CN114035812B - Application software installation and/or operation method and device, electronic equipment and storage medium - Google Patents
Application software installation and/or operation method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114035812B CN114035812B CN202111307040.7A CN202111307040A CN114035812B CN 114035812 B CN114035812 B CN 114035812B CN 202111307040 A CN202111307040 A CN 202111307040A CN 114035812 B CN114035812 B CN 114035812B
- Authority
- CN
- China
- Prior art keywords
- software
- information
- installation
- application
- application software
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 88
- 238000009434 installation Methods 0.000 claims abstract description 89
- 230000002159 abnormal effect Effects 0.000 claims abstract description 76
- 238000013486 operation strategy Methods 0.000 claims abstract description 60
- 230000005856 abnormality Effects 0.000 claims description 42
- 230000006399 behavior Effects 0.000 claims description 35
- 239000003550 marker Substances 0.000 claims description 8
- 238000010586 diagram Methods 0.000 description 6
- 239000000243 solution Substances 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 241000700605 Viruses Species 0.000 description 3
- 230000009471 action Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 2
- 239000003795 chemical substances by application Substances 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 238000006424 Flood reaction Methods 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000011269 treatment regimen Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Security & Cryptography (AREA)
- Quality & Reliability (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the invention discloses an application software installation and/or operation method, an application software installation and/or operation device, electronic equipment and a storage medium, and relates to the technical field of network security. The application software installation and/or operation method comprises the following steps: acquiring software information of application software which is currently installed and/or operated on a terminal; judging whether the application software has abnormal state or not according to a preset software installation and/or operation strategy and the software information; the preset software installation and/or operation strategy comprises white list software information and black list software information; if the application software is judged to have abnormal state, the installation and/or the operation of the application software are/is stopped. Therefore, the unified management and control of the installation or operation safety of the application software are facilitated, and the safety of the application software can be improved to a certain extent. The method is suitable for software installation and operation safety control scenes.
Description
Technical Field
The present invention relates to the field of network security technologies, and in particular, to an application software installation and/or operation method, an apparatus, an electronic device, and a storage medium.
Background
With the development of electronic devices such as computers and smartphones, which can install applications or software, users can install various applications or software to meet most of the needs in people's work and life. For example, the user can complete the needs such as shopping, traveling and the like through life software; the user can edit the file by installing office software; a user can realize remote communication and the like by installing social software.
However, as malware with unknown sources on a network floods, network security awareness of each person or company is different, and information leakage or virus intrusion is likely to occur during software installation or operation.
In order to avoid the occurrence of the network potential safety hazard, network management personnel need to manually set corresponding software installation or operation rules aiming at the operation environment of each computer, so that the workload is high, and the security of the software installation or operation environment is influenced due to the fact that security holes are easy to exist in the manual setting.
Disclosure of Invention
In view of this, the embodiments of the present invention provide an application software installation and/or operation method, apparatus, electronic device, and storage medium, which are convenient for unified control of application software installation or operation security, and can improve security of software installation or operation environment to a certain extent.
In a first aspect, an application software installation and/or operation method provided by an embodiment of the present invention includes the steps of: acquiring software information of application software which is currently installed and/or operated on a terminal; judging whether the application software has abnormal state or not according to a preset software installation and/or operation strategy and the software information; the preset software installation and/or operation strategy comprises white list software information and black list software information; if the application software is judged to have abnormal state, the installation and/or the operation of the application software are/is stopped.
With reference to the first aspect, in a first implementation manner of the first aspect, the software information includes: software attribute information, the software attribute information comprising: the name of the software developer, the name and the size of the software installation package, whether the software installation package has a digital signature, the digital signature time of the software installation package, whether a driver and/or software digits exist in the software installation package; the white list software information and the black list software information include: the method comprises the steps of a software developer name, a software installation package size threshold, a digital signature of the software installation package, a digital signature time threshold of the software installation package, and whether a driver and a software bit number exist in the software installation package;
The judging whether the application software has state abnormality according to the preset software installation and/or operation strategy and the software information comprises the following steps: matching the software attribute information of the application software with a preset software installation and/or operation strategy; and judging whether the application software currently installed and/or operated by the terminal has abnormal state or not according to the matching result.
With reference to the first aspect, in a second implementation manner of the first aspect, when the application software is application software running on a terminal, the software information includes: software behavior information, the software behavior information comprising: the method comprises the steps of sending a receiver IP address carried in a network packet, sending the frequency of the network packet to the same IP address, operating permission, downloading, whether to operate important files of a terminal operating system, hardware resources occupied during operation and/or the memory size occupied by garbage generated after operation; the white list software information and the black list software information further include: the method comprises the steps of sending a receiver IP address carried in a network packet, sending a frequency threshold value, an operation authority level, downloading information of the network packet to the same IP address, judging whether to operate important files of a terminal operating system, and occupying hardware resources in running and/or occupying memory size of garbage generated after running;
the judging whether the application software has state abnormality according to the preset software installation and/or operation strategy and the software information comprises the following steps: matching the software behavior information of the application software with a preset software installation and/or operation strategy; and judging whether the application software currently installed and/or operated by the terminal has abnormal state or not according to the matching result.
With reference to the first aspect and/or the first and second implementation manners of the first aspect, in a third implementation manner of the first aspect, the software information further includes software installation or runtime information; the whitelist software information further includes: a time limit flag for software installation or operation; the time limit marks comprise unlimited installation and/or operation time marks and limited installation and/or operation time marks, wherein specific limit time periods are marked in the limited installation and/or operation time marks;
The judging whether the application software has state abnormality according to the preset software installation and/or operation strategy and the software information comprises the following steps: after judging that the application software currently installed and/or operated by the terminal is in the absence of state abnormality according to the software attribute information and/or the software behavior information of the application software, determining whether the application software is installed and/or operated for a limited time period according to a time limit mark of software installation or operation in preset white list software information; if yes, comparing the software installation time information of the application software with a specific limit time period marked in a limit installation and/or running time mark of the application software corresponding to the preset white list software information; if the software installation and/or running time information of the application software is within the limit time period, judging that the application software has abnormal state; and if the software installation and/or running time information of the application software is not in the limited time period, judging that the application software has no state abnormality.
With reference to the first aspect and/or any one of the first to third implementation manners of the first aspect, in a fourth implementation manner of the first aspect, the preset software installation and/or operation policy further includes an application scenario of the terminal and a software installation and/or operation restriction flag corresponding to the application scenario; the software installation and/or operation restriction flags include: software attribute information that does not permit installation and/or operation, permits installation and/or operation, and permits installation and/or operation;
Before, simultaneously with or after acquiring the software information of the application software being installed and/or running on the current terminal, the method further comprises: acquiring application scene information of a current terminal; the application scene information comprises a server class scene and a client class scene; the judging whether the application software has state abnormality according to the preset software installation and/or operation strategy and the software information comprises the following steps: inquiring a software installation and/or operation limit mark corresponding to application scene information of the current terminal from the preset software installation and/or operation strategy; and determining whether the application software has abnormal state according to the inquired software installation and/or operation limit mark and the software information.
