The present invention relates to a user terminal, a reliability management server, and a method and a program for preventing unauthorized remote operation.
In recent years, the number of Internet crimes has increased as the Internet has become more popular. Particularly, even though individuals who have little knowledge of security make efforts to not store important information in the computer, they may sometimes be exposed to criminal acts such as hacking, forewarning of crimes, and the like, which are based on computers, thereby becoming involved in cybercrimes.
However, using the Internet is of benefit to computer users. Accordingly, it is required to continuously use the Internet while preventing malicious remote operation programs such as Trojan horses.
In view of the above, Japanese Patent Application Publication No. 2012-185547 (JP2012-185547A) discloses a tampering detection device that can detect tampering in a target software program to be monitored without processing the target software program.
In JP 2012-185547A, there is disclosed a method which determines whether or not an address stored in a stack area of a storage unit pertains to any one of a dynamic scope and a static scope in the storage unit when the software program performs a branch or return process, and detects tempering in data stored at a storage area based on the determined result.
However, the method disclosed in JP 2012-185547 can merely block the operation of a program that is maliciously tampered with from an original normal state. Accordingly, the method does not work efficiently in software that is originally designed to perform a malicious operation but appears safe to users.
In the meantime, software for performing an unauthorized remote operation is widely called a “virus,” and software for improving security by blocking the penetration and execution of the virus is called “antivirus” software.
The antivirus software is designed to check contents of a program by comparing it with a dictionary-like virus data group, and when finding a part of the contents that is registered as a virus, considers the program to be a virus. For this reason, previously-known viruses can be reliably dealt with. However, since the virus data group is required to be updated every year, for example, and a time lag to deal with a new virus occurs, a complete virus list may not be produced by an individual or the antivirus software is expensive due to its high performance.
Accordingly, the present inventors have devised a method that is capable of, without introducing antivirus software, determining whether or not to execute a program, with high precision, by detecting, from the program, a command for performing a remote operation to capture only processes for performing remote operations and calculating reliability by using data accumulated from the past, instead of inquiring into and checking each piece of software.