Section A
This relates to a variety of problems such as computer viruses, cleanup of unusable or unwanted programs, and upgrading software that annoy and inconvenience the users of personal computers.
Despite the existence of good programs to detect and remove computer viruses, unscrupulous and adventurous computer programmers frequently try to skirt the virus antidote programs by creating new viruses that are hard to detect or remove. Thus, there is an on-going struggle between the creators of virus programs and the companies that find the antidotes for such viruses. A diligent user of a computer, therefore, must keep abreast of the developments in the computer virus warfare and upgrade to the latest software to detect and eliminate any new virus that may have infected his computer system. An automatic way of upgrading the virus antidote programs would help to ease the burden on the computer user.
Today, there are hundreds of vendors who offer trial versions (“demonstration copies”) of software as a method of gaining inroads in the market place. A typical computer user may wish to evaluate demonstration copies of software programs by different vendors before making a decision to purchase the best program for a particular use. These demonstration copies, once downloaded and activated, will reside on the computer after any expiration date set therein unless deliberate efforts are made to remove them. Once a demonstration copy has expired, it will not be useful to a computer user and will only take up valuable storage space on the user's computer. A typical computer user must plod through all directories in the computer to identify the unusable or unwanted computer programs and remove them in a careful manner. To perform such task manually is not an optimal use of the time of a typical user. Additionally, in a manual cleanup of unusable or unwanted computer programs, there is a danger of deleting critical or useful programs accidentally, thus rendering the computer inoperative. Thus, there has developed a need for an accounting of software that is functional and useful and that which is unusable and merely occupying storage space on the computer.
To overcome some difficulties in removing outdated software programs from a user's computers, some vendors have started to market software programs like TuneUp™ to perform these tasks automatically. However, because of changes in the releases of operating systems, or the addition of new features, newer versions of such programs are released often. This creates a situation where a user must purchase and upgrade the previous versions of the “tuneup” programs. Accordingly, there is a need for an automatic method and system to cleanup a computer storage without the need to purchase newer versions of cleanup software. It is beneficial to a user if such cleanup happens without the user's intervention, and during the times when the user does not attend to the computer.
Another problem faced by a computer user is prompt notification that a new upgraded version of software is available. In the past, vendors have developed different ways to notify their customers. One method is to place a new advertisement banner indicating a new product or offering on other web sites and lead users to the advertiser's web site. But not many customers respond to such Internet invitations to click on an advertisement banner. Another way is to post a “What's New” page on a vendor's web site with links to other pages containing detailed information. This does not work well because this requires users to visit the vendor's web site periodically looking for new information. A third way is to maintain lists of electronic mail addresses for interested customers and send them e-mail notification periodically. Maintenance of these lists has proved to be tedious. Additionally, many customers object to receiving unsolicited electronic missives.
In order to automatically update information in a personal computer via the Internet, a new technology, called the “push” technology, has emerged. This technology incorporates the broadcasting model into web servers and browsers. The primary purpose of this technology is to overcome the problem of ensuring that interested parties are notified whenever information content in a web site is updated. “Content” is distinguished from other kinds of electronic information, such as programs and electronic mail messages in that content is the subject matter contained in a newspaper, a Lexis/Nexis™ database or the like. Content is neither a machine to perform a task nor a structure or description of how data are arranged in a computer. The push technology has helped corporations tailor their sites for particular groups of users so that interesting content is easily located. The push technology also has enabled messages to be sent to the audiences when it was deemed ready for publication. Using push publishing, web site publishers have delivered newsletters to niche audiences or notified subsets of their readers of updated content.
PointCast™ was one of the earliest implementations of the push technology to deliver information content. A user is typically advised to specify the type of content—news, entertainment, sports, or interest group related information—to be downloaded as it is updated. When upgraded content is available, the user may elect to download the information which can be browsed locally at the user's computer. PointCast™, however, is configured only to deliver content to the browser of a computer over the Internet. It is not designed or equipped with the means to download executable programs to a storage device connected to a computer and execute them at the remote computer.
