The present invention relates, in general, to an apparatus and/or method for remotely scanning and repairing viral infections on a local computer data storage devices and/or media.
The value of a computing system to a user, especially a corporation, professional association or government entity is not limited to the actual cost of the hardware and software components which comprise that system, but also includes the value of the data represented within that system. Indeed, it is quite common that the accounting data, intellectual property, design and manufacturing information, and/or other records which are stored on computing systems in personal and business use are ultimately of a value which far exceeds the value of the computing equipment itself.
Loss of the ability to access data on a computer storage device, such as a disk drive, can occur, often as a result of acts of sabotage by the unauthorized activity of a computer virus. In the vast majority of cases, the user is unaware that a computer virus has infected the computer system. This can result in the virus spreading, and going undetected, until an event occurs, such as the catastrophic loss of valuable computer data or the loss of accessibility to the data by the normal operating environment.
A computer virus is almost impossible to define because new types are continually developed that do not meet or conform to specific rules. These new types of viruses are being developed and spread at alarming rates. Generally, a computer virus is a clandestine program written specifically to attach itself parasitically to existing programs, and subsequently alter the existing program. A broader definition of a virus is simply a computer program that is able to spawn replication of itself. Nearly all viruses posses at least four identifiable attributes such as replication, protection, trigger, and payload.
The replication mechanism of a virus consists simply of computer executable instructions, or code, that enables the virus to attach itself to another, often legitimate program or list of normal executable instructions and replicate itself. To replicate itself, a virus may seek out uninfected executable files in the computer system, and append a representation of itself to that file; or a virus may remain in memory and target specific events such as the execution of certain files; or there also exists the possibility of even more complex mechanisms for the virus to accomplish its replication task, such as a specific date or event occurring independently of an executable file.
The protection mechanism is another attribute of a virus. It has the ability to attempt to hide from detection, thereby making it more difficult for virus detection software to find them. Some of the more complex viruses employ sophisticated stealth techniques. The more advanced of these are known as polymorphic viruses and actually mutate each time they replicate in order to hide their existence. The reason for this is that authors of viruses are aware of the virus scanning software techniques for identifying and locating viruses. Therefore, the authors employ sophisticated encryption techniques to make the viruses undetectable. One example is the use of Simulated Metamorphic Encryption Engines to add stealth to the virus, thus prohibiting its detection and allowing the virus to change its main body of code during each replication.
Yet another attribute of computer viruses is their ability to begin duplicating themselves on the occurrence of a specific event, known as a trigger. The trigger may be one or a combination of many events including booting the computer one or several times, executing a specific program a certain number of times, simply executing a particular program, at a specific time read from the computer""s clock, or at a specific date. It seems that the list of events is only limited to the imagination of the author of the virus.
The payload is the final and most dangerous of all attributes of viruses because of the destruction they cause at the time a trigger event occurs. In most cases, the virus simply replicates itself, however the cruelest and most damaging viruses overwrite key files on a local computer hard disk drive or corrupt the entire computer system or network, leading to loss of normal operating programs and valuable data.
There are generally three types of viruses, the boot sector infectors, traditional file or document infectors, and macro infectors. However, newer viruses are being developed every day at rates of 200 per month adding to the population of roughly 7,500 viruses that are known to exist. In fact, rouge programmers have developed, and are making widely available, a number of virus authoring application programs easing the creation process on behalf of the author. In addition, thousands of viruses are being sold and made readily available to virus developers on CD-ROMs.
Subsequently, because of the proliferation of computer viruses, there exists today companies that specialize in the manufacture of virus detection and eradication software, commonly referred to as anti-virus software. Examples of anti-virus software are Network Associate""s VirusScan and WebScan, Symantec""s Norton Anti-Virus, SecureWay by IBM, ThunderByte Anti-Virus from ThunderByte, and Vet anti-virus from Cybec Pty Ltd. A common medium for Anti-Virus software is a floppy computer diskette, however, today CD-ROM is likely the most common medium. Recently, the anti-virus software vendors have made their products available on Internet. The difficulty with these mediums is the need to constantly update the virus signature files to scan and repair the latest viruses infiltrating the computer community. This may lead to significant expense for a corporation or private individual in terms of anti-virus software maintenance and management cost.
