It is on April 21st, 2011, Application No. 201110100859.6, entitled that present patent application is the applying date
The divisional application of the Chinese invention patent application of " method, device and the secure browser that are on the defensive using sandbox technology ".
The content of the invention
The technical problems to be solved by the invention are to provide method, device and the peace that a kind of utilization sandbox technology is on the defensive
The problems of full browser, the sandbox technology voluntarily selected by user in the prior art with solution.
In order to solve the above problems, the invention discloses a kind of method that utilization sandbox technology is on the defensive, including:
Before operation is performed to destination object, the following defence step of triggering:
To destination object to be operated, whether the execution of destination object described in automatic decision needs to import sandbox, if it is,
The execution of the destination object is then completed in sandbox;If it is not, then completing the execution of the destination object outside sandbox.
Wherein, when the execution of destination object described in automatic decision needs to import sandbox:
If the destination object is target program, the target program is imported into sandbox, the target is completed in sandbox
The operation of program;
If the destination object is file destination, the associated program that will perform the file destination imports sandbox, in sand
The file destination is run by the associated program in case;
If the destination object is the information of user input, the associated program that will receive the user input information is imported
Sandbox, the associated program is run in sandbox according to the user input information;The information of the user input include network address and/
Or keyword.
Wherein, described triggering before operation is performed to destination object defends step, including:
If the destination object is target program, run in client after the target program is downloaded into client
Defence step is triggered before the target program;And/or, defence step was triggered before the target program is downloaded;
If the destination object is file destination, by the file destination or the associated program of the file destination is performed
Defence step was triggered before client runs the file destination after downloading to client;And/or, downloading the file destination
Or defence step is triggered before performing the associated program of the file destination online;
If the destination object is the information of user input, defence step is triggered in user input described information.
Preferably, the automatic decision includes:Judge whether the destination object to be operated meets preset matching rule
Then, if met, the execution of the destination object to be operated needs to import sandbox;If do not met, need not import
Sandbox.
Preferably, before judging whether the destination object to be operated meets preset matched rule, also include:Create
For the process of the execution of destination object described in automatic decision;Whether the parent process of the process is judged in sandbox, if it is,
The then execution of the destination object to be operated needs to import sandbox;If it is not, then continuation judges the target pair to be operated
As if no meet preset matched rule.
Preferably, before judging whether the destination object to be operated meets preset matched rule, also include:Judge
Whether user selects for the execution of the destination object to be operated to import sandbox, if it is, the target pair to be operated
The execution of elephant needs to import sandbox;If it is not, then continuation judges whether the destination object to be operated meets preset matching
Rule.
Preferably, before judging whether the destination object to be operated meets preset matched rule, also include:Judge
Whether the destination object to be operated is in white list, if not in white list, the destination object to be operated is
Unknown object, continuation judges whether the destination object to be operated meets preset matched rule;If in white list,
Sandbox need not be imported.
Preferably, before judging whether the destination object to be operated meets preset matched rule, also include:Judge
Whether the destination object to be operated is in blacklist, if in blacklist, the destination object to be operated is held
Row needs to import sandbox;If not in blacklist, continuation judges whether the destination object to be operated meets preset
Matched rule.
Preferably, judge whether the destination object to be operated meets preset matched rule, including:Inquiry is preset
Database, the destination object to be operated and the presetting rule in the database are compared, if in the database
Inquire, then meet matched rule;If do not inquired, matched rule is not met.
Preferably, when the destination object to be operated is target program and/or file destination, judge described to be operated
Destination object whether meet preset matched rule, including:Judge whether the relevant information of the destination object meets preset
Matched rule;And/or, judge whether the relevant information for carrying out source program of the destination object meets preset matched rule.
Wherein, the file path, and/or encryption data of the relevant information of the destination object including destination object, and/or
File attribute, and/or icon characteristics value, and/or file characteristic value, and/or download source;It is described come source program relevant information
File path, and/or encryption data, and/or file attribute, and/or icon characteristics value, and/or file including carrying out source program
Characteristic value, and/or download source.
Preferably, when information of the destination object to be operated for user input, the target to be operated is judged
Whether object meets preset matched rule, including:Judge whether the information of the user input meets preset matched rule.
