CN103984897B - A kind of method and device stoping poisoning intrusion in software installation process - Google Patents

A kind of method and device stoping poisoning intrusion in software installation process Download PDF

Info

Publication number
CN103984897B
CN103984897B CN201410234404.7A CN201410234404A CN103984897B CN 103984897 B CN103984897 B CN 103984897B CN 201410234404 A CN201410234404 A CN 201410234404A CN 103984897 B CN103984897 B CN 103984897B
Authority
CN
China
Prior art keywords
installation
software
directory
program
program file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410234404.7A
Other languages
Chinese (zh)
Other versions
CN103984897A (en
Inventor
贾雨田
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qizhi Business Consulting Co ltd
Beijing Qihoo Technology Co Ltd
360 Digital Security Technology Group Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201410234404.7A priority Critical patent/CN103984897B/en
Publication of CN103984897A publication Critical patent/CN103984897A/en
Application granted granted Critical
Publication of CN103984897B publication Critical patent/CN103984897B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability

Abstract

The present invention is with regard to a kind of method and device stoping poisoning intrusion in software installation process.Methods described includes:After user starts installation interface, before triggering installation instruction, obtain temp directory;The installation kit of software to be installed is decompressed, and the program file decompressing out is carried out with exclusive setting, make only described program process described program file could be written and read operate with designated program process;Described program file that decompress out and through exclusive setting is stored under temp directory;After receiving the installation instruction of user's triggering, the program file under temp directory is copied under the installation directory that installation instruction is specified;If including all program files in installation kit under installation directory, running designated program process, to call the program file under installation directory, executing software installation.Present invention reduces the probability that software is infected, and simplify the process of software installation, improve the efficiency of software installation.

