A storage device, having the function of coping with a computer virus which has the ability to prevent infection with a computer virus and properly deal with infection with a computer virus, comprises: an infection management table used to manage files stored on a disk to see if the files are infected with viruses; a table registering unit for receiving a result of detection from a virus checker for detecting if a file stored on a disk is infected with a virus, and for registering the result in the infection management table; a judging unit that when a use request is made externally for a file stored on the disk, references the infection management table so as to judge if the file is infected with a virus; and a prohibiting unit that when the judging unit judges that a file is infected with a virus, prohibits the use of the file.
|
0. 68. A method for performing an anti-virus operation, the method comprising:
detecting a virus-infected file using a computer;
in response to the detection of the virus-infected file prohibiting use of the virus-infected file by encoding the virus-infected file for security; and
storing the encoded virus infected file,
thereby in response to the detection of the virus-infected file, the virus-infected file is deleted and the encoded data is stored in another storage area different from a storage area in which the virus-infected file was stored.
0. 57. A computer readable storage medium controlling a computer by:
scanning a file for infection with a virus;
quarantining the file if infected with a virus; and
in response to a detection of the infection with the virus prohibiting use of the infected file by executing an encoding process for security that converts the infected file into encoded data,
thereby in response to the detection of the infection with the virus, the infected file is deleted and the encoded data is stored in another storage area different from a storage area in which the infected file was stored.
0. 58. A method comprising:
scanning a file for infection with a virus using a computer;
isolating the file from non-infected files, if the file is infected with a virus; and
in response to a detection of the infection with the virus prohibiting use of the infected file via executing an encoding process for security that converts the infected file into encoded data,
thereby in response to the detection of the infection with the virus, the infected file is deleted and the encoded data is stored in another storage area different from a storage area in which the infected file was stored.
0. 56. A method, comprising:
scanning a file for infection with a virus using a computer;
quarantining the file from non-infected files if the file is infected with a virus; and
in response to a detection of the infection with the virus prohibiting use of the infected file by executing an encoding process for security that converts the infected file into encoded data,
thereby in response to the detection of the infection with the virus, the infected file is deleted and the encoded data is stored in another storage area different from a storage area in which the infected file was stored.
0. 59. A method for performing an anti-virus operation, the method comprising:
detecting a virus-infected file in a storage device using a computer;
in response to the detection of the virus-infected file prohibiting use of the virus-infected file based upon converting for security the virus-infected file into encoded data; and
storing the encoded data of the virus-infected file,
thereby in response to the detection of the virus-infected file, the virus-infected file is deleted and the encoded data is stored in another storage area different from a storage area in which the virus-infected file was stored.
0. 69. A method for performing an anti-virus operation, the method comprising:
detecting a virus-infected file in a storage device using a computer;
in response to the detection of the virus-infected file converting for security the virus-infected file into encoded data; and
storing the encoded data of the virus infected file,
thereby in response to the detection of the virus-infected file, the virus-infected file is deleted and the encoded data is stored in another storage area different from a storage area in which the virus-infected file was stored and the converting into the encoded data prohibits use of the virus-infected file.
0. 52. An apparatus, comprising:
a virus scanner adapted to scan a file stored in a storage device for infection with a virus;
a quarantining device adapted to quarantine the file from non-infected files on the storage device, when the file is infected; and
a converting device adapted to in response to a detection of the infection with the virus prohibit use of the infected file based upon executing an encoding process for security that converts the infected file into encoded data,
thereby in response to the detection of the infection with the virus, the infected file is deleted and the encoded data is stored in another storage area different from a storage area in which the infected file was stored.
0. 55. An apparatus, comprising:
a storage device adapted to store a plurality of files and a status for each of the files indicating whether each of the files is infected with a virus;
a virus checking device adapted for selection of a file to be checked for infection with a virus; and
a converting device adapted to in response to a detection of the infection with the virus prohibit use of an infected file based upon executing an encoding process for security that converts the infected file into encoded data,
thereby in response to the detection of the infection with the virus, the infected file is deleted and the encoded data is stored in another storage area different from a storage area in which the infected file was stored.
0. 54. An apparatus comprising:
a storage device adapted to store a plurality of files and a status for each of the files indicating whether each of the files is infected with a virus;
a virus checking device adapted to select a file to be checked for infection with a virus;
a quarantining device adapted to quarantine an infected file on the storage device; and
a converting device adapted to in response to a detection of the infection with the virus prohibit use of the infected file based upon executing an encoding process for security that converts the infected file into encoded data,
thereby in response to the detection of the infection with the virus, the infected file is deleted and the encoded data is stored in another storage area different from a storage area in which the infected file was stored.
0. 1. A storage device, having the function of coping with a computer virus, which has the ability to deal with infection of a file stored on a disk with a virus, comprising:
an infection management table unit for registering virus infected files which are stored on said disk;
a virus checker for detecting if a file stored on said disk is infected with a virus, wherein the virus checker is activated at intervals of a specific period or in response to a command instruction;
a table registering unit for registering a result of detection from said virus checker in said infection management table unit;
a judging unit for judging if a file is infected with a virus in response to an external use request externally made for a file stored on said disk by referencing said infection management table unit; and
a prohibiting unit for prohibiting use of the externally requested file when said judging unit judges that the externally requested file is infected with a virus.
0. 2. A storage device having the function of coping with a computer virus according to
0. 3. A storage device having the function of coping with a computer virus according to
0. 4. A storage device having the function of coping with a computer virus according to
0. 5. A storage device having the function of coping with a computer virus according to
0. 6. A storage device having the function of coping with a computer virus according to
0. 7. A storage device having the function of coping with a computer virus according to
0. 8. A storage device having the function of coping with a computer virus according to
0. 9. A storage device having the function of coping with a computer virus according to
0. 10. A storage device having the function of coping with a computer virus according to
0. 11. A storage device having the function of coping with a computer virus according to
0. 12. A storage device having the function of coping with a computer virus according to
0. 13. A storage device having the function of coping with a computer virus according to
0. 14. A storage device having the function of coping with a computer virus according to
0. 15. A storage device having the function of coping with a computer virus according to
0. 16. A storage device having the function of coping with a computer virus according to
0. 17. A storage device having the function of coping with a computer virus according to
0. 18. A storage device having the function of coping with a computer virus according to
0. 19. A storage device having the function of coping with a computer virus according to
0. 20. A storage device having the function of coping with a computer virus according to
0. 21. A storage device having the function of coping with a computer virus according to
0. 22. A storage device having the function of coping with a computer virus according to
0. 23. A storage device having the function of coping with a computer virus according to
0. 24. A storage device having the function of coping with a computer virus according to
0. 25. A storage device having the function of coping with a computer virus according to
0. 26. A storage device having the function of coping with a computer virus according to
0. 27. A storage device, having the function of coping with a computer virus according to
0. 28. A storage device having the function of coping with a computer virus according to
0. 29. A storage device having the function of coping with a computer virus according to
0. 30. A storage device having the function of coping with a computer virus according to
a first managing unit for managing original information of files stored on said disk;
a second managing unit for managing differential information brought about modification concerning the files stored on said disk and history information concerning said differential information brought about due to modification; and
a file registering unit for merging the original information of a file managed by said first managing unit with the differential information brought about due to modification concerning the file which is managed by said second managing unit so as to produce a file, and for registering the produced file on said disk,
wherein said first managing unit manages original information that is confirmed not to be infected with a virus by said virus checker, and said second managing unit manages differential information brought about due to modification which is confirmed not to be infected with a virus by said virus checker.
0. 31. A storage device having the function of coping with a computer virus according to
a first managing unit for managing original information of files stored on said disk;
a second managing unit for managing differential information brought about modification concerning the files stored on said disk and history information concerning said differential information brought about due to modification; and
a file registering unit for merging the original information of a file managed by said first managing unit with the differential information brought about due to modification concerning the file which is managed by said second managing unit so as to produce a file, and for registering the produced file on said disk,
wherein as for a file which is stored on said disk, of which original information is not registered in said first managing unit, and of which differential information brought about due to modification is not registered in said second managing unit, said table registering unit judges that the file stored on said disk is infected with a virus and registers the fact in said infection management table unit.
0. 32. A storage device having the function of coping with a computer virus according to
a first managing unit for managing original information of files stored on said disk;
a second managing unit for managing differential information brought about modification concerning the files stored on said disk and history information concerning said differential information brought about due to modification; and
a file registering unit for merging the original information of a file managed by said first managing unit with the differential information brought about due to modification concerning the file which is managed by said second managing unit so as to produce a file, and for registering the produced file on said disk,
wherein said first managing unit manages original information of said virus checker, and said second managing unit manages differential information brought about due to modification concerning said virus checker and history information concerning the differential information brought about due to modification.
0. 33. A storage device having the function of coping with a computer virus according to
0. 34. A storage device having the function of coping with a computer virus according to
a first managing unit for managing original information of files stored on said disk;
a second managing unit for managing differential information brought about modification concerning the files stored on said disk and history information concerning said differential information brought about due to modification; and
a file registering unit for merging the original information of a file managed by said first managing unit with the differential information brought about due to modification concerning the file which is managed by said second managing unit so as to produce a file, and for registering the produced file on said disk,
wherein said first managing unit encodes and manages original information, and said second managing unit encodes and manages differential information brought about due to modification, further comprising a decoding unit for decoding encoded data managed by said first and second managing unit, and an encoding unit for executing inverse conversion that is inverse to conversion performed by said decoding unit.