Preferably, according to the request of client, the execution of destination object to be operated as described in server end automatic decision
Whether need to import sandbox;And/or, whether the execution of destination object to be operated as described in client automatic decision needs to import
Sandbox.
Preferably, if the execution of the destination object to be operated needs to import sandbox, before importing sandbox, also wrap
Include:Ejection reminding window prompts the user whether to import sandbox.
Present invention also offers the device that a kind of utilization sandbox technology is on the defensive, including:
Trigger module is judged, for before operation is performed to destination object, triggering the automatic decision module;
Automatic decision module, for destination object to be operated, whether the execution of destination object described in automatic decision to need
Sandbox is imported, if it is, completing the execution of the destination object in sandbox;If it is not, then completing the target outside sandbox
The execution of object.
Wherein, when the execution of destination object described in automatic decision needs to import sandbox:
If the destination object is target program, the target program is imported sandbox by the automatic decision module,
The operation of the target program is completed in sandbox;
If the destination object is file destination, the automatic decision module will perform the association journey of the file destination
Sequence imports sandbox, and the file destination is run by the associated program in sandbox;
If the destination object is the information of user input, the automatic decision module will receive user input letter
The associated program of breath imports sandbox, and the associated program is run according to the user input information in sandbox;The user input
Information include network address and/or keyword.
Wherein, if the destination object is target program, the judgement trigger module downloads the target program
Automatic decision module was triggered after to client before client runs the target program;And/or, downloading the target program
Automatic decision module is triggered before;
It is described to judge that trigger module is by the file destination or performs the mesh if the destination object is file destination
The associated program of mark file triggered automatic decision module after downloading to client before client runs the file destination;With/
Or, downloading the file destination or triggering automatic decision module before performing the associated program of the file destination online;
If the destination object is the information of user input, the judgement trigger module is in user input described information
When trigger automatic decision module.
Preferably, the automatic decision module includes:Rule judgment submodule, for judging the target pair to be operated
As if it is no meet preset matched rule, if met, the execution of the destination object to be operated needs to import sandbox;Such as
Fruit does not meet, then need not import sandbox.
Preferably, the automatic decision module also includes:Parent process judging submodule, for creating for automatic decision
After the process of the execution of the destination object, whether the parent process of the process is judged in sandbox, if it is, described wait to grasp
The execution of the destination object of work needs to import sandbox;If it is not, then trigger the rule judgment submodule to continue to be treated described in judgement
Whether the destination object of operation meets preset matched rule.
Preferably, the automatic decision module also includes:User selects judging submodule, for judging whether user selects
The execution of the destination object to be operated imported into sandbox, if it is, the destination object to be operated performs needs
Import sandbox;If it is not, then trigger the rule judgment submodule to continue to judge whether the destination object to be operated meets
Preset matched rule.
Preferably, the automatic decision module also includes:White list judging submodule, for judging the mesh to be operated
Whether in white list, if not in white list, the destination object to be operated is unknown object to mark object, triggers institute
Rule judgment submodule is stated to continue to judge whether the destination object to be operated meets preset matched rule;If in white name
Dan Zhong, then need not import sandbox.
Preferably, the automatic decision module also includes:Blacklist judging submodule, for judging the mesh to be operated
Whether in blacklist, if in blacklist, the execution of the destination object to be operated needs to import sandbox mark object;
If not in blacklist, triggering the rule judgment submodule and continuing to judge whether the destination object to be operated meets
Preset matched rule.
Preferably, when the destination object to be operated is target program and/or file destination, rule judgment
Module judges whether the relevant information of the destination object meets preset matched rule;And/or, judge the destination object
Whether the relevant information for carrying out source program meets preset matched rule;
Wherein, the file path, and/or encryption data of the relevant information of the destination object including destination object, and/or
File attribute, and/or icon characteristics value, and/or file characteristic value, and/or download source;It is described come source program relevant information
File path, and/or encryption data, and/or file attribute, and/or icon characteristics value, and/or file including carrying out source program
Characteristic value, and/or download source;
When information of the destination object to be operated for user input, the rule judgment submodule judges the use
Whether the information of family input meets preset matched rule.