Description

A kind of method and device stoping poisoning intrusion in software installation process
Technical field
The present invention relates to a kind of computer realm, more particularly to a kind of stop poisoning intrusion in software installation process Method and device.
Background technology
With the development of computer, more and more application softwaries are developed, various in people's work and life to meet Change demand.Usually, the application software downloaded from the Internet or the application software reading from memorizer are all described answering With the corresponding software installation bag of software, only when running this software installation bag, and by all journeys in software installation bag When preface part all discharges and is installed in hard disk, user could normally run described application software.
In the installation process of existing anti-viral software, situation that anti-viral software be infected often occurs, for example Partial document in anti-viral software is tampered or is deleted.In order to avoid anti-viral software is infected, generally will be in peace During dress software, security verification is carried out to installation file, to check that anti-viruss install software whether safety.
It follows that existing anti-viral software is easily infected, and complex installation process, installation effectiveness is low.
Content of the invention
In view of the above problems it is proposed that the present invention is in order to providing one kind to overcome the problems referred to above or solving at least in part A kind of method and device stoping poisoning intrusion in software installation process of the problems referred to above, to reduce what software was infected Probability, simplifies installation process.
According to one aspect of the present invention, there is provided a kind of method stoping poisoning intrusion in software installation process, bag Include:
After user starts installation interface, before triggering installation instruction, obtain temp directory;
The installation kit of software to be installed is decompressed, and the program file decompressing out is carried out with exclusive setting, with Designated program process makes only described program process described program file could be written and read operate;
Described program file that decompress out and through exclusive setting is stored under described temp directory;
After receiving the installation instruction of described user's triggering, the program file under described temp directory is copied to described peace Fill under the installation directory specified;
If including all program files in described installation kit under described installation directory, running described designated program and entering Journey, to call the program file under described installation directory, executes software installation.
Optionally, the aforesaid method stoping poisoning intrusion in software installation process, also includes:
If including the subprogram file in described installation kit under described installation directory, in described installation kit remove institute The residual program file stated outside subprogram file is decompressed, and the residual program file decompressing out is carried out with exclusive setting Put, to specify described program process described residual program file could be written and read operate;
Described residual program file that decompress out and through exclusive setting is stored under described installation directory;
Judge under described installation directory, whether to include all program files in described installation kit.
Optionally, the aforesaid method stoping poisoning intrusion in software installation process, wherein, the interim mesh of described acquisition Record, including:
Determine required memory block size after described software decoding contracting to be installed;
Search writeable in local memory area, and residual capacity is more than or equal to depositing of described required memory block size Storage area;
According to described memory block, determine described temp directory.
Optionally, the aforesaid method stoping poisoning intrusion in software installation process, also includes:
If receiving the cancellation installation instruction of described user's triggering, the program file under described temp directory is deleted.
Optionally, the aforesaid method stoping poisoning intrusion in software installation process, also includes:
After user starts installation interface, before triggering installation instruction, judge whether described software to be installed is new peace Dress software;
Accordingly, after the described startup installation interface in user, before triggering installation instruction, obtain temp directory, specifically For:
After user starts installation interface, before triggering installation instruction, if described software to be installed is new installation software, Then obtain temp directory;
Wherein, described new installation software is locally uninstalled software.
Optionally, the aforesaid method stoping poisoning intrusion in software installation process, also includes:
If described software to be installed is not newly to install software, wait user's triggering installation instruction, and described receiving After installation instruction, the corresponding software of execution covers installation operation.
According to another aspect of the present invention, there is provided a kind of device stoping poisoning intrusion in software installation process, Including:
Acquisition module, after starting installation interface in user, before triggering installation instruction, obtains temp directory;
Processing module, for decompressing to the installation kit of software to be installed, and enters to the program file decompressing out The exclusive setting of row, makes only described program process described program file could be written and read operate with designated program process;
Memory module, for being stored in described temp directory by described program file that decompress out and through exclusive setting Under;
Replication module, for receiving after the installation instruction that described user triggers, by the program literary composition under described temp directory Part copies under the installation directory that described installation instruction is specified;
Module is installed, for when including all program files in described installation kit under described installation directory, running Described designated program process, to call the program file under described installation directory, executes software installation.
Optionally, the aforesaid device stoping poisoning intrusion in software installation process, also includes:
Described processing module, is additionally operable to when including the subprogram file in described installation kit under described installation directory When, the residual program file in addition to described subprogram file in described installation kit decompressed, and to decompressing out Residual program file carries out exclusive setting, to specify described program process described residual program file could be written and read grasp Make;
Described memory module, described for being stored in described residual program file that decompress out and through exclusive setting Under installation directory;
First judge module, for judging whether include all program literary compositions in described installation kit under described installation directory Part.
Optionally, the aforesaid device stoping poisoning intrusion in software installation process, wherein, described acquisition module, bag Include:
First determining unit, for determining required memory block size after described software decoding contracting to be installed;
Searching unit, writeable for searching in local memory area, and residual capacity is more than or equal to described required The memory block of memory block size;
Second determining unit, for according to described memory block, determining described temp directory.
Optionally, the aforesaid device stoping poisoning intrusion in software installation process, also includes:
Removing module, for when receiving the cancellation installation instruction of described user's triggering, by under described temp directory Program file is deleted.
Optionally, the aforesaid device stoping poisoning intrusion in software installation process, also includes:
Second judge module, after starting installation interface in user, before triggering installation instruction, waits described in judgement to pacify Whether dress software is newly to install software;
