公开(公告)号：JP2006127497A

公开(公告)日：2006-05-18

申请号：JP2005284422

申请日：2005-09-29

Applicant: Microsoft Corp ,  マイクロソフト コーポレーション

Inventor： ULAGARATCHAGAN DAMODHARAN ,  COSTEA MIHAI ,  FIELD SCOTT A

IPC: G06F21/56 ,  G06F21/64

CPC classification number: G06F21/56 ,  G06F21/562 ,  H01L21/02

Abstract: PROBLEM TO BE SOLVED: To provide a system and method for efficiently determining that a received file is not malware. SOLUTION: In operation, when a file is received at a computing device, an evaluation is made as to whether the file includes user-modifiable or superficial data areas i.e., areas of the file that by their nature do not typically carry or embed malware. If the file includes superficial data areas, those superficial data areas are filtered out and a file signature is generated based on the remaining portions of the received file. The file can then be compared to a list of known malware to determine if the file is malware. Alternatively, the file can be compared to a list of known, trusted files to determine whether the file is trustworthy. COPYRIGHT: (C)2006,JPO&NCIPI

Abstract translation: 要解决的问题：提供用于有效地确定所接收的文件不是恶意软件的系统和方法。 解决方案：在操作中，当在计算设备处接收到文件时，对文件是否包括用户可修改的或表面的数据区域进行评估，即文件的区域，其性质通常不携带或 嵌入恶意软体。 如果文件包括表面数据区域，那些表面数据区域被过滤掉，并且基于接收到的文件的剩余部分生成文件签名。 然后，该文件可以与已知恶意软件的列表进行比较，以确定该文件是否是恶意软件。 或者，可以将文件与已知的可信文件的列表进行比较，以确定文件是否可信。 版权所有（C）2006，JPO＆NCIPI

公开(公告)号：JP2005327275A

公开(公告)日：2005-11-24

申请号：JP2005128431

申请日：2005-04-26

Applicant: Microsoft Corp ,  マイクロソフト コーポレーション

Inventor： BLUMFIELD ANTHONY ,  GOLAN GILAD ,  GARMS JASON ,  ALSHIBANI SAUD A ,  FIELD SCOTT A

IPC: G06F11/00 ,  G06F9/445

CPC classification number: G06F8/65

Abstract: PROBLEM TO BE SOLVED: To conquer the disadvantage of a conventional method to patching such as the increase of a labor related with the reception and application of patch. SOLUTION: A facility receives, in a computing system, a distinguished patch package for modifying the behavior of a programmatic entity. The facility automatically extracts, from the distinguished patch package, (1) patch application information that identifies a distinguished programmatic entity to which the patches are applied, and (2) patch behavior information that specifies a manner to modify the behavior of the distinguished programmatic entity. The facility automatically adds, to a patch table, a distinguished entry containing the extracted patch application information and patch behavior information. COPYRIGHT: (C)2006,JPO&NCIPI

Abstract translation: 要解决的问题：克服常规方法的补丁的缺点，例如与补丁的接收和应用相关的劳动力的增加。 解决方案：设备在计算系统中接收用于修改程序实体的行为的区别修补程序包。 该设施自动从识别的修补程序包中提取（1）标识应用了修补程序的特定程序实体的修补程序应用程序信息，以及（2）修改行为信息，指定修改可识别程序实体行为的方式 。 该设施自动向补丁表添加包含提取的补丁应用程序信息和补丁行为信息的特定条目。 版权所有（C）2006，JPO＆NCIPI

公开(公告)号：JP2005327274A

公开(公告)日：2005-11-24

申请号：JP2005128430

申请日：2005-04-26

Applicant: Microsoft Corp ,  マイクロソフト コーポレーション

Inventor： BLUMFIELD ANTHONY ,  GOLAN GILAD ,  GARMS JASON ,  ALSHIBANI SAUD A ,  FIELD SCOTT A

IPC: G06F11/00 ,  G06F9/445

CPC classification number: G06F8/65

Abstract: PROBLEM TO BE SOLVED: To explain a facility for augmenting the software of a target computer system.
SOLUTION: The facility receives augmentation specification in the target computer system. The augmentation specification specifies: (a) a function to be augmented, (b) the parameter of a function to be tested, (c) a test to be applied to the specified parameter, and (d) modification to be executed to the behavior of the function when the specified test is not satisfied by the specified parameter. When the specified function is invoked on the target computer system, if the specified test is not satisfied by the specified parameter, the facility performs the specified modification to the behavior of the specified function.
COPYRIGHT: (C)2006,JPO&NCIPI

Abstract translation: 要解决的问题：解释扩充目标计算机系统软件的设施。

解决方案：设备在目标计算机系统中接收增强规范。 扩充规范规定：（a）要增强的功能，（b）要测试的功能的参数，（c）应用于指定参数的测试，以及（d）对行为执行的修改 当指定的测试不满足指定的参数时的功能。 当在目标计算机系统上调用指定的函数时，如果指定的测试不符合指定的参数，则设备会对指定的函数的行为进行指定的修改。 版权所有（C）2006，JPO＆NCIPI