With reference to the fourth implementation manner of the first aspect, in a fifth implementation manner of the first aspect, the determining, according to the software installation and/or operation restriction flag and the software information obtained by the query, whether the application software has a status exception includes: if the inquiry results in that the software installation and/or operation limit is marked as not allowing the installation and/or operation, determining that the application software being installed and/or operated has abnormal state; if the inquiring results in that the software installation and/or operation limit marks are allowed to be installed and/or operated, further inquiring to acquire software attribute information allowing to be installed and/or operated; the software information comprises software attribute information; and determining whether the application software has abnormal state according to the acquired software attribute information allowing installation and/or operation and the software information of the application software.
With reference to the first aspect, in a sixth implementation manner of the first aspect, after the suspending the application software installation, the method further includes: reporting the state abnormality information of the application software to a server; receiving and installing a recommended software installation package issued by a server; or alternatively
After suspending the application software operation, the method further comprises: and reporting the state abnormality information of the application software to a server.
With reference to the first aspect, in a seventh implementation manner of the first aspect, the preset software installation and/or operation policy further includes a gray list software information, where the gray list software information includes: the method comprises the steps of a software developer name, a software installation package size threshold, a digital signature of the software installation package, a digital signature time threshold of the software installation package, and whether a driver and a software bit number exist in the software installation package; and/or the number of the groups of groups,
The method comprises the steps of sending a receiver IP address carried in a network packet, sending a frequency threshold value, an operation authority level, downloading information of the network packet to the same IP address, judging whether to operate important files of a terminal operating system, and occupying hardware resources in running and/or occupying memory size of garbage generated after running.
In a second aspect, an embodiment of the present invention provides an apparatus for installing and/or running application software, including: the first acquisition program module is used for acquiring software information of application software which is currently installed and/or operated on the terminal; the judging program module is used for judging whether the application software has abnormal state according to a preset software installation and/or operation strategy and the software information; the preset software installation and/or operation strategy comprises white list software information and black list software information; and the suspension program module is used for suspending the installation and/or the operation of the application software if the application software is judged to have abnormal state.
In a third aspect, an embodiment of the present invention provides an electronic device, including: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space surrounded by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, for performing the method according to any of the embodiments of the first aspect.
In a fourth aspect, embodiments of the present invention provide a computer readable storage medium storing one or more programs executable by one or more processors to implement the method of any embodiment of the first aspect.
According to the application software installation and/or operation method, the device, the electronic equipment and the storage medium, the software installation and/or operation strategy is preset, and the software installation and/or operation strategy comprises white list software information and black list software information; after the software information of the application software which is being installed and/or operated on the current terminal is obtained, whether the current software installation and/or operation state is abnormal or not can be automatically judged according to the preset software installation and/or operation strategy, and when the abnormality is judged, the installation and/or operation of the application software is stopped, so that the safety of the software installation or operation environment can be ensured. Compared with the manual setting of the software installation and/or operation rules each time, the scheme not only can reduce the workload of personnel, but also is convenient for unified management and control of the installation or operation safety of the application software, and can improve the safety of the software installation or operation environment to a certain extent.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of one embodiment of an installation and/or operation method of application software of the present invention;
FIG. 2 is a flow chart of yet another embodiment of the method of installing and/or operating application software of the present invention;
FIG. 3 is a flow chart of yet another embodiment of the method of installing and/or operating application software of the present invention;
FIG. 4 is a schematic diagram illustrating the construction of an embodiment of an apparatus for installing and/or operating application software according to the present invention;
FIG. 5 is a schematic diagram of another embodiment of an application software installation and/or operation device of the present invention;
FIG. 6 is a schematic diagram of an embodiment of an apparatus for installing and/or operating application software according to the present invention;
fig. 7 is a schematic structural diagram of an embodiment of the electronic device of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
It should be understood that the described embodiments are merely some, but not all, embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
FIG. 1 is a schematic flow chart of an embodiment of an installation and/or operation method of application software according to the present application, and referring to FIG. 1, the installation and/or operation method of application software according to the present application can be applied to an installation and operation security management and control scenario of application software; it should be noted that the method may be solidified in a certain manufactured product in the form of software, and the method flow of the present application may be reproduced when the user is using the product.
For example, the method for installing and/or operating application software provided in this embodiment is installed on electronic devices such as a computer and a mobile phone in the form of application software, when a user triggers the product to operate on the computer or the mobile phone, the software being installed or operated on the system is automatically and uniformly controlled according to a preset security policy, and the method previously solidified in the electronic product is mechanically replayed and reproduced, so as to realize the security of the installation or operation of the application software, and further ensure the network security when the user uses the software.
In some embodiments, the solution of the present embodiment may be cured in a software form to operate in a c\s (client\server) architecture. Before the method is operated, a server and an Agent client are required to be deployed, the server is responsible for making a software installation and/or operation strategy, collecting abnormal information reported by the client, sequencing and displaying the abnormal information, exporting an abnormal report and sending abnormal mails, and providing an Agent download address. And downloading and deploying the proxy client, wherein the proxy client is used for executing the software installation and/or operation strategy issued by the server, and intercepting and reporting the software installation and/or operation strategy to the server when the abnormality of the software installation or operation is found.
In other embodiments, the pre-established software installation and/or operation policy may also be directly sent to the client for storage locally, so as to directly regulate the software installation or operation according to the locally stored software installation and/or operation policy when the software is installed or operated.
Referring to fig. 1, the method for installing and/or operating application software of the present embodiment may include the steps of:
110. and acquiring software information of the application software currently installed and/or running on the terminal.
In this embodiment, the software information may include, but is not limited to: software attribute information; the software attribute information may include: the software developer name, the software installation package name, the size, whether the software installation package has a digital signature, the digital signature time of the software installation package, whether a driver and/or a number of software bits are present within the software installation package.
Specifically, when the application software is application software running on the terminal, the software information may further include: software behavior information, the software behavior information comprising: the method comprises the steps of sending a receiver IP address carried in a network packet, sending the frequency of the network packet to the same IP address, operating permission, downloading, whether to operate an important file of a terminal operating system, hardware resources occupied during operation and/or the memory size occupied by garbage generated after operation.
120. Judging whether the application software has abnormal state or not according to a preset software installation and/or operation strategy and the software information; the preset software installation and/or operation strategy comprises white list software information and black list software information.
Corresponding software attribute information, the white list software information and the black list software information may include: software developer name, software installation package size threshold, digital signature of the software installation package, digital signature time threshold of the software installation package, whether a driver and software bit number exist in the software installation package, and the like.