Accordingly, described acquisition module, after starting installation interface in user, before triggering installation instruction, If described software to be installed is new installation software, obtain temp directory.
Optionally, the aforesaid device stoping poisoning intrusion in software installation process, wherein,
Described installation module, is additionally operable to, when described software to be installed is not newly to install software, wait user's triggering to install Instruction, and after receiving described installation instruction, the corresponding software of execution covers installation operation.
By technique scheme, technical scheme provided in an embodiment of the present invention at least has following advantages:
The technical scheme that the present invention provides passes through the program file decompressing out is carried out with exclusive setting, is entered with designated program Journey make only described program process described program file could be written and read operate, it is to avoid in software installation process other The impact to installation procedure file for the rogue program, such as rogue program is altered to the malice of installation procedure file or is deleted, and then drops The probability that low software is infected, in addition, need not be increased in software installation process using the method that the present invention provides right The step that installation procedure file carries out security verification, thus simplifying the process of software installation, improves the effect of software installation Rate.Additionally, the technical scheme that the present invention provides is after user starts installation interface, before triggering installation instruction, treat in advance The installation kit installing software is decompressed, and the program file decompressing out is stored under described temp directory, treats user After triggering installation instruction, then the program file under temp directory is copied under the installation directory that user specifies, thus fully After make use of user to start installation interface, this period before triggering installation instruction is although installation kit decompression is required Time does not change, but from the point of view of whole installation process, which reduce in existing installation process user's triggering installation instruction it Time needed for installation kit is decompressed afterwards, thus improve the installation rate of software, decrease the waiting time of user, carry Rise the experience of user.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, And can be practiced according to the content of description, below with presently preferred embodiments of the present invention and coordinate accompanying drawing describe in detail as after.
Brief description
By reading the detailed description of hereafter preferred implementation, various other advantages and benefit are common for this area Technical staff will be clear from understanding.Accompanying drawing is only used for illustrating the purpose of preferred implementation, and is not considered as to the present invention Restriction.And in whole accompanying drawing, it is denoted by the same reference numerals identical part.In the accompanying drawings:
Fig. 1 shows the one kind of the method stoping poisoning intrusion in software installation process that the embodiment of the present invention one provides The schematic flow sheet realized;
Fig. 2 shows the another of the method stoping poisoning intrusion in software installation process that the embodiment of the present invention one provides Plant the schematic flow sheet realized;
Fig. 3 shows the flow process of the method stoping poisoning intrusion in software installation process that the embodiment of the present invention two provides Schematic diagram;
Fig. 4 shows the structural representation of the software installation device that the embodiment of the present invention three provides;
Fig. 5 shows the structural representation of acquisition module in the software installation device that the embodiment of the present invention three provides.
Specific embodiment
Purpose, technical scheme and advantage for making the embodiment of the present invention are clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described it is clear that described embodiment is The a part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment being obtained under the premise of not making creative work, broadly falls into the scope of protection of the invention.
As shown in figure 1, the stream of the method stoping poisoning intrusion in software installation process of the embodiment of the present invention one offer Journey schematic diagram.This enforcement methods described can use in antivirus engine, and for example, the antivirus for killing PE type file is drawn Hold up it is preferred that including cloud killing engine, and/or QVM (Qihoo Support Vector Machine, Qihoo's supporting vector Machine) engine.I.e. the executive agent of the methods described that the present embodiment provides can be mounted in the antivirus engine of client.Specifically , can multiple scanning engines be set in antivirus software, each scanning engine can have the advantages that each different, for example, The advantage of scanning engine A is that committed memory is smaller;The advantage of scanning engine B is scanning speed than very fast;Scanning engine C is good at Scanning imaging system file, scanning engine D is good at the non-program file of scanning, etc..It should be noted that for some non-paradoxes Feature, multiple advantages may concentrate on a scanning engine, and for example, the feature of scanning engine A is:Committed memory is little and arrogates to oneself The non-program file of long scan, etc..At the same time it can also pre-save the corresponding Call Condition of each scanning engine.Namely it is permissible Pre-set the corresponding relation between scanning engine and its Call Condition.When implementing, this Call Condition is specifically as follows:Meter The various possible characteristic information that can get in calculation machine system.Specifically, characteristic information can be included in computer system Software environment information, hardware environment information, type of protection and file type to be scanned etc..Wherein, software environment letter Breath, as the term suggests, operating system that computer can be included, the antivirus software installed etc.;Hardware environment information is permissible Including the memory size of computer, CPU processing speed etc..Type of protection can be divided into real-time protection and two kinds of manual scanning, leads to Often can be selected by user or change type of protection:For example, the type of protection of antivirus software acquiescence can be real-time protection, if User does not accept this type of protection, can will close real-time protection, when needing to be scanned, then manually boots scanned Journey.With regard to file type to be scanned, plurality of classes can be obtained according to different sorting techniques, for example, from whether being program File angle, can be divided into program file and non-program file, from file coding format angularly, be further divided into multimedia literary composition Part (wherein can also include video, audio frequency etc.) and text, from the angle of file size, are further divided into mass file And small files, etc..
The method stoping poisoning intrusion in software installation process described in the present embodiment one, including:
Step 101, user start installation interface after, triggering installation instruction before, obtain temp directory.
Wherein, described temp directory is because meeting following two conditions:
Program file that is condition 1, writeable, being extruded with the installation kit solution that can store software to be installed.
Condition 2, to there are enough memory spaces, the program file extruding with the installation kit solution that can leave software to be installed.
Specifically, this step can be faced by searching the memory block locally meeting above-mentioned two condition in all memory blocks and being used as When catalogue.For example, this step can be adopted and be realized with the following method:
First, determine required memory block size after described software decoding contracting to be installed.