Other products are aimed at delivering executable computer programs to a user computer and executing them locally. Oil Change™ is such a product. Once installed on the user computer, it allows automatic updating of computer programs via the Internet. In the case of Oil Change™, a user can update to new versions of previously purchased and loaded software, or download a new “patch” or a bugfix, device drivers for new peripheral devices, templates, clip art and business forms to work in conjunction with word processing software packages, screen saver images, or the latest amendments to the tax code to work with accounting software packages. Another example of a similar commercially available product is Castane™ from Marimba, Inc. In these systems, a user is required to download executable software programs from the vendor's web site via the Internet using a variant of a protocol called the File Transfer Protocol (“ftp”), and manually execute the downloaded programs on the user's personal computer thereafter. This mechanism is similar to loading software from a store-bought portable storage medium, such as a magnetic tape, a floppy disk or a CD ROM and running the software locally on a user's computer, except that the program is downloaded from the Internet instead of being loaded from a storage device.
Executing software on a 32-bit personal computer running a Windows-95®/98® or NT® operating system involves registering the software in a data store called Windows Registry. Windows Registry is a configuration data store for both hardware and software. The settings in Windows Registry control the behavior of the software. When a user attempts to execute software on a personal computer equipped with the above-mentioned operating systems, the operating system interprets the user's attempt and runs the software based exclusively on the information from the Windows Registry. Typically, an entry in Windows® Registry is made during the installation process of new software on a computer. Vendors of software application programs provide automatic means to ensure proper installation of their programs. If, on the other hand, no entry is made in the Windows® Registry, the context under which a user used the software is lost. There is a need, therefore, for a system and method to store the information related to the context of software usage without using the Windows® Registry as a repository of such information.
The programming language Java™ contemplates a virtual machine called the Java Virtual Machine™ (JVM) to run compiled Java™ code and stand-alone programs called “applets,” after they are downloaded to a compatible web browser such as the Netscape® Navigator™, in a tightly controlled and secure environment. The JVM™ is a software implementation of a central processing unit (CPU), an essential component in every computer. Software written in this virtual machine methodology run within a contained environment defined to work only in a browser program and cannot access a client computer's file system or desktop easily.
Other programming methodologies, such as the Component Object Model (COM) have been developed to overcome this deficiency. However, this does not solve all the problems with delivering executable software to a client computer over the Internet in a form ready to be automatically executed. There is a need, therefore, for a method to encapsulate software as to make it executable automatically upon delivery to the client computer.
Users of personal computers do not wish to entrust access to their computers to an unknown remotely located entity, for fear of losing privacy or causing damage to data stored in their computers. A service offered by a trustworthy source such as McAfee Associates, Inc., a well known vendor of computer security software, will overcome the user reluctance to allowing access of their personal computers to a remote operator.
In summary, the state of the art provides means to deliver components of programs, means to deliver executable programs that must be executed locally by manual intervention, and means to provide content rather than executable programs. This art can be improved by delivering executable software rather than mere components to a personal computer; by allowing a trusted remote operator to access the internal components of a personal computer, and by executing programs automatically from a remote location. There is a need, for example, for a system and method in which when a user connects with a web site, an application may be downloaded, installed, registered and executed without any further intervention on the part of the user.
Section B
The public data networks, collectively called the Internet and colloquially referred to as the Web, are becoming increasingly popular. Among other things, the Internet provides a communication medium to distribute software products to computers that are located at distant places. The numerous methods by which sellers of computer software programs deliver executable programs automatically to client computers owned or operated by users are described herein and in the parent application, the disclosure of which is hereby incorporated by reference.
To understand the invention, it is helpful to understand the distinctions among the terms content, browser, type-setting program, embedded object and script. These five types of entities are described below in the context of Internet-related software.
Content is the subject matter contained in a web page. Content is distinguished from the other entities described herein in that content is not a program; it is the data that is presented to a user.