The white list software information and the black list software information may further include: the method comprises the steps of sending a receiver IP address carried in a network packet, sending a frequency threshold value, an operation authority level, downloading information of the network packet to the same IP address, judging whether to operate important files of a terminal operating system, occupying hardware resources in operation and/or occupying memory size of garbage generated after operation and the like.
The method comprises the steps that according to application software information, an application program is determined to belong to white list software, and if the application program does not exist state abnormality, normal installation and/or operation can be performed, and no alarm is generated; and determining that the application program belongs to the blacklist software according to the application software information, and if the state is abnormal, prohibiting installation or operation.
In this embodiment, by presetting a software installation and/or operation policy, when a software installation and/or operation policy mechanism is triggered to operate, unified security management and control can be automatically performed on the software installation and/or operation according to the preset software installation and/or operation policy, and no manual setting of a security operation policy or rule is required, so that not only is the workload of personnel reduced, but also unified management and control on the security of application software installation or operation is facilitated, and security holes which are easy to occur inadvertently and exist due to manual setting are avoided to a certain extent.
In some embodiments, the preset software installation and/or operation policy may further include: gray list software information, the gray list software information comprising: the method comprises the steps of a software developer name, a software installation package size threshold, a digital signature of the software installation package, a digital signature time threshold of the software installation package, and whether a driver and a software bit number exist in the software installation package; and/or the number of the groups of groups,
The method comprises the steps of sending a receiver IP address carried in a network packet, sending a frequency threshold value, an operation authority level, downloading information of the network packet to the same IP address, judging whether to operate important files of a terminal operating system, and occupying hardware resources in running and/or occupying memory size of garbage generated after running.
The application software is determined to be the gray list software according to the acquired software information of the application software and white, gray and black list software information in a preset software installation and/or operation strategy, and whether the application software is abnormal or not can be determined according to a specific treatment strategy, for example, an application scene information software installation or operation strategy of a terminal, and further whether the application software is released or not is determined, namely, whether the application software is allowed or forbidden to be continuously installed or operated is enabled or disabled.
130. If the application software is judged to have abnormal state, the installation and/or the operation of the application software are/is stopped.
In this embodiment, according to a preset software installation and/or operation policy, when it is determined that the application software has an abnormal state, the application software installation and/or operation is suspended, so that the situation that information leakage or virus intrusion occurs due to continuing the software installation or operation can be avoided, and thus the security of the software installation or operation environment can be improved to a certain extent, for example, the security of a system is ensured.
The suspending the application software installation and/or execution may include: blocking and discarding abnormal connection information; for example, for an application being installed, if an anomaly is found in the application, such as an embedded advertisement, the installation connection may be blocked. Further, the installation package may also be cleaned directly after blocking the installation connection. For the running application software, if an abnormality exists in the application software, such as illegal binding downloading, the running program process of the application software can be intercepted and stopped, and further, after the running program of the application software is intercepted and stopped, the software can be directly unloaded, so that the safety of the software running environment, such as an operating system, is protected.
The application software installation and/or operation method provided by the embodiment of the invention comprises the steps of presetting software installation and/or operation strategies, wherein the software installation and/or operation strategies comprise white list software information and black list software information; after the software information of the application software being installed and/or operated on the current terminal is obtained, whether the state of the current software installation and/or operation of the application software is abnormal or not can be automatically judged according to a preset software installation and/or operation strategy, and when the state is judged to be abnormal, the installation and/or operation of the application software is stopped, so that the safety of the software installation or operation environment can be ensured.
Compared with the manual setting of the software installation and/or operation rules each time, the scheme not only can reduce the workload of personnel, but also is convenient for unified management and control of the installation or operation safety of the application software, and can improve the safety of the software installation or operation environment to a certain extent.
Referring to FIG. 2, in some embodiments, for an application being installed, after suspending the application installation, the method further comprises the steps of: 140. reporting the state abnormality information of the application software to a server; and receiving and installing a recommended software installation package issued by the server. In this way, after the abnormal state information of the application software is reported to the server, the recommended software installation package issued by the server is received and installed, so that the unified installation of the software version can be realized.
The recommended software can be software which ensures the safety of the system environment, such as antivirus software; but also some software necessary for the terminal application scene, such as literal application software, drawing application software, etc. in the office scene.
For an application software that has been installed and/or run, after suspending the application software from running, the method further comprises: 140', reporting the abnormal state information of the application software to a server; so that the server displays the abnormal state information and carries out alarm prompt.
For the software information, including: in the case of software attribute information, as an optional embodiment, the determining, according to a preset software installation and/or operation policy and the software information, whether the application software has a state abnormality includes: matching the software attribute information of the application software with a preset software installation and/or operation strategy; and judging whether the application software currently installed and/or operated by the terminal has abnormal state or not according to the matching result.
When the software information of the application software comprises a software manufacturer name, matching is carried out according to the software developer name and software attribute information in preset white list software information and black list software information, if the software attribute information in the white list software information is successfully matched, it is determined that the application software has no abnormal state, and the installation or the operation can be continued; otherwise, if the software attribute information in the blacklist software information is successfully matched, determining that the application software has abnormal state, and prohibiting continuous installation or operation. The corresponding software in the white list software information is some software which can be installed and operated.
It is also possible to determine whether a state abnormality exists in the software state based on whether a digital signature exists in the software information of the application software, for example. Further, if the digital signature exists, continuing to compare the digital signature time of the software installation package in the white list software information and the black list software information of the preset software installation and/or operation strategy, and determining whether the state of the application software is abnormal; for example, the software installation package of the application software has a digital signature, and further determines that the digital signature time does not match the digital signature time in the white list software information, if the application software has a status abnormality before XX years, and the installation is aborted.
Taking software information as a software installation package name and size as an example, matching the software package name with the white list software information and the black list software information, and determining that the current software installation package belongs to the software installation package in the white list software information; and further inquiring the size of the software installation package in the white list software information, and if the size exceeds the size threshold of the installation package, for example, the installation package of XXMb, judging that the application software has abnormal state, and stopping the installation.
The software attribute information can also be taken as an example of the number of software bits, and the software bits of the application software are matched with a preset software installation and/or operation strategy; for example, as for 32-bit software, it should run on a 32-bit system and 64-bit software should run on a 64-bit system. And judging whether the application software currently installed and/or operated by the terminal has abnormal state or not according to the matching result. For example, the application software is 32-bit software, and when the application software is currently running on the system 64, it is determined that the application software currently being installed and/or running on the terminal has an abnormal state.
In this embodiment, by presetting software attribute information in the white list software information and the black list software information in the software installation and/or operation policy, after obtaining the software information of the application software being installed and/or operated on the current terminal, the white list software information and the software attribute information preset in the black list software information of the software installation and/or operation policy can be queried according to the software information, so that whether the application software has abnormal state can be rapidly determined, and further unified management and control on the security of the software installation or operation is facilitated.