0. 35. A storage device having the function of coping with a computer virus according to
a first managing unit for managing original information of files stored on said disk;
a second managing unit for managing differential information brought about modification concerning the files stored on said disk and history information concerning said differential information brought about due to modification;
a file registering unit for merging the original information of a file managed by said first managing unit with the differential information brought about due to modification concerning the file which is managed by said second managing unit so as to produce a file, and for registering the produced file on said disk; and
a saving unit for saving a virus-infected file that is registered in said infection management table unit and virus information concerning the file in an executable area, and a reading unit for reading information saved in said inexecutable area under the condition that permission information for permitting access to said inexecutable area is given.
0. 36. A storage device having the function of coping with a computer virus according to
a first managing unit for managing original information of files stored on said disk;
a second managing unit for managing differential information brought about modification concerning the files stored on said disk and history information concerning said differential information brought about due to modification;
a file registering unit for merging the original information of a file managed by said first managing unit with the differential information brought about due to modification concerning the file which is managed by said second managing unit so as to produce a file, and for registering the produced file on said disk; and
a restoring unit for deleting a virus-infected file, which is registered in said infection management table unit, from said disk, activating said file registering unit, thus restoring the file, and then registering the restored file on said disk,
wherein said first managing unit encodes and manages original information, and said second managing unit encodes and manages original information, and said second managing unit encodes and manages differential information brought about due to modification, further comprising a decoding unit for decoding encoded data managed by said first and second managing units, and an encoding unit for executing inverse conversion that is inverse to conversion performed by said decoding unit.
0. 37. A storage device having the function of coping with a computer virus according to
a first managing unit for managing original information of files stored on said disk;
a second managing unit for managing differential information brought about modification concerning the files stored on said disk and history information concerning said differential information brought about due to modification;
a file registering unit for merging the original information of a file managed by said first managing unit with the differential information brought about due to modification concerning the file which is managed by said second managing unit so as to produce a file, and for registering the produced file on said disk;
a restoring unit for deleting a virus-infected file, which is registered in said infection management table unit, from said disk, activating said file registering unit, thus restoring the file, and then registering the restored file on said disk; and
a saving unit for saving a virus-infected file that is registered in said infection management table unit and virus information concerning the file in an inexecutable area, and a reading unit for reading information saved in said inexecutable area under the condition that permission information for permitting access to said inexecutable area is given.
0. 38. A storage device, having the function of coping with a computer virus, which has the ability to deal with infection of a file stored on a disk with a virus, comprising:
an infection management table unit used to manage files stored on said disk to see if the files are infected with viruses;
a table registering unit for receiving a result of detection from a virus checker for detecting if a file stored on said disk is infected with a virus, and for registering the result in said infection management table unit;
a judging unit that, when a use request is made externally for a file stored on said disk, references said infection management table unit so as to judge if the file is infected with a virus;
a prohibiting unit that, when said judging unit judges that a file is infected with a virus, prohibits the use of the file, wherein when a writing request is issued for a system startup area stored on said disk, said table registering unit judges that a file which is stored on said disk and is a source of the writing request is infected with a virus, and registers the fact in said infection management table unit; and
a file registering unit for merging original information of a file managed by a first managing unit with differential information brought about due to modification concerning a file which is managed by a second managing unit so as to produce a produced file, and for registering the produced file on said disk.
0. 39. A storage device, having the function of coping with a computer virus, which has the ability to deal with infection of a file stored on a disk with a virus, comprising:
an infection management table unit used to manage files stored on said disk to see if the files are infected with viruses;
a table registering unit for receiving a result of detection from a virus checker for detecting if a file stored on said disk is infected with a virus, and for registering the result in said infection management table unit;
a judging unit that, when a use request is made externally for a file stored on said disk, references said infection management table unit so as to judge if the file is infected with a virus;
a prohibiting unit that, when said judging unit judges that a file is infected with a virus, prohibits the use of the file;
a saving unit for saving a virus-infected table unit and virus information concerning the file in an inexecutable area;
a reading unit for reading information saved in said inexecutable area under the condition that permission information for permitting access to said inexecutable area is given; and
a file registering unit for merging original information of a file managed by a first managing unit with differential information brought about due to modification concerning a file which is managed by a second managing unit so as to produce a produced file, and for registering the produced file on said disk.
0. 40. A storage device, having the function of coping with a computer virus, which has the ability to deal with infection of a file stored on a disk with a virus, comprising:
an infection management table unit used to manage files stored on said disk to see if the files are infected with viruses;
a table registering unit for receiving a result of detection from a virus checker for detecting if a file stored on said disk is infected with a virus, and for registering the result in said infection management table unit;
a judging unit that, when a use request is made externally for a file stored on said disk, references said infection management table unit so as to judge if the file is infected with a virus;
a prohibiting unit that, when said judging unit judges that a file is infected with a virus, prohibits the use of the file;
a first managing unit for managing original information of files stored on said disk;
a second managing unit for managing differential information brought about modification concerning the files stored on said disk and history information concerning said differential information brought about due to modification;
a file registering unit for merging the original information of a file managed by said first managing unit with the differential information brought about due to modification concerning the file which is managed by said second managing unit so as to produce a produced file, and for registering the produced file on said disk;
a restoring unit for deleting a virus-infected file, which is registered in said infection management table unit, from said disk, activating said file registering unit, thus restoring the file, and then registering the restored file on said disk.
0. 41. A storage device, having the function of coping with a computer virus, which has the ability to deal with infection of a file stored on a disk with a virus, comprising:
an infection management table unit used to manage files stored on said disk to see if the files are infected with viruses;
a table registering unit for internally receiving a result of detection from a virus checker which internally detects that a file stored on said disk is infected with a virus, and for registering the result in said infection management table unit;
a judging unit that, when a use request is made externally for a file stored on said disk, references said infection management table unit so as to judge if the file is infected with a virus;
a prohibiting unit that, when said judging unit judges that a file is infected with a virus, prohibits the use of the file; and
a file registering unit for merging original information of a file managed by a first managing unit with differential information brought about due to modification concerning a file which is managed by a second managing unit so as to produce a produced file, and for registering the produced file on said disk.
0. 42. A method of storing a computer program on a computer storage device, having the function of coping with a computer virus, which has the ability to deal with infection of a file stored on a disk with a virus, comprising the steps of:
managing files stored on said disk to see if the files are infected with viruses;
receiving a result of detection from a virus checker for detecting if a file stored on said disk is infected with a virus;
registering the result of detection;
referencing said infection management table unit so as to judge if the file is infected with a virus when a use request is made externally for a file stored on said disk;
prohibiting the use of the file when judging that a file is infected with a virus;
judging that a stored file on said disk is a source of the use request infected with a virus and registering when the use request is issued for a system startup area stored on said disks;
merging original information of a file managed by a first managing unit with differential information brought about due to modification concerning a file which is managed by a second managing unit so as to produce a produced file; and
registering the produced file on said disk.
0. 43. A method of storing a computer program on a computer storage device, having the function of coping with a computer virus, which has the ability to deal with infection of a file stored on a disk with a virus, comprising the steps of:
managing files stored on said disk to see if the files are infected with viruses;
receiving a result of detection from a virus checker for detecting if a file stored on said disk is infected with a virus;
registering the result of detection;
judging if the file is infected with a virus when a use request is made externally for a file stored on said disk;
prohibiting use of the infected file when judging that a file is infected with a virus;
saving a virus-infected table and virus information concerning the file in an inexecutable area;
reading information saved in said inexecutable area under the condition that permission information for permitting access to said inexecutable area is given;
merging original information of a file managed by a first managing unit with differential information brought about due to modification concerning a file which is managed by a second managing unit so as to produce a produced file; and
registering the produced file on said disk.
0. 44. A method of storing a computer program on a computer storage device, having the function of coping with a computer virus, which has the ability to deal with infection of a file stored on a disk with a virus, comprising the steps of:
managing files stored on said disk to see if the files are infected with viruses;
receiving a result of detection from a virus checker for detecting if a file stored on said disk is infected with a virus;
registering the result of detection;
judging if the file is infected with a virus when a use request is made externally for a file stored on said disk;
prohibiting the use of the file when judging that a file is infected with a virus;
managing original information of files stored on said disk;
managing differential information brought about by modification concerning the files stored on said disk and history information concerning said differential information brought about due to the modification;
merging the original information of a file managed by said first managing unit with the differential information brought about due to modification concerning the file which is managed by said second managing unit so as to produce a produced file;
registering the produced file on said disk;
deleting a registered virus-infected file from said disk, thus restoring the file; and
registering the restored file on said disk.
