A system and method are provided for diagnosing, remedying and blocking harmful information including computer viruses online over a computer network via which a web server and a client are linked to each other. The method includes, on a computer network through which a web server and a client system are linked to each other, the web server receiving a connection request from the client system over the computer network. Then, the web server transmits a harmful information blocking code module to the client system. Once the transmission of the harmful information blocking code module is completed the harmful information blocking code module automatically runs on the client system to block in real time harmful information including computer viruses. The harmful information blocking code module is automatically transmitted to and installed in the client system only by online connecting to the harmful information management server, so that the harmful information detected on the client system can be actively blocked in real time without requiring a manual installation process.
|
0. 40. A client computer comprising:
a connection to a computer network;
a processor, wherein, in response to receipt of a harmful information blocking code module from the computer network, the processor is configured to execute the harmful information blocking code module, which causes the processor to be configured to:
inspect file input/output (I/O) by intercepting I/O data of at least one file I/O routine on the client system;
determine, based on the intercepting, whether at least one file corresponding to the file I/O routine is harmful or not;
determine whether the file determined to be harmful can be treated; and
in response to determining that a file is harmful and cannot be treated, abort execution of the file I/O routine.
0. 28. A method for blocking harmful information at a client system, wherein the client system is connected to a server system via a computer network, the method comprising:
sending a request to download a harmful information blocking code module from the server system;
downloading the harmful information blocking code module;
executing the harmful information blocking code module runs on the client system to block harmful information wherein executing the harmful information blocking code module comprises:
inspecting file input/output (I/O) by intercepting I/O data of at least one file I/O routine on the client system;
determining, based on the intercepting, whether at least one file corresponding to the file I/O routine is harmful or not; and
in response to determining that a file is harmful, aborting execution of the file I/O routine if the file cannot be treated.
0. 48. A non-transitory computer-readable medium on which are stored instructions for execution by a client computer system connected to a server computer system via a computer network, wherein the instructions are received at the client computer system from the server system in response to a request from the client computer system, and wherein the instructions execute on the client computer system after receipt of the instructions from the server computer system, the instructions comprising:
instructions to inspect file input/output (I/O) by intercepting I/O data of at least one file I/O routine on the client system;
instructions to determine, based on the intercepting, whether at least one file corresponding to the file input/output routine is harmful or not; and
instructions to, in response to determining that a file is harmful, abort execution of the file I/O routine if the file cannot be treated.
0. 16. A method performed by a server system for blocking harmful information at a client system, wherein the server system and the client system are connected by a computer network, the method comprising:
receiving a request from the client system;
transmitting to the client system, in response to the request, a harmful information blocking code module, wherein the harmful information blocking code module is configured to execute on the client system to block harmful information in response to completion of transmission of the harmful information blocking code module to the client system, the harmful information blocking code module configured to:
inspect file input/output by intercepting at least one file input/output routine on the client system;
determine whether at least one file corresponding to the file input/output routine is harmful or not; and
in response to determining that a file is harmful, abort execution of the file input/output routine if the file cannot be treated.
0. 1. A method for blocking in real time harmful information in a file to be executed, the method comprising the steps of:
(a) on a computer network through which a web server and a client system are linked to each other, the web server receiving a connection request from the client system over the computer network;
(b) the web server transmitting a harmful information blocking code module to the client system; and
(c) once the transmission of the harmful information blocking code module is completed, the harmful information blocking code module automatically running on the client system to block in real time harmful information including computer viruses,
wherein the step (c) comprises steps of:
(c1) inspecting file input/output (I/O) on the client system by hooking up file I/O routines,
(c2) determining whether the file to be executed corresponding to the inspected file input/output in the step (c1) is harmful or not; and
(c3) treating a file determined to be harmful in the step (c2) and executing the file, if it can be treated, and aborting the execution of the file determined to be harmful in the step (c2), if it cannot be treated.
0. 2. The method of
0. 3. The method of
0. 4. The method of
(c4) inspecting network packet input/output (1/0) on the client system;
(c5) determining whether packets inspected in the step (c4) are harmful or not; and
(c6) if any packet is determined to be harmful, blocking a communication port assigned for the packet I/O.