In this embodiment, as an optional embodiment, when the application software is application software running on a terminal, the software information further includes: in the foregoing software behavior information, the determining, according to a preset software installation and/or operation policy and the software information, whether the application software has a state abnormality includes: and matching the software behavior information of the application software with a preset software installation and/or operation strategy.
The method includes the steps that an IP address of a receiver carried in a network packet sent by application software on a current terminal is obtained; judging whether the IP address of the receiver is an intra-or overseas IP address; if the frequency is the overseas IP address, matching the acquired frequency of sending the network packet to the same IP address with white list software information and black list software information in a preset software installation and/or operation strategy, and if the frequency exceeds a preset limit, determining that the application software has abnormal state.
For example, according to the obtained operation authority of the application software, matching with the preset white list software information and the operation authority level in the software installation and/or operation strategy, if not, the application software has the highest authority behavior of the operation system, and if the application software has administrator under the operation windows, the linux or the root authority under the domestic system, the existence of abnormal state of the application software is judged.
For another example, according to the matching between the downloading behavior of the application software and the downloading information in the white list software information and the blacklist software information in the preset software installation and/or operation policy, determining whether the downloading behavior has illegal information, for example: other advertising software is included in the downloading act; if so, judging that the application software has abnormal state.
Furthermore, the abnormal state of the application software can be judged according to whether the important files of the operating system, such as a registry, a startup, and unloading other software behavior information, etc. are operated after the software is operated.
Taking the example that the software behavior information includes the hardware resources occupied by the software in running and/or the memory size occupied by garbage generated after running as an illustration, for example, if the occupied resources are excessive or exceed XX percent of the total resources of the system after the running of the software is determined according to the software behavior information, the state of the application software is abnormal, and the running of the application software is stopped.
In still other embodiments, the software information includes: software attribute information, software behavior information, and software installation or runtime information;
The whitelist software information further includes: a time limit marker for software installation and/or operation; the time limit marker includes: the installation and/or operation time marks and the limit installation and/or operation time marks are not limited, wherein specific limit time periods are marked in the limit installation and/or operation time marks, and for example, XX software can install or operate marks only in office time (8:00-17:00).
In this embodiment, the determining whether the application software has a state abnormality according to a preset software installation and/or operation policy and the software information includes: after judging that the state of the application software currently installed and/or operated by the terminal is abnormal according to the software attribute information and/or the software behavior information of the application software, determining whether the application software is installed and/or operated for a limited time period according to a time limit mark of software installation or operation in preset white list software information;
If yes, comparing the software installation time information of the application software with a specific limit time period marked in a limit installation and/or running time mark of the application software corresponding to the preset white list software information;
If the software installation and/or running time information of the application software is within the limit time period, judging that the application software has abnormal state;
and if the software installation and/or running time information of the application software is not in the limited time period, judging that the application software has no state abnormality.
In this embodiment, for example, a time limit flag for installing or running the software is set in the white list software information in the running policy of the software a, which is specifically defined as allowing running from 8 a.m. to 5 a.m.; and when the software A runs, acquiring attribute information and running time information of the software A, and determining that the software A is white list software according to the matching of the attribute information of the software A and the white list software information to allow the running.
However, since the white list software information is provided with a time limit mark for installing or running the software corresponding to the software a, the time information of the running a needs to be further determined, and the method further includes: and judging whether the state of the A software is abnormal or not currently according to the running time information of the A software and the set time limit mark for installing or running the A software. For example, if the running time of the A software is 10 am, the A software has no state abnormality in the allowed running time period, and the A software can continue to run.
In still other embodiments, the software information includes software attribute information, and the preset software installation and/or operation policy further includes an application scenario of the terminal and a software installation and/or operation restriction flag corresponding to the application scenario; the software installation and/or operation restriction flags include: software attribute information that does not permit installation and/or operation, permits installation and/or operation, and permits installation and/or operation.
Referring to fig. 3, before, simultaneously with or after acquiring the software information of the application software being installed and/or running on the current terminal, the method further includes: step 110', obtaining application scene information of a current terminal; the application scene information comprises a server class scene and a client class scene;
the determining whether the application software has a state abnormality according to the preset software installation and/or operation policy and the software information (step 120) includes: 121' inquiring a software installation and/or operation limit mark corresponding to the application scene information of the current terminal from the preset software installation and/or operation strategy; 122' determine whether a state abnormality exists in the application software according to the queried software installation and/or operation limit marks and the software information.
For example, if the current terminal is used in a server class scene, the policy corresponding to the application scene is that no software is allowed to be installed; for this case, it is determined whether or not the application software has a state abnormality only according to the application scenario.
For another example, for a server class or client class scenario, the policy corresponding to the application scenario may be that no software is allowed to be installed.
For another example, for a server class scene or a client class scene, a policy corresponding to the application scene is that a certain class of software, such as office software, antivirus software, etc., must be installed; for this case, it is necessary to further determine whether the application software has a state abnormality in combination with software information.
In this embodiment, by setting the software installation and/or operation policy corresponding to the application scenario, when a specific application scenario is required, a certain type of software must be installed, so that the installation rate of the necessary software can be improved.
Furthermore, different rules can be matched according to different types of clients, specific software can be automatically installed for the same type of clients, and different software installation or operation strategies can be implemented for different types of clients; the various policy sub-items herein may be used in combination as the case may be.
Specifically, the server class scenario or the client class scenario may also be different according to the requirements of the application environment, such as a bank, an enterprise, a family, etc., on installing or running software on the terminal. Thus, as an alternative embodiment, different restriction flags are set for different application software in the server class scene and the client class scene according to different application environments.
For example, for applications involving security classes or other vital importance, such as banks, the installation of internet downloaded software is not allowed; when the source of the software is determined to be the Internet according to the software information of the application software, searching a preset software installation and/or operation strategy of the software corresponding to the application environment, and judging that the application software has abnormal state when the software installation and/or operation strategy corresponding to the banking environment is the software which is not allowed to be installed and downloaded by the Internet.
The software behavior information may further include: program start modes, such as compression package software, i.e. the type of software that can be started by executing a program without installing it.
It can be appreciated that for some security-related application scenarios, such as banking systems, security is not high enough for the above-mentioned compressed package software, and installation is generally not allowed; therefore, in this embodiment, it is possible to comprehensively determine whether or not there is a state abnormality based on the acquired software behavior information and application environment information of the application software, and further determine whether or not to suspend the installation thereof.
In the embodiment, by setting the software behavior information and the application scene and/or the application environment comprehensive software installation and/or operation strategy, the security problem and the possibility of disclosure caused by the installation or operation of the non-trusted software can be effectively solved, and the security of the service system is improved.
