus. However, if a virus is detected in error (e.g., a false positive is indicated by the anti-virus program) or the wrong bytes in the file are overwritten, then the attempt to clean the infected file results in the partial destruction of the original file. This may result in the file being unusable. If the attempt to clean the infected file fails, the infected file is usually deleted. In other cases, the anti-virus program (which may be frequently updated to handle newly discovered viruses) may not yet have the logic to clean the specific virus found in the infected file. Some anti-virus products may rename the infected file or move it to another storage location to reduce the probability of the file being accidentally used or transferred, so the virus will not be spread. However, both of these options leave the virus on the processing system in files accessible to the user and the virus may still be inadvertently spread if the file is executed or transferred to another processing system.
Thus, existing anti-virus techniques are deficient in how they manage files containing computer viruses.
SUMMARY
An embodiment of the present invention is a method of managing a file infected by at least one computer virus. The method includes creating a first file in a directory, copying the virus infected file to the first file, scrambling the contents of the first file, and deleting the virus infected file.
Another embodiment of the present invention is a system for managing computer virus infected files. The system includes scrambler logic to scramble the contents of a virus infected file to produce a scrambled virus infected file, a virus bin to safely store the scrambled virus infected file, and unscrambler logic to unscramble the scrambled virus infected file to reproduce the virus infected file.
REFERENCES:
patent: 5485575 (1996-01-01), Chess et al.
patent: 5613002 (1997-03-01), Kephart et al.
patent: 5623600 (1997-04-01), Ji et al.
patent: 5918008 (1999-06-01), Togawa et al.
patent: 6067410 (2000-05-01), Nachenberg
patent: 6108799 (2000-08-01), Boulay et al.
Hayes Gail
Skabrat Steven P.
Song Ho S.
LandOfFree
Method of managing computer virus infected files does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method of managing computer virus infected files, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method of managing computer virus infected files will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2938194