Browse Prior Art Database

Method for Detecting Out-of-Date or Illicit Programs on Enterprise Workstations

IP.com Disclosure Number: IPCOM000012084D
Original Publication Date: 2003-Apr-07
Included in the Prior Art Database: 2003-Apr-07
Document File: 2 page(s) / 16K

Publishing Venue

IBM

Abstract

A method is disclosed for detecting out-of-date and/or illicit programs on (enterprise) workstations. The method exploits the infrastructure provided by anti-viral software, including methods for receiving updates from vendors through the intranet and/or internet. In essence, the method identifies such programs as a form of virus and allows the treatment of detected viruses to be established by policies ranging from automated uninstall (quarantining) to simple alert generation.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 1 of 2

Method for Detecting Out-of-Date or Illicit Programs on Enterprise Workstations

A method is disclosed for detecting out-of-data and/or illicit programs on (enterprise) workstations. The method exploits the infrastructure provided by anti-viral software, including methods for receiving updates from vendors through the intranet and/or internet. In essense, the method identifies such programs as a form of virus and allows the treatment of detected viruses to be established by policies ranging from automated uninstall, through quarantining, to simple alert generation.

State-of-the-art virus detection programs operate roughly as follows:

a core virus detection program is installed on the target machine a database of virus detection rules interpreted by the core virus detection program is also installed on the target machine optionally, this database may be updated periodically from intranet or internet update resources
for "batch" virus detection on protected filesystems each file in the filesystem is compared to the database if a match is found, the file is "quarantined" (moved to a protected area of the filesystem) for manual handling for "realtime" virus protection, filesystem operations (open, write, and/or close) are intercepted

Generally, careful enterprises establish policies that provide the most vigorous protection from viral incursions possible: real-time protection to prevent known viruses from propagating, combined with periodic batch scans to provide detection of newly discovered viruses that may have already infected the target machine.

The method disclosed here exploits this same mechanism to allow enterprises to protect themselves from legal exposures due users installing unlicensed software (or continuing to use software whose licenses have expired), technical exposures due to backlevel versions of software that provide vi...