In this embodiment, as an optional embodiment, the determining whether the application software has a state exception according to the software installation and/or operation restriction flag and the software information obtained by the query includes: if the inquiry results in that the software installation and/or operation limit is marked as not allowing the installation and/or operation, determining that the application software being installed and/or operated has abnormal state;
if the inquiring results in that the software installation and/or operation limit marks are allowed to be installed and/or operated, further inquiring to acquire software attribute information allowing to be installed and/or operated; and determining whether the application software has abnormal state according to the acquired software attribute information allowing installation and/or operation and the software information of the application software.
Taking a banking environment as an example and taking application software installation or operation as an example to describe the embodiment, for example, if installation and/or operation restriction of class B software is marked as allowed to be installed and/or operated under the condition that the inquiry is obtained, software attribute information allowing to be installed and/or operated, such as a software version number, a software developer name and the like, is further obtained; of course, further decisions may be made here based on software behavior information.
Further determining whether the application software has abnormal state according to the acquired software version number allowing installation and/or running, the name of the software developer and the software information of the application software; i.e., whether it belongs to class B software developed by a specified developer (including vendors) and whether the version number is a particular version, such as the latest version of software; if the application software is in accordance with the state abnormality, determining that the application software is not in the state abnormality; otherwise, determining that the application software has abnormal state. Therefore, the safety of the installation or operation of the software can be effectively controlled by presetting comprehensive software installation and/or operation strategies, and the safety of the installation or operation of the software is improved.
It should be noted that, each item in the preset software installation and/or operation policy includes a plurality of policy sub-items, and the sub-items are not exhaustive, and examples of each item are only for helping understanding the technical solution of the embodiment, and should not be considered as exclusive limitation of the solution.
According to the application software installation and/or operation method provided by the embodiment, through the preset software installation and/or operation strategy, whether the application software can be continuously installed or operated or not can be automatically judged according to the preset software installation and/or operation strategy when the application software is installed or operated, and the application software installation and/or operation is stopped when the abnormality is judged, so that the safety of the software installation or operation environment can be ensured.
By presetting the software installation and/or operation strategies, the system safety is automatically ensured according to the strategies, so that the installation and operation of the software can be uniformly managed, and invasion conditions such as virus injection in the software installation process caused by human factors in a mode of manually setting the strategies can be avoided, thereby improving the safety of the software installation or operation environment to a certain extent.
Example two
Fig. 4 is a schematic structural diagram of an embodiment of an installation and/or operation device of application software of the present invention, which can be applied to a security management and control scenario for installation and operation of software. Referring to fig. 4, in the apparatus of this embodiment, a first acquiring program module 210 is configured to acquire software information of application software currently being installed and/or running on a terminal; a judging program module 220, configured to judge whether a state abnormality exists in the application software according to a preset software installation and/or operation policy and the software information; the preset software installation and/or operation strategy comprises white list software information and black list software information; and the suspension program module 230 is configured to suspend the installation and/or operation of the application software if it is determined that the application software has a status abnormality.
The device of this embodiment may be used to implement the technical solution of the method embodiment shown in fig. 1, and its implementation principle and technical effects are similar, and are not described here again.
In some embodiments, the software information includes: software attribute information, the software attribute information comprising: the name of the software developer, the name and the size of the software installation package, whether the software installation package has a digital signature, the digital signature time of the software installation package, whether a driver and/or software digits exist in the software installation package;
the white list software information and the black list software information include: the method comprises the steps of a software developer name, a software installation package size threshold, a digital signature of the software installation package, a digital signature time threshold of the software installation package, and whether a driver and a software bit number exist in the software installation package;
the judging program module 220 includes: the first matching program unit is used for matching with a preset software installation and/or operation strategy according to the software attribute information of the application software; and the first judging program unit is used for judging whether the application software currently installed and/or operated by the terminal has abnormal state or not according to the matching result.
In other embodiments, when the application software is an application software running on a terminal, the software information includes: software behavior information, the software behavior information comprising: the method comprises the steps of sending a receiver IP address carried in a network packet, sending the frequency of the network packet to the same IP address, operating permission, downloading, whether to operate important files of a terminal operating system, hardware resources occupied during operation and/or the memory size occupied by garbage generated after operation; the white list software information and the black list software information further include: the method comprises the steps of sending a receiver IP address carried in a network packet, sending a frequency threshold value, an operation authority level, downloading information of the network packet to the same IP address, judging whether to operate important files of a terminal operating system, and occupying hardware resources in running and/or occupying memory size of garbage generated after running;
The judging program module includes: the second matching program unit is used for matching with a preset software installation and/or operation strategy according to the software behavior information of the application software; and the second judging program unit is used for judging whether the application software currently installed and/or operated by the terminal has abnormal state or not according to the matching result.
In still other embodiments, the software information includes: software attribute information, software behavior information, and software installation or runtime information; the whitelist software information further includes: a time limit marker for software installation and/or operation; the time limit marker includes: the method comprises the steps of not limiting installation and/or operation time marks and limiting the installation and/or operation time marks, wherein specific limiting time periods are marked in the limiting installation and/or operation time marks;
the judging program module 220 includes: a first determining program unit, configured to determine, according to a time limit flag of software installation and/or operation in preset whitelist software information, whether the application software is installed and/or operated for a limited period of time after judging, according to software attribute information and/or software behavior information of the application software, that no state abnormality exists in the application software currently installed and/or operated by the terminal; the comparison program unit is used for comparing the software installation time information of the application software with the specific limit time period marked in the limit installation and/or operation time mark of the corresponding application software in the preset white list software information if the application software is determined to be installed and/or operated in the limit time period; a third judging program unit, configured to judge that a state of the application software is abnormal if the software installation and/or running time information of the application software is within a limited time period; and the fourth judging program unit is used for judging that the state of the application software is not abnormal if the software installation and/or running time information of the application software is not in the limit time period.
In still other embodiments, the software information includes software attribute information, and the preset software installation and/or operation policy further includes an application scenario of the terminal and a software installation and/or operation restriction flag corresponding to the application scenario; the software installation and/or operation restriction flags include: software attribute information that does not permit installation and/or operation, permits installation and/or operation, and permits installation and/or operation;
Referring to fig. 5, the apparatus further includes: a second acquiring program module 210' for acquiring application scenario information of the current terminal before, simultaneously with or after acquiring software information of the application software being installed and/or running on the current terminal; the application scene information comprises a server class scene and a client class scene;
The judging program module 220 includes: a query program unit 221, configured to query, from the preset software installation and/or operation policy, a software installation and/or operation restriction flag corresponding to application scenario information of the current terminal; a second determining program unit 222, configured to determine whether the application software has a status abnormality according to the queried software installation and/or operation restriction flag and the software information.
Specifically, the second determining program unit is specifically configured to: if the inquiry results in that the software installation and/or operation limit is marked as not allowing the installation and/or operation, determining that the application software being installed and/or operated has abnormal state; if the inquiring results in that the software installation and/or operation limit marks are allowed to be installed and/or operated, further inquiring to acquire software attribute information allowing to be installed and/or operated; and determining whether the application software has abnormal state according to the acquired software attribute information allowing installation and/or operation and the software information of the application software.
