Home | Links | Contact Us | More About Intellectual Property | Bookmark

Search patents:

Home

Processing Data

Method-and-apparatus-for-increasing-the-speed-of-the-detecting-of-computer-viruses

Exhaust valve for diesel engine and production thereof

OF THE INVENTION Embodiments of the invention will be explained in referrence to the attached ...

Computer system having a plurality of stored system capability states from which to resume

According to the present invention a computer system is provided that has a plurality of suspend ...

Barrier synchronization method wherein members dynamic voting controls the number of synchronization phases of protocols and progression to each new phase

The shortcomings of the prior art are overcome and additional advantages are provided through the ...

System for transferring data specified in a transaction request as a plurality of move transactions responsive to receipt of a target availability signal

The present invention is a system and method for efficiently transporting blocks of data through a ...

Method and apparatus for synchronization of data retrieval and presentation

The present invention includes a method and an apparatus for synchronization of data retrieval; ...

Method and system for message transfer session management

In accordance with the invention, there is provided a method and system for managing transfer of ...

APPARATUS FOR DISTRIBUTING INFORMATION OVER A NETWORK-BASED ENVIRONMENT, METHOD OF DISTRIBUTING INFORMATION TO USERS, AND METHOD FOR ASSOCIATING CONTENT OBJECTS WITH A DATABASE WHEREIN THE CONTENT OBJECTS ARE ACCESSIBLE OVER A NETWORK COMMUNICATION MEDIUM

A system and method are provided to document and quantify demand for particular information that is ...

Service providing system and service providing device that provides a specific service in response to user authority determination based on positional relationships of virtual objects

However, according to the related art method, since everyone can operate a projector and cause any ...

Method, system, and program for returning a file requested through a network connection

OF THE PREFERRED EMBODIMENTS In the following description, reference is made to the accompanying ...

Systems, methods and computer program products for validating web content tailored for display within pervasive computing devices

In view of the above discussion, it is an object of the present invention to provide systems, ...

Method and apparatus for increasing the speed of the detecting of computer viruses

Details

Inventors: Cozza, Paul D.;
Assignee:
Primary Examiner: Nguyen; Hoa T.
Assistant Examiner:
Attorney, Agent or Firm: Hale and Dorr

A method and apparatus for increasing the speed at which a computer can scan files for computer viruses examines the initial state information of each file and stores this state information in a cache. Since viruses generally add themselves to preexisting files, they generally change the lengths or other characteristics of the files. During a scan, current state information is gathered regarding the length and/or other characteristics of the current state of the file and this information is compared to the length and characteristics from the initial state of the file. If the initial state information is different than the current state information then the files are scanned for certain subsets of viruses which affect files in a manner which is determined by the differences in such initial and current state information.

DETAILED DESCRIPTION Referring to FIG.
2, the apparatus for detecting computer viruses of the present invention includes a central processing unit 16.
Information concerning the current state of volumes 17 or files 18 is stored in RAM 19, and information concerning prior states is stored in the scan information cache(s) 20.
The cache 20 can be stored in any non-volatile storage medium including, but not limited to, the files or volumes being scanned.
Referring now to FIG.
3, the process for scanning for computer viruses of the present invention will now be described.
In this process, which while described with reference to a Macintosh computer may be used with virtually any other computer, each volume 17 with its files or any subset thereof stored in a memory system is scanned.
Before commencing the actual scan, however, the volume being scanned is examined for the scan information cache (which, in a preferred embodiment, is a file) in step 24 which is located at a predetermined place on the volume being scanned or on some other accessible volume.
If the file is found, it is read into RAM or some other high speed memory in step 26, and its contents are verified in step 28.
For example on the Apple Macintosh computer such verification could involve validating the cache's 1) version number to make sure it is not out of date; 2) volume creation date to make sure the file is on the correct volume; 3) file ID to make sure the cache file is not a copy, and that the volume has not been reformatted; and 4) checksum to verify the file's content.
One suitable checksum could be determined by starting with an arbitrary (randomly selected) string of 4 hexadecimal bytes, called the key, which is known to the scanning program.
An EOR (i.
e.
, Exclusive Or) operation is performed on each long word (4 bytes) of the cache to the key.
The result is the checksum.
Simple variations of this may be used if the cache information is not a multiple of 4 bytes long.
If the cache is valid, it is retained in memory for the scanning of the files in that volume in step 32

Related patents

	Event triggered iterative virus detection In accordance with the present invention a virus detection server is provided for centralized access and iterative techniques are provided to effectively detect and ...
	Macro program management system Taking the above into consideration, an object of the present invention is to provide a macro program management system which facilitates edit operations of macro ...
	Computer network intrusion detection To achieve the foregoing, methods, apparatus, and computer-readable medium are disclosed which provide computer network intrusion detection. In one aspect of the ...
	Print system for executing printing operations based on macros selectively designated on document set basis It is an objective of the present invention to provide a print system in which a user can set different printing processes for each one of a plurality of document sets ...
	Method for intercepting network packets in a computing device OF THE INVENTION The concept of hooking is generally known in the art of computer programming. It means that a call to a default system service (like a function, ...
	System and method for partitioned distributed scanning of a large dataset for viruses and other malware The present invention provides a system and method for concurrently scanning a large dataset for computer viruses and other forms of malware. The dataset is organized ...
	Method and device for innoculating email infected with a virus The present invention provides for a method and network device for detecting and inoculating emails infected with viruses. The method identifies traffic flows, or ...
	Sliding scale adaptive self-synchronized dynamic address translation In view of the above, it is an object of the present invention to provide a method of translating packets in a manner that would entice a would-be adversary to try to ...
	Methods and systems for managing virtual addresses for virtual networks Reference will now be made in detail to the exemplary embodiments of the invention, examples of which are illustrated in the accompanying drawings. Wherever possible, ...
	Data carrier for the storage of data and circuit arrangement for such a data carrier The invention claimed is: 1. A data carrier for the storage of data, which data carrier has a first interface for communication with a first communication device and ...

0.014
Archive: All patents - Links Copyright (c)2006 Eipa-patents.org - All rights reserved