| With the rapid development of the Internet technology, there is also beginningto emerge some rogue software which are between legitimate applications andTrojan horse software in the software industry whose characters are: they don’tonly have some normal application software functionality, but also have somecomputer viruses and Trojan software features These rogue software usually takevarious illegal means, such as frequently pop up garbage windows, as spywareslurking in the user’s computer which threaten the users’ privacy, and force to installbut can not be uninstalled. These "rogue" behaviors bring a lot of inconveniencesto modern computer users, Many computer users have had such experiences, whichare, when they are in the Internet,suddenly pop up a lot of small windowscontaining garbage messages, In addition to a large number of maliciousadvertisement, a variety of viruses, spywares, etc., have been implanted into thepop-ups. If the computer users accidentally click to the pop-ups, it will make thecomputer system invaded by Trojan horse virus. Any virus invade the computersystem, the appropriate problem will be the computer’s system and applications aresubjected to different degrees of impact, Lightly it will consume resources of thecomputer system, reducing the efficiency of the computer, affecting its normal use,heavily it will cause severe crash of the computer system.From the rogue software running, when the rogue software tries to domalicious behaviors,it usually modifies the registry to achieve, so monitoring theregistry is very important. In order to control the application running in humanity,this software has taken the way the user can interact with, namely: client-drivenlayer provides relevant information of the applications to the user, the user extractsthe relevant information of the application and send it to the server-side, theserver-side makes a comparison of the application information and the SHA1librarycontent, if pair successfully, then feed back to the client application it is credible tomodify the registry.Otherwise feed back to the user this application information isnot in the Trusted SHA1library.Then, the user-side will make the operation after receiving the server-sidefeedback information, if the server-side feedback information is credible, theuser-side allows the application to run, if the information is not credible, then the client-driven layer will continue to monitor the behavior of the application, if it isfound the applications modify the registry acts, client-driven layer notifies thisinformation to the user, allowing the user to choose, if the user chooses to agree tocontinue to run, then the user-side must send this application SHA1programinformation to the server-side, the server-side will save this information in the SHA1library, if the user chooses to prohibit, then the application will be terminated by theclient-driven layer and the relevant traces of the application will be deleted totally.Finally, designed and implemented the detection and interception system of therogue software, before the rogue software will destruct the system intercept it toprotect the security of computer systems. Test results show that the system caneffectively prevent rogue software running and be able to constantly update SHA1credible information of the database to make the system better and more practical.Meanwhile, in order to reduce the maintenance cost of the system, the systemadopted the mode which the user-side and server-side are separated. |
PDF Full Text Request