I'm not an antivirus software developer so I really don't know what exactly these claims are referring to. The background of the patent helps a bit, but it seems to me that the patent refers to a program which uses an emulator to catch the point where a program's code being passed off to viral code.
Could someone give better summary claim by claim?
I'll provide the claims here to give a starting point. Let's try to actually see what's getting patented here and whether or not it really is novel.
I claim:
1. A virus detection system for detecting if a computer file is infected by a virus, the file having a plurality of potential virus entry points, the system comprising:
an engine for controlling operation of the virus detection system responsive to instructions stored in an intermediate language, the instructions adapted to examine the plurality of potential virus entry points and post for emulating ones of the plurality of potential virus entry points exhibiting characteristics indicating a possible virus;
an emulating module coupled to the engine for emulating the posted entry points of the file in a virtual memory responsive to the engine, wherein the virus may become apparent during the emulation of an entry points of the file infected by the virus; and
a scanning module coupled to the engine for scanning regions of the virtual memory for a signature of the virus responsive to the engine and the emulating module, wherein presence of the virus signature in a scanned region indicates that the file is infected by the virus.
2. The virus detection system of claim 1, further comprising:
a custom module coupled to the engine for executing custom virus-detection code responsive to invocation by the engine.
3. The virus detection system of claim 1, wherein the intermediate language is P-code and the engine comprises:
a P-code interpreter for interpreting the P-code and controlling the operation of the virus detection system responsive thereto.
4. The virus detection system of claim 3, wherein the engine further comprises:
primitives for performing operations with respect to the file and the virtual memory responsive to invocations of the primitives by the P-code.
5. The virus detection system of claim 1, further comprising:
a virus definition file coupled to the scanning module for holding virus signatures for use by the scanning module.
6. The virus detection system of claim 1, wherein the instructions stored in the intermediate language post regions of the file for scanning by the scanning module.
7. The virus detection system of claim 6, wherein postings identifying overlapping regions are merged into a single posting identifying the regions of the merged postings.
8. A method for detecting a virus in a computer file, the file having a plurality of potential virus entry points, the method comprising the steps of:
executing instructions stored in an intermediate language representation, the instructions performing the steps of:
examining regions of the file for possible infection by viruses and posting for scanning any regions exhibiting characteristics indicating a possible virus infection;
examining the plurality of potential virus entry points of the file for possible infections by viruses and posting for emulating ones of the plurality of potential virus entry points exhibiting characteristics indicating a possible virus infection; and
examining the posted regions of the file to algorithmically determine whether the file is infected with a virus.
9. The method of claim 8, wherein the instructions further perform the steps of:
merging overlapping regions posted for scanning.
10. The method of claim 8, wherein the instructions further perform the step of:
calling a custom executable program to determine when the file is infected with a virus.
Why is no one talking about this part of the article:
At the same time that Intel is looking to push computermakers on the design front, it is also working to improve the quality of such devices. It is also working to ensure that content can be secured to the satisfaction of Hollywood studios, which will decide whether or not to make their movies available on such machines.
MacDonald brought Microsoft eHome executive Joe Belfiore on stage to talk about collaborations between the two companies. He spoke about an effort to make sure Microsoft's digital-rights management technology is compatible with Intel's push for standards to enable content to move among home devices easily while still being protected from widespread distribution.
A Disney executive also spoke about the potential for bringing its Moviebeam service to PCs. The service, which offers more than 100 movies on demand, currently works only with set-top boxes.
That seems to be more disturbing than Intel trying to get manufacturers to compete with a mini-esque PC.
Secunia just put the list together. Copy/pasting the list and who found them from secunia since someone didn't link to it in the article.
1) The vulnerability is caused due to the temporary plugin directory being created insecurely. This can be exploited via symlink attacks to delete arbitrary directories with the privileges of the user running Mozilla or Firefox.