0. 45. A storage device, having the function of coping with a computer virus, which has the ability to deal with infection of a file stored on a disk with a virus, comprising:
an infection management table unit for registering virus infected files which are stored on said disk;
a virus checker for detecting if a file stored on said disk is infected with a virus, wherein the virus checker is activated at intervals of a specific period or in response to a command instruction;
a table registering unit for registering a result of detection from said virus checker in said infection management table unit;
a judging unit for judging if a file is infected with a virus in response to an external use request externally made for a file stored on said disk by referencing said infection management table unit;
a prohibiting unit for prohibiting use of the externally requested file when said judging unit judges that the externally requested file is infected with a virus;
a first managing unit for managing original information of files stored on said disk;
a second managing unit for managing differential information brought about modification concerning the files stored on said disk and history information concerning said differential information brought about due to modification; and
a file registering unit for merging the original information of a file managed by said first managing unit with the differential information brought about due to modification concerning the file which is managed by said second managing unit so as to produce a file, and for registering the produced file on said disk,
wherein said first managing unit manages original information that is confirmed not to be infected with a virus by said virus checker, and said second managing unit manages differential information brought about due to modification which is confirmed not to be infected with a virus by said virus checker.
0. 46. A storage device, having the function of coping with a computer virus, which has the ability to deal with infection of a file stored on a disk with a virus, comprising:
an infection management table unit for registering virus infected files which are stored on said disk;
a virus checker for detecting if a file stored on said disk is infected with a virus, wherein the virus checker is activated at intervals of a specific period or in response to a command instruction;
a table registering unit for registering a result of detection from said virus checker in said infection management table unit;
a judging unit for judging if a file is infected with a virus in response to an external use request externally made for a file stored on said disk by referencing said infection management table unit;
a prohibiting unit for prohibiting use of the externally requested file when said judging unit judges that the externally requested file is infected with a virus;
a first managing unit for managing original information of files stored on said disk;
a second managing unit for managing differential information brought about modification concerning the files stored on said disk and history information concerning said differential information brought about due to modification; and
a file registering unit for merging the original information of a file managed by said first managing unit with the differential information brought about due to modification concerning the file which is managed by said second managing unit so as to produce a file, and for registering the produced file on said disk,
wherein as for a file which is stored on said disk, of which original information is not registered in said first managing unit, and of which differential information brought about due to modification is not registered in said second managing unit, said table registering unit judges that the file stored on said disk is infected with a virus and registers the fact in said infection management table unit.
0. 47. A storage device, having the function of coping with a computer virus, which has the ability to deal with infection of a file stored on a disk with a virus, comprising:
an infection management table unit for registering virus infected files which are stored on said disk;
a virus checker for detecting if a file stored on said disk is infected with a virus, wherein the virus checker is activated at intervals of a specific period or in response to a command instruction;
a table registering unit for registering a result of detection from said virus checker in said infection management table unit;
a judging unit for judging if a file is infected with a virus in response to an external use request externally made for a file stored on said disk by referencing said infection management table unit;
a prohibiting unit for prohibiting use of the externally requested file when said judging unit judges that the externally requested file is infected with a virus;
a first managing unit for managing original information of files stored on said disk;
a second managing unit for managing differential information brought about modification concerning the files stored on said disk and history information concerning said differential information brought about due to modification; and
a file registering unit for merging the original information of a file managed by said first managing unit with the differential information brought about due to modification concerning the file which is managed by said second managing unit so as to produce a file, and for registering the produced file on said disk,
wherein said first managing unit manages original information of said virus checker, and said second managing unit manages differential information brought about due to modification concerning said virus checker and history information concerning the differential information brought about due to modification.
0. 48. A storage device, having the function of coping with a computer virus, which has the ability to deal with infection of a file stored on a disk with a virus, comprising:
an infection management table unit for registering virus infected files which are stored on said disk;
a virus checker for detecting if a file stored on said disk is infected with a virus, wherein the virus checker is activated at intervals of a specific period or in response to a command instruction;
a table registering unit for registering a result of detection from said virus checker in said infection management table unit;
a judging unit for judging if a file is infected with a virus in response to an external use request externally made for a file stored on said disk by referencing said infection management table unit;
a prohibiting unit for prohibiting use of the externally requested file when said judging unit judges that the externally requested file is infected with a virus;
a first managing unit for managing original information of files stored on said disk;
a second managing unit for managing differential information brought about modification concerning the files stored on said disk and history information concerning said differential information brought about due to modification; and
a file registering unit for merging the original information of a file managed by said first managing unit with the differential information brought about due to modification concerning the file which is managed by said second managing unit so as to produce a file, and for registering the produced file on said disk,
wherein said first managing unit encodes and manages original information, and said second managing unit encodes and manages differential information brought about due to modification, further comprising a decoding unit for decoding encoded data managed by said first and second managing unit, and an encoding unit for executing inverse conversion that is inverse to conversion performed by said decoding unit.
0. 49. A storage device, having the function of coping with a computer virus, which has the ability to deal with infection of a file stored on a disk with a virus, comprising:
an infection management table unit for registering virus infected files which are stored on said disk;
a virus checker for detecting if a file stored on said disk is infected with a virus, wherein the virus checker is activated at intervals of a specific period or in response to a command instruction;
a table registering unit for registering a result of detection from said virus checker in said infection management table unit;
a judging unit for judging if a file is infected with a virus in response to an external use request externally made for a file stored on said disk by referencing said infection management table unit;
a prohibiting unit for prohibiting use of the externally requested file when said judging unit judges that the externally requested file is infected with a virus;
a first managing unit for managing original information of files stored on said disk;
a second managing unit for managing differential information brought about modification concerning the files stored on said disk and history information concerning said differential information brought about due to modification;
a file registering unit for merging the original information of a file managed by said first managing unit with the differential information brought about due to modification concerning the file which is managed by said second managing unit so as to produce a file, and for registering the produced file on said disk; and
a saving unit for saving a virus-infected file that is registered in said infection management table unit and virus information concerning the file in an executable area, and a reading unit for reading information saved in said inexecutable area under the condition that permission information for permitting access to said inexecutable area is given.
0. 50. A storage device, having the function of coping with a computer virus, which has the ability to deal with infection of a file stored on a disk with a virus, comprising:
an infection management table unit for registering virus infected files which are stored on said disk;
a virus checker for detecting if a file stored on said disk is infected with a virus, wherein the virus checker is activated at intervals of a specific period or in response to a command instruction;
a table registering unit for registering a result of detection from said virus checker in said infection management table unit;
a judging unit for judging if a file is infected with a virus in response to an external use request externally made for a file stored on said disk by referencing said infection management table unit;
a prohibiting unit for prohibiting use of the externally requested file when said judging unit judges that the externally requested file is infected with a virus;
a first managing unit for managing original information of files stored on said disk;
a second managing unit for managing differential information brought about modification concerning the files stored on said disk and history information concerning said differential information brought about due to modification;
a file registering unit for merging the original information of a file managed by said first managing unit with the differential information brought about due to modification concerning the file which is managed by said second managing unit so as to produce a file, and for registering the produced file on said disk;
a restoring unit for deleting a virus-infected file, which is registered in said infection management table unit, from said disk, activating said file registering unit, thus restoring the file, and then registering the restored file on said disk,
wherein said first managing unit encodes and manages original information, and said second managing unit encodes and manages original information, and said second managing unit encodes and manages differential information brought about due to modification, further comprising a decoding unit for decoding encoded data managed by said first and second managing unit, and an encoding unit for executing inverse conversion that is inverse to conversion performed by said decoding unit.
0. 51. A storage device, having the function of coping with a computer virus, which has the ability to deal with infection of a file stored on a disk with a virus, comprising:
an infection management table unit for registering virus infected files which are stored on said disk;
a virus checker for detecting if a file stored on said disk is infected with a virus, wherein the virus checker is activated at intervals of a specific period or in response to a command instruction;
a table registering unit for registering a result of detection from said virus checker in said infection management table unit;
a judging unit for judging if a file is infected with a virus in response to an external use request externally made for a file stored on said disk by referencing said infection management table unit;
a prohibiting unit for prohibiting use of the externally requested file when said judging unit judges that the externally requested file is infected with a virus;
a first managing unit for managing original information of files stored on said disk;
a second managing unit for managing differential information brought about modification concerning the files stored on said disk and history information concerning said differential information brought about due to modification;
a file registering unit for merging the original information of a file managed by said first managing unit with the differential information brought about due to modification concerning the file which is managed by said second managing unit so as to produce a file, and for registering the produced file on said disk;
a restoring unit for deleting a virus-infected file, which is registered in said infection management table unit, from said disk, activating said file registering unit, thus restoring the file, and then registering the restored file on said disk; and
a saving unit for saving a virus-infected file that is registered in said infection management table unit and virus information concerning the file in an inexecutable area, and a reading unit for reading information saved in said inexecutable area under the condition that permission information for permitting access to said inexecutable area is given.
0. 53. The method according to claim 52 wherein the other storage area as a quarantine is an inexecutable area.
0. 60. The method according to claim 59 further comprising:
executing inverse conversion of said encoded data for restoring the virus-infected file.
0. 61. The method according to claim 59 further comprising:
registering virus information of the virus-infected file in an infection management table.
0. 62. The method according to claim 61 further comprising:
outputting the virus information for a virus analysis.
0. 63. The method according to claim 61, further comprising:
deleting the virus information of the virus-infected file registered in the infection management table through an interactive process.
0. 64. The method according to claim 61 wherein the virus information contains a virus name and a storage location in which the virus-infected file was stored.