0. 5. The method of
0. 6. The method of
0. 7. The method of
0. 8. A method for blocking in real time harmful information in a file to be executed, the method comprising the steps of:
(a) on a computer network through which a first web server, a second web server and a client system are linked to each other, the client system connecting to the second web server over the computer network;
(b) the client system connecting to the first web server over the computer network, according to information provided from the second web server to the client system;
(c) the first web server transmitting a harmful information blocking code module to the client system; and
(d) once the transmission of the harmful information blocking code module is completed, the harmful information blocking code module automatically running on the client system to block in real time harmful information including computer viruses,
wherein the step (d) comprises steps of:
(d1) inspecting file input/output (I/O) on the client system by hooking up file I/O routines;
(d2) determining whether the file to be executed corresponding to the inspected file input/output in the step (d1) is harmful or not; and
(d3) treating a file determined to be harmful in the step (d2) and executing the file, if it can be treated, and aborting execution of the file determined to be harmful in the step (d2), if it cannot be treated.
0. 9. The method of
0. 10. A method for blocking in a real time harmful information in a file to be executed in real time, the method comprising steps of:
(a) on a computer network through which a first web server and a client system are linked to each other, the first web server receiving a connection request from the client system over the computer network;
(b) the connection request is issued by the client system according to information provided from a second web server after the client system is connected to the second web server separated from the first web server;
(c) once the first web server transmits a harmful information blocking code module to the client system, the harmful information blocking code module automatically running on the client system to block in real time harmful information including computer viruses,
wherein the step (d) comprises steps of:
(c1) inspecting file input/output (I/O) on the client system by hooking up file I/O routines;
(c2) determining whether the file to be executed corresponding to the inspected file input/output in the step (c1) is harmful or not; and
(c3) treating a file determined to be harmful in the step (c2) and executing the file, if it can be treated, and aborting execution of the file determined to be harmful in the step (c2), if it cannot be treated.
0. 11. The method of
0. 12. A system for blocking in real time harmful information in a file to be executed, comprising:
a first web server for providing online services through a computer network; and
a client computer linked with the first web server via the computer network,
wherein when the first web server receives a connection request from the client system, the first web server transmits a harmful information blocking code module to the client computer, and the harmful information blocking code module is automatically executed on the client computer to block in real time harmful information including computer viruses, and wherein the harmful information blocking code module inspect file input/output (I/O) on the client system by hooking up file I/O routines, and
determines whether the file to be executed corresponding to the inspected file input/output is harmful or not: and
treats a file determined to be harmful and executes the file, if it can be treated, and aborts the execution of the file determined to be harmful, if it cannot be treated.
0. 13. The system of
0. 14. The system of
wherein when the client computer is connected to the second web server through the computer network, the second web server provides the client computer with hyperlink information used to access to the first web server.
0. 15. The system of
0. 17. The method of claim 16, wherein the harmful information blocking code module is further configured to allow execution of the file input/output routine, if the file is determined not to be harmful.
0. 18. The method of claim 16, wherein the harmful information blocking code module is further configured to treat the file determined to be harmful, if it can be treated.
0. 19. The method of claim 16, wherein the harmful information blocking code module is further configured to transmit the file to a web server, if the file determined to be harmful cannot be treated.
0. 20. The method of claim 16, wherein the harmful information blocking code module automatically runs on the client system when transmission of the harmful information blocking code module to the client system is completed.
0. 21. The method of claim 16, wherein the harmful information blocking code module is further configured to:
inspect network packet input/output (I/O) on the client system,
determine whether at least one inspected packet is harmful or not; and
abort an internal process supporting the network packet I/O if any packet is determined to be harmful.
0. 22. The method of claim 21, wherein the internal process comprises at least one socket I/O routines.
0. 23. The method of claim 21, wherein at least one packet comprises at least one of a HTTP request message header and a DNS lookup message header.
0. 24. The method of claim 16, wherein the harmful information blocking code module displays its running status in a separate window.
0. 25. The method of claim 16, wherein the harmful information blocking code module is further configured to display advertising contents in a separate window.
0. 26. The method of claim 16, wherein the harmful information blocking code module is an object coded program linked to a web browser.