A web browser, or simply, a browser, is a computer program that provides access to the vast resources of the Internet. Typically, this is done by providing a “window” to the data located on other computers connected to the Internet. A frame is a part or section of a browser window that contains a distinct display area. If a web page is defined to contain multiple frames, each frame can act as an independent display area, and can download web pages located at different web sites, while displaying them together in one window on a browser. Alternatively, a web page may cause multiple browser windows to be created on the user's computer. A browser can also be described as a “container” of the various components it displays. Thus, while the components are embedded in a browser, the browser envelops the components.
In general, in a window-based computer system, such as the Windows™ 98™ program marketed by the Microsoft Corporation, windows are arranged hierarchically. A browser program that executes on a window-based computer system is also arranged hierarchically. When a browser application is launched on a windows-based computer system, the first window that appears is called “parent window” or “main window” or “top-level” window. This top-level window can later “spawn” or “fork” other windows, which are called “sub-windows” that run other applications. A sub-window may be created by executing a script within a browser window, and may be programmed to run another instance of a browser program. In such cases, the sub-window is called an “opener” window. Thus, it may be the case that a first window running a browser program—a top-level window—is programmed to point to a web site, and a sub-window created from the same browser program is programmed to point to a different web site.
A type-setting program is a presentation program, typically written in the Hyper Text Markup Language (HTML). In an HTML-encoded program, content is surrounded by codes that indicate the manner in which the browser presents the content to a user. Additionally, HTML encodes certain devices called “links” that allow a user to “navigate” the web by simply clicking on a sensitive area of the web page.
A document that contains “objects” or “components” like graphics, audio or video files, or charts in addition to text is called an embedded document object. Several competing standards exist in the marketplace for documents that can be transmitted over the Internet and displayed in a browser. For example, two such standards are OpenDoc, promoted by the International Business Machines Corporation and Object Linking and Embedding (OLE), promoted by the Microsoft Corporation. Typically, these standards provide for an application programming interface (API) that allows an independent software vendor (ISV) to develop applications that deliver components via the Internet. An API generally allows a programmer to interact with an enveloping browser. For example, a programmer may seek to determine the precise configuration of the browser by reading the values of its internal parameters. Alternatively, a programmer may wish to adapt the browser to a desired configuration by appropriately setting the browser's parameters.
Finally, a script is a list of computer-executable instructions, typically written in a human-readable language. Some browsers are configured to execute instructions written in script languages. In such browsers, an analog of a Central Processor Unit (CPU)which is an essential component of all modern computers—is defined within the software contained in the browser. This software-defined CPU executes the scripts within the browser environment. For example, JavaScript™ is a language in which a programmer can code in a human-readable set of instructions that can be executed within the browser environment. In this case, the browser is said to be a “container” object to execute the script within its bounds.
Referring now to the parent application, to achieve the objective stated therein, a web browser program running on a client computer must be able to access the inner workings of the client computer. This can be achieved with the help of the OLE document object technology. The OLE technology is a “system-level object architecture that includes services for all-inclusive data access, remote distribution of software components across heterogeneous platforms, robust transaction processing, and large-group development.” ActiveX™ technology, developed by the Microsoft Corporation, of Redmond, Wash., uses the OLE architecture and provides the building blocks that enable a provider to distribute over a network software executables that can be executed on a client machine. In general, such distribution of software executables is done via a web browser as described in the parent application. Typically, this execution on a client machine is done when a page source is input to it by invoking certain scripts embedded in the web browser. The downloaded software components are called ActiveX™ controls, which are computer executable pieces of program code. One feature of ActiveX™ controls is that they have no restrictions placed on them once they reach a user's machine. For example, a programmer may write an ActiveX™ control that, upon downloading to a user's computer, can shut down the computer or reformat its hard drive thereby destroying all data stored on the computer. This creates an easy way for malicious programs such as viruses to reach the client computer and be executed without the user's notice.
To overcome these security problems, the Microsoft Corporation requires all ActiveX™ controls to be verified by a signature initiative called Authenticode. This verification works in the following way. Each ActiveX™ control is given a secure and encrypted digital signature by a trusted corporation. All browsers that allow download and execution of ActiveX controls are preprogrammed to verify the digital signature. Every time an ActiveX™ control is about to be downloaded, the browser examines the digital signature associated with the control. If the signature is verified as authentic by the browser, it is downloaded without any problems. Otherwise, the browser issues a warning message to the user.