Need exist for illustrate be:Size after compressed package decompression bad determination, the size after decompression may be close to former Compressed package size it is also possible to 4 times of former compressed package, this compressed software algorithm being used depending on described compressed package and compression Rate.Thus, this step can estimate required memory block size after the described software decoding contracting to be installed of rule determination using maximum.Its In, described maximum is estimated rule and can be come based on experience value artificially to determine, for example, takes 4 times of compressed package sizes as required after compression Memory block size, etc..
Then, search in local memory area writeable, and residual capacity be more than or equal to described required memory block big Little memory block.
Finally, according to described memory block, determine described temp directory.
Step 102, the installation kit to software to be installed decompress, and the program file decompressing out is monopolized Setting.
The purpose executing this step is for designated program process so that only described program process could be to described program File is written and read operating.The program file decompressing out is arranged to monopolize and opens, popular saying is exactly:Have permission and open Process could carry out corresponding read-write operation to it.In actual applications, can be by calling existing system function at present, such as CreateFile () function, program file is carried out with exclusive setting.By the above-mentioned step that program file is carried out with exclusive setting Suddenly, the methods described that the present embodiment provides can effectively avoid other malicious files altering or delete to software to be installed, carries The high safety of software installation.
Step 103, the described program file that decompressing out and warp are monopolized setting are stored under described temp directory.
Step 104, receive the installation instruction of described user triggering after, the program file under described temp directory is replicated Under the installation directory specified to described installation instruction.
Wherein, carry the information of described installation directory in described installation instruction.The peace of the described user's triggering receiving Dress instruction, the triggered generation of corresponding installation case as on user's touch-control software installation interface.
If including all program files in described installation kit under the described installation directory of step 105, run described finger Determine program process, to call the program file under described installation directory, execute software installation.
Specifically, this step can be by obtaining the file school of the total number of files mesh under described installation directory and described installation kit Test and compare, if comparing identical, showing that described installation kit decompresses and completing, include described under described installation directory All program files in installation kit;If compare differing, showing that described installation kit does not decompress and completing, described installation directory Under include subprogram file in described installation kit, in addition to the described subprogram file under described installation directory, install Residual program file in bag does not solve extrusion.
Need exist for illustrate be:In order to reduce the occupancy of local storage space, by the program under described temp directory After file copies under the installation directory that described installation instruction carries, the program file under described temp directory can be deleted, that is, This step directly can clip to the program file under described temp directory under the installation directory that described installation instruction carries.
The technical scheme that the present embodiment provides is passed through the program file decompressing out to be carried out with exclusive setting, with designated program Process make only described program process described program file could be written and read operate, it is to avoid in software installation process its His impact to installation procedure file for the rogue program, such as rogue program is altered to the malice of installation procedure file or is deleted, and then Reduce the probability that software is infected, in addition, need not increase in software installation process using the method that the present invention provides The step carrying out security verification to installation procedure file, thus simplifying the process of software installation, improves software installation Efficiency.Additionally, the technical scheme that the present embodiment provides is after user starts installation interface, before triggering installation instruction, in advance The installation kit of software to be installed is decompressed, and the program file decompressing out is stored under described temp directory, treat After user's triggering installation instruction, then the program file under temp directory is copied under the installation directory that user specifies, thus After taking full advantage of user's startup installation interface, this period before triggering installation instruction is although installation kit decompresses institute The time needing does not change, but from the point of view of whole installation process, which reduces user's triggering installation in existing installation process and refer to Time needed for installation kit is decompressed after order, thus improve the installation rate of software, decrease user wait when Between, improve the experience of user.
Further, as shown in Fig. 2 the method described in above-described embodiment also includes:
Step 201, judge under described installation directory, whether to include all program files in described installation kit.
Wherein, this step can be by obtaining the file verification of the total number of files mesh under described installation directory and described installation kit With compare, if compare identical, show that described installation kit decompresses and complete, under described installation directory, include described peace All program files in dress bag;If compare differing, showing that described installation kit does not decompress and completing, under described installation directory Include the subprogram file in described installation kit, in addition to the described subprogram file under described installation directory, installation kit In residual program file do not solve extrusion.
If including the subprogram file in described installation kit under the described installation directory of step 202, to described installation In bag, the residual program file in addition to described subprogram file is decompressed, and the residual program file decompressing out is entered The exclusive setting of row, to specify described program process described residual program file could be written and read operate.
Likewise, for avoiding other malicious files altering or delete to software to be installed, improve the peace of software installation Quan Xing, in described installation kit, the residual program file in addition to described subprogram file, after solution extrudes, also should carry out exclusive setting Put.
Step 203, the described residual program file that decompressing out and warp are monopolized setting are stored in described installation directory Under, and return to step 201.
After the installation instruction receiving described user's triggering, this step is directly by described residual program file decompression extremely Under described installation directory, so also just decrease the process copying to installation directory from temp directory, that is, receiving described use After the installation instruction of family triggering, in installation kit, using prior art, directly decompression is reduced to described installation directory to remaining ground program file Under.
Further, the method described in above-described embodiment can also comprise the steps:
If receiving the cancellation installation instruction of described user's triggering, the program file under described temp directory is deleted.
The purpose adding above-mentioned steps in the present embodiment is:For the following situation being likely to occur, that is, user is opening After dynamic installation interface, before triggering installation instruction, exit installation interface and this software is not installed, and adopt the present embodiment to provide Methods described decompresses to installation kit in advance, now, for reducing the occupancy of local storage space, when user exit described After installation interface, that is, above-mentioned steps are adopted to delete all program files under temp directory.
Further, the method described in above-described embodiment can also comprise the steps:
