Escolar Documentos
Profissional Documentos
Cultura Documentos
Hodges et al.
(54)
5,903,724 *
5,907,834
COMPUTER NETWORK
8/1999 Britt,
on .lrget
er e al.a. . ..
345/333
ealth et a1.
...................... ..
395/712
(Us)
6,052,531
6,061,505 *
5/2000
6,097,718 *
6,151,643
Subject to any disclaimer, the term of this
patent is extended or adjusted under 35
6,167,407
.t d b
e1 e
714/38
CA (US)
Notice:
706/20
5,940,074
,
,
(*)
(73)
US 6,269,456 B1
714/38
370/351
710/36
y exahhhet
(57)
ABSTRACT
(51)
(52)
(58)
us CL _________ __
_ 714/38; 713/201
Field Of Search ............................ .. 714/38- 713/201
(56)
References Cited
340/825
5,623,500
5,630,116 *
395/187.01
395/617
-~ 395/2009
5e732e275
2:233:53;
395/712
11/1332 2111551;ere...111111111551252?
5,862,325
5,890,129
395/200.31
CUENT CDMPUTER
404
RESTDENT
WEE BROWSER
TNVOKED7
*"i
ADE
4vi_
USERID
BJONESD23
AMWTRUS UPDATE
FTLE RECETVEW
N0
41 4
LOAD
ANTMRUS
UPDATES
'
PAUSE
U.S. Patent
Sheet 1 0f 14
US 6,269,456 B1
4/1/00
USER ACOUIRES AND LOADS:
53/15/00
VIRUS "BAD_APPLE.V"
4/1/00 - 1/12/01
SUCCESSFUL PROTECTION
104
OF DESKTOP USING:
AntivIrus_AppIicationexe 2/1/00 01 :00
7/15/00
108~ ANTIVIRUS COMPANY
DETECT3"BAD_APPLE-V"
1/13/01
7/15/00
DESKTOP INFECTED BY ~1 14
"BAD_APPLE.V" VIRUS
1/13/01-1/19/01
Antivirus_Applicationsexe
~116
FAILS TO DETECT "BAD_APPLE.V"
9/1/00
1/19/01
VIRUS BADHAPPLEIV DESTROYS N 1 1 8
DATA ON DESKTOP COMPUTER
New Vers|0n oI
VIRUS_SIGNATURES.DAT 09/01/00 03.00
END
FIG. 1
(PRIOR ART)
U.S. Patent
Sheet 2 0f 14
US 6,269,456 B1
$214
INTERNET
210
IIIIIHIIH
mumm
FIG. 2
(PRIOR ART)
204*
U.S. Patent
Sheet 3 0f 14
US 6,269,456 B1
308w
304
306w
lntemgSLervice
@ 302
PmV'de
305
FIG. 3
U.S. Patent
Sheet 4 0f 14
US 6,269,456 B1
@
USER TURNS 0N DESKTOP w 402
CLIENT COMPUTER
RESIDENT
406
WEB BRUWSER
INVOKED?
NO
YES
USER
418 BROWSES
INTERNET
408
/
NOTIFYCENTRALANTIVIRUS
SERvER THAT WEB BROWSWER
ISINVOKED.
TP ADDRESS: 205844.137
USERID: BJONESOTZB
410
USER
420~ LOGS 0PE
TNTERNET
ANTNTRUS UPDATE
FILE REcENEU?
414
LOAD
412~ ANTNTRUS
UPDATES
416
COMPUTER ON?
FIG. 4
N0
8
PAUSE
U.S. Patent
Sheet 7 0f 14
604
602
NEW UPDATES
AVAILABLE FROM ANTIVIRUS
ENGINEERS?
YES
ACCESS DATABASE
FOR BJONESOOI234
VIRUS_SIGNATURES.DAT?
