Browser Based Retroactive Malware Protection
Publication Date: 2013-Aug-02
Publishing Venue
The IP.com Prior Art Database
Abstract
Retroactive malware protection can help protect the user by checking a user’s browsing history. If a site in the user’s browser history corresponds to a newly identified malware site, the user can be notified. Checking the user’s browser history against an updated malware database can be done locally or remotely. The functionality of the system may be implemented, for example, in the browser itself, as a browser extension or plugin, or embedded within a web site or web application.
Page 01 of 3
Browser Based Retroactive Malware Protection
Abstract:
Retroactive malware protection can help protect the user by checking a user's browsing history. If a site in the user's browser history corresponds to a newly identified malware site, the user can be notified. Checking the user's browser history against an updated malware database can be done locally or remotely. The functionality of the system may be implemented, for example, in the browser itself, as a browser extension or plugin, or embedded within a web site or web application.
Description:
Some current browsers include protection against web sites with malware. When a user visits a site, the browser checks a database (local, remote, or a using a combination) to determine if a particular website contains malware, is a phishing site, contains cross site scripting attacks, numerous popups, or any other undesirable feature for which a user should be warned. However, because of the delay in identifying malware sites, a user may not be warned when visiting a site if that site has not yet been identified. Therefore, the user's computer could become infected with malware.
Retroactive malware protection can help protect the user by checking a user's browsing history. If a site in the user's browser history corresponds to a newly identified malware site, the user can be notified. For example, a user visits http://www.arbitrarysite.com on Monday. On Tuesday www.arbitrarysite.com is identified as containing malware. On Wednesday, even though the user has not navigated again to a.com, they can be notified that on Monday they visited a site that was determined to be a malware site.
Checking the user's browser history against an updated malware database can be done locally or remotely. If done remotely, the data can be encrypted, for example using hashing, and sent over an encrypted communication channel, and without including any personally identifiable information. This retroactive check can be done periodically, for example, each night. This retroactive check can also be done when the user starts or closes their browser. This re...