0. 65. The method according to claim 59 wherein an operation of said detecting is activated periodically or activated in response to a command instruction.
0. 66. The method according to claim 59 wherein the encoded data is stored in a different storage area from a storage area in which the virus-infected file was stored.
0. 67. The method according to claim 59 wherein the encoded data is stored in a storage area which cannot be accessed readily.
0. 70. The method according to claim 69, wherein the use comprises executing.
|
1. Field of the Invention
The present invention relates to a storage device having a function for coping with a computer virus that has the ability to prevent infection with a computer virus and to properly deal with infection with a computer virus.
In recent years, computer systems using computer programs have prevailed in enterprises, households, and the like. Accordingly, the number of occurrences of computer viruses that destroy or damage the computer systems and that have an auto-proliferation ability has tended to increase markedly.
In particular, recently-procurable personal computers are interconnected over a network such as a local area network (LAN) and adopt the configuration enabling information exchange through data communications. The fear that a computer virus (hereinafter abbreviated to a virus) residing in one personal computer spreads into the other personal computers connected over the network is becoming more and more serious.
This makes it necessary to construct a storage device having the ability to freely use files while preventing the breeding of a virus and to delete a file infected with a virus or restore the infected file into an uninfected state.
2. Description of the Related Art
For a clear understanding of problems concerning viruses destroying computer systems, infection with a virus in a typical storage device will be described with reference to
A storage device 100 basically comprises, as shown in
The storage device 100 having the foregoing components is designed to be directly accessed by a driver under the control of an operating system in the personal computer 110 comprising a CPU 112 for processing various kinds of data, a RAM 114 for storing various kinds of data and programs, a ROM 116, and the like. In other words, the storage device yields such an environment in which; a file expanded in the personal computer 110, one running can readily destroy other files stored in the storage device.
On the other hand, a virus that intrudes from an external unit into a file via a LAN adapter 130, keyboard 140, display 150, or the like rewrites another file using a physical address of the file which is indicated by low-order address bits, or rewrites a system startup area such as a bootstrap using a physical address of the system startup area which is indicated by low-order address bits, and thus destroys an original program.
This poses a problem that files stored in a storage device are readily infected with a virus.
In an effort to cope with the above problem, a prior art system design is adopted such that if a virus checker (not shown) expanded in the personal computer 110 finds a file infected with a virus from among files expanded on the disk 105 in the storage device 100, all the files expanded on the disk are cleared and then originals of the files are installed again.
However, in the prior art, it is detected whether any of the files expanded on a disk in a storage device is infected with a virus. If any of the files is infected, the file is treated properly. The prior art does not adopt a method of actively preventing infection with a virus. There is therefore a problem that files expanded on the disk in the storage device are readily infected with a virus.
Moreover, in the prior art, when it is detected that any of files expanded on a disk in a storage device is infected with a virus, all the files expanded on the disk are cleared and then originals of the files are installed again. This poses a problem that a user is obliged to incur an enormous work load.
In the prior art, a file judged to be infected with a virus is cleared in its entirety. It cannot be analyzed as to what kind of virus destroyed the file. This poses a problem in that an anti-virus measure cannot be examined.
In view of the above-described problems, an object of the present invention is to provide a storage device having a function, for coping with a computer virus which has the ability to prevent infection with a virus and to properly deal with an infection of a virus.
To solve the above problems, a storage device having a function for coping with a computer virus in accordance with the present invention comprises: an infection management table means used to manage files stored on a disk and to see if the files are infected with a virus; a table registering means for receiving a result of detection from a virus checker for detecting if a file stored on the disk is infected with a virus, and for registering the result in the infection management table means; a judging means that when a use request is made externally for a file stored on the disk, references the infection management table means so as to judge if the file is infected with a virus; and a prohibiting means that when the judging means has judged that a file is infected with a virus, prohibits the use of the file.
In the storage device having the function of coping with a computer virus in accordance with the present invention, preferably, the virus checker is designed to be run by the storage device having a function for coping with a computer virus.
Furthermore, in the storage device having the function of coping with a computer virus in accordance with the present invention, the virus checker is designed to be activated at intervals of a specific cycle.
More preferably, in the storage device having the function of coping with a computer virus in accordance with the present invention, the virus checker is designed to be activated in response to a command instruction.
More preferably, in the storage device having the function of coping with a computer virus in accordance with the present invention, when a writing request is issued for a system startup area stored on a disk, the table registering means judges that a file which is stored on the disk and is a source of the writing request is infected with a virus and that registers the fact in the infection management table means.
More preferably, the storage device having the function of coping with a computer virus in accordance with the present invention includes an invalidating means that when a writing request is issued for the system startup area stored on the disk, invalidates the writing request.
More preferably, the storage device having the function of coping with a computer virus in accordance with the present invention includes a dedicated writing means for executing writing for the system startup area stored on the disk. When a writing request is issued for the system startup area stored on the disk, if the writing request specifies the use of the writing means, the invalidating means does not invalidate the writing request.
More preferably, in the storage device having the function of coping with a computer virus in accordance with the present invention, when a writing request is issued for an executable file stored on a disk, the table registering means judges that a file which is stored on the disk and is a source of the writing request is infected with a virus and registers the fact in the infection management table means.
More preferably, the storage device having the function of coping with a computer virus in accordance with the present invention includes a permitting means for determining whether a writing request made for a file that is registered as a virus-infected file by the table registering means and that is running should be permitted.
More preferably, in the storage device having the function of coping with a computer virus in accordance with the present invention, when a writing request is permitted by the permitting means, if a file that is a destination of the writing request is rewritten, the table registering means judges that the file which is the destination of the writing request is also infected with a virus and registers the fact in the infection management table means.
More preferably, in the storage device having the function of coping with a computer virus in accordance with the present invention, when the size of a file is varied by running the file, the table registering means judges that the file stored on the disk is infected with a virus and registers the fact in the infection management table means.
More particularly, in the storage device having the function of coping with a computer virus in accordance with the present invention, although a file stored on the disk is judged to be an executable file in terms of the file name, if the file is declared to be a data file, the table registering means judges that the file stored on the disk is infected with a virus and registers the fact in the infection management table means.
More preferably, the storage device having the function of coping with a computer virus in accordance with the present invention includes a determining means for determining through interactive processing whether the use of a virus-infected file that is registered in the infection management table means should be permitted. The prohibiting means does not prohibit the use of a file which is permitted by the determining means.
More preferably, the storage device having the function of coping with a computer virus in accordance with the present invention includes: a first managing means for managing original information of files stored on a disk; a second managing means for managing differential information brought about due to modification concerning the files stored on a disk, and history information concerning the differential information brought about due to modification; and a file registering means for merging the original information of a file which is managed by the first managing means and the differential information brought about due to modification which is managed by the second managing means so as to produce a file, and then registering the produced file on the disk.
More preferably, in the storage device having the function of coping with a computer virus in accordance with the present invention, the first managing means manages original information that is confirmed not to be infected with a virus by the virus checker, and the second managing means manages differential information brought about due to modification which is confirmed not to be infected with a virus by the virus checker.
More preferably, in the storage device having the function of coping with a computer virus in accordance with the present invention, as for a file which is stored on the disk, of which original information is not registered in the first managing means, and of which differential information brought about due to modification is not registered in the second managing means, the table registering means judges that the file stored on the disk is infected with a virus, and then registers the fact in the infection management table means.
More preferably, the storage device having the function of coping with a computer virus in accordance with the present invention includes a restoring means for deleting a virus-infected file that is registered in the infection management table means from the disk, activating the file registering means, thus restoring the file, and then registering the file on the disk.
More preferably, in the storage device having the function of coping with a computer virus in accordance with the present invention, the first managing means manages original information of the virus checker, and the second managing means manages differential information brought about due to modification concerning the virus checker and history information concerning the differential information brought about due to modification. The storage device includes a generating means for merging the original information of a virus checker which is managed by the first managing means with the differential information brought about due to modification concerning a virus checker which is managed by the second managing means so as to reproduce the virus checker.
More preferably, in the storage device having the function of coping with a computer virus in accordance with the present invention, the generating means generates a virus checker at the time of running a virus checker.
More preferably, in the storage device having the function of coping with a computer virus in accordance with the present invention, the first managing means encodes and manages original information, and the second managing means encodes and manages differential information brought about due to modification. The storage device includes a decoding means for decoding encoded data managed by the first and second managing means, and an encoding means for executing inverse conversion that is inverse to conversion performed by the decoding means.
More preferably, the storage device having the function of coping with a computer virus in accordance with the present invention includes a saving means for saving a virus-infected file that is registered in the infection management table means and virus information concerning the file in an inexecutable area, and a reading means for reading the information saved in the inexecutable area under the condition that permission information for permitting access to the inexecutable area is given.
In the storage device having the function of coping with a computer virus in accordance with the present invention, the table registering means registers a virus-infected file detected by the virus checker in the infection management table means.
Furthermore, when a writing request is issued for a system startup area stored on a disk, since a normal file will not issue such a writing request, the table registering means judges that a file which is a source of the writing request is infected with a virus, and registers the fact in the infection management table means. This is intended to treat new, malign, or unusual kinds of viruses that cannot be detected by the virus checker. At this time, when a writing request is issued, the invalidating means invalidates the writing request. When the writing means is included, if the writing request specifies the use of the writing means, the invalidating means does not invalidate the writing request.