After user starts installation interface, before triggering installation instruction, judge whether software to be installed is that new installation is soft Part.
Wherein, described new installation software is locally uninstalled software.Specifically, for example this step can be local by inquiry The information whether having software to be installed in registration table, to judge whether described software to be installed is newly to install software, is even locally noted There is the information (as software identification, title etc.) of described software to be installed, then described software to be installed is not that new installation is soft in volume table Part, if not having the information of described software to be installed in locally registered table, described software to be installed is new installation software.Certainly may be used To judge that whether software to be installed be new installation software using additive method of the prior art, the present embodiment is not made to this to have Body limits.
Accordingly, step 101 in above-described embodiment one, after user starts installation interface, before triggering installation instruction, Obtain temp directory, specially following steps:
After user starts installation interface, before triggering installation instruction, if described software to be installed is new installation software, Then obtain temp directory.
Further, the method described in above-described embodiment, can also comprise the steps:
If described software to be installed is not newly to install software, wait user's triggering installation instruction, and described receiving After installation instruction, the corresponding software of execution covers installation operation.
The methods described that i.e. the present embodiment provides is suitable to newly install software, adopts the present embodiment to provide for new software of installing Method on shortening the set-up time, there is obvious advantage, and just can not adopt the present embodiment for cover type software installation The method providing.Certainly, the method that the present embodiment offer may also be employed for cover type software installation is realized, but can in effect Software can be newly installed obvious.
As shown in figure 3, the stream of the method stoping poisoning intrusion in software installation process of the embodiment of the present invention two offer Journey schematic diagram.Likewise, this enforcement two methods described can use in antivirus engine with embodiment one, that is, executive agent is permissible It is mounted in the antivirus engine of client.Specifically, the method described in the present embodiment two, including:
Step S1, the installation interface open command of receiving user's input, assume described software installation circle according to described instruction Face.
S2, after user starts installation interface, before triggering installation instruction, judge that whether software to be installed be new installation Software, if so, enters step S3;Otherwise, wait user's triggering installation instruction, and after receiving described installation instruction, execution Corresponding software covers installation operation.
Step S3, acquisition temp directory.
Step S4, the installation kit to described software to be installed decompress, and the program file decompressing out is stored Under described temp directory.
Step S5, the program file after described decompression is carried out with exclusive setting.
If step S6 receives the installation instruction of described user's triggering, and the program file under described temp directory is multiple Make under the installation directory that described installation instruction is specified, and execution step S7;If the cancellation receiving described user's triggering is installed Instruction, then delete the program file under described temp directory.
Step S7, judge under described installation directory, whether to include all program files in described installation kit, if so, then Execution step S8, otherwise, execution step S9~S10.
Step S8, the described designated program process of operation, to call the program file under described installation directory, execution software peace Dress.
Step S9, the program file under described temp directory is copied under the installation directory that described installation instruction is specified, And the residual program file in addition to described subprogram file in described installation kit is decompressed.
Step S10, the residual program file decompressing out is carried out with exclusive setting, will decompressing out and through exclusive setting Described residual program file be stored under described installation directory, and return to step S7.
It should be noted that:For aforesaid each method embodiment, in order to be briefly described, therefore it is all expressed as a series of Combination of actions, but those skilled in the art should know, the present invention is not limited by described sequence of movement because According to the present invention, some steps can be carried out using other orders or simultaneously.Secondly, those skilled in the art also should know Know, embodiment described in this description belongs to preferred embodiment, involved action and the module not necessarily present invention Necessary.
As shown in figure 4, the knot of the device stoping poisoning intrusion in software installation process of the embodiment of the present invention three offer Structure schematic diagram.The described device stoping poisoning intrusion in software installation process that the present embodiment provides can achieve above-described embodiment One and the method that provides of embodiment two, described device can be mounted in the antivirus engine of client.Specifically, the present embodiment three The device of the described prevention poisoning intrusion in software installation process providing includes:Acquisition module 1, processing module 2, memory module 3rd, replication module 4 and installation module 5.Wherein, described acquisition module 1 is used for after user starts installation interface, and triggering is installed Before instruction, obtain temp directory.Described processing module 2 is used for the installation kit of software to be installed is decompressed, and to solution Compress the program file and carry out exclusive setting, make the only described program process could be to described program with designated program process File is written and read operating.Described memory module 3 is used for described program file storage that decompress out and through exclusive setting Under described temp directory.After described replication module 4 is used for receiving the installation instruction that described user triggers, by described interim mesh Program file under record copies under the installation directory that described installation instruction is specified.Described installation module 5 is used for when described installation When including all program files in described installation kit under catalogue, run described designated program process, to call described installation Program file under catalogue, executes software installation..
The technical scheme that the present embodiment provides is passed through the program file decompressing out to be carried out with exclusive setting, with designated program Process make only described program process described program file could be written and read operate, it is to avoid in software installation process its His impact to installation procedure file for the rogue program, such as rogue program is altered to the malice of installation procedure file or is deleted, and then Reduce the probability that software is infected, in addition, need not increase in software installation process using the method that the present invention provides The step carrying out security verification to installation procedure file, thus simplifying the process of software installation, improves software installation Efficiency.Additionally, the technical scheme that the present embodiment provides is after user starts installation interface, before triggering installation instruction, in advance The installation kit of software to be installed is decompressed, and the program file decompressing out is stored under described temp directory, treat After user's triggering installation instruction, then the program file under temp directory is copied under the installation directory that user specifies, thus After taking full advantage of user's startup installation interface, this period before triggering installation instruction is although installation kit decompresses institute The time needing does not change, but from the point of view of whole installation process, which reduces user's triggering installation in existing installation process and refer to Time needed for installation kit is decompressed after order, thus improve the installation rate of software, decrease user wait when Between, improve the experience of user.