0. 27. The method of claim 26, wherein the object coded program is one of an ActiveX control, Java applet or Java script.
0. 29. The method of claim 28, wherein executing the harmful information blocking code module further comprises allowing execution of the file, if the file is determined not to be harmful.
0. 30. The method of claim 28, wherein executing the harmful information blocking code module further comprises treating the file determined to be harmful, if it can be treated.
0. 31. The method of claim 28, wherein executing the harmful information blocking code module further comprises causing display of a separate window to display a running status of the harmful information blocking code module.
0. 32. The method of claim 28, wherein executing the harmful information blocking code module further comprises transmitting the file to another web server, if the file determined to be harmful cannot be treated.
0. 33. The method of claim 28, wherein the harmful information blocking code module automatically runs on the client system when transmission of the harmful information blocking code module to the client system is completed.
0. 34. The method of claim 28, wherein executing the harmful information blocking code module further comprises:
inspecting network packet input/output (I/O) on the client system,
determining whether at least inspected packet is harmful or not; and
aborting an internal process supporting the network packet I/O, if any packet is determined to be harmful.
0. 35. The method of claim 34, wherein the internal process comprises at least one of socket I/O routines.
0. 36. The method of claim 34, wherein the network packet comprises at least one of a HTTP request message header and a DNS lookup message header.
0. 37. The method of claim 28, wherein the harmful information blocking code module displays advertising contents in a separate window.
0. 38. The method of claim 28, wherein the harmful information blocking code module is an object coded program linked to a web browser.
0. 39. The method of claim 38, wherein the object coded program is one of an ActiveX control, Java applet or Java script.
0. 41. The client computer of claim 40, wherein execution of the harmful information blocking code module by the processor further configures the processor to allow execution of the file I/O routine, if the file is determined not to be harmful.
0. 42. The client computer of claim 40, wherein execution of the harmful information blocking code module by the processor further configures the processor to:
treat the file determined to be harmful, in response to determining that the file determined to be harmful can be treated.
0. 43. The client computer of claim 40, wherein execution of the harmful information blocking code module by the processor further configures the processor to:
transmit the file determined to be harmful to a web server, in response to determining that the file determined to be harmful cannot be treated.
0. 44. The client computer of claim 40, wherein the processor is configured to execute the harmful information blocking code module automatically when receipt of the harmful information blocking code module at the client system is completed.
0. 45. The client computer of claim 40, wherein execution of the harmful information blocking code module by the processor further configures the processor to:
inspect network packet I/O on the client computer,
determine whether at least one inspected packet is harmful or not; and
abort an internal process supporting the network packet I/O if any packet is determined to be harmful.
0. 46. The client computer of claim 40, wherein execution of the harmful information blocking code module by the processor further configures the processor to:
display running status of the harmful information blocking code in a separate window.
0. 47. The client computer of claim 40, wherein execution of the harmful information blocking code module by the processor further configures the processor to:
display advertising contents in a separate window.
0. 49. The non-transitory computer-readable medium of claim 48, further comprising:
instructions to allow execution of the file I/O routine, if the file is determined not to be harmful.
0. 50. The non-transitory computer-readable medium of claim 48, further comprising:
instructions to treat the file determined to be harmful, in response to determining that the file determined to be harmful can be treated.
0. 51. The non-transitory computer-readable medium of claim 48, further comprising:
instructions to transmit the file determined to be harmful to a web server, in response to determining that the file determined to be harmful cannot be treated.
0. 52. The non-transitory computer-readable medium of claim 48, further comprising:
instructions to inspect network packet I/O on the client computer,
instructions to determine whether at least one inspected packet is harmful or not; and
instructions to abort an internal process supporting the network packet I/O if any packet is determined to be harmful.
0. 53. (The non-transitory computer-readable medium of claim 48, further comprising:
instructions to display running status of the harmful information blocking code in a separate window.
0. 54. The non-transitory computer-readable medium of claim 48, further comprising:
instructions to display advertising contents in a separate window.
|
|||||||||||||||||||
firstis which prevents preventing the accessing of undesirable lascivious web sites. This monitoring for preventing undesirable accessing can be accomplished by checking the header of a HTTP request message or a Domain Name Service (DNS) lookup message.