As explained in the parent application, the invention described therein uses some of the features of a programming methodology exemplified by ActiveX™ to effect easy and “hands-free” automatic downloading of software executables to a user's computer without any action taken on the part of the user. While the invented method and system help achieve the stated ends, a security threat may be created because of the above-mentioned feature of the ActiveX-like technologies that allows unrestricted access by the embedded code to a user's computer.
Because computers today are interconnected by networks such as the Internet, computer security has become a more important issue than before. Today, computers are more prone to attacks by viruses and Trojan Horses. A virus is a piece of computer code that replicates itself without a user's intervention. Left unchecked, a virus may copy itself stealthily to other computers and corrupt the data stored in storage devices connected to the computers. For example, a virus may rewrite a section of a computer start-up program called the “boot sector”. Every time a computer is started, the virus copies itself into the memory of the computer and waits. Suppose a user wishes to copy some data from the computer to a portable medium such as a floppy disk. The virus that has copied itself to the memory could be programmed to intercept the writing of the data to the disk and copy itself to the disk along with the data. In this manner, the virus has replicated itself to the floppy disk and is now ready to infect other computers where the floppy disk is used.
In contrast to a computer virus, a “Trojan Horse” is a malicious computer program that—like the fabled instrument of war used by ancient Greeks to gain entry into Troy—causes a user to believe that it is a legitimate program and entices the user operating a computer to perform certain actions that lead to compromising the security of the data stored in the computer.
Referring back to the parent application, assume that in accordance with the invention described therein, an Internet Clinical Services Provider (ICSP) downloads a software program called QuickClean™, designed to “cleanup” the user's hard drive. In accordance with the above-mentioned ActiveX™ Authenticode initiative, a license file is delivered to the user along with the QuickClean program. This software is designed with embedded methods or sub-routines that, when invoked properly using a script, rid the user computer of unwanted or unused software in an orderly manner. However, since these methods or sub-routines for removing unwanted or unused software are invoked by a script, a malicious user can also invoke the script in such a way as to remove desirable or valuable software, thereby causing severe damage to the user's computer. Moreover, a malicious user may also attempt to secretly transfer the contents of a user's computer by e-mailing these to his own computer. In the computer security lingo, such a malicious user or programmer is called a computer “hacker.” The above-mentioned malicious act, called computer “hacking,” can be accomplished in two ways.
In accordance with a first way of hacking, a hacker obtains a legitimate copy of QuickClean™ and its associated license file from the ICSP. The hacker can then create his own web site and host both QuickClean™ and the associated Authenticode license file on his web site and invite others to use the “free” software. The hacker creates a web page on his web site that contains a malicious script that will use the methods or sub-routines in the QuickClean™ program to erase a user's hard disk. When a user, enticed by the “free” software downloads the web page from the hacker's web site, the hacker will download the QuickClean™ program to the user's computer and invoke the methods in the program to erase the user's hard disk. Alternatively, suppose a user visits an authorized ICSP web site first and downloads the QuickClean™ program along with the associated Authenticode license file. Later, the user visits the hacker's web site. Since the QuickClean™ program is already stored on the user's computer, the hacker does not need to obtain a legitimate copy to wreak havoc on a user's computer by providing a script to invoke the sub-routines embedded in QuickClean™ program.
In accordance with a second way of hacking, a hacker may entice an unsuspecting user to visit his web site. The hacker may program his web pages to invoke multiple frames or multiple browser windows. In one frame or browser window, the hacker can cause the user computer to download the QuickClean™ program and the associated license file from the ICSP web site. In a second frame or browser window, the hacker can run his malicious script, thereby causing damage as described above.
There is a need therefore, for a system and method to prevent a hacker from activating the methods or sub-routines embedded in a computer executable code downloaded to a user computer via the web.