2) The problem is that an inactive tab can launch an HTTP authentication prompt, which appears to be displayed by a website in another tab. This may be exploited to trick a user into entering some sensitive information (e.g. user credentials).
This is similar to: SA12712
3) An error in the handling of shortcut files (.lnk) can be exploited to overwrite arbitrary files by tricking a user into downloading a shortcut file twice.
4) The problem is that a XML document can include XSLT stylesheets from arbitrary sites, which may be exploited to disclose some sensitive information.
5) An error in the form fill feature (autocomplete) allows reading suggested values before they are chosen. This can be exploited to disclose some potentially sensitive input by tricking a user into arrowing through some autocompleted values.
6) A memory handling error in Mozilla string classes may allow overwriting of memory if the browser runs out of memory during string growth. This can potentially be exploited to execute arbitrary code.
7) The problem is that the hostname can be obfuscated in the installation confirmation dialog by including an overly long username and password. This can be exploited to trick users into accepting installations from untrusted sources.
Successful exploitation requires that the malicious website is allowed to request installations.
8) It is possible to cause a heap overflow due to an error when converting malformed UTF8 character sequences to Unicode. This may be exploited to cause a heap overflow and execute arbitrary code, however, general web content is not converted using the vulnerable code.
9) Various errors make it possible to show the "secure site" lock icon with certificate information belonging to a different site.
Provided and/or discovered by: 1) Tavis Ormandy 2) Christian Schmidt 3) Masayuki Nakano 4) Georgi Guninski 5) Matt Brubeck 6) Independently discovered by: * Daniel de Wildt * Gaël Delalleau 7) Phil Ringnalda 8) wind li 9) Mook, Doug Turner, Kohei Yoshino, M. Deaudelin
A friend here at college was having a spyware/virus problem that she wanted help with. I offered to help her if she'd use firefox afterwards to prevent this from happening again. She refused because she "likes using Internet Explorer." Even when I told her she could still use it for certain sites, but that it's best not to use it for web browsing.
I guess some people are too set in their ways. She couldn't name anything she liked about IE, just that she did, in fact, like it.
That's my experience trying to spread Firefox to some people who might be in your categories 1 or 2. The other people I've introduced to Firefox have all loved it.
*shrugs* She found someone else to fix it without the condition that she try to use Firefox. I guess it would be interesting to find out if she gets reinfected.
I figured that a few people who were interested in the advantages of standards compliant code might check it out, but that without a link the masses wouldn't bother. Judging by our logs, I guess I was wrong. I won't make that mistake again!
Just by using XHTML compliant code and writing in our blog my fiancee and I are the #1 result in Google, Yahoo, and the new MSN search for a wide variety of topics. This includes areas we only talk about in one post or something. Perhaps the $$ and time that people spend on search engine optimization sites/links/etc would be better spent writing proper XHTML?
Our site is http://www.caseyandanna.com [No link, please don't slashdot!]
A few of the common search terms that we see involve: Cinara Aphids, Shrek2 pictures/etc (my typo), Aramark norovirus
That's what I miss anyway. That's why I use my fiancee's computer for lab reports and my own computer for everything else. (She dual boots... I don't.) If OO.o did that we would have no reason to dual boot.
The way that it is easy to put trendlines and their equations on graphs in the spreadsheet. I know I can do it with functions in cells but when I'm trying to finish a PCHEM paper, I want it to be as easy as possible. A checkbox on a scatterplot = good. Having to look up the formula, having to put that into the cell, and then having to type that in a text format on the graph is really not a replacement.
I should have specified easier ways. There are a number of ways of checking for specific sequences in the bacteria (microarrays and such) if you prefer a sequence homolology test. Alternatively there's always good old fashioned screenings if you prefer the old school style of tests;). In any case, sequencing seems to be overkill, except perhaps in those cases where the bacteria are resistant to all known antibiotics.