In other words, step 420 may involve additional functions for checking for possible occurrences of harmful information on the client 130. Subsequent operations of the harmful information blocking code module will be described with reference to file I/O inspection, however, file I/O inspection is only an example and should not be contrived as limiting the scope of the invention.
Next, it is determined whether files, which are monitored in step 420, are harmful or not (step 430). This determination can be performed by various methods, according to the type of harmful information or the necessities of applications. For example, a pattern comparison with known harmful information, for example, identified computer viruses, may be performed for the purpose of the determination. In general, computer viruses operate in a predetermined pattern, and thus the pattern comparison technique can be a tool for identifying new species of viruses.
In step 430, it is preferable to make a determination as to whether or not a network packet is harmful, or whether the client 130 attempts to access an undesirable lascivious web site.
If it is determined that the monitored information is safe, the harmful information code module performs no specified treatment on the file. Accordingly, a user is allowed to continue his or her task on the client 130 irrespective of the harmful information code blocking module.
If the monitored information is determined to be harmful, it is further determined whether the monitored information is related to file I/O or packet I/O to provide a proper treatment consistent with the harmful file or packet. Although not shown in
In the case where the monitored information is related to file I/O, it is determined whether the harmful file can be properly treated (step 450). If the treatment is possible, the related file is treated (step 454). If the treatment is impossible, execution of the corresponding file is merely aborted (step 452). In step 454, it is preferable to notify a user that harmful information was detected, and to request approval for performing treatment on the harmful information.
Lastly, it is preferable to notify the harmful information management server 110 if information indicative of harmful information is detected from the client 130 online, using the harmful information blocking code module (step 470). If the detected information is a new kind of harmful information and thus cannot be treated, it is preferable to transmit the entire file related to the unidentified harmful information to the harmful information management server 110. Of course, it is preferable to get pre-approval regarding notification of the harmful information detection and/or the transmission of the unidentified harmful information file to the harmful information management server 110.
In other words, the present embodiment provides the function of automatically providing the harmful information management server 110 with information on harmful information detected in the client 130. Accordingly, the harmful information management server 110 is allowed to acquire statistical data on harmful information, and can thus instantaneously counteract the occurrence of an unidentified computer virus, for example, by developing an effective antivirus program. In this manner, the harmful information management server 110 analyzes the unidentified harmful information from the client 130 to develop a proper treatment program, and provides an appropriate security service for blocking harmful information from attacking the client 130, with the latest version of the harmful information blocking code module. Therefore,-the present invention can prevent user computers operating in an open network environment from damage caused by various harmful information.
In the present embodiment, a communications channel for use by the harmful information blocking code module in automatically transmitting harmful information to the harmful information management server 110 may be implemented with Internet mail transfer protocol such as Simple Mail Transfer Protocol (SMTP), or File Transfer Protocol (FTP). More preferably, a specified communication channel is provided exclusively for the transmission of the harmful information.
Meanwhile, if it is determined in step 440 that harmful information is related with packet I/O, a communication port assigned for the packet I/O is blocked (step 460). If internal processes for supporting the network packet I/O via the communication channel is in progress, it is preferable to abort the processes.
Next, a proper treatment is performed on the harmful information infiltrating through the communications port in a similar way as for the harmful information related with file I/O (step 462). In step 470, the harmful information management server 110 is informed of the detection of the harmful information from the network packet I/O.
The present embodiments may be implemented as a computer readable program code. The invention may be embodied in a general purpose digital computer by running a program from a computer readable medium, including but not limited to magnetic storage media (e.g., ROM's, floppy disks, hard disks, etc.), optically readable media (e.g., CD-ROMs, DVDs, etc.) and carrier waves (e.g., transmissions over the Internet).
While this invention has been particularly shown and described with reference to preferred embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made thereto without departing from the spirit and scope of the invention as defined by the appended claims. The embodiments should be construed as being illustrative and not as limiting the scope of the invention. Accordingly, the scope of the present invention is defined by the appended claims rather than the foregoing description.