Moreover, when a writing request is issued for an executable file stored on a disk, since a normal file will not issue such a writing request, the table registering means judges that a file which is a source of the writing request is infected with a virus and registers the fact in the infection management table means. The permitting means determines through interactive processing whether the writing request should be permitted. When the permitting means permits the writing request, since the file is rewritten, the table registering means judges that the file which is stored on the disk and is a destination of the writing request is also infected with the virus and registers the fact in the infection management table means.
When the size of a file is varied by running the file, the table registering means judges that the file stored on the disk is infected with a virus and registers the fact in the infection management table means.
Although a file stored on a disk is judged to be an executable file in terms of the file name, if the file is declared to be a data file, the table registering means judges that the file stored on the disk is infected with a virus and registers the fact in the infection management table means.
As for a file which is stored on a disk, of which original information is not registered in the first managing means, and of which differential information brought about due to modification is not registered in the second managing means, the table registering means judges that the file stored on the disk is infected with a virus and registers the fact in the infection management table means.
As mentioned above, when a virus-infected file is registered in the infection management table means, if a data processing unit makes a use request for the file stored on the disk, the judging means references the infection management table means so as to judge if the file for which the use request is made is infected with a virus. On receipt of a result of the judgment, the prohibiting means prohibits the use of the file that is judged to be infected with a virus. At this time, the prohibiting means does not prohibit the use of a file which is permitted by the determining means.
The saving means saves, that is, stores temporarily a virus-infected file whose use is prohibited and virus information concerning the file in the inexecutable area. The reading means reads the saved information from the inexecutable area and outputs it as information used for virus analysis under the condition that permission information for permitting access to the inexecutable area is given.
On the other hand, the restoring means deletes a virus-infected file, which is registered in the infection management table means, from the disk, activates the file registering means, thus restores the file, and then registers the restored file on a disk.
As mentioned above, the storage device having the function of coping with a computer virus in accordance with the present invention is designed to actively prevent infection with a virus, prohibits the use of a virus-infected file and restores the virus-infected file automatically, and preserves information concerning infection with viruses so that the information cannot be accessed readily. Consequently, a storage device capable of properly dealing with infection with a virus can be constructed.
The above objects and features of the present invention will be more apparent from the following description of some preferred embodiments with reference to the accompanying drawings, wherein:
Hereinafter, the description of some preferred embodiments according to the present invention will be given with reference to the accompanying drawings.
In the drawing, reference numeral 1 denotes a storage device having the function of coping with a computer virus in accordance with the present invention. Reference numeral 2 denotes a data processing unit for executing data processing using a file stored in the storage device 1 having the function of coping with a computer virus.
The storage device 1 having the function of coping with a computer virus comprises a disk 10, first managing means 11, second managing means 12, file registering means 13, generating means 14, virus checker 15, infection management table means 16, table registering means 17, judging means 18, prohibiting means 19, determining means 20, restoring means 21, invalidating means 22, writing means 23, permitting means 24, inexecutable area 25, saving means 26, and reading means 27. Herein, the virus checker 15 may be expanded in the data processing unit 2.
The disk 10 stores files. The first managing means 11 manages original information of the files stored on the disk 10 or manages original information of the virus checker 15. The second managing means 12 manages differential information brought about due to modification; that is, information concerning upgraded versions of the files stored on the disk, and history information concerning the differential information brought about due to modification, or manages differential information brought about due to modification concerning the virus checker 15; that is, information concerning an upgraded version of the virus checker 15, and history information concerning the differential information brought about due to modification.
The first managing means 11 may encode and manage the original information of the files and virus checker 15 so as to prevent the original information from being rewritten. The second managing means 12 may encode and manage the differential information brought about due to modification concerning the files and virus checker 15 so as to prevent the information from being rewritten. At this time, a decoding means for decoding the encoded data and an encoding means for executing inverse conversion that is inverse to conversion performed by the decoding means are included in the second managing means 12.
The file registering means 13 merges the original information of a file which is managed by the first managing means 11 with the differential information brought about due to modification concerning the file which is managed by the second managing means 12 so as to reproduce the file, and then stores the file on the disk 10. The generating means 14 merges the original information of the virus checker 15 which is managed by the first managing means 11 with the differential information brought about due to modification concerning the virus checker 15 which is managed by the second managing means 12 so as to reproduce the virus checker 15.
The virus checker 15 is activated at intervals of a specific period or activated in response to a command instruction, and detects whether a file stored on the disk 10 is infected with a virus. The infection management table means 16 is used to manage files stored on the disk and to see if the files are infected with viruses. The table registering means 17 registers data in the infection management table means 16. The judging means 18 references the infection management table means 16 in response to a use request made for a file stored on the disk 10 by the data processing unit 2, and judges if the file is infected with a virus. When the judging means 18 judges that a file is infected with a virus, the prohibiting means 19 prohibits the use of the file.
The determining means 20 determines through interactive processing whether the use of a file registered in the infection management table means 16 should be permitted. The restoring means 21 deletes a virus-infected file, which is registered in the infection management table means 16, from the disk 10, activates the file registering means 13, thus restores the file, and then registers the restored file on the disk 10. When a writing request is issued for a system startup area stored on the disk 10, the invalidating means 22 invalidates the writing request. The writing means 23 is prepared as a dedicated writing facility and executes writing for the system startup area stored on the disk 10.
The permitting means 24 determines through interactive processing whether a writing request made for an executable file stored on the disk should be permitted. The inexecutable area 25 is prepared as an area inaccessible with a normal access request. The saving means 26 saves a virus-infected file registered in the infection management table means 16 and virus information concerning the file in the inexecutable area 25. The reading means 27 reads information saved in the inexecutable area 25 under the condition that permission information for permitting access to the inexecutable area 25 is given.
In the embodiment of the present invention shown in
Furthermore, when a writing request is issued for a system startup area stored on the disk 10, since a normal file will not issue such a writing request, the table registering means 17 judges that a file which is stored on the disk 10 and is a source of the writing request is infected with a virus, and registers the fact in the infection management table means 16. This is intended to treat new, malign, or unusual kinds of viruses that cannot be detected by the virus checker 15. When the writing request is issued, the invalidating means 22 invalidates the writing request. However, when the writing means 23 is included, if the writing request specifies the use of the writing means 23, the invalidating means 23 does not invalidate the writing request.
When a writing request is issued for an executable file stored on the disk 10, since a normal file will not issue such a writing request, the table registering means 17 judges that a file which is stored on the disk 10 and is a source of the writing request is infected with a virus, and registers the fact in the infection management table means 16. At this time, the permitting means 24 determines through interactive processing whether the writing request should be permitted. When the permitting means 24 permits the writing request, since the file is rewritten, the table registering means 17 judges that a file which is stored on the disk 10 and is a destination of the writing request is also infected with the virus, and registers the fact in the infection management table means 16.
Moreover, when the size of a file is varied by running the file, the table registering means 17 judges that the file stored on the disk 10 is infected with a virus, and registers the fact in the infection management table means 16.
Moreover, although a file stored on the disk is judged as an executable file in terms of the file name, if the file is declared to be a data file, the table registering means 17 judges that the file stored on the disk 10 is infected with a virus, and registers the fact in the infection management table means 16.
Moreover, as for a file which is stored on the disk 10, of which original information is not registered in the first managing means 11, and of which differential information brought about due to modification is not registered in the second managing means 12, the table registering means 17 judges that the file stored on the disk 10 is infected with a virus, and registers the fact in the infection management table means 16.
As mentioned above, when a virus-infected file is registered in the infection management table means 16, if the data processing unit 2 makes a use request for the file stored on the disk 10, the judging means 18 references the infection management table means 16 so as to judge if the file for which the use request is made is infected with a virus. On receipt of a result of the judgment, the prohibiting means 19 prohibits the use of the file that is judged to be infected with a virus by the judging means 18. At this time, the prohibiting means 19 does not prohibit the use of a file which is permitted by the determining means 20.
The saving means 26 saves the virus-infected file whose use is prohibited and virus information concerning the file in the inexecutable area 25 that cannot be accessed readily. The reading means 27 reads the saved information from the inexecutable area 25 under the condition that permission information for permitting access to the inexecutable area 25 is given, and outputs the read information as information used for virus analysis.
On the other hand, the restoring means 21 deletes a virus-infected file registered in the infection management table means 16 from the disk 10, activates the file registering means 13, thus restores the file, and registers the file on the disk 10.
As mentioned above, the storage device 1 having the function of coping with a computer virus shown in
A storage device having the function of coping with a computer virus in accordance with the present invention will be described below in detail in conjunction with several preferred embodiments that are more practical than the basic embodiment shown in
The storage device 1 having the function of coping with a computer virus in this embodiment is connected to a personal computer 2a. The storage device 1 includes a disk 30 for storing files that are objects of access obtained by the personal computer 2a as well as a ROM 31 for storing firmware or the like that executes access processing or anti-virus processing, a CPU 32 for running firmware stored in the ROM 31 and executing data transfer to or from the personal computer 2a, and a RAM 33 prepared as a work area used by firmware that is run by the CPU 32, and thus has the capability of a CPU.