Referring to fig. 6, in still other embodiments, the apparatus further comprises: a first reporting program module 240, configured to report abnormal state information of the application software to a server after the application software is suspended from being installed;
a receiving program module 250, configured to receive and install a recommended software installation package issued by the server; or alternatively
The apparatus further comprises: and the second reporting program module 240' is configured to report the abnormal state information of the application software to a server after the running of the application software is suspended. .
In still other embodiments, the preset software installation and/or operation policy further includes gray list software information, the gray list software information including: the method comprises the steps of a software developer name, a software installation package size threshold, a digital signature of the software installation package, a digital signature time threshold of the software installation package, and whether a driver and a software bit number exist in the software installation package; and/or the number of the groups of groups,
The method comprises the steps of sending a receiver IP address carried in a network packet, sending a frequency threshold value, an operation authority level, downloading information of the network packet to the same IP address, judging whether to operate important files of a terminal operating system, and occupying hardware resources in running and/or occupying memory size of garbage generated after running.
The device of this embodiment has similar implementation principle and technical effects to those of the corresponding method embodiment, and the details are not described in detail, so that reference may be made to each other, and the details are not repeated here.
Fig. 7 is a schematic structural diagram of an embodiment of an electronic device according to the present invention, based on the method provided in the first embodiment and the apparatus provided in the second embodiment, and as shown in fig. 7, the embodiment of the present invention further provides an electronic device, where the flow of any one of the embodiments of the present invention may be implemented, and the electronic device may include: the device comprises a shell 41, a processor 42, a memory 43, a circuit board 44 and a power circuit 45, wherein the circuit board 44 is arranged in a space surrounded by the shell 41, and the processor 42 and the memory 43 are arranged on the circuit board 44; a power supply circuit 45 for supplying power to the respective circuits or devices of the above-described electronic apparatus; the memory 43 is for storing executable program code; the processor 42 executes a program corresponding to the executable program code by reading the executable program code stored in the memory 43 for performing the application software installation and/or execution method described in any of the foregoing embodiments.
The specific implementation of the above steps by the processor 42 and the further implementation of the steps by the processor 42 through the execution of the executable program code may be referred to as the description of the first embodiment of the present invention, which is not repeated herein.
In summary, the application software installation and/or operation method and device provided by the embodiment of the invention can reduce the workload of personnel, is convenient for unified management and control of the installation or operation safety of the application software, and can improve the safety of the software installation or operation environment to a certain extent.
The electronic device exists in a variety of forms including, but not limited to:
(1) A mobile communication device: such devices are characterized by mobile communication capabilities and are primarily targeted to provide voice and data communications. Such terminals include: smart phones (e.g., iPhone), multimedia phones, functional phones, and low-end phones, etc.
(2) Ultra mobile personal computer device: such devices are in the category of personal computers, having computing and processing functions, and generally also having mobile internet access characteristics. Such terminals include: PDA, MID, and UMPC devices, etc., such as iPad.
(3) Portable entertainment device: such devices may display and play multimedia content. The device comprises: audio, video players (e.g., iPod), palm game consoles, electronic books, and smart toys and portable car navigation devices.
(4) And (3) a server: the configuration of the server includes a processor, a hard disk, a memory, a system bus, and the like, and the server is similar to a general computer architecture, but is required to provide highly reliable services, and thus has high requirements in terms of processing capacity, stability, reliability, security, scalability, manageability, and the like.
(5) Other electronic devices with data interaction functions.
An embodiment of the present invention also provides a computer readable storage medium storing one or more programs executable by one or more processors to implement the method for installing and/or operating application software according to any one of the foregoing embodiments.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments.
In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments in part.
For convenience of description, the above apparatus is described as being functionally divided into various units/modules, respectively. Of course, the functions of the various elements/modules may be implemented in the same piece or pieces of software and/or hardware when implementing the present invention.
Those skilled in the art will appreciate that implementing all or part of the above-described methods in accordance with the embodiments may be accomplished by way of a computer program stored on a computer readable storage medium, which when executed may comprise the steps of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random-access Memory (Random Access Memory, RAM), or the like.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any changes or substitutions easily contemplated by those skilled in the art within the scope of the present invention should be included in the present invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.
Claims (16)
1. A method of installing and/or operating application software, comprising the steps of:
acquiring software information of application software which is currently installed and/or operated on a terminal;
Judging whether the application software has abnormal state or not according to a preset software installation and/or operation strategy and the software information; the preset software installation and/or operation strategy comprises white list software information and black list software information;
if the application software is judged to have abnormal state, stopping the installation and/or operation of the application software;
the software information comprises software attribute information, and the preset software installation and/or operation strategy also comprises an application scene of the terminal and a software installation and/or operation limit mark corresponding to the application scene; the software installation and/or operation restriction flags include: software attribute information that does not permit installation and/or operation, permits installation and/or operation, and permits installation and/or operation;
before, simultaneously with or after acquiring the software information of the application software being installed and/or running on the current terminal, the method further comprises: acquiring application scene information of a current terminal; the application scene information comprises a server class scene and a client class scene;
The judging whether the application software has state abnormality according to the preset software installation and/or operation strategy and the software information comprises the following steps: inquiring a software installation and/or operation limit mark corresponding to application scene information of the current terminal from the preset software installation and/or operation strategy;
And determining whether the application software has abnormal state according to the inquired software installation and/or operation limit mark and the software information.
2. The application software installation and/or operation method according to claim 1, wherein the software information includes: software attribute information, the software attribute information comprising: the name of the software developer, the name and the size of the software installation package, whether the software installation package has a digital signature, the digital signature time of the software installation package, whether a driver and/or software digits exist in the software installation package;
the white list software information and the black list software information include: the method comprises the steps of a software developer name, a software installation package size threshold, a digital signature of the software installation package, a digital signature time threshold of the software installation package, and whether a driver and a software bit number exist in the software installation package;
The judging whether the application software has state abnormality according to the preset software installation and/or operation strategy and the software information comprises the following steps: matching the software attribute information of the application software with a preset software installation and/or operation strategy;
and judging whether the application software currently installed and/or operated by the terminal has abnormal state or not according to the matching result.
3. The application software installation and/or operation method according to claim 1, wherein when the application software is an application software running on a terminal, the software information includes: software behavior information, the software behavior information comprising: the method comprises the steps of sending a receiver IP address carried in a network packet, sending the frequency of the network packet to the same IP address, operating permission, downloading, whether to operate important files of a terminal operating system, hardware resources occupied during operation and/or the memory size occupied by garbage generated after operation;
The white list software information and the black list software information include: the method comprises the steps of sending a receiver IP address carried in a network packet, sending a frequency threshold value, an operation authority level, downloading information of the network packet to the same IP address, judging whether to operate important files of a terminal operating system, and occupying hardware resources in running and/or occupying memory size of garbage generated after running;
the judging whether the application software has state abnormality according to the preset software installation and/or operation strategy and the software information comprises the following steps: matching the software behavior information of the application software with a preset software installation and/or operation strategy;
and judging whether the application software currently installed and/or operated by the terminal has abnormal state or not according to the matching result.