VIRUS_SIGNATURES.DAT TO
IP ADDRESS 205.855.137
FIG. 6
US 6,269,456 B1
LOAD UPDATED
ANTIVIRUS FILES
U.S. Patent
Sheet 8 0f 14
US 6,269,456 B1
700
/
OPERATING I
FILES
SYSTEM
W1N95
i
E AntiviruswApplication?xe
WIN95
1 VIRUS_SIGNATURES.DAT
i
i 02/12/00
1 09/16/00
702
*************************'k******************************
**kk'ki:************************************~k~k********~k***
USER
1 OPERATING
ASM1TE64S9
i 01/12/00
1 01/15/00
BJONES001234
1 SYSTEM
704
FIG. 7
U.S. Patent
WI
20
Sheet 9 0f 14
US 6,269,456 B1
804
806w
lnternet_8ervice
Provlder
FIG. 8
SLlP/PPP
U.S. Patent
Sheet 12 0f 14
1019
2J1
FIG. 10
US 6,269,456 B1
. Patent
Sheet 13 0f 14
US 6,269,456 B1
109
1102
5
1104
1106
?~_\
1008A
486-66
WIN95
VIRUS_S|GSW95.DAT
5/15/00
Antivirus_AppW95.exe
2/1/00
1008B
486-100
WIN95
VIRUS_S|GSW95.DAT
5/15/00
1008C
486-66
1010
Antivirus_AppW95.exe
2/1/00
WIN95
V1RUS_S|GSW95.DAT
5/15/00
686-200
WIN95
V|RUS_S|GSW95.DAT
Antivirus_AppW95.exe
5/15/00
2/1/00
1012A
586-75
WIN95
VIRUS_SIGSW95.DAT
Antivirus_AppW95.exe
5/15/00
2/1/00
1012B
586-133
WIN95
VIRUS_S|GSW95.0AT
5/15/00
10120
586-133
WIN95
VIRUS_S|GSW95.DAT
5/15/00
1014
686-200
WIN95
V1RUS_SIGSW95.DAT
5/15/00
1016A ALPHA500
UN|X9
V1RUS_S|GSUNX9.DAT
6/1/00
10168 ALPHA500
UN|X9
VIRUS_S|GSUNX9.DAT
6/1/00
Antivirus_appUNX9.exe
7/15/00
Antivirus_AppW95.exe
Antivirus_AppW95.exe
Antivirus_AppW95.exe
Antivirus_AppW95.exe
Antivirus_appUNX9.exe
2/1/00
2/1/00
2/1/00
2/1/00
7/15/00
1016C ALPHA500
UN1X9
VIRUS_SIGSUNX9.DAT
6/1/00
1018
UNIX9
V|RUS_S|GSUNX9.DAT
6/1/00
ALPHA500
Antivirus_appUNX9.exe
Antivirus_appUNX9.exe
FIG. 11
7/15/00
7/15/00
U.S. Patent
Sheet 14 0f 14
US 6,269,456 B1
FIG. 12
US 6,269,456 B1
1
RELATED APPLICATIONS
NT, 3.1x, DOS and OS/2), and on the World Wide Web at
http://WWW.mcafee.com. The contents of these documents
10
15
a computer netWork.
20
25
placed
in
the
directory
C:\PROGRAMi
VIRUSiSIGNATURES .DAT.
Generally speaking, a recent trend is for manufacturers of
C:\PROGRAMi
directory
the
doWnloading by users.
60
US 6,269,456 B1
3
15
20
Will have its oWn unique set of virus scanning engines and
virus signature ?les. It is Well knoWn in the art, for example,
that viruses are operating system speci?c, and so the local
client computers 206A206N of FIG. 2 Will likely require
30
40
tor.
context
FIG. 2 shoWs
of a typical
a typicalcorporate
local arealocal
netWork
area 200
netWork
comprising a
netWork server 202, a communications netWork 204 such as
an ETHERNET netWork, a plurality of user nodes
60
US 6,269,456 B1
6
5
protocol, and each of the plurality of local client computers
is coupled to the computer network using a packet-sWitched
protocol. Each client computer intermittently noti?es the
1O
ment.
15
25
45
embodiment;
preferred embodiment;
FIG. 6 shoWs steps taken by a central antivirus server
65
applications.
US 6,269,456 B1
8
10
server 308 for notifying the central antivirus server 308 that 35
a TCP/IP connection and a Web broWser have been activated
manner in Which to cause AntivirusiApplicationexe 520 to
at client computer 302. Among the information transmitted
automatically execute at startup is to place a shortcut to this
from client computer 302 to central antivirus server 308 are
program in the Startup portion of the Windows 95 Start
menu system.
308.
At step 410 antivirus update ?les are received by client
computer 302 if any such ?les are sent by the central
antivirus server 308. If any such ?les are received, at step
412 the antivirus update ?les are loaded. If any such ?les are
may be, the decision step 406 is again performed if the client
exemplary
FIG. 4 also shoWs the step 418, Whereby the user broWses
65
virus
signature
?le
VIRUSi
US 6,269,456 B1
9
10
softWare.
FIG. 8 shoWs a diagram of a computer netWork 800
determines Whether that user has been sent the most recently
updated antivirus ?les. If the user has already been sent the
45
systems.
In general, the push administration system 810 pushes
channeliZed information to the client desktop 802 according
to a subscription plan for the user of client computer 802.
Antivirus update ?les are delivered on one of the subscriber
channels.
FIG. 9A shoWs a printout of the directory structure from
a hard drive of client computer 802 according to the embodi
ment of FIG. 8, and in particular shoWs ?le listings of an
Antivirus SoftWare directory 902 on client computer 802.
Similar to the embodiment of FIG. 3, Antivirus SoftWare
traf?c.
FIG. 7 shoWs a diagram of a database 700 contained
Within central antivirus server 308. Database 700 comprises
55
shoWn in FIG. 7. ShoWn in antivirus database 702 are virus 65 data directory 912 that are dedicated for push update appli