The storage device 1 further includes an original information management file 34 used to manage original information of files stored on the disk 30 and original information of a virus checker prepared for inspection of the files stored on the disk. A version update information management file 35 is used to manage differential information brought about due to modification concerning a file stored on the disk 30 and history information concerning the differential information brought about due to modification, and to manage differential information brought about due to modification concerning the virus checker and history information concerning the differential information brought about due to modification. A file information management file 36 is used to manage the information indicating if the files are stored on the disk, and is used to determine if the original information stored in the original information management file 34, and the differential information (brought about due to modification and which is stored in the version upgrade information management file 35) are infected with viruses. The information indicates if the files to be managed are executable files or data files, and if the files to be managed belong to a bootstrap or an initial program loader (IPL). An inexecutable area 37 which is prepared as an area that becomes accessible only when a password and ID number agree with internal data, and in which a file infected with a virus and virus information concerning the file are saved, has a data structure shown in
The inexecutable area 37 shown in
Further included is a controller 38 for accessing a file stored on the disk, accessing original information managed in the original information management file 34, accessing the differential information brought about due to modification and history information which are managed in the version upgrade information management file 35, or accessing information saved in the inexecutable area 37.
Herein, the original information management file 34 and version upgrade information management file 35 are not designed to enable management of original information and differential information brought about due to modification from the viewpoint of a mere difference but may be designed to enable management of original information and differential information brought about due to modification on the basis of a relationship of succession including a parent-child relationship.
In the first preferred embodiment shown in
The storage device 1 having the function of coping with a computer virus in accordance with the present invention has, as mentioned above, the configuration including the original information management file 34 and version upgrade information management file 35.
The foregoing configuration is adopted for the following reasons: original information of a file stored on the disk 30 is stored in the original information management file 34; when the file is upgraded into a new version, differential information brought about due to modification concerning the upgraded version and history information concerning the differential information brought about due to modification are stored in the version upgrade information management file 35; and in case a file stored on the disk 30 is infected with a virus, the file can be restored by merging the original information of the file with differential information brought about due to modification. Moreover, since original information of a file and differential information brought about due to modification concerning the file are not expanded on the disk 30, it can be prevented that these kinds of information are infected with a virus.
A virus checker prepared for inspection of a file stored on a disk also has the possibility of being upgraded into a new version. The original information of the virus checker is stored in the original information management file 34. Differential information brought about due to modification concerning the upgraded version and history information concerning the differential information brought about due to modification are stored in the version upgrade information management file 35. Thus, the virus checker is managed.
Incidentally, when the original information management file 34 and version upgrade information management file 35 are constructed on the same medium, original information of files and a virus checker, differential information brought about due to modification concerning the files and virus checker, and history information concerning the differential information brought about due to modification can be managed totally. This is convenient in practice. In addition, the disk 30 and inexecutable area 37 may be constructed on the medium.
Original information of files and a virus checker which is stored in the original information management file 34, and differential information brought about due to modification concerning the files and virus checker and history information concerning the differential information brought about due to modification which are stored in the version upgrade information management file 35 must not be rewritten by the personal computer 2a.
The storage device 1 having the function of coping with a computer virus has the configuration in which original information 34a of files and a virus checker which is stored in the original information management file 34, and differential information brought about due to modification concerning the files and virus checker and history information concerning the differential information brought about due to modification which are stored in the version upgrade information management file 35 are encoded, and in which a decoding mechanism for decoding encoded data is made ready. As shown in
More particularly, the encoding mechanism and decoding mechanism are realized by firmware stored in an area 312, which is reserved in order to store firmware, in the ROM 31 in the storage device 1 having the function of coping with a computer virus. For realizing the mechanisms, as shown in
Furthermore, the storage device 1 having the function of coping with a computer virus in accordance with the present invention includes the file information management file 36 as mentioned above.
The file information management file 36 manages the information indicating if files stored on the disk 30, original information stored in the original information management file 34, and differential information brought about due to modification which is stored in the version upgrade information management file 35 are infected with viruses, the information indicating if these files to be managed are executable files or data files, and the information indicating that the files to be managed belong to a bootstrap or an IPL.
Specifically, the file information management file 36 manages, as shown in
Herein, in the storage area of an execution/date type flag, “1” is set relative to an executable file and “0” is set relative to a data file. In the storage area of a starting portion flag, “1” is set in case a file belongs to a bootstrap or IPL, and “0” is set in any other case. In the storage area of infection flag <1> or <2>, “1” is set when infection with a virus is detected, and “0” is set when infection with a virus it not detected. In the storage area of infection flag <3>, “1” is set when infection with a virus is suspected, and “0” is set when infection with a virus is not suspected. In the storage area of infection flag <4> or <5>, “1” is set when infection with a virus is suspected, and “0” is set when infection with a virus is neither detected nor suspected.
When activated, the storage device 1 having the function of coping with a computer virus initializes the infected-file storage area and virus information storage area (storage areas shown in
On the other hand, for registering original information of a purchased file in the original information management file 34 or registering differential information brought about due to modification concerning the file in the version upgrade information management file 35, the storage device 1 having the function of coping with a computer virus merges original information of a virus checker which is stored in the original information management file 34 with the latest differential information brought about due to modification concerning the virus checker which is stored in the version upgrade information management file 35. Thus, the virus checker is reproduced and expanded in the RAM 33.
As shown in the second example of a processing flow in
By contrast, when it is judged that a file is not infected with a virus, the file is stored in the original information management file 34 and version upgrade information management file 35 which are destinations of registration. History information is created and stored in the version upgrade information management file 35 (step S154). The file (when a registered file contains differential information brought about due to modification, the file is a file created by merging the information with original information) is then expanded on the disk 30. At the same time, data is registered in the file information management file 36 (step S155).
As mentioned above, original information of a file which is not infected with a virus is registered in the original information management file 34. Differential information brought about due to modification concerning the file which is not infected with a virus is registered in the version upgrade information management file 35. A file that contains the original information merged with the differential information brought about due to modification and that is not infected with a virus is then expanded on the disk 30. Herein, the reason why the system is designed so that a virus checker is not stored on the disk 30 in advance but produced prior to checking on infection with a virus is to prevent the virus checker itself from being infected with a virus.
In the second example of a processing flow in
As mentioned above, in this embodiment of the present invention, it is judged that a file being stored on the disk 30 and attempting to write a bootstrap or an IPL is infected with a virus. This is attributable to the fact that a normal file will not perform such writing.
As described later, since the present invention adopts the system design of prohibiting a file infected with a virus from running, a file attempting to write a bootstrap or IPL is prohibited from running. This means that the bootstrap or IPL cannot be registered. In the present invention, therefore, when a specific command instructing registration of the bootstrap or IPL is issued, the registration is permitted.
As shown in the third example of a processing flow in
Next, virus-infected file detection to be executed by the storage device 1 having the function of coping with a computer virus will be described. The detection falls into two procedures; a procedure to be executed using a virus checker, and a procedure to be executed by judging the attribute of a writing-destination file.
For detecting a virus-infected file using a virus checker, the storage device 1 having the function of coping with a computer virus first waits, as described in the fourth example of a processing flow shown in
Thereafter, one of the unprocessed files on the disk 30 is extracted at step S173. At step S174, the produced virus checker is used to check if the extracted file is infected with a virus. When it is judged by the checking that a file is infected with a virus, control is passed to step S175. “1” is recorded as infection flag <1> associated with the file in the file information management file 36, whereby it is registered that the file is infected with a virus. By contrast, when it is judged that the file is not infected with a virus, control is passed to step S176. “0” is recorded as infection flag <1>, whereby it is registered that the file is not infected with a virus.
At step S177, it is judged that all the files stored on the disk 30 have been processed. If it is judged that an unprocessed file is left, control is returned to step S173. If it is judged that no unprocessed file is left, control is passed to step S178. It is judged if a mode, in which original information stored in the original information management file 34 and differential information brought about due to modification which is stored in the version upgrade information management file 35 are also subjected to virus check, is designated. If the mode in which both the original information and differential information brought about due to modification are subjected to virus check is not designated, control is returned to step S171.
By contrast, if it is judged that the mode, in which both the original information stored in the original information management file 34 and the differential information brought about due to modification which is stored in the version upgrade information management file 35 are also subjected to virus check, is designated, control is passed to step S181 described in
If it is judged by the virus check that the file is not infected with a virus, control is passed to step S183. “0” is recorded as infection flags <4> and <5> associated with the file in the file information management file 36. It is thus registered that the file is not infected with a virus. By contrast, when it is judged that the file is infected with a virus, control is passed to step S184. “1” is recorded as infection flags <4> and <5> associated with the file in the file information management file 36. It is thus registered that the original information is infected with a virus.
At step S185, it is judged if all original information and differential information brought about due to modification have been processed. If it is judged that an unprocessed file is left, control is returned to step S181. If it is judged that no unprocessed file is left, control is returned to step S171 in
As mentioned above, the storage device 1 having the function of coping with a computer virus uses a virus checker to periodically check if files stored on the disk 30, original information stored in the original information management file 34, and differential information brought about due to modification which is stored in the version upgrade information management file 35 are infected with viruses. The results of the check are registered in the form of infection flags <1>, <4>, and <5> in the file information management file 36.