4. The application software installation and/or operation method according to claim 1, wherein the software information includes: software attribute information, software behavior information, and software installation or runtime information;
the whitelist software information includes: a time limit marker for software installation and/or operation; the time limit marker includes: the method comprises the steps of not limiting installation and/or operation time marks and limiting the installation and/or operation time marks, wherein specific limiting time periods are marked in the limiting installation and/or operation time marks;
the judging whether the application software has state abnormality according to the preset software installation and/or operation strategy and the software information comprises the following steps: after judging that the state of the application software currently installed and/or operated by the terminal is abnormal according to the software attribute information and/or the software behavior information of the application software, determining whether the application software is installed and/or operated for a limited time period according to a time limit mark of software installation or operation in preset white list software information;
If yes, comparing the software installation and/or running time information of the application software with a specific limiting time period marked in a limiting installation and/or running time mark of the application software corresponding to the preset white list software information;
If the software installation and/or running time information of the application software is within the limit time period, judging that the application software has abnormal state;
and if the software installation and/or running time information of the application software is not in the limited time period, judging that the application software has no state abnormality.
5. The application software installation and/or operation method according to claim 1, wherein the determining whether the application software has a status abnormality based on the software installation and/or operation restriction flag and the software information obtained from the query comprises: if the inquiry results in that the software installation and/or operation limit is marked as not allowing the installation and/or operation, determining that the application software being installed and/or operated has abnormal state;
If the inquiring results in that the software installation and/or operation limit marks are allowed to be installed and/or operated, further inquiring to acquire software attribute information allowing to be installed and/or operated;
and determining whether the application software has abnormal state according to the acquired software attribute information allowing installation and/or operation and the software information of the application software.
6. The application software installation and/or execution method according to claim 1, wherein after suspending the application software installation, the method further comprises: reporting the state abnormality information of the application software to a server; receiving and installing a recommended software installation package issued by a server; or alternatively
After suspending the application software operation, the method further comprises: and reporting the state abnormality information of the application software to a server.
7. The application software installation and/or operation method according to claim 1, wherein the preset software installation and/or operation policy further includes a gray list software information, the gray list software information including: the method comprises the steps of a software developer name, a software installation package size threshold, a digital signature of the software installation package, a digital signature time threshold of the software installation package, and whether a driver and a software bit number exist in the software installation package; and/or the number of the groups of groups,
The method comprises the steps of sending a receiver IP address carried in a network packet, sending a frequency threshold value, an operation authority level, downloading information of the network packet to the same IP address, judging whether to operate important files of a terminal operating system, and occupying hardware resources in running and/or occupying memory size of garbage generated after running.
8. An application software installation and/or execution device, comprising:
the first acquisition program module is used for acquiring software information of application software which is currently installed and/or operated on the terminal;
The judging program module is used for judging whether the application software has abnormal state according to a preset software installation and/or operation strategy and the software information; the preset software installation and/or operation strategy comprises white list software information and black list software information;
A suspension program module, configured to suspend installation and/or operation of the application software if it is determined that the application software has a status abnormality;
the software information comprises software attribute information, and the preset software installation and/or operation strategy also comprises an application scene of the terminal and a software installation and/or operation limit mark corresponding to the application scene; the software installation and/or operation restriction flags include: software attribute information that does not permit installation and/or operation, permits installation and/or operation, and permits installation and/or operation;
The apparatus further comprises: the second acquisition program module is used for acquiring the application scene information of the current terminal before, simultaneously with or after acquiring the software information of the application software which is being installed and/or operated on the current terminal; the application scene information comprises a server class scene and a client class scene;
the judging program module includes: the inquiring program unit is used for inquiring the software installation and/or operation limit mark corresponding to the application scene information of the current terminal from the preset software installation and/or operation strategy;
And the second determining program unit is used for determining whether the state of the application software is abnormal according to the queried software installation and/or operation limit mark and the software information.
9. The application software installation and/or execution device of claim 8, wherein the software information includes: software attribute information, the software attribute information comprising: the name of the software developer, the name and the size of the software installation package, whether the software installation package has a digital signature, the digital signature time of the software installation package, whether a driver and/or software digits exist in the software installation package;
the white list software information and the black list software information include: the method comprises the steps of a software developer name, a software installation package size threshold, a digital signature of the software installation package, a digital signature time threshold of the software installation package, and whether a driver and a software bit number exist in the software installation package;
The judging program module includes: the first matching program unit is used for matching with a preset software installation and/or operation strategy according to the software attribute information of the application software;
And the first judging program unit is used for judging whether the application software currently installed and/or operated by the terminal has abnormal state or not according to the matching result.
10. The application installation and/or operation device according to claim 8, wherein when the application is an application operated on a terminal, the software information includes: software behavior information, the software behavior information comprising: the method comprises the steps of sending a receiver IP address carried in a network packet, sending the frequency of the network packet to the same IP address, operating permission, downloading, whether to operate important files of a terminal operating system, hardware resources occupied during operation and/or the memory size occupied by garbage generated after operation;
The white list software information and the black list software information include: the method comprises the steps of sending a receiver IP address carried in a network packet, sending a frequency threshold value, an operation authority level, downloading information of the network packet to the same IP address, judging whether to operate important files of a terminal operating system, and occupying hardware resources in running and/or occupying memory size of garbage generated after running;
The judging program module includes: the second matching program unit is used for matching with a preset software installation and/or operation strategy according to the software behavior information of the application software;
And the second judging program unit is used for judging whether the application software currently installed and/or operated by the terminal has abnormal state or not according to the matching result.
11. The application software installation and/or execution device of claim 8, wherein the software information includes: software attribute information, software behavior information, and software installation or runtime information;
the whitelist software information includes: a time limit marker for software installation and/or operation; the time limit marker includes: the method comprises the steps of not limiting installation and/or operation time marks and limiting the installation and/or operation time marks, wherein specific limiting time periods are marked in the limiting installation and/or operation time marks;
The judging program module includes: a first determining program unit, configured to determine, according to a time limit flag of software installation and/or operation in preset whitelist software information, whether the application software is installed and/or operated for a limited period of time after judging, according to software attribute information and/or software behavior information of the application software, that no state abnormality exists in the application software currently installed and/or operated by the terminal;
The comparison program unit is used for comparing the software installation time information of the application software with the specific limit time period marked in the limit installation and/or operation time mark of the corresponding application software in the preset white list software information if the application software is determined to be installed and/or operated in the limit time period;
a third judging program unit, configured to judge that a state of the application software is abnormal if the software installation and/or running time information of the application software is within a limited time period;
And the fourth judging program unit is used for judging that the state of the application software is not abnormal if the software installation and/or running time information of the application software is not in the limit time period.