Further, the device of poisoning intrusion that stops in software installation process described in above-described embodiment also includes:The One judge module.Wherein, processing module described in above-described embodiment is additionally operable to when including described installation under described installation directory During subprogram file in bag, the residual program file in addition to described subprogram file in described installation kit is decompressed Contracting, and the residual program file decompressing out is carried out with exclusive setting, could be to described residue journey with specified described program process Preface part is written and read operating.Described memory module is additionally operable to described residual program literary composition that decompress out and through exclusive setting Part is stored under described installation directory.Described first judge module is used for judging whether to include described peace under described installation directory All program files in dress bag.
Further, the described acquisition module that above-described embodiment provides can the structure shown in Fig. 5 be realized.Specifically, institute State acquisition module 1 to include:First determining unit 11, searching unit 12 and the second determining unit 13.Wherein, described first determines list Unit 11 is used for determining required memory block size after described software decoding contracting to be installed.Described searching unit 12 is used for depositing in local Search writeable in storage area domain, and residual capacity is more than or equal to the memory block of described required memory block size.Described second determination Unit 13 is used for according to described memory block, determines described temp directory.
Further, the device of poisoning intrusion that stops in software installation process described in above-described embodiment also includes:Delete Except module.Wherein, described removing module is used for when receiving the cancellation installation instruction of described user's triggering, by described interim mesh Program file under record is deleted.
The device of poisoning intrusion that stops in software installation process described in above-described embodiment can also include:Second sentences Disconnected module.Wherein, described second judge module, after starting installation interface in user, before triggering installation instruction, judges Whether described software to be installed is newly to install software.Accordingly, the acquisition module described in above-described embodiment specifically for After family starts installation interface, before triggering installation instruction, if described software to be installed is new installation software, obtain interim mesh Record.
Further, the installation module described in above-described embodiment is additionally operable to when described software to be installed is not new installation During software, wait user's triggering installation instruction, and after receiving described installation instruction, the corresponding software of execution covers installs behaviour Make.
In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, and does not have the portion described in detail in certain embodiment Point, may refer to the associated description of other embodiment.
It is understood that the correlated characteristic in said method and switch can mutually reference.In addition, above-described embodiment In " first ", " second " etc. be for distinguishing each embodiment, and do not represent the quality of each embodiment.
Those skilled in the art can be understood that, for convenience and simplicity of description, the system of foregoing description, Device and the specific work process of unit, may be referred to the corresponding process in preceding method embodiment, will not be described here.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein. Various general-purpose systems can also be used together with based on teaching in this.As described above, construct required by this kind of system Structure be obvious.Additionally, the present invention is also not for any certain programmed language.It is understood that, it is possible to use various Programming language realizes the content of invention described herein, and the description above language-specific done is to disclose this Bright preferred forms.
In description mentioned herein, illustrate a large amount of details.It is to be appreciated, however, that the enforcement of the present invention Example can be put into practice in the case of not having these details.In some instances, known method, structure are not been shown in detail And technology, so as not to obscure the understanding of this description.
Similarly it will be appreciated that in order to simplify the disclosure and help understand one or more of each inventive aspect, Above in the description to the exemplary embodiment of the present invention, each feature of the present invention is grouped together into single enforcement sometimes In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:I.e. required guarantor The application claims of shield more features than the feature being expressly recited in each claim.More precisely, it is such as following Claims reflected as, inventive aspect is all features less than single embodiment disclosed above.Therefore, The claims following specific embodiment are thus expressly incorporated in this specific embodiment, wherein each claim itself All as the separate embodiments of the present invention.
Those skilled in the art are appreciated that and the module in the equipment in embodiment can be carried out adaptively Change and they are arranged in one or more equipment different from this embodiment.Can be the module in embodiment or list Unit or assembly be combined into a module or unit or assembly, and can be divided in addition multiple submodule or subelement or Sub-component.In addition to such feature and/or at least some of process or unit exclude each other, can adopt any Combination is to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so disclosed Where method or all processes of equipment or unit are combined.Unless expressly stated otherwise, this specification (includes adjoint power Profit requires, summary and accompanying drawing) disclosed in each feature can carry out generation by the alternative features providing identical, equivalent or similar purpose Replace.
Although additionally, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiments In included some features rather than further feature, but the combination of the feature of different embodiment means to be in the present invention's Within the scope of and form different embodiments.For example, in the following claims, embodiment required for protection appoint One of meaning can in any combination mode using.
The all parts embodiment of the present invention can be realized with hardware, or to run on one or more processor Software module realize, or with combinations thereof realize.It will be understood by those of skill in the art that can use in practice Microprocessor or digital signal processor (DSP) come to realize in software installation device according to embodiments of the present invention some or The some or all functions of the whole part of person.The present invention is also implemented as executing method as described herein Divide or whole equipment or program of device (for example, computer program and computer program).Such realize this Bright program can store on a computer-readable medium, or can have the form of one or more signal.Such Signal can be downloaded from internet website and obtain, or provides on carrier signal, or provided with any other form.
It should be noted that above-described embodiment the present invention will be described rather than limits the invention, and ability Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference markss between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not Element listed in the claims or step.Word "a" or "an" before element does not exclude the presence of multiple such Element.The present invention can come real by means of the hardware including some different elements and by means of properly programmed computer Existing.If in the unit claim listing equipment for drying, several in these devices can be by same hardware branch To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame Claim.