In the fourth example of a processing flow shown in
On the other hand, for detecting a virus-infected file by judging the attribute of a writing-destination file, when a writing request for a file stored on the disk 30 is issued from the personal computer 2a (the writing request is issued by a file loaded from the disk 30 to the personal computer 2a), as described in the fifth example of a processing flow in
If it is judged by the judgment at step S191 that the writing-destination file belongs to the bootstrap or IPL, control is passed to step S192. It is then judged that the file having issued the writing request is infected with a virus. “1” is recorded as infection flag <2> associated with the file in the file information management file 36, whereby it is registered that the file is infected with a virus. At step S193, it is reported to the personal computer 2a that the file which made the writing request is a file infected with a virus. The processing is then terminated without writing.
By contrast, if it is judged at step S191 that the writing-destination file does not belong to the bootstrap or IPL, control is passed to step S194. The value of an execution/data type flag in the file information management file 36 is referenced in order to judge if the writing-destination file is an executable file or data file. If it is judged that the writing-destination file is a data file, writing is executed for the file at step S195. The processing is then terminated.
By contrast, if it is judged at step S194 that the writing-destination file is an executable file, it is judged that it is highly probable that the file having issued the writing request is infected with a virus. Control is then passed to step S196. While the fact is being reported, a message asking if writing should be executed is output to the personal computer 2a. A response to the inquiry is duly received.
If it is judged at step S196 that the response from the personal computer 2a instructs that writing should not be executed, control is passed to step S197. “1” is recorded as infection flag <3> associated with the file, which has issued the writing request, in the file information management file 36, whereby it is registered that the file is infected with a virus. The processing is then terminated.
Herein, even when a file that is a source of a writing request writes itself, “1” is recorded as infection flag <3> associated with the file in the file information management file 36. This is attributable not only to the fact that it is highly probable that a file attempting to write an executable file is infected with a virus, but also to the system design of the present invention that upgrading a file into a new version is realized by registering differential information brought about due to modification in the version upgrade information management file 35 and that upgrading a file into a new version without following this procedure is illegal.
By the way, if it is judged at step S196 that a response from the personal computer 2a instructs that writing should be executed, although it is highly probable that the file that is a source of the writing request is infected with a virus, it is instructed to ignore the probability. Control is therefore passed to step S198. Writing is executed for the writing-destination file. At step S199, “1” is recorded as infection flags <3> associated with the writing-source and writing-destination files in the file information management file 36, whereby it is registered that the files are infected with a virus. The processing is then terminated.
As mentioned above, when a writing request is issued for a file stored on the disk 30, if the writing-destination file belongs to a bootstrap or IPL, or if the writing-destination file is an executable file, the storage device 1 having the function of coping with a computer virus judges that a file which is a source of the writing request is infected with a virus. The fact is registered in the form of infection flags <2> and <3> in the file information management file 36. If the writing-destination file belongs to the bootstrap or IPL, executing writing is disabled. If the writing-destination file is an executable file, it is determined through interactive processing if writing should be executed for the file. When writing is executed, it is judged that the writing-destination file will also be infected with a virus. The fact is registered in the form of infection flag <3> in the file information management file 36.
Next, processing to be executed for a virus-infected file by the storage device 1 having the function of coping with a computer virus will be described.
When receiving a loading request made for a file (executable file) stored on the disk 30 from the personal computer 2a, as described in the sixth example of a processing flow in
As mentioned above, the storage device 1 having the function of coping with a computer virus gives control so that a virus-infected file registered in the file information management file 36 will not be run. Consequently, a file that is detected to be infected with a virus by a virus checker will never be run. A file that has evaded checking by the virus checker and that is detected to be infected with a virus in terms of the attribute of a writing-destination file will not be rerun. Thus, proliferation of the virus can be reliably prevented.
In the sixth example of a processing flow in
On the other hand, when a command instructing restoration of a virus-infected file stored on the disk 30 is issued from the personal computer 2a, as described in the seventh example of a processing flow in
At step S213, infection flag <4> in the file information management file 36 is referenced, and original information of the deleted file, which is not infected with a virus, is read from the original information management file 34. Infection flag <5> in the file information management file 36 is referenced, and the latest differential information brought about due to modification concerning the deleted file, which is not infected with a virus, is read from the original information management file 34. The original information is then merged with the differential information brought about due to modification in order to restore the deleted file. The restored file is then expanded on the disk 30. At step S214, data of the restored file is registered in the file information management file 36. At step S215, it is judged if an unprocessed virus-infected file is left. If no unprocessed file is left, the processing is terminated. If an unprocessed file is left, control is returned to step S211.
As mentioned above, the storage device 1 having the function of coping with a computer virus deletes a file infected with a virus from the disk 30. Original information of the file and differential information brought about due to modification are used to restore the infected file into an uninfected one. The file not infected with a virus is then expanded on the disk 30.
In the seventh example of a processing flow in
When the seventh example of a processing flow in
Specifically, according to the eighth example of a processing flow in
At step S225, data of the deleted file is deleted from the file information management file 36. At step S226, infection flag <4> in the file information management file 36 is referenced, and original information of the deleted file which is not infected with a virus is read from the original information management file 34. Infection flag <5> in the file information management file 36 is referenced, and the latest differential information brought about due to modification concerning the deleted file which is not infected with a virus is read from the original information management file 34. The original information is then merged with the differential information brought about due to modification in order to restore the deleted file. The restored file is then expanded on the disk 30. At step S227, data of the restored file is registered in the file information management file 36. At step S228, it is judged if an unprocessed virus-infected file is left. If no unprocessed file is left, the processing is terminated. If an unprocessed file is left, control is returned to step S221.
As mentioned above, the storage device 1 having the function of coping with a computer virus deletes a file infected with a virus from the disk 30, restores the file into an uninfected one that is not infected with a virus using original information and differential information brought about due to modification concerning the file, and expands the restored file on the disk 30. At this time, the file infected with a virus and virus information concerning the file are saved in the inexecutable area 37.
The virus-infected file and virus information concerning the file, which are saved in the inexecutable area 37, become very useful information for analysis of an intruding virus. However, if anybody is allowed to access this kind of useful information, there arises a fear that the information may be rewritten by mistake.
When a command instructing reading of saved information from the inexecutable area 37 is issued from the personal computer 2a, as describe in the ninth example of a processing flow in
As mentioned above, the storage device 1 having the function of coping with a computer virus reads a virus-infected file and virus information, which are saved in the inexecutable area 37, under the condition that an ID number and password agree with internal data.
In the ninth example of a processing flow in
In the storage device 1 having the function of coping with a computer virus in accordance with the present invention shown in
In
The storage device 1 having the function of coping with a computer virus in accordance with the present invention, which has the configuration shown in
Moreover, the storage device 1 having the function of coping with a computer virus in accordance with the present invention, which has the configuration shown in
The storage device 1 having the function of coping with a computer virus in accordance with the present invention, which has the configuration shown in
Moreover, the storage device 1 having the function of coping with a computer virus in accordance with the present invention, which has the configuration shown in
In the aforesaid examples shown in
Checking if the size of a file is varied by running the file is achieved by, for example, merging original information managed in the original information management file 34 with differential information brought about due to modification which is managed in the version upgrade information management file 35 in order to produce a file, and by comparing the size of the produced file with the size of the file stored on the disk 30.
As described so far, in several preferred embodiments of a storage device 1 having the function of coping with a computer virus in accordance with the present invention, infection with a virus is prevented actively. The use of a file infected with a virus is prohibited, and the file is restored automatically. Furthermore, information concerning infection with viruses is preserved so that it cannot be accessed readily. Consequently, a storage device capable of properly dealing with infection with a virus can be constructed.