Preferably, described device also includes:Reminding module, for needing to lead when the execution of the destination object to be operated
When entering sandbox, before sandbox is imported, ejection reminding window prompts the user whether to import sandbox.
Present invention also offers a kind of secure browser, including the dress being on the defensive using sandbox technology as described above
Put.
Compared with prior art, the present invention includes advantages below:
First, the invention provides a kind of method of intelligent decision, can user to destination object perform operation before,
Whether the execution of destination object described in automatic decision needs to import sandbox, thus produces the advantage that:
First, user can be helped to determine which risky program needs to be run in sandbox, without user certainly
Row judges;
Second, it is to avoid the program of safe devoid of risk is placed into operation in sandbox causes the loss of user data;
3rd, without the participation of user, therefore the operation of user is not influenceed, ease for use is high.
Secondly, destination object of the present invention can be not only target program, can also be that file destination or user are defeated
The information for entering.Therefore, the present invention not only can carry out automatic decision to some software programs, and the files such as picture can also be held
Whether safety carries out automatic decision to row, but also can carry out automatic decision to information such as the network address of user input, keywords, such as
Fruit network address or keyword are that certain web film is, then open a new browser and go to browse this website in sandbox.
Specific embodiment
It is below in conjunction with the accompanying drawings and specific real to enable the above objects, features and advantages of the present invention more obvious understandable
The present invention is further detailed explanation to apply mode.
System for employing sandbox technology, the invention provides a kind of method of intelligent decision, can be in user couple
Before destination object performs operation, whether the execution of destination object described in automatic decision needs to import sandbox, so as to help user
Determine which risky program needs to be run in sandbox.
It is described in detail below by embodiment.
Reference picture 1, is method flow diagram that a kind of utilization sandbox technology described in the embodiment of the present invention is on the defensive.
Step 101, before operation is performed to destination object, the following defence step of triggering;
Step 102, to destination object to be operated, whether the execution of destination object described in automatic decision needs to import sand
Case;
If it is, performing step 103;If it is not, then performing step 104.
Step 103, if necessary to import sandbox, then completes the execution of the destination object in sandbox.
Step 104, if sandbox need not be imported, completes the execution of the destination object outside sandbox.
The destination object is performed according to normal handling process.
Preferably, if the execution of the destination object to be operated needs to import sandbox, before importing sandbox, may be used also
Prompt the user whether to import sandbox to eject reminding window, to facilitate user to carry out unrestricted choice according to the result of automatic decision.
In above-described embodiment, the destination object includes but is not limited to the letter of target program, file destination and user input
Breath.It is described in detail separately below.
(1)Target program
The target program is often referred to executable file, such as e-book, online player, serial number gencration device.
User can in several ways trigger the execution of step 102, and triggering mode is included but is not limited to:By under target program
After being downloaded to client, by double-click or click in right button menu the mode such as " opening " client run the target program it
Before, can trigger step 102 carries out automatic decision, so as to the operation for preventing rogue program destroys system;And/or, downloading target
Triggered before program, so that with regard to being defendd in advance before rogue program is downloaded into client.Additionally, for one
A bit can on-line operation target program, it is also possible to before runtime triggering defence protection.In a word, in any behaviour to target program
Automatic decision can be all carried out before work, with the security of protection system.
For being judged as needing to import the target program that sandbox is performed, the execution that the target program is completed in sandbox
Refer to:The target program is imported into sandbox, the operation of the target program is completed in sandbox.For example, for the color on certain website
Feelings player, the player is put into sandbox and is run.
(2)File destination
The file destination is often referred to the not executable file such as picture, and the execution of this file destination is needed by associated program
Complete.For example, for picture, it is necessary to start Photo Browser to browse, the Photo Browser is the pass of the picture file
Connection program.
For being judged as needing to import the file destination that sandbox is performed, the execution that the file destination is completed in sandbox
Refer to:The associated program that the file destination will be performed imports sandbox, and the file destination is run by the associated program in sandbox.
For example, for incredible picture file, can Photo Browser be imported into sandbox to open the picture.
For file destination, user also can in several ways trigger the execution of step 102, and triggering mode includes but do not limit
In:By the file destination or perform the file destination associated program download to client after, run the target in client
Triggered before file;And/or, downloading the advance of the file destination or the associated program for performing the file destination online
Row triggering.In a word, automatic decision can be all carried out before any operation to file destination, with the security of protection system.