公开(公告)号：WO2006110521A3

公开(公告)日：2007-10-25

申请号：PCT/US2006013006

申请日：2006-04-06

Applicant: MICROSOFT CORP

Inventor： KRAMER MICHAEL ,  RAY KENNETH D ,  ENGLAND PAUL ,  FIELD SCOTT A ,  SCHWARTZ JONATHAN D

IPC: G06F11/00 ,  G06F11/30 ,  G06F12/14 ,  G06F12/16 ,  G06F15/18 ,  H04L9/00

CPC classification number: G06F21/51 ,  G06F21/56

Abstract: Systems and methods for validating integrity of an executable file are described. In one aspect, the systems and methods determine that an executable file is being introduced into a path of execution. The executable file is then automatically evaluated in view of multiple malware checks to detect if the executable file represents a type of malware. If the executable file represents a type of malware, a protection path is implemented.

Abstract translation: 描述用于验证可执行文件的完整性的系统和方法。 在一个方面，系统和方法确定可执行文件正被引入到执行的路径中。 然后，根据多个恶意软件检查自动评估可执行文件，以检测可执行文件是否代表一种恶意软件。 如果可执行文件代表一种恶意软件，则会实现保护路径。

公开(公告)号：WO2007103192A2

公开(公告)日：2007-09-13

申请号：PCT/US2007005398

申请日：2007-02-28

Applicant: MICROSOFT CORP

Inventor： FIELD SCOTT A

CPC classification number: G06F12/1491 ,  G06F21/57

Abstract: Prevention of executable code modification is provided by making the act of allocating and modifying existing memory backed code pages a highly privileged operating system (OS) function. The integrity of loaded code is also optionally checked at load time inside the OS kernel. A privilege check in the system is invoked when executable pages are allocated or modified. This privilege is assigned only to the operating system kernel and highly trusted identities in the operating system.

Abstract translation: 通过将现有的存储器支持的代码页分配和修改为高度特权的操作系统（OS）功能来提供防止可执行代码修改。 加载代码的完整性也可以在OS内核的加载时进行选择性检查。 当分配或修改可执行页面时，会调用系统中的特权检​​查。 此权限仅分配给操作系统内核和操作系统中高度可信的身份。

公开(公告)号：WO2006113167A3

公开(公告)日：2008-01-03

申请号：PCT/US2006013007

申请日：2006-04-06

Applicant: MICROSOFT CORP

Inventor： FIELD SCOTT A ,  SCHWARTZ JONATHAN DAVID

IPC: H04L9/32

CPC classification number: H04L9/3247 ,  G06F21/575 ,  H04L2209/80

Abstract: Systems and methods for performing integrity verifications for computer programs to run on computing systems are provided. An integrity check is completed before passing execution control to the next level of an operating system or before allowing a program to run. The integrity check involves the use of a locally stored key to determine if a program has been modified or tampered with prior to execution. If the check shows that the program has not been altered, the program will execute and, during the boot process, allow execution control to be transferred to the next level. If, however, the check confirms that the program has been modified, the computing system does not allow the program to run.

Abstract translation: 提供了用于执行计算机程序在计算系统上运行的完整性验证的系统和方法。 在将执行控制传递到操作系统的下一个级别之前或允许程序运行之前，完整性检查完成。 完整性检查涉及使用本地存储的密钥来确定在执行之前程序是否被修改或篡改。 如果检查显示程序未被更改，则程序将执行，并且在引导过程中允许将执行控制转移到下一级。 但是，如果检查确认程序已被修改，则计算系统不允许程序运行。

公开(公告)号：JP2006268846A

公开(公告)日：2006-10-05

申请号：JP2006052069

申请日：2006-02-28

Applicant: Microsoft Corp ,  マイクロソフト コーポレーション

Inventor： FIELD SCOTT A

IPC: G06F12/00

CPC classification number: G06F11/1453 ,  G06F11/1451 ,  G06F11/1464

Abstract: PROBLEM TO BE SOLVED: To provide a system, methods and a computer-readable medium for efficiently performing a backup of data in a networking environment.
SOLUTION: In embodiments of the present invention, a backup of a file from a local computing device to a remote computing device is performed. Aspects of the present invention determine whether the file is already stored on the remote computing device by another user or by an operating system and/or application program provider. In this regard, a signature of the file is generated and compared to signatures of files stored on a back end computing system. Only in instances when a match to the signature is not found, the complete file is transmitted to the back end computing device and stored in a database.
COPYRIGHT: (C)2007,JPO&INPIT