Miyamoto, Takayuki, Togawa, Yoshifusa, Ando, Kuriko
Patent | Priority | Assignee | Title |
10235442, | Apr 30 1999 | Intellectual Ventures I LLC | Method and apparatus for identifying and characterizing errant electronic files |
8683594, | Mar 24 2011 | Samsung Electronics Co., Ltd. | Data storage devices including integrated anti-virus circuits and method of operating the same |
9239924, | Apr 30 1999 | Intellectual Ventures I LLC | Identifying and characterizing electronic files using a two-stage calculation |
Patent | Priority | Assignee | Title |
4926476, | Feb 03 1989 | GENERAL DYNAMICS C4 SYSTEMS, INC | Method and apparatus for secure execution of untrusted software |
4962533, | Feb 17 1989 | TEXAS INSTRUMENTS INCORPORATED, A CORP OF DE | Data protection for computer systems |
4975950, | Nov 03 1988 | FISHER, MARY E | System and method of protecting integrity of computer data and software |
4984272, | Nov 30 1988 | AT&T Bell Laboratories; BELL TELEPHONE LABORATORIES, INCORPORATED, A CORP OF NY ; AMERICAN TELEPHONE AND TELEGRAPH COMPANY, A CORP OF NY | Secure file handling in a computer operating system |
5050212, | Jun 20 1990 | Apple Inc | Method and apparatus for verifying the integrity of a file stored separately from a computer |
5121345, | Nov 03 1988 | System and method for protecting integrity of computer data and software | |
5144660, | Aug 31 1988 | Securing a computer against undesired write operations to or read operations from a mass storage device | |
5208858, | Feb 05 1990 | Siemens Aktiengesellschaft | Method for allocating useful data to a specific originator |
5265163, | Jan 17 1990 | LENOVO SINGAPORE PTE LTD | Computer system security device |
5276735, | Apr 17 1992 | Secure Computing Corporation | Data enclave and trusted path system |
5278901, | Apr 30 1992 | International Business Machines Corporation | Pattern-oriented intrusion-detection system and method |
5311591, | May 15 1992 | RPX Corporation | Computer system security method and apparatus for creating and using program authorization information data structures |
5313639, | Jun 26 1992 | Computer with security device for controlling access thereto | |
5319776, | Apr 19 1990 | Symantec Corporation | In transit detection of computer virus with safeguard |
5337360, | Apr 06 1992 | Method and apparatus for creating, supporting, and using travelling programs | |
5343524, | Jun 21 1991 | Intelligent security device | |
5343527, | Oct 27 1993 | Lockheed Martin Corporation | Hybrid encryption method and system for protecting reusable software components |
5347578, | Mar 17 1992 | International Computers Limited | Computer system security |
5349655, | May 24 1991 | Symantec Corporation | Method for recovery of a computer program infected by a computer virus |
5355414, | Jan 21 1993 | JINGPIN TECHNOLOGIES, LLC | Computer security system |
5359659, | Jun 19 1992 | Method for securing software against corruption by computer viruses | |
5361359, | Aug 31 1992 | McAfee, Inc | System and method for controlling the use of a computer |
5379342, | Jan 07 1993 | International Business Machines Corp.; International Business Machines Corporation | Method and apparatus for providing enhanced data verification in a computer system |
5379414, | Jul 10 1992 | Sony Corporation | Systems and methods for FDC error detection and prevention |
5390247, | Apr 06 1992 | Method and apparatus for creating, supporting, and using travelling programs | |
5396609, | Jan 19 1989 | Gesellschaft fur Strahlen- und Umweltforschung mbH (GSF) | Method of protecting programs and data in a computer against unauthorized access and modification by monitoring address regions |
5402492, | Jun 18 1993 | JINGPIN TECHNOLOGIES, LLC | Security system for a stand-alone computer |
5406624, | Sep 04 1992 | Algorithmic Research Ltd. | Data processor systems |
5408642, | May 24 1991 | Symantec Corporation | Method for recovery of a computer program infected by a computer virus |
5412717, | May 15 1992 | RPX Corporation | Computer system security method and apparatus having program authorization information data structures |
5414833, | Oct 27 1993 | International Business Machines Corporation; IBM Corporation | Network security system and method using a parallel finite state machine adaptive active monitor and responder |
5428795, | Jul 31 1992 | International Business Machines Corporation; INTERNATIONAL BUSINESS MACHINES CORPORATION, A NY CORP | Method of and apparatus for providing automatic security control of distributions within a data processing system |
5440723, | Jan 19 1993 | TREND MICRO INCORPORATED | Automatic immune system for computers and computer networks |
5442706, | Feb 27 1992 | Hughes Electronics Corporation | Secure mobile storage |
5444850, | Aug 04 1993 | TREND SOFTWARE TECHNOLOGY, INC | Method and apparatus for controlling network and workstation access prior to workstation boot |
5448668, | Jul 08 1993 | Science & Technology Corporation @ UNM | Method of detecting changes to a collection of digital signals |
5452442, | Jan 19 1993 | TREND MICRO INCORPORATED | Methods and apparatus for evaluating and extracting signatures of computer viruses and other undesirable software entities |
5473687, | Dec 29 1993 | HARMONY LOGIC SYSTEMS LLC | Method for retrieving secure information from a database |
5473769, | Mar 30 1992 | McAfee, Inc | Method and apparatus for increasing the speed of the detecting of computer viruses |
5502815, | Mar 30 1992 | McAfee, Inc | Method and apparatus for increasing the speed at which computer viruses are detected |
5511184, | Apr 22 1991 | Wistron Corp | Method and apparatus for protecting a computer system from computer viruses |
5530757, | Jun 28 1994 | International Business Machines Corporation | Distributed fingerprints for information integrity verification |
5539828, | May 31 1994 | Intel Corporation | Apparatus and method for providing secured communications |
5572590, | Apr 12 1994 | International Business Machines Corporation; IBM Corporation | Discrimination of malicious changes to digital information using multiple signatures |
5606609, | Sep 19 1994 | SILANIS TECHNOLOGY INC | Electronic document verification system and method |
5606615, | May 16 1995 | Computer security system | |
5613002, | Nov 21 1994 | LENOVO SINGAPORE PTE LTD | Generic disinfection of programs infected with a computer virus |
5625692, | Jan 23 1995 | International Business Machines Corporation | Method and system for a public key cryptosystem having proactive, robust, and recoverable distributed threshold secret sharing |
5651069, | Dec 08 1994 | International Business Machines Corporation | Software-efficient message authentication |
5659614, | Nov 28 1994 | DOMINION VENTURE FINANCE L L C | Method and system for creating and storing a backup copy of file data stored on a computer |
5666411, | Jan 13 1994 | Intarsia Software LLC | System for computer software protection |
5675645, | Apr 18 1995 | Ricoh Company, LTD | Method and apparatus for securing executable programs against copying |
5689247, | Dec 30 1994 | Ortho Pharmaceutical Corporation | Automated system for identifying authorized system users |
5721877, | May 31 1995 | SAMSUNG ELECTRONICS CO , LTD | Method and apparatus for limiting access to nonvolatile memory device |
5724425, | Jun 10 1994 | Sun Microsystems, Inc | Method and apparatus for enhancing software security and distributing software |
5802275, | Jun 22 1994 | THE CHASE MANHATTAN BANK, AS COLLATERAL AGENT | Isolation of non-secure software from secure software to limit virus infection |
5809138, | Jul 25 1994 | NETZ COMPUTING LTD | Method for protecting storage media against computer virus infection |
5881151, | Nov 22 1993 | Fujitsu Limited | System for creating virus diagnosing mechanism, method of creating the same, virus diagnosing apparatus and method therefor |
5930357, | Aug 30 1993 | Canon Kabushiki Kaisha | Method of managing contracts for licensed program use and a management system thereof |
6381694, | Feb 18 1994 | Apple Inc | System for automatic recovery from software problems that cause computer failure |
20100235916, | |||
JP6110718, | |||
JP6168114, | |||
JP62224843, | |||
JP6230959, | |||
JP6242957, | |||
JP6250861, | |||
JP6259012, | |||
JP6274419, | |||
JP6348486, | |||
JP6350784, | |||
JP6355631, | |||
JP7146788, | |||
JP764786, | |||
JP8016386, | |||
KR132998, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
May 21 1996 | TOGAWA, YOSHIFUSA | Fujitsu Limited | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 032956 | /0687 | |
May 21 1996 | MIYAMOTO, TAKAYUKI | Fujitsu Limited | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 032956 | /0687 | |
May 21 1996 | NOZAWA, KURIKO | Fujitsu Limited | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 032956 | /0687 | |
Jun 29 2001 | Fujitsu Limited | (assignment on the face of the patent) | / | |||
Feb 11 2014 | Fujitsu Limited | RPX Corporation | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 032821 | /0875 | |
Feb 26 2016 | RPX Corporation | JPMORGAN CHASE BANK, N A , AS COLLATERAL AGENT | SECURITY AGREEMENT | 038041 | /0001 | |
Feb 26 2016 | RPX CLEARINGHOUSE LLC | JPMORGAN CHASE BANK, N A , AS COLLATERAL AGENT | SECURITY AGREEMENT | 038041 | /0001 | |
Dec 22 2017 | JPMORGAN CHASE BANK, N A | RPX Corporation | RELEASE REEL 038041 FRAME 0001 | 044970 | /0030 | |
Dec 22 2017 | JPMORGAN CHASE BANK, N A | RPX CLEARINGHOUSE LLC | RELEASE REEL 038041 FRAME 0001 | 044970 | /0030 |
Date | Maintenance Fee Events |
Feb 20 2014 | ASPN: Payor Number Assigned. |
Feb 20 2014 | RMPN: Payer Number De-assigned. |
Date | Maintenance Schedule |
Apr 02 2016 | 4 years fee payment window open |
Oct 02 2016 | 6 months grace period start (w surcharge) |
Apr 02 2017 | patent expiry (for year 4) |
Apr 02 2019 | 2 years to revive unintentionally abandoned end. (for year 4) |
Apr 02 2020 | 8 years fee payment window open |
Oct 02 2020 | 6 months grace period start (w surcharge) |
Apr 02 2021 | patent expiry (for year 8) |
Apr 02 2023 | 2 years to revive unintentionally abandoned end. (for year 8) |
Apr 02 2024 | 12 years fee payment window open |
Oct 02 2024 | 6 months grace period start (w surcharge) |
Apr 02 2025 | patent expiry (for year 12) |
Apr 02 2027 | 2 years to revive unintentionally abandoned end. (for year 12) |