(3)The information of user input
The information of the user input information such as including the network address of user input, keyword.
If the destination object is the information of user input, generally step is triggered in user input described information
102 carry out Prevention-Security, that is, judge the information such as network address, the keyword of user input whether secure and trusted, if insincere, hold
Row step 103.
It is described that user input letter is completed in sandbox for being judged as needing to import the user input information that sandbox is performed
The execution of breath refers to:The associated program that the user input information will be received imports sandbox, is believed according to the user input in sandbox
The breath operation associated program.For example, for there is suspicious network address, a browser is newly opened in sandbox to be linked to this
The corresponding website of network address, the browser program is the associated program for receiving network address input.
With reference to above-mentioned(1)、(2)、(3), no matter user's destination object to be operated is any, and method all may be used shown in Fig. 1
With automatic decision, whether its execution needs to import sandbox.Automatic judging method provided in an embodiment of the present invention is included but is not limited to:
Judge whether the destination object to be operated meets preset matched rule, if met, the target pair to be operated
The execution of elephant needs to import sandbox;If do not met, sandbox need not be imported.
Specifically, the judgement can be:The preset database of inquiry, by the destination object to be operated and the number
It is compared according to the presetting rule in storehouse, if inquired in the database, meets matched rule;If do not inquired,
Matched rule is not met then.The rule of various judgements is stored in database, or is directly stored and is met matched rule
The feature of object, if inquiring the destination object to be operated in database, show the destination object performs need
Import sandbox.
For different destination objects, corresponding matched rule is also different:
1)When the destination object to be operated is target program and/or file destination, the mesh to be operated is judged
Whether mark object meets preset matched rule, including:Judge whether the relevant information of the destination object meets preset
With rule;And/or, judge whether the relevant information for carrying out source program of the destination object meets preset matched rule.
Wherein, the relevant information of the destination object includes:
The file path of destination object, and/or
Encryption data(Such as MD5), and/or
File attribute(Such as name of product, version information, signature publisher, file size), and/or
Icon characteristics value(Such as icon cryptographic Hash), and/or
File characteristic value(Such as file cryptographic Hash), and/or
Download source(Which such as downloaded from website);
Accordingly, it is described come source program relevant information include:
Carry out the file path of source program, and/or
Encryption data(Such as MD5), and/or
File attribute(Such as name of product, version information, signature publisher, file size), and/or
Icon characteristics value(Such as icon cryptographic Hash), and/or
File characteristic value(Such as file cryptographic Hash), and/or
Download source(Which such as downloaded from website).
Relevant information based on above-mentioned destination object and carry out the relevant information of source program, the matched rule can be:
Example 1:For the pornographic player on website, matched rule is as follows:
Carrying out source program is:Browser program or explorer;
The filename of target:Comprising " Japanese AV " or " erotica " ...;
The file icon of target:It is specific player icon;
The file size of target:A scope is may be limited to, such as:1MB~10MB;
The file description of target:Such as xxxx adult's players, xxxx special players.
The player for meeting above-mentioned rule is judged to pornographic player.
Example 2:For unknown risky e-book, matched rule is as follows:
File destination title:Keyword comprising " e-book ";
The characteristic value of file destination icon is included:The feature of the icon of e-book.
E-book for meeting above-mentioned rule is judged to risky e-book.
Example 3:For unknown risky serial number gencration device, matched rule is as follows:
File destination title:There is the key comprising " serial number gencration device " or " keygen " or " cracker " or " shredder "
Word;
The characteristic value of file destination icon is included:The feature of the icon of serial number gencration device.
Serial number gencration device to meeting above-mentioned rule can determine whether to be risky serial number gencration device.
In addition to the above-mentioned several matched rules enumerated, can also there is other multiple rules, such as carry out fuzzy matching or
Match in full, preferentially carry out matching of file name, etc., depending on concrete application, will not enumerate herein.
2)When information of the destination object to be operated for user input, judge that the destination object to be operated is
It is no to meet preset matched rule, including:Judge whether the information of the user input meets preset matched rule.