12. The application software installation and/or execution device according to claim 8, wherein the second determination program unit is specifically configured to:
if the inquiry results in that the software installation and/or operation limit is marked as not allowing the installation and/or operation, determining that the application software being installed and/or operated has abnormal state;
If the inquiring results in that the software installation and/or operation limit marks are allowed to be installed and/or operated, further inquiring to acquire software attribute information allowing to be installed and/or operated;
and determining whether the application software has abnormal state according to the acquired software attribute information allowing installation and/or operation and the software information of the application software.
13. The application software installation and/or execution device of claim 8, further comprising: the first reporting program module is used for reporting the abnormal state information of the application software to a server after the application software is stopped from being installed;
the receiving program module is used for receiving and installing a recommended software installation package issued by the server; or alternatively
The apparatus further comprises: and the second reporting program module is used for reporting the abnormal state information of the application software to a server after stopping the operation of the application software.
14. The application software installation and/or operation device according to claim 8, wherein the preset software installation and/or operation policy further includes a gray list software information, the gray list software information including: the method comprises the steps of a software developer name, a software installation package size threshold, a digital signature of the software installation package, a digital signature time threshold of the software installation package, and whether a driver and a software bit number exist in the software installation package; and/or the number of the groups of groups,
The method comprises the steps of sending a receiver IP address carried in a network packet, sending a frequency threshold value, an operation authority level, downloading information of the network packet to the same IP address, judging whether to operate important files of a terminal operating system, and occupying hardware resources in running and/or occupying memory size of garbage generated after running.
15. An electronic device, the electronic device comprising: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space surrounded by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; a processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory for performing the method of any of the preceding claims 1 to 7.
16. A computer-readable storage medium, characterized in that the computer-readable storage medium stores one or more programs, the one or more programs may be executed by one or more processors to implement the method of any of the preceding claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111307040.7A CN114035812B (en) | 2021-11-05 | 2021-11-05 | Application software installation and/or operation method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111307040.7A CN114035812B (en) | 2021-11-05 | 2021-11-05 | Application software installation and/or operation method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114035812A CN114035812A (en) | 2022-02-11 |
| CN114035812B true CN114035812B (en) | 2024-09-17 |
Family
ID=80143005
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111307040.7A Active CN114035812B (en) | 2021-11-05 | 2021-11-05 | Application software installation and/or operation method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114035812B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115378735B (en) * | 2022-10-19 | 2023-03-24 | 支付宝(杭州)信息技术有限公司 | Data processing method and device, storage medium and electronic equipment |
| CN118450040A (en) * | 2023-09-26 | 2024-08-06 | 荣耀终端有限公司 | Control method, electronic device, and readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104573494A (en) * | 2014-12-30 | 2015-04-29 | 北京工业大学 | Safety mobile office method based on WMI software whitelist mechanism |
| CN104820791A (en) * | 2015-05-19 | 2015-08-05 | 新华瑞德(北京)网络科技有限公司 | Application software authority control method and system |
| CN107038068A (en) * | 2017-02-28 | 2017-08-11 | 努比亚技术有限公司 | Processing method is killed in terminal and its application |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103020515B (en) * | 2012-12-26 | 2015-07-22 | 中国人民解放军国防科学技术大学 | Application program execution permission control method for operating system |
| KR101672962B1 (en) * | 2015-07-16 | 2016-11-16 | (주)닥터소프트 | Adaptive device software management system and management method of device software |
| CN105630551A (en) * | 2015-12-23 | 2016-06-01 | 北京金山安全软件有限公司 | Method and device for installing application software and electronic equipment |
| CN105631312B (en) * | 2015-12-25 | 2018-09-07 | 北京奇虎科技有限公司 | The processing method and system of rogue program |
| CN106446683A (en) * | 2016-09-21 | 2017-02-22 | 深圳市金立通信设备有限公司 | Detection method for malignant program and terminal |
| CN110516436A (en) * | 2019-08-29 | 2019-11-29 | 蓝书房作业本科技(深圳)有限公司 | Learning machine application program installation method, device, learning machine and storage medium |
-
2021
- 2021-11-05 CN CN202111307040.7A patent/CN114035812B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104573494A (en) * | 2014-12-30 | 2015-04-29 | 北京工业大学 | Safety mobile office method based on WMI software whitelist mechanism |
| CN104820791A (en) * | 2015-05-19 | 2015-08-05 | 新华瑞德(北京)网络科技有限公司 | Application software authority control method and system |
| CN107038068A (en) * | 2017-02-28 | 2017-08-11 | 努比亚技术有限公司 | Processing method is killed in terminal and its application |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114035812A (en) | 2022-02-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Sun et al. | Monet: a user-oriented behavior-based malware variants detection system for android | |
| US7716727B2 (en) | Network security device and method for protecting a computing device in a networked environment | |
| US7707632B2 (en) | System and method for automatically altering device functionality | |
| US7814543B2 (en) | System and method for securing a computer system connected to a network from attacks | |
| CN114035812B (en) | Application software installation and/or operation method and device, electronic equipment and storage medium | |
| US10255433B2 (en) | Executing process code integrity verificaton | |
| WO2017107830A1 (en) | Application installation method, apparatus and electronic device | |
| WO2013059138A1 (en) | System and method for whitelisting applications in a mobile network environment | |
| WO2013059131A1 (en) | System and method for whitelisting applications in a mobile network environment | |
| KR20040028597A (en) | Test enabled application execution | |
| US8701195B2 (en) | Method for antivirus in a mobile device by using a mobile storage and a system thereof | |
| CN108875373B (en) | Mobile storage medium file control method, device and system and electronic equipment | |
| US20050182967A1 (en) | Network security device and method for protecting a computing device in a networked environment | |
| KR20120012983A (en) | Method, apparatus, and computer program for providing application security | |
| US6973305B2 (en) | Methods and apparatus for determining device integrity | |
| Xie et al. | Designing system-level defenses against cellphone malware | |
| Park et al. | API and permission-based classification system for Android malware analysis | |
| CN105791221B (en) | Rule issuing method and device | |
| Zhang et al. | Design and implementation of efficient integrity protection for open mobile platforms | |
| CN111030982B (en) | Strong management and control method, system and storage medium for confidential files | |
| CN114039779A (en) | Method and device for safely accessing network, electronic equipment and storage medium | |
| Jeong et al. | SafeGuard: a behavior based real-time malware detection scheme for mobile multimedia applications in android platform | |
| Malik et al. | Behaviour analysis of android application | |
| CN106485104B (en) | Automatic restoration method, device and system for terminal security policy | |
| CN110597557B (en) | System information acquisition method, terminal and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |