CN101894243A - Immunization method of malicious plugins aiming at network browser - Google Patents
Immunization method of malicious plugins aiming at network browser Download PDFInfo
- Publication number
- CN101894243A CN101894243A CN2010102081823A CN201010208182A CN101894243A CN 101894243 A CN101894243 A CN 101894243A CN 2010102081823 A CN2010102081823 A CN 2010102081823A CN 201010208182 A CN201010208182 A CN 201010208182A CN 101894243 A CN101894243 A CN 101894243A
- Authority
- CN
- China
- Prior art keywords
- visit
- immune
- immune position
- access
- malicious plugins
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an immunization method of malicious plugins aiming at a network browser. The method comprises the following steps of: analyzing known malicious plugins and extracting immunization positions; carrying out access restrictions on the immunization positions to prohibit access to the immunization positions; and allowing to access non-immunization positions. The method provided by the invention can realize immunization and prevention of the known malicious plugins and can effectively prevent the malicious plugins of the browser from being installed in a system.
Description
Technical field
The present invention relates to the network security technology field, particularly a kind of immunization method of the malicious plugins at web browser.
Background technology
At present, at the malicious plugins of web browser by releasing document, write the mode of registration table, make self to be loaded by web browser.Can pop-up advertisement after malicious plugins is loaded, steal the privacy of user data, steal user cipher.Prior art is carried out feature extraction by the analysis to known plug-in unit, realizes detection and cleaning to plug-in unit and derivant thereof, can remove browser malicious plugins and derivant thereof comparatively completely.But can't prevent malicious plugins to reinstall, particularly enter system with other Software Bundlings.So cleaning repeatedly occurs, detect the phenomenon of malicious plugins repeatedly.
Summary of the invention
At above deficiency, the technical problem to be solved in the present invention provides a kind of immunization method of the malicious plugins at web browser, and this method can effectively stop the known malicious plug-in unit to be installed.
In order to solve the problems of the technologies described above, the invention provides a kind of immunization method of the malicious plugins at web browser, comprising:
Analyze the known malicious plug-in unit, determine immune position;
Restrict access is implemented in immune position, disable access immunity position;
Allow the non-immune position of visit.
Further, among the step b, the mode of described enforcement restrict access includes but not limited to:
B1, by the registry access authority is provided with, stop visit to immune position key assignments;
B2, by the file access authority in the new technology file system is provided with, stop visit to immune position paper;
B3, by the file internal data structure in the FAT file system is made amendment, stop visit to immune position paper;
B4, stop visit to immune position by driver;
B5, by of the visit of hardware device tissue to immune position.
Method provided by the invention can realize can effectively stoping the browser malicious plugins to be installed to system to the immunity of known malicious plug-in unit and prevention.For the computing machine that has been infected by malicious plugins, carry out immunity after can using traditional mode to remove malicious plugins, reach the purpose of stopping to clear up repeatedly and detecting malicious plugins repeatedly.
Description of drawings
Fig. 1 is the concrete enforcement figure of the immunization method of the malicious plugins at web browser of the present invention.
Embodiment
Below in conjunction with drawings and Examples technical scheme of the present invention is described in detail.
The immunization method of the malicious plugins at web browser of the present invention comprises the steps: as shown in Figure 1
Analyze the known malicious plug-in unit, determine immune position;
Restrict access is implemented in immune position, disable access immunity position;
Allow the non-immune position of visit.
Among the above-mentioned steps B, the mode of described enforcement restrict access includes but not limited to:
By the registry access authority is provided with, stop visit to immune position key assignments;
By the file access authority in the new technology file system is provided with, stop visit to immune position paper;
By the file internal data structure in the FAT file system is made amendment, stop visit to immune position paper;
By the visit of driver prevention to immune position;
By of the visit of hardware device tissue to immune position.
Further be illustrated with three application examples of the present invention below.
