On October, the US Patent & Trademark Office published Apple’s patent application titled ‘Security methods and systems,’ which was originally filed in April 2005. Apple’s patent application generally relates to methods to improve security when accessing application programs. More specifically, the present invention relates to methods to improve user security when downloading and launching applications that are potentially unsafe.
It should be noted that while Apple isn’t noted as the official assignee on this patent, one of the inventors so listed, by the name of Donald Dale Melton, was recently noted in Apple’s MIME type detection for feeds Summary patent posted by MacNN.
Apple’s Summary
To counteract potential security problems arising from downloading and launching malicious applications or executable programs (particularly those originating from possibly unsafe sources such as the Internet), the present invention proposes, in preferred embodiments, displaying warnings for a targeted category of applications prior to download and first-time launching. In one aspect of the invention, warnings are restricted to a category of applications, executable programs or archived files deemed to be high-risk as based on simple analysis. Restricting the warnings to high-risk categories of files reduces the likelihood of user fatigue. For example, in one embodiment of the invention, a warning is displayed prior to launching an application only if the application: 1) was never launched before by the user; 2) not explicitly chosen by the user (e.g. it was selected by the operating system from a configuration file when the user double-clicked on a document); and 3) originally downloaded from the Internet.
In one aspect of the invention, the operating system maintains a per-user system-wide history of applications and programs previously run by the user. Such a list is used by the operating system to determine if an application has been run before by the user.
In yet another aspect of the invention, the visual appearance of applications and executable programs deemed potentially untrustworthy (for example, those not yet run and originating form the Internet) is modified, for example, with cautionary markings, to passively alert the user. Because the icon and, name and extension for a file are controlled by the file itself and not the operating system, a malicious program can masquerade as a trusted file type by selecting an icon and name that hides its true nature. Cautionary markings attached to potentially unsafe files serve to alert the user that the file is indeed an executable program and that it may be unsafe to run. Another aspect of the invention involves associating cautionary markings to any files that, when opened, cause an application to be launched for the first time. In one embodiment of the invention, adding cautionary markings to unsafe applications and/or to files opened by unsafe applications can serve as an alternative to the first-launch warnings previously described. Cautionary markings provide a less intrusive means of alerting users than the active display of a warning and could lessen user fatigue.
In a further aspect of the present invention, a warning is displayed to the user prior to the download of an application that comes from a source that is deemed potentially risky. In one possible embodiment, such sources may include Internet downloads but exclude executable programs and archived files installed via root or administrator privilege. In another aspect of the invention, the user is likewise warned if an application that has just been downloaded initiates a launch without the user specifically requesting so. Such a warning messages may protect the user from particularly sophisticated attacks that will automatically launch a malicious program after it is downloaded.
In another aspect of the invention, archived files (such as disk images) being downloaded are analyzed to determine if any executables are part of the archive. The analysis could involve, for example, expanding the contents and looking at the raw data bits of every component file. If any executable is included in the archive, a warning alert is displayed, allowing the user to halt the download operation.
In yet another aspect of the invention, to further reduce the likelihood of user fatigue, the user can narrow down or select the type of warnings to be issued.
Network Computer
FIG. 1 is a block diagram of a network of computer systems in which web pages, from which an application program can be downloaded, may be accessed via a web browser.
NOTICE: MacNN presents only a brief summary of patents with associated graphic(s) for journalistic news purposes as each such patent application and/or grant is revealed by the U.S. Patent & Trade Office. Readers are cautioned that the full text of any patent applications and/or grants should be read in its entirety for further details.
Written and researched by Neo.