As previously described, according to the present invention, the harmful information blocking code module is automatically provided to and installed in the client system by only online connecting to the harmful information management server, so that harmful information detected on the client system can be actively blocked in real time without requiring a manual installation process.
The harmful information blocking code module has a function of informing the harmful information management server of information indicative of an unidentified computer virus detected in the client system. Accordingly, the harmful information management server can acquire useful statistical data relating to harmful information, and keeps up-to-date with the latest releases of the harmful information blocking code module, which ensures latest security service for user computers.
Furthermore, the harmful information blocking code module is able to inspect the network packet I/O, which warrants secured electronic commerce through the Internet. In particular, for private enterprises or government organizations, the present invention can be effective in actively protecting business information, or confidential information relating to national security from various harmful information. The present invention is effective in terms of both security and efficiency.
It will be appreciated by those skilled in the art that changes could be made to the embodiments described above without departing from the broad inventive concept thereof. It is understood, therefore, that this invention is not limited to the particular embodiments disclosed, but it is intended to cover modifications within the spirit and scope of the present invention as defined by the appended claims.
| Patent | Priority | Assignee | Title |
| 9386036, | Jul 23 2009 | AHNLAB, INC | Method for detecting and preventing a DDoS attack using cloud computing, and server |
| Patent | Priority | Assignee | Title |
| 5960170, | Mar 18 1997 | Trend Micro, Incorporated | Event triggered iterative virus detection |
| 6014698, | May 19 1997 | AT HOME BONDHOLDERS LIQUIDATING TRUST | System using first banner request that can not be blocked from reaching a server for accurately counting displays of banners on network terminals |
| 6075863, | Feb 28 1996 | FLAT CONNECTIONS, INC | Intelligent communication device |
| 6088803, | Mar 27 1997 | Intel Corporation | System for virus-checking network data during download to a client device |
| 6119165, | Nov 17 1997 | Trend Micro, Incorporated | Controlled distribution of application programs in a computer network |
| 6125352, | Jun 28 1996 | Microsoft Technology Licensing, LLC | System and method for conducting commerce over a distributed network |
| 6672775, | Aug 01 1997 | International Business Machines Corporation | Cross-machine web page download and storage |
| 6742047, | Mar 27 1997 | Intel Corporation | Method and apparatus for dynamically filtering network content |
| 6785732, | Sep 11 2000 | FINJAN BLUE, INC | Web server apparatus and method for virus checking |
| 7058822, | Mar 30 2000 | FINJAN LLC | Malicious mobile code runtime monitoring system and methods |
| 7496960, | Oct 30 2000 | TREND MICRO INCORPORATED | Tracking and reporting of computer virus information |
| EP805397, | |||
| JP10240828, | |||
| JP10320336, | |||
| JP11025176, | |||
| WO9926161, |
| Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
| Dec 20 2010 | Cap Co., Ltd. | (assignment on the face of the patent) | / | |||
| Dec 07 2012 | INCA INTERNET CO , LTD | CAP CO , LTD | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 029572 | /0831 |
| Date | Maintenance Fee Events |
| Nov 26 2013 | M2552: Payment of Maintenance Fee, 8th Yr, Small Entity. |
| Apr 01 2015 | ASPN: Payor Number Assigned. |
| Sep 22 2017 | M2553: Payment of Maintenance Fee, 12th Yr, Small Entity. |
| Date | Maintenance Schedule |
| May 28 2016 | 4 years fee payment window open |
| Nov 28 2016 | 6 months grace period start (w surcharge) |
| May 28 2017 | patent expiry (for year 4) |
| May 28 2019 | 2 years to revive unintentionally abandoned end. (for year 4) |
| May 28 2020 | 8 years fee payment window open |
| Nov 28 2020 | 6 months grace period start (w surcharge) |
| May 28 2021 | patent expiry (for year 8) |
| May 28 2023 | 2 years to revive unintentionally abandoned end. (for year 8) |
| May 28 2024 | 12 years fee payment window open |
| Nov 28 2024 | 6 months grace period start (w surcharge) |
| May 28 2025 | patent expiry (for year 12) |
| May 28 2027 | 2 years to revive unintentionally abandoned end. (for year 12) |