To utilize registry access control of authority ACL (system access-control list) to implement immunity is example:
Suppose through the CLSID of manual analysis plug-in unit to be: 0958BFE2-0B32-DB04-80FC-3F165E4F5062, immune position is: HKEY_CLASSES_ROOT CLSID { 0958BFE2-0B32-DB04-80FC-3F165E4F5062}.Should be as follows with the concrete steps of embodiment:
Set up registry key HKEY_CLASSES_ROOT CLSID { 0958BFE2-0B32-DB04-80FC-3F165E4F5062};
Implement restrict access:
Use API (for example: AtlGetDacl) obtain the Access Control List (ACL) of current registration table key assignments;
(for example: the key authority of AtlSetDacl) setting up in the steps A is set to all users (comprising Admin Account, systematic account) reading and writing refusal, does not have special authority to use API.
The immunity success is then realized in disable access immunity position.
Implementing immunity with registration table surveillance style (bypass registry monitoring) is example:
Suppose through the CLSID of manual analysis plug-in unit to be: 0958BFE2-0B32-DB04-80FC-3F165E4F5062, immune position is: HKEY_CLASSES_ROOT CLSID { 0958BFE2-0B32-DB04-80FC-3F165E4F5062}.
Should be as follows with the concrete steps of embodiment:
Use API (for example: the RegNotifyChangeKeyValue function) to HKEY_CLASSES_ROOT the sub-key of CLSID create and monitor;
Whether when the sub-key of generation is created, detecting key is { 0958BFE2-0B32-DB04-80FC-3F165E4F5062};
The immunity success is then realized in disable access immunity position.
To utilize file access control of authority ACL (system access-control list) to implement immunity is example:
Suppose through the CLSID of manual analysis plug-in unit to be: 0958BFE2-0B32-DB04-80FC-3F165E4F506, immune position is:
C:\Programe?files\Coolbar\a.dll。Should be as follows with the concrete steps of embodiment:
Set up file C: Programe files Coolbar and C: Programe files Coolbar a.dll;
Implement restrict access:
(for example: AtlGetDacl) file of setting up among the obtaining step A and the Access Control List (ACL) of file use API;
(for example: file of AtlGetDacl) setting up in the steps A and file authority are set to all users (comprising Admin Account, systematic account) reading and writing refusal, do not have special authority to use API.
The immunity success is then realized in disable access immunity position.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art work as can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection domain of the appended claim of the present invention.
Claims (2)
1. the immunization method at the malicious plugins of web browser is characterized in that, comprising:
A, analysis known malicious plug-in unit are determined immune position;
B, restrict access is implemented in immune position, disable access immunity position;
C, the non-immune position of permission visit.
2. the immunization method of the malicious plugins at web browser as claimed in claim 1, it is characterized in that: among the step b, the mode of described enforcement restrict access includes but not limited to:
B1, by the registry access authority is provided with, stop visit to immune position key assignments;
B2, by the file access authority in the new technology file system is provided with, stop visit to immune position paper;
B3, by the file internal data structure in the FAT file system is made amendment, stop visit to immune position paper;
B4, stop visit to immune position by driver;
B5, by of the visit of hardware device tissue to immune position.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102081823A CN101894243A (en) | 2010-06-24 | 2010-06-24 | Immunization method of malicious plugins aiming at network browser |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102081823A CN101894243A (en) | 2010-06-24 | 2010-06-24 | Immunization method of malicious plugins aiming at network browser |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101894243A true CN101894243A (en) | 2010-11-24 |
Family
ID=43103433
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102081823A Pending CN101894243A (en) | 2010-06-24 | 2010-06-24 | Immunization method of malicious plugins aiming at network browser |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101894243A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102902913A (en) * | 2012-09-19 | 2013-01-30 | 无锡华御信息技术有限公司 | Preservation method for preventing software in computer from being damaged maliciously |