Today, with the availability of virus development software tool kits, the increase in general computer usage, and the increasing popularity of Internet, new, cruel, devastating and variant types of viruses are being spread quickly and efficiently, thus widening the gap between the set of known viruses and newly developed viruses in circulation that are yet undetected. An example of the spreading efficiency that could be obtained is illustrated by the spread of the Internet Worm in November of 1988. In a matter of hours, the Worm infected hundreds, and probably thousands, of computers on the Internet, leading to substantial costs of eradication and general loss of productivity. This reinforces the need to constantly maintain up-to-date anti-virus software to scan and detect the latest virusesxe2x80x94again leading to added cost of doing business and purchasing obsolete protection.
Further, if a computer cannot boot, as a result of a virus or other problem, it cannot access Anti-Virus software or virus signature files that reside on the hard disk drive or that may be available via Internet.
Still, even if a computer is able to boot, it may not have access to virus scanning and repair software or the latest signature files, e. g. a laptop computer. It is appreciated that it is a burdonsome task to constantly update the virus scanning and repair software with the latest virus signature files. It is likely the case that a computer may never have an up-to-date virus signature file on the computer system. In fact, anti-virus software is likely to be obsolete at the time it is purchased and used because of the proliferation of new viruses in the computer community. New viruses are created and spread well before anti-virus scanning and repair programs can be developed and distributed to users.
Thus, if the computer will not boot, the computer user needs an independent boot mechanism for scanning and repairing viruses. Some virus scanning software packages do provide a boot disk. Still, other versions of software available on CD-ROM may require the user to build a diskette boot utility. Of course failure to build a boot utility will most likely leave the user unable to boot up the computer. The problem is compounded in the case involving a laptop, especially if the user is traveling and does not have anti-virus software conveniently available.
Also, it is appreciated by those skilled in the art that deleted files, infected with viruses, may exist in the memory or storage medium of a computer. These xe2x80x9cdeletedxe2x80x9d files are generally overlooked by conventional virus scanning and repair software. Thus, it is likely that a computer system would become newly infected with a virus upon xe2x80x9cundeletingxe2x80x9d a virus infected deleted file.
Accordingly, there is a particular need in the art to supply up-to-date computer virus scanning and repairing utilities to a user that are available in real time and that are accessible even in the event that a local computer is unable to boot or when the normal operating system is not necessarily loadable or dependable because of damage done to the computer system by a virus or other catastrophic event.
The present invention solves these problems and provides a method and apparatus for up-to-date remote virus scanning, diagnostic services and rectification of lost data especially in cases in which a local computer is inaccessible by the normal operating environment.
To overcome the limitations in the prior art described above, and to overcome other limitations that will become apparent upon reading and understanding the present specification, the present invention discloses a method and apparatus for providing up-to-date virus scanning of a local computer by a remote computer comprising those situations where the normal operating system of the local computer is not operable.
In one embodiment the present invention discloses a method of remotely scanning for and repairing viruses on a local computer having a normal operating system, the method comprising the operations of loading into a memory of the local computer, a bootable virus utility operating program from a storage medium, the bootable virus utility operating program being operated locally by the local computer and independently of the normal operating system; and establishing communications between the local computer and a remote computer through the operation of the virus utility operating program by the local computer.
Further in one embodiment, the operation of the virus utility operating program further includes the operation of executing a virus scanning program.
Still in one embodiment, the operation of the virus utility operating program further includes the operation of executing a virus repair program.
Further in one embodiment, the operation of the local computer is controlled by the remote computer.
Still in one embodiment, the operation of the remote computer further includes the operation of querying a local computer user for information through the operation of the remote computer.
Yet in one embodiment, the operation of the remote computer further includes the operations of downloading a remote data recovery program from the remote computer to the memory of the local computer and executing the data recovery program in the memory of the local computer.
Yet in one embodiment, the operation of the remote computer further includes the operation of downloading a virus scanning utility program from the remote computer to the local computer.
Further in one embodiment, the operation of the remote computer further includes the operation of downloading a virus scanning utility program from the remote computer to the memory of the local computer.
Still in one embodiment, the operation of the remote computer further includes the operation of executing the virus scanning utility program at the local computer.
