Patent 5826013 Issued on October 20, 1998. Estimated Expiration Date: January 8, 2017. Estimated Expiration Date is calculated based on simple USPTO term provisions. It does not account for terminal disclaimers, term adjustments, failure to pay maintenance fees, or other factors which might affect the term of a patent.
A Polymorphic Anti-virus Module (PAM) (200) comprises a CPU emulator (210) for emulating the target program, a virus signature scanning module (250) for scanning decrypted virus code, and an emulation control module (220), including a static exclusion module (230), a dynamic exclusion module (240), instruction/interrupt usage profiles (224) for the mutation engines (162) of the known polymorphic viruses (150), size and target file types (226) for these viruses, and a table (228) having an entry for each known polymorphic virus (150). During emulation, the emulation control module (220) may observe use of a register-indirect memory write instruction using a register that has not been initialized. Such a random write can be used as an indication that the file is probably a data file and so is unlikely to harbor a virus.
Other References
Gotlieb, L., "End Users and Responsible Computing", CMA--the Management Accounting Magazine, vol. 67, No. 7, Sep. 1993, p. 13
Karney, J., "Changing the Rules on Viruses", PC Magazine, vol. 13, No. 14, Aug. 1994, p. NE36
Schnaidt, P., "Security", LAN Magazine, vol. 7, No. 3, Mar. 1992, p. 19
"LAN Buyers Guide: Network Management", LAN Magazine, vol. 7, No. 8, Aug. 1992, p. 188
Veldman, Frans, "Virus Writing Is High-Tech Infosecurity Warfare", Security on the I-Way '95, 1995, pp. L-1--L-16, U.S.A
Symantec Corporation, "Norton AntiVirus for Windows 95 & Special Subscription Offer", 1995, U.S.A
ThunderBYTE B.V., "User Manual", 1995, pp. i-191, Wijchen, The Netherlands
"Virus Infection Techniques: Part 3", Virus Bulletin, 1995, pp. 006-007, Oxfordshire, England
Cohen, Frederick B., "A Short Course on Computer Viruses--2d Ed.", John Wiley & Sons, Inc., pp. 54-55, 199-209, 1994, U.S.A
Veldman, Frans, "Heuristic Anti-Virus Technology", Proceedings of the International Virus Protection and Information Security Conference, Apr. 1, 1994
Wells, Joseph, "Viruses in the Wild", Proceedings of the International Virus Protection and Information Security Conference, Apr. 1, 1994
Gordon, Scott, "Viruses & Netware", Proceedings of the International Virus Protection and Information Security Conference, Mar. 31, 1994
Solomon, Alan, "Viruses & Polymorphism", Proceedings of the International Virus Protection and Information Security Conference, Mar. 31, 1994
Case, Tori, "Viruses: An Executive Brief", Proceedings of the International Virus Protection and Information Security Conference, Mar. 31, 1994
Skulason, Fridrik, "For Programmers", Virus Bulletin, Jul. 1990, pp. 10-11, Oxon, England
Digitext, "Dr. Solomon's Anti-Virus Toolkit for Windows and DOS", S&S International PLC, Jan. 1995, pp. 1-15, 47-65, 75-77, 91-95, 113-115, and 123-142, United Kingdom
"Automated Program Analysis for Computer Virus Detection", IBM Technical Disclosure Bulletin, vol. 34, No. 2, Jul. 1991, pp. 415-416
"Artificial Immunity for Personal Computers", IBM Technical Disclosure Bulletin, vol. 34, No. 2, Jul. 1991, pp. 150-154
Marshall, G., "Pest Control", LAN Magazine, Jun. 1995, pp. 55-6
January 8, 2017. Estimated Expiration Date is calculated based on simple USPTO term provisions. It does not account for terminal disclaimers, term adjustments, failure to pay maintenance fees, or other factors which might affect the term of a patent.