| CN103430153A (en) * | 2010-11-01 | 2013-12-04 | Hb加里 | Inoculator and antibody for computer security |
| CN105468981A (en) * | 2015-11-20 | 2016-04-06 | 上海斐讯数据通信技术有限公司 | Vulnerability identification technology-based plugin safety scanning device and scanning method |
| US10972507B2 (en) | 2018-09-16 | 2021-04-06 | Microsoft Technology Licensing, Llc | Content policy based notification of application users about malicious browser plugins |
-
2010
- 2010-06-24 CN CN2010102081823A patent/CN101894243A/en active Pending
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103430153A (en) * | 2010-11-01 | 2013-12-04 | Hb加里 | Inoculator and antibody for computer security |
| CN108038380A (en) * | 2010-11-01 | 2018-05-15 | 康特泰克公司 | Inoculator and antibody for computer security |
| CN108038380B (en) * | 2010-11-01 | 2022-03-15 | 康特泰克公司 | Inoculator and antibody for computer security |
| CN102902913A (en) * | 2012-09-19 | 2013-01-30 | 无锡华御信息技术有限公司 | Preservation method for preventing software in computer from being damaged maliciously |
| CN102902913B (en) * | 2012-09-19 | 2016-08-03 | 无锡华御信息技术有限公司 | Prevent the security method of software in malicious sabotage computer |
| CN105468981A (en) * | 2015-11-20 | 2016-04-06 | 上海斐讯数据通信技术有限公司 | Vulnerability identification technology-based plugin safety scanning device and scanning method |
| CN105468981B (en) * | 2015-11-20 | 2018-07-06 | 上海斐讯数据通信技术有限公司 | Plug-in security scanning means and scan method based on loophole identification technology |
| US10972507B2 (en) | 2018-09-16 | 2021-04-06 | Microsoft Technology Licensing, Llc | Content policy based notification of application users about malicious browser plugins |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6468732B2 (en) | Method and system for preventing screen capture in the absence of a window | |
| EP2973171B1 (en) | Context based switching to a secure operating system environment | |
| US20160173512A1 (en) | Rootkit detection by using hardware resources to detect inconsistencies in network traffic | |
| US20060272021A1 (en) | Scanning data in an access restricted file for malware | |
| CN101719210B (en) | File use control method based on linux platform digital copyright management | |
| US8990932B2 (en) | System and method for prevention of malware attacks on data | |
| CN102722663B (en) | Handheld smart device data security protection method | |
| CN101996293A (en) | Software authentication method based on softdog | |
| JP2019531519A (en) | Ransomware blocking apparatus and blocking method using content file access control | |
| CN104537310B (en) | The management method of movable storage device and client | |
| CN109033824A (en) | Cloud disk safety access method based on virtual isolation mech isolation test | |
| CN101894243A (en) | Immunization method of malicious plugins aiming at network browser | |
| US8978150B1 (en) | Data recovery service with automated identification and response to compromised user credentials | |
| CN101789942A (en) | Method for preventing sensitive data from betraying confidential matters and device thereof | |
| RU84594U1 (en) | STORAGE WITH PROTECTION FROM UNAUTHORIZED ACCESS TO MEMORY | |
| CN101827091A (en) | Method for detecting Solaris system fault by utilizing mandatory access control | |
| CN100520797C (en) | Apparatus and method for preventing virus dynamic state attack program | |
| CN103377055B (en) | Method and device for program running in mobile terminal | |
| CN103679015A (en) | Attacking control method for protecting kernel system | |
| CN101374048A (en) | Mandatory terminal monitoring system based on fine-grained centralized strategy in mobile office | |
| CN103023651A (en) | Method and device for monitoring access of mobile device | |
| Carikli et al. | The Intel Management Engine: An Attack on Computer Users’ Freedom | |
| CN203982390U (en) | A kind of private network computer safety system based on TPM | |
| Vikhe et al. | Data provenance verification for secure hosts using advance cryptography algorithm | |
| Lyon et al. | Security BYOD: Be your own defense |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20101124 |