Claims (10)

1. a kind of method stoping poisoning intrusion in software installation process is it is characterised in that include:
After user starts installation interface, before triggering installation instruction, obtain temp directory;
The installation kit of software to be installed is decompressed, and the program file decompressing out is carried out with exclusive setting, to specify Program process makes only described program process described program file could be written and read operate;
Described program file that decompress out and through exclusive setting is stored under described temp directory;
After receiving the installation instruction of described user's triggering, the program file under described temp directory is copied to described installation and refers to Make under the installation directory specified, in described installation instruction, carry the information of described installation directory;
If including all program files in described installation kit under described installation directory, run described designated program process, To call the program file under described installation directory, execute software installation.
2. method according to claim 1 is it is characterised in that also include:
If including the subprogram file in described installation kit under described installation directory, in described installation kit remove described portion Residual program file outside block file is decompressed, and the residual program file decompressing out is carried out with exclusive setting, To specify described program process described residual program file could be written and read operate;
Described residual program file that decompress out and through exclusive setting is stored under described installation directory;
Judge under described installation directory, whether to include all program files in described installation kit.
3. method according to claim 1 and 2 is it is characterised in that described acquisition temp directory, including:
Determine required memory block size after described software decoding contracting to be installed;
Search writeable in local memory area, and residual capacity is more than or equal to the storage of described required memory block size Area;
According to described memory block, determine described temp directory.
4. method according to claim 1 and 2 is it is characterised in that also include:
If receiving the cancellation installation instruction of described user's triggering, the program file under described temp directory is deleted.
5. method according to claim 1 and 2 is it is characterised in that also include:
After user starts installation interface, before triggering installation instruction, judge whether described software to be installed is that new installation is soft Part;
Accordingly, after the described startup installation interface in user, before triggering installation instruction, obtain temp directory, specially:
After user starts installation interface, before triggering installation instruction, if described software to be installed is new installation software, obtain Take temp directory;
Wherein, described new installation software is locally uninstalled software.
6. a kind of device stoping poisoning intrusion in software installation process is it is characterised in that include:
Acquisition module, after starting installation interface in user, before triggering installation instruction, obtains temp directory;
Processing module, for decompressing to the installation kit of software to be installed, and is carried out solely to the program file decompressing out Account for setting, make only described program process described program file could be written and read operate with designated program process;
Memory module, for being stored in described program file that decompress out and through exclusive setting under described temp directory;
Replication module, for receiving after the installation instruction that described user triggers, the program file under described temp directory is multiple Make the information carrying described installation directory under the installation directory that described installation instruction is specified in described installation instruction;
Module is installed, described for when including all program files in described installation kit under described installation directory, running Designated program process, to call the program file under described installation directory, executes software installation.
7. device according to claim 6 is it is characterised in that also include:
Described processing module, is additionally operable to when including the subprogram file in described installation kit under described installation directory, right In described installation kit, the residual program file in addition to described subprogram file is decompressed, and to the remaining journey decompressing out Preface part carries out exclusive setting, to specify described program process described residual program file could be written and read operate;
Described memory module, is additionally operable to for described residual program file that decompress out and through exclusive setting to be stored in described peace Under dress catalogue;
First judge module, for judging whether include all program files in described installation kit under described installation directory.
8. the device according to claim 6 or 7 is it is characterised in that described acquisition module, including:
First determining unit, for determining required memory block size after described software decoding contracting to be installed;
Searching unit, writeable for searching in local memory area, and residual capacity is more than or equal to described required storage The memory block of area's size;
Second determining unit, for according to described memory block, determining described temp directory.
9. the device according to claim 6 or 7 is it is characterised in that also include:
Removing module, for when receiving the cancellation installation instruction of described user's triggering, by the program under described temp directory File is deleted.
10. the device according to claim 6 or 7 is it is characterised in that also include:
Second judge module, after starting installation interface in user, before triggering installation instruction, judges described to be installed soft Whether part is newly to install software;
Accordingly, described acquisition module, after starting installation interface in user, before triggering installation instruction, if institute Stating software to be installed is new installation software, then obtain temp directory.
CN201410234404.7A 2014-05-29 2014-05-29 A kind of method and device stoping poisoning intrusion in software installation process Active CN103984897B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410234404.7A CN103984897B (en) 2014-05-29 2014-05-29 A kind of method and device stoping poisoning intrusion in software installation process