For example, judging whether the network address of user input is the network address of some porn sites, or judge the pass of user input
Whether keyword is comprising information such as " Japanese AV " or " eroticas ".By the information of user input, it is possible to prejudge out under user
Whether website that one step to be browsed or the webpage to be searched for need to be put into sandbox.
Based on the above-mentioned various matched rules enumerated, it is preferred that carrying out the automatic of above-mentioned matched rule to destination object
Before judgement, following automatic decision can also be preferentially carried out, be listed below:
1)Before judging whether the destination object to be operated meets preset matched rule:
Create the process of the execution for destination object described in automatic decision;
Whether the parent process of the process is judged in sandbox, if it is, the execution of the destination object to be operated
Need to import sandbox;If it is not, then continuation judges whether the destination object to be operated meets preset matched rule.
If the process of the i.e. described execution for automatic decision destination object has parent process, this is used for automatic decision
Process be referred to as subprocess.If parent process has been imported in sandbox, illustrate that the parent process is insincere, then what the parent process was called
Subprocess is also incredible, so subprocess should also import sandbox execution.
2) before judging whether the destination object to be operated meets preset matched rule:
Judge whether user selects for the execution of the destination object to be operated to import sandbox, if it is, described treat
The execution of the destination object of operation needs to import sandbox;If it is not, then continuation judges whether the destination object to be operated accords with
Close preset matched rule.
I.e. user may participate in and choose whether to be put into sandbox, if actively selection is put into sandbox to user, need not carry out
The automatic decision of matched rule.
3) before judging whether the destination object to be operated meets preset matched rule:
Whether the destination object to be operated is judged in white list, if not in white list, it is described to be operated
Destination object be unknown object, continuation judge whether the destination object to be operated meets preset matched rule;If
In white list, then sandbox need not be imported.
The safe destination object of comparing is listed in the white list, the destination object in white list can not import sandbox
And directly perform.If destination object to be operated is in the white list, the automatic decision of matched rule can be exempted.Such as
Destination object really to be operated indicates that the destination object to be operated is unknown object not in the white list, in addition it is also necessary to
Further carry out automatic decision.
4) before judging whether the destination object to be operated meets preset matched rule:
Whether the destination object to be operated is judged in blacklist, if in blacklist, it is described to be operated
The execution of destination object needs to import sandbox;If not in blacklist, continuation judges that the destination object to be operated is
It is no to meet preset matched rule.
Certain incredible destination object is listed in the blacklist, if destination object to be operated is in the black name
Dan Zhong, then be introduced directly into sandbox execution;But if not in blacklist, the destination object to be operated can not be excluded certain
Safety, therefore also need to proceed the judgement of matched rule.
In actual applications, if destination object to be operated is in blacklist, it is also possible to directly intercepted without putting
Enter sandbox, these can be selected by user.
Above-mentioned 1)To 4)Individually can be used before the judgement of matched rule, it is also possible to combine in matched rule
Used before judgement.
Based on the above, in actual applications, the embodiment of the present invention additionally provides following two implementations:
The first, is according to the request of client, the execution of destination object to be operated as described in server end automatic decision
Whether need to import sandbox;
Specifically, server end stores the various rules of automatic decision, if target program to be operated or target
File has had been downloaded into client, and when user clicks on and performs, server is issued in the request that client will can be judged,
Automatic decision is carried out by server.Or, before downloading from a server target program or file destination, server is according to client
The download request at end, judges whether that importing sandbox downloads.Or, in user input network address, keyword, server is according to user
Input carry out automatic decision.
Second, whether the execution of destination object to be operated as described in client automatic decision needs to import sandbox.
In this case, client stores the various rules of automatic decision, and periodically renewal, client from server
Automatic decision can be carried out before user operates to destination object.
In sum, a kind of method of intelligent decision is above mentioned embodiment provided, destination object can be performed in user
Before operation, whether the execution of destination object described in automatic decision needs to import sandbox, thus produces the advantage that:
First, user can be helped to determine which risky program needs to be run in sandbox, without user certainly
Row judges;
Second, it is to avoid the program of safe devoid of risk is placed into operation in sandbox causes the loss of user data;
3rd, without the participation of user, therefore the operation of user is not influenceed, ease for use is high.
Based on the above, present invention also offers the preferred embodiment shown in Fig. 2.