There's no reason to bother sequencing the DNA (plus you'd have to look at all the plasmids and such which could be a huge pain). There are easier ways to do this (I was just thinking about working on this problem today).
I was going to ignore it thinking it was, but just incase you're serious I will respond.
The last phrase isnt that bad as you said.Nothing wrong in keeping Internet explorer for emergencies.I have seem quite a few pages that refuse to work in netscape - apart from those sites whose contents get juggled ( Yes,Evene in firefox 1.0).
You're right here, this happens. MSIE is VERY good at rendering malformed HTML. Some have speculated that this was done to prevent HTML standards from being followed by most developers, but in any case, the HTML you're seeing messed up *is* malformed. At a fundamental level it's the website's fault. If you do have to use one of those pages, do make sure you e-mail the maintainer. Often they will fix it. As FF's marketshare increases, expect this to change.
Next,The start up time when I double click a html file in my hard disk:- IE is much faster than Firefox to open files in my hard disk.(WinXX).
This is because MSIE is preloaded in RAM. I'm not familiar enough with windows to tell you how to preload FF at startup but there is a way. You can use about:config changes in firefox to speed up page rendering if you'd like. You should look into both of these if you are often opening files from the hard disk.
Firefox needs to have a confirmation box when its main window containing the tabs is clicked for close.many a time i have accidently clicked the close and all the tabs are gone!
Ahh, finally to the reason I think you are joking. This is the default behavior in Firefox. If your copy isn't doing this it is because you turned it off. Turn it back on and once more it will ask for conformation.
At least 2-3 times per day the beta would crash for me with an Error # 132. It seems this error occured most frequently on those computers with AMD Athlon (not only the 64 bit versions though) chips. There were rare reports of it on P4 chips but the overwhelming majority of the times it was on AMD chips.
That is the one thing keeping me from buying the game. It's so annoying to have it crash 2-3 times in a row in the same area (frequently resulting in death, as your character stays in the same spot in the game world and does NOT leave the server until you attempt to rejoin).
Considering the number of viruses that have used RPC call to reboot your computer (for your convenience). Perhaps your uptime isn't the 2 years you really think it is? After installing a patch for those you've got to reboot anyway so either your computer has been reguarly rebooting (Without your knowledge) or you have rebooted it and don't remember.
Alternatively you could have it not be on the internet but you said you used it for e-mail processing so I'd imagine it has some connection to the web. Otherwise you've got it behind a firewall/router (which might even be running Linux!) and no infected machines have been plugged into your intranet (yet!). If this is the case... you're living on the edge!
"The web site is down I can't vote." Please what a bunch of Losers with a capital L. Is this was this election is going to be all about, how people are being denied their voting rights?
I hate to be consise but that really does seem like a pretty important issue to me.
To give some context to the issue though: Blocking by IP isn't effective because most hackers will already be using a compromised machine or a proxy. It would surprise me if the Department of Defense is not aware of this. With the number of zombie machines in the US, I believe this probably inconveniences Americans overseas without causing problems for anyone trying to hack the site. To me, that indicates that the issue is probably not "hackers" and so of course I'd be a bit suspicious.
Slashdot Mirror
Man, I feel like we're beating a dead horse... ba-dum-chhh
Could someone give better summary claim by claim?
I'll provide the claims here to give a starting point. Let's try to actually see what's getting patented here and whether or not it really is novel.
That seems to be more disturbing than Intel trying to get manufacturers to compete with a mini-esque PC.
Secunia just put the list together. Copy/pasting the list and who found them from secunia since someone didn't link to it in the article.
1) The vulnerability is caused due to the temporary plugin directory being created insecurely. This can be exploited via symlink attacks to delete arbitrary directories with the privileges of the user running Mozilla or Firefox.
2) The problem is that an inactive tab can launch an HTTP authentication prompt, which appears to be displayed by a website in another tab. This may be exploited to trick a user into entering some sensitive information (e.g. user credentials).
This is similar to:
SA12712
3) An error in the handling of shortcut files (.lnk) can be exploited to overwrite arbitrary files by tricking a user into downloading a shortcut file twice.
4) The problem is that a XML document can include XSLT stylesheets from arbitrary sites, which may be exploited to disclose some sensitive information.
5) An error in the form fill feature (autocomplete) allows reading suggested values before they are chosen. This can be exploited to disclose some potentially sensitive input by tricking a user into arrowing through some autocompleted values.
6) A memory handling error in Mozilla string classes may allow overwriting of memory if the browser runs out of memory during string growth. This can potentially be exploited to execute arbitrary code.
7) The problem is that the hostname can be obfuscated in the installation confirmation dialog by including an overly long username and password. This can be exploited to trick users into accepting installations from untrusted sources.
Successful exploitation requires that the malicious website is allowed to request installations.
8) It is possible to cause a heap overflow due to an error when converting malformed UTF8 character sequences to Unicode. This may be exploited to cause a heap overflow and execute arbitrary code, however, general web content is not converted using the vulnerable code.
9) Various errors make it possible to show the "secure site" lock icon with certificate information belonging to a different site.
Provided and/or discovered by:
1) Tavis Ormandy
2) Christian Schmidt
3) Masayuki Nakano
4) Georgi Guninski
5) Matt Brubeck
6) Independently discovered by:
* Daniel de Wildt
* Gaël Delalleau
7) Phil Ringnalda
8) wind li
9) Mook, Doug Turner, Kohei Yoshino, M. Deaudelin
I think this was supposed to be funny?
Try reading it in that context and see if you get more out of it.
What do you like about IE and what don't you like about Firefox?
I'd rather not get extra work if I can avoid it. I'm busy enough =).
This wasn't Linux though. This was only Firefox. *shrugs* If you want to you can use it just like MSIE.
A friend here at college was having a spyware/virus problem that she wanted help with. I offered to help her if she'd use firefox afterwards to prevent this from happening again. She refused because she "likes using Internet Explorer." Even when I told her she could still use it for certain sites, but that it's best not to use it for web browsing.
I guess some people are too set in their ways. She couldn't name anything she liked about IE, just that she did, in fact, like it.
That's my experience trying to spread Firefox to some people who might be in your categories 1 or 2. The other people I've introduced to Firefox have all loved it.
*shrugs* She found someone else to fix it without the condition that she try to use Firefox. I guess it would be interesting to find out if she gets reinfected.
Power them with the methane produced!
Using cows for power.
I just put that in (when I redir'd it to taylor - a friend's - site as a joke =)) Before that it wasn't there.
I use firefox and haven't come across that, can you direct me to how to get to it?
I figured that a few people who were interested in the advantages of standards compliant code might check it out, but that without a link the masses wouldn't bother. Judging by our logs, I guess I was wrong. I won't make that mistake again!
Just by using XHTML compliant code and writing in our blog my fiancee and I are the #1 result in Google, Yahoo, and the new MSN search for a wide variety of topics. This includes areas we only talk about in one post or something. Perhaps the $$ and time that people spend on search engine optimization sites/links/etc would be better spent writing proper XHTML?
Our site is http://www.caseyandanna.com [No link, please don't slashdot!]
A few of the common search terms that we see involve: Cinara Aphids, Shrek2 pictures/etc (my typo), Aramark norovirus
Anyway, that's our experience.
That's what I miss anyway. That's why I use my fiancee's computer for lab reports and my own computer for everything else. (She dual boots... I don't.) If OO.o did that we would have no reason to dual boot.
The way that it is easy to put trendlines and their equations on graphs in the spreadsheet. I know I can do it with functions in cells but when I'm trying to finish a PCHEM paper, I want it to be as easy as possible. A checkbox on a scatterplot = good. Having to look up the formula, having to put that into the cell, and then having to type that in a text format on the graph is really not a replacement.
I should have specified easier ways. There are a number of ways of checking for specific sequences in the bacteria (microarrays and such) if you prefer a sequence homolology test. Alternatively there's always good old fashioned screenings if you prefer the old school style of tests ;). In any case, sequencing seems to be overkill, except perhaps in those cases where the bacteria are resistant to all known antibiotics.
There's no reason to bother sequencing the DNA (plus you'd have to look at all the plasmids and such which could be a huge pain). There are easier ways to do this (I was just thinking about working on this problem today).
Do we blame gun makers for gun deaths? No, they are tools.
We do however blame our congressmen, and they too are tools.
Is this a joke?
,Evene in firefox 1.0).
:- IE is much faster than Firefox to open files in my hard disk.(WinXX).
I was going to ignore it thinking it was, but just incase you're serious I will respond.
The last phrase isnt that bad as you said.Nothing wrong in keeping Internet explorer for emergencies.I have seem quite a few pages that refuse to work in netscape - apart from those sites whose contents get juggled ( Yes
You're right here, this happens. MSIE is VERY good at rendering malformed HTML. Some have speculated that this was done to prevent HTML standards from being followed by most developers, but in any case, the HTML you're seeing messed up *is* malformed. At a fundamental level it's the website's fault. If you do have to use one of those pages, do make sure you e-mail the maintainer. Often they will fix it. As FF's marketshare increases, expect this to change.
Next,The start up time when I double click a html file in my hard disk
This is because MSIE is preloaded in RAM. I'm not familiar enough with windows to tell you how to preload FF at startup but there is a way. You can use about:config changes in firefox to speed up page rendering if you'd like. You should look into both of these if you are often opening files from the hard disk.
Firefox needs to have a confirmation box when its main window containing the tabs is clicked for close.many a time i have accidently clicked the close and all the tabs are gone!
Ahh, finally to the reason I think you are joking. This is the default behavior in Firefox. If your copy isn't doing this it is because you turned it off. Turn it back on and once more it will ask for conformation.
At least 2-3 times per day the beta would crash for me with an Error # 132. It seems this error occured most frequently on those computers with AMD Athlon (not only the 64 bit versions though) chips. There were rare reports of it on P4 chips but the overwhelming majority of the times it was on AMD chips.
That is the one thing keeping me from buying the game. It's so annoying to have it crash 2-3 times in a row in the same area (frequently resulting in death, as your character stays in the same spot in the game world and does NOT leave the server until you attempt to rejoin).
How appropriate =)
s html?tid=127&tid=187&tid=98
http://games.slashdot.org/games/04/11/21/1746257.
Consumers are not required to read the ads in magazines or newspapers.
Just wait until next year.
I really see no difference.
That'll be the arguement they use.
I don't even know if I'm being insightful or funny (I hope funny!).
Considering the number of viruses that have used RPC call to reboot your computer (for your convenience). Perhaps your uptime isn't the 2 years you really think it is? After installing a patch for those you've got to reboot anyway so either your computer has been reguarly rebooting (Without your knowledge) or you have rebooted it and don't remember.
Alternatively you could have it not be on the internet but you said you used it for e-mail processing so I'd imagine it has some connection to the web. Otherwise you've got it behind a firewall/router (which might even be running Linux!) and no infected machines have been plugged into your intranet (yet!). If this is the case... you're living on the edge!
"The web site is down I can't vote." Please what a bunch of Losers with a capital L. Is this was this election is going to be all about, how people are being denied their voting rights?
I hate to be consise but that really does seem like a pretty important issue to me.
To give some context to the issue though: Blocking by IP isn't effective because most hackers will already be using a compromised machine or a proxy. It would surprise me if the Department of Defense is not aware of this. With the number of zombie machines in the US, I believe this probably inconveniences Americans overseas without causing problems for anyone trying to hack the site. To me, that indicates that the issue is probably not "hackers" and so of course I'd be a bit suspicious.