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410234404.7A CN103984897B (en) 2014-05-29 2014-05-29 A kind of method and device stoping poisoning intrusion in software installation process

Publications (2)

Publication Number Publication Date
CN103984897A CN103984897A (en) 2014-08-13
CN103984897B true CN103984897B (en) 2017-03-08

Family

ID=51276862

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410234404.7A Active CN103984897B (en) 2014-05-29 2014-05-29 A kind of method and device stoping poisoning intrusion in software installation process

Country Status (1)

Country Link
CN (1) CN103984897B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104504327B (en) * 2014-12-31 2018-04-24 株洲南车时代电气股份有限公司 A kind of method and device of attaching troops to a unit of software
CN105224367A (en) * 2015-09-30 2016-01-06 浪潮电子信息产业股份有限公司 A kind of installation method of software and device
CN105825127B (en) * 2016-03-11 2019-03-01 珠海豹趣科技有限公司 A kind of window destroys hold-up interception method and device
CN108287836B (en) * 2017-01-09 2022-09-13 腾讯科技(深圳)有限公司 Resource caching method and device
CN108334782A (en) * 2018-05-16 2018-07-27 王红 Computer software installation method
CN112199098A (en) * 2020-10-16 2021-01-08 江苏小梦科技有限公司 Internet software installation application processing method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5859969A (en) * 1995-01-10 1999-01-12 Fujitsu Limited Remote installation system and method
EP1087293A2 (en) * 1999-09-24 2001-03-28 Hitachi, Ltd. A computer system and a program install method thereof
CN101120314A (en) * 2005-02-17 2008-02-06 国际商业机器公司 Method for installing operating system on remote storage: flash deploy and install zone
CN103577225A (en) * 2013-10-22 2014-02-12 北京奇虎科技有限公司 Software installation method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5859969A (en) * 1995-01-10 1999-01-12 Fujitsu Limited Remote installation system and method
EP1087293A2 (en) * 1999-09-24 2001-03-28 Hitachi, Ltd. A computer system and a program install method thereof
CN101120314A (en) * 2005-02-17 2008-02-06 国际商业机器公司 Method for installing operating system on remote storage: flash deploy and install zone
CN103577225A (en) * 2013-10-22 2014-02-12 北京奇虎科技有限公司 Software installation method and device

Also Published As

Publication number Publication date
CN103984897A (en) 2014-08-13

Similar Documents

Publication Publication Date Title
CN103984897B (en) A kind of method and device stoping poisoning intrusion in software installation process
US10581888B1 (en) Classifying software scripts utilizing deep learning networks
CN103473346B (en) A kind of Android based on application programming interface beats again bag applying detection method
KR101873619B1 (en) Boolean logic in a state machine lattice
US8990149B2 (en) Generating a predictive model from multiple data sources
US11301578B2 (en) Protecting data based on a sensitivity level for the data
CN109905385B (en) Webshell detection method, device and system
US20200285808A1 (en) Synonym dictionary creation apparatus, non-transitory computer-readable recording medium storing synonym dictionary creation program, and synonym dictionary creation method
CN111241389B (en) Sensitive word filtering method and device based on matrix, electronic equipment and storage medium
CN106528894B (en) The method and device of label information is set
TWI497418B (en) State machine engine, method for handling state vector data in a state machine engine and method for configuring a state machine lattice of a state machine engine
US9355250B2 (en) Method and system for rapidly scanning files
US20170004820A1 (en) Method for building a speech feature library, and method, apparatus, device, and computer readable storage media for speech synthesis
US20180018392A1 (en) Topic identification based on functional summarization
US20130262090A1 (en) System and method for reducing semantic ambiguity
US9460166B2 (en) Presenting a combined search results summary in a graphical view
US20130346909A1 (en) Navigation to a data definition in a diff context
CN105550573B (en) The method and apparatus for intercepting bundled software
US20200349258A1 (en) Methods and systems for preventing utilization of problematic software
EP3108400B1 (en) Virus signature matching method and apparatus
GB2521637A (en) Messaging digest
US8938807B1 (en) Malware removal without virus pattern
US20210081495A1 (en) Document content classification and alteration
US10579794B1 (en) Securing a network device by automatically identifying files belonging to an application
CN110634018A (en) Feature depiction method, recognition method and related device for lost user

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee after: Beijing Qizhi Business Consulting Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Qizhi software (Beijing) Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220401

Address after: 100016 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing

Patentee after: Sanliu0 Digital Security Technology Group Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Beijing Qizhi Business Consulting Co.,Ltd.