Reference picture 2, is method flow diagram that a kind of utilization sandbox technology described in the preferred embodiment of the present invention is on the defensive.
So that destination object is target program as an example, destination object be the situation of file destination and user input information with it is such
Seemingly, no longer describe in detail.
Whole target program to be operated is as follows automatically into the judgement flow of sandbox:
Step 201, creates process;
Whether step 202, judge parent process in sandbox;
If parent process is in sandbox, step 208 is jumped to;
If parent process is not in sandbox, continue step 203.
Step 203, judges whether user selects for the execution of the target program to be operated to import sandbox;
If user has selected for the execution of the target program to be operated to import sandbox, step 208 is jumped to;
If the non-selected execution by the target program to be operated of user imports sandbox, continue step 204.
Whether step 204, judge the target program to be operated in white list;
If in white list, jumping to step 209;
If being unknown program not in white list, continue step 205.
Whether step 205, judge the destination object to be operated in blacklist;
If in blacklist, jumping to step 208;
If not in blacklist, continuing step 206.
Step 206, judges whether the target program is certain types of program;
Determine whether certain types of program according to various matched rules;
If it is, continuing step 207;
If it is not, then jumping to step 209.
Step 207, ejection reminding window prompting user target program will be imported in sandbox and performed;
If user's selection is imported, the target program is added into sandbox operation list.
Step 208, starts for the operational motions such as write-in, deletion, the modification of file/registration table of target program to be oriented to sandbox
In, judge that flow terminates.
Step 209, target program is run under general environment(Non- sandbox mode), judge that flow terminates.
It should be noted that above-mentioned steps 203 to the order of step 205 can also be changed, but be required for step 206 it
Before.
It should be noted that for foregoing each method embodiment, in order to be briefly described, therefore it is all expressed as a series of
Combination of actions, but those skilled in the art should know, the present invention not by described by sequence of movement limited because
According to the present invention, some steps can sequentially or simultaneously be carried out using other.Secondly, those skilled in the art should also know
Know, embodiment described in this description belongs to preferred embodiment, involved action and module is not necessarily of the invention
It is necessary.
Based on the above, present invention also offers corresponding device embodiment, as shown in Figure 3.
Reference picture 3, is structure drawing of device that a kind of utilization sandbox technology described in the preferred embodiment of the present invention is on the defensive.
Described device can include with lower module:
Trigger module 31 is judged, for before operation is performed to destination object, triggering the automatic decision module 32;
Automatic decision module 32, for destination object to be operated, whether the execution of destination object described in automatic decision
Need to import sandbox, if it is, completing the execution of the destination object in sandbox;If it is not, then completing the mesh outside sandbox
Mark the execution of object.
Wherein, the destination object is included but is not limited to:Target program, file destination, the information of user input.
When the execution of destination object described in automatic decision needs to import sandbox:
If the destination object is target program, the target program is imported sandbox by the automatic decision module 32,
The operation of the target program is completed in sandbox;
If the destination object is file destination, the automatic decision module 32 will perform the association of the file destination
Program imports sandbox, and the file destination is run by the associated program in sandbox;
If the destination object is the information of user input, the automatic decision module 32 will receive the user input
The associated program of information imports sandbox, and the associated program is run according to the user input information in sandbox;The user is defeated
The information for entering includes network address and/or keyword.
Also, if the destination object is target program, then the judgement trigger module 31 is by under the target program
Automatic decision module 32 was triggered before client runs the target program after being downloaded to client;And/or, downloading the target
Automatic decision module 32 is triggered before program;
If the destination object is file destination, the judgement trigger module 31 should by the file destination or execution
The associated program of file destination triggered automatic decision module 32 after downloading to client before client runs the file destination;
And/or, the triggering automatic decision module 32 before downloading the file destination or performing the associated program of the file destination online;
If the destination object is the information of user input, the judgement trigger module 31 is being believed described in user input
Automatic decision module 32 is triggered during breath.
Further, the automatic decision module 32 can include:
Rule judgment submodule 321, for judging whether the destination object to be operated meets preset matched rule,
If met, the execution of the destination object to be operated needs to import sandbox;If do not met, sand need not be imported
Case.