Abstract translation: 要解决的问题：提供用于在网络环境中有效地执行数据备份的系统，方法和计算机可读介质。 解决方案：在本发明的实施例中，执行文件从本地计算设备到远程计算设备的备份。 本发明的方面确定该文件是否已被其他用户或操作系统和/或应用程序提供者存储在远程计算设备上。 在这方面，生成文件的签名并与存储在后端计算系统上的文件的签名进行比较。 只有当没有找到与签名的匹配的情况下，将完整的文件传输到后端计算设备并存储在数据库中。 版权所有（C）2007，JPO＆INPIT

公开(公告)号：JP2006178936A

公开(公告)日：2006-07-06

申请号：JP2005332691

申请日：2005-11-17

Applicant: Microsoft Corp ,  マイクロソフト コーポレーション

Inventor： ARMSTRONG BENJAMIN ,  GARMS JASON ,  RAY KENNETH D ,  KRAMER MICHAEL ,  ENGLAND PAUL ,  FIELD SCOTT A

IPC: G06F21/22

CPC classification number: G06F21/53 ,  G06F21/56 ,  G06F21/566

Abstract: PROBLEM TO BE SOLVED: To provide a security scheme that provides security to one or more self-contained operating environment instances executed on a computer. SOLUTION: The security scheme may include implementing a set of security applications that may be controlled by a supervisory process, or the like. Both the set of security applications and the supervisory process may operate on a host system of the computer, which may also provide a platform for execution of one or more self-contained operating environments. The security scheme protects processes running in the one or more self-contained operating environments and processes running on the computer outside of the self-contained operating environments. COPYRIGHT: (C)2006,JPO&NCIPI

Abstract translation: 要解决的问题：提供一种为在计算机上执行的一个或多个独立操作环境实例提供安全性的安全性方案。 解决方案：安全方案可以包括实现可由监督过程等控制的一组安全应用。 所述一组安全应用程序和监督过程可以在计算机的主机系统上操作，其还可以提供用于执行一个或多个独立操作环境的平台。 安全性方案保护在独立操作环境中运行的一个或多个独立操作环境中运行的进程和在独立操作环境之外的计算机上运行的进程。 版权所有（C）2006，JPO＆NCIPI

公开(公告)号：JP2006178934A

公开(公告)日：2006-07-06

申请号：JP2005332030

申请日：2005-11-16

Applicant: Microsoft Corp ,  マイクロソフト コーポレーション

Inventor： MARINESCU ADRIAN M ,  CARL CARTER-SCHWENDLER ,  SEINFELD MARC E ,  KRAMER MICHAEL ,  LUBER PAUL ,  FIELD SCOTT A

IPC: G06F21/22

CPC classification number: G06F21/568 ,  G06F21/554 ,  Y10S707/99953

Abstract: PROBLEM TO BE SOLVED: To provide a device that can self-heal from malicious software attacks such as viruses and worms. SOLUTION: Changes made between the time that an infection resulting from an attack on the device is detected and an earlier point in time to which the device is capable of being restored may be recovered based, at least in part, on what kinds of changes are made, whether the changes are bona fide or malware-induced, whether the changes are made after the time that the infection likely occurred, and whether new software is installed. COPYRIGHT: (C)2006,JPO&NCIPI

Abstract translation: 要解决的问题：提供可以从恶意软件攻击（如病毒和蠕虫）自我修复的设备。

解决方案：可以在至少部分地基于什么类型来恢复在检测到设备的攻击所导致的感染的时间与设备能够恢复的较早时间点之间所做的更改 做出改变，无论这些变化是真实的还是恶意软件引起的，是否在感染可能发生之后进行更改，以及是否安装了新的软件。 版权所有（C）2006，JPO＆NCIPI

公开(公告)号：JP2006107505A

公开(公告)日：2006-04-20

申请号：JP2005290092

申请日：2005-10-03

Applicant: Microsoft Corp ,  マイクロソフト コーポレーション

Inventor： GOLAN GILAD ,  VAYMAN MARK ,  FIELD SCOTT A

IPC: G06F21/62

CPC classification number: G06F21/6218

Abstract: PROBLEM TO BE SOLVED: To provide a facility for setting and revoking policies. SOLUTION: The facility receives from a controlling process a request to set a policy on a controlled process, and determines whether the controlling process has privilege to set the policy on the controlled process. If the facility determines that the controlling process has privilege to set the policy on the controlled process, the facility sets the policy on the controlled process, which causes the policy to be applied to the controlled process to determine whether the controlled process has authorization to access one or more resources. COPYRIGHT: (C)2006,JPO&NCIPI

Abstract translation: 要解决的问题：提供设置和撤销政策的设施。 解决方案：设施从控制进程接收到在受控进程上设置策略的请求，并确定控制进程是否具有在受控进程上设置策略的权限。 如果设施确定控制进程具有在受控进程上设置策略的权限，则该设施在受控进程上设置策略，这导致将策略应用于受控进程以确定受控进程是否具有访问权限 一个或多个资源。 版权所有（C）2006，JPO＆NCIPI