Further in one embodiment, the operation of executing the virus scanning utility program at the local computer further includes the operation of scanning deleted files located at the local computer.
Further in one embodiment, the operation of the remote computer further includes the operation of downloading the virus scanning utility program from the remote computer to the storage medium of the local computer.
Yet in one embodiment, the operation of the remote computer further includes the operation of downloading a virus signature file to the local computer.
Further in one embodiment, the operation of downloading the virus signature file further includes the operation of downloading the virus signature file to the memory of the local computer.
Still in one embodiment, the operation of downloading the virus signature file further includes the operation of downloading the virus signature file to the storage medium of the local computer.
Yet in one embodiment, the operation of the remote computer further includes the operation of downloading a virus repair utility program from the remote computer to the local computer.
Further in one embodiment, the operation of downloading the virus repair utility program further includes the operation of downloading the virus repair utility program to the memory of the local computer.
Still in one embodiment, the operation of downloading the virus repair utility program further includes the operation of downloading the virus repair utility program to the storage medium of the local computer.
Still in one embodiment, the operation of the remote computer further includes the operation of executing the virus repair utility program at the local computer.
Further in one embodiment, the operation of executing the virus repair utility program at the local computer further includes the operation of repairing deleted files located at the local computer.
Still in one embodiment, the operation of the remote computer further includes the operation of downloading the virus repair utility program from the remote computer to the storage medium of the local computer.
Still in one embodiment, the operation of the remote computer further includes the operation of monitoring the local computer through the operation of the remote computer.
Yet in one embodiment, the operation of monitoring the local computer further includes the operations of monitoring, writing data to and reading data from the storage medium of the local computer.
Yet in one embodiment, the operation of monitoring the local computer further includes the operation of monitoring the memory of the local computer.
Yet in one embodiment the, operation of monitoring the local computer further includes the operation of monitoring and controlling the appearance of a local display device of the local computer.
Further in one embodiment, the local computer remotely communicates with the remote computer, whereupon remote virus scanning and repair can be performed under the control of the remote computer.
Further in one embodiment, the local computer remotely communicates with the remote computer, whereupon remote virus scanning and repairing can be performed under the control of the local computer.
The present invention also provides a computer program on a storage medium, comprising a bootable virus utility operating program locally operable by a central processing unit of a local computer and independently of a normal operating system of the local computer; and communication program means for establishing communication with a remote computer.
Further in one embodiment, the bootable virus utility operating program further includes a virus scanning utility program.
Further in one embodiment, the bootable virus utility operating program further includes a virus repair utility program.
The present invention also provides a method of remotely scanning and repairing viruses on a local computer comprising the operations of establishing a communications link between a local computer and a remote computer by operation of a virus utility operating program; enabling interaction between the local computer and the remote computer; maintaining access to information resident on the local computer; scanning of viruses contained within the information stored on the local computer; and repairing information infected with viruses on the local computer.
Further in one embodiment, the communications link is established over one of the group consisting of a modem, a local area network, a wide area network and Internet.
The present invention also provides a system for scanning and repairing viruses on a data storage medium, comprising, a local computer associated with the data storage medium, the local computer having a central processor unit, a memory, and a normal operating system; a remote computer; and a bootable virus utility operating program means to be loaded into the memory of the local computer for operating the local computer independently of the normal operating system and to establish communications between the local computer and the remote computer; wherein the virus scanning and repairing at the local computer is remotely controlled by the remote computer so as to perform the virus scanning and repair on the data contained in the local storage medium.
Further in one embodiment, the remote computer has control of the local computer and can access disk storage media and memory of the local computer. One display device is available to the technician operating the remote computer and another display device is available to the user at the local computer. The remote computer queries the local computer user for pertinent user information, including virus scanning options, data recovery options, method of payment, and other like information. Still in one embodiment, the remote computer can upload virus scanning and repair utility programs to the local computer.
These and various other advantages and features of novelty which characterize the invention are pointed out with particularity in the claims annexed hereto and forming a part hereof However, for a better understanding of the invention, its advantages, and the objects obtained by its use, reference should be made to the accompanying drawings and descriptive matter, which form a further part hereof, and in which there is illustrated and described a preferred embodiment of the invention.