Further, when the destination object to be operated is target program and/or file destination, rule judgment
Module 321 judges whether the relevant information of the destination object meets preset matched rule;And/or, judge the target pair
Whether the relevant information for carrying out source program of elephant meets preset matched rule;
Wherein, the file path, and/or encryption data of the relevant information of the destination object including destination object, and/or
File attribute, and/or icon characteristics value, and/or file characteristic value, and/or download source;It is described come source program relevant information
File path, and/or encryption data, and/or file attribute, and/or icon characteristics value, and/or file including carrying out source program
Characteristic value, and/or download source;
When information of the destination object to be operated for user input, the rule judgment submodule 321 judges institute
Whether the information for stating user input meets preset matched rule.
Preferably, the automatic decision module 32 can also include:
Parent process judging submodule 322, after in establishment for the process of the execution of destination object described in automatic decision,
Whether the parent process of the process is judged in sandbox, if it is, the execution of the destination object to be operated needs to import
Sandbox;If it is not, then trigger the rule judgment submodule to continue to judge whether the destination object to be operated meets preset
Matched rule.
Preferably, the automatic decision module 32 can also include:
User selects judging submodule 323, for judging whether user selects holding the destination object to be operated
Row imports sandbox, if it is, the execution of the destination object to be operated needs to import sandbox;If it is not, then triggering is described
Rule judgment submodule continues to judge whether the destination object to be operated meets preset matched rule.
Preferably, the automatic decision module 32 can also include:
White list judging submodule 324, for judging the destination object to be operated whether in white list, if not
In white list, then the destination object to be operated is unknown object, triggers the rule judgment submodule and continues to judge institute
State whether destination object to be operated meets preset matched rule;If in white list, sandbox need not be imported.
Preferably, the automatic decision module 32 can also include:
Blacklist judging submodule 325, for judging the destination object to be operated whether in blacklist, if
In blacklist, then the execution of the destination object to be operated needs to import sandbox;If not in blacklist, triggering is described
Rule judgment submodule continues to judge whether the destination object to be operated meets preset matched rule.
Preferably, described device can also include:
Reminding module 33, for when the execution of the destination object to be operated needs to import sandbox, importing sandbox
Before, ejection reminding window prompts the user whether to import sandbox.
For device embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, it is related
Part is illustrated referring to the part of embodiment of the method.
The device that above-mentioned utilization sandbox technology is on the defensive can be deployed in server end, it is also possible to be deployed in client,
Before user performs operation to destination object, whether the execution of destination object described in automatic decision needs to import sandbox, helps
User determines which risky program needs to be run in sandbox, it is to avoid places in sandbox the program of safe devoid of risk and runs
Cause the loss of user data, and due to the participation without user, therefore do not influence the operation of user, ease for use is high.
Based on the device that above-mentioned utilization sandbox technology is on the defensive, the embodiment of the present invention additionally provides a kind of safety and browses
Device, the browser includes the device that systemic defence is carried out with sandbox technology as described in above-mentioned Fig. 3 embodiments, and can use Fig. 1
Or whether the execution of method automatic decision described in Fig. 2 destination object to be operated needs to import sandbox.Specifically describe and can be found in
The related content of above-mentioned Fig. 1, Fig. 2 and Fig. 3, no longer describes in detail.
Each embodiment in this specification is described by the way of progressive, what each embodiment was stressed be with
The difference of other embodiment, between each embodiment identical similar part mutually referring to.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relational terms be used merely to by
One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or operation
Between there is any this actual relation or order.
And, "and/or" above represent and both contained herein " and " relation, also contains the relation of "or", its
In:If option A and option b be " and " relation, then it represents that can simultaneously include option A and option b in certain embodiment;If
Option A and the relation that option b is "or", then it represents that can individually include option A in certain embodiment, or individually include option b.
Method, device and the secure browser being on the defensive to a kind of utilization sandbox technology provided by the present invention above,
It is described in detail, specific case used herein is set forth to principle of the invention and implementation method, above reality
The explanation for applying example is only intended to help and understands the method for the present invention and its core concept;Simultaneously for the general technology of this area
Personnel, according to thought of the invention, will change in specific embodiments and applications, in sum, this theory
Bright book content should not be construed as limiting the invention.