CN104023122B - Safety defense method and device - Google Patents
Safety defense method and device Download PDFInfo
- Publication number
- CN104023122B CN104023122B CN201410188859.XA CN201410188859A CN104023122B CN 104023122 B CN104023122 B CN 104023122B CN 201410188859 A CN201410188859 A CN 201410188859A CN 104023122 B CN104023122 B CN 104023122B
- Authority
- CN
- China
- Prior art keywords
- application program
- implanted
- present terminal
- initiative defense
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 230000007123 defense Effects 0.000 title claims abstract description 103
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000001514 detection method Methods 0.000 claims description 6
- 230000006870 function Effects 0.000 description 35
- 230000008569 process Effects 0.000 description 8
- 238000002347 injection Methods 0.000 description 7
- 239000007924 injection Substances 0.000 description 7
- 230000000694 effects Effects 0.000 description 6
- 230000008859 change Effects 0.000 description 5
- 238000009826 distribution Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 2
- 238000003860 storage Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 239000012634 fragment Substances 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 210000003733 optic disk Anatomy 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Landscapes
- Stored Programmes (AREA)
- Telephone Function (AREA)
Abstract
The invention discloses a kind of safety defense method and device, wherein, safety defense method comprises: obtain user to the trigger request of opening Initiative Defense function, obtain application program to be implanted according to trigger request, and uses application program to be implanted to replace application program corresponding to present terminal; Show the information that restarts, to make present terminal load application program to be implanted when restarting, wherein, when restarting, the loading of application program to be implanted is prior to the loading of third party application; And after present terminal has restarted, carry out Initiative Defense.Above-mentioned safety defense method and device, can carry out the Initiative Defense desired by user, drastically increase the fail safe of present terminal, protect the privacy of user preferably under non-ROOT environment, brings conveniently to user, and be easy to realize.
Description
Technical field
The present invention relates to computer security technique field, particularly relate to a kind of safety defense method and device.
Background technology
Along with the fast development of computer, mobile terminal such as mobile phone is very universal, and the function that mobile terminal provides also gets more and more.Such as, user can freely install various application program, and to install tens application programs be in the terminal very general situation.And whether these application programs are very important for user safely, therefore, user mobile phone needs to have Initiative Defense function.
At present, Android (Android) mobile phone self software is made to get system highest weight limit, in order to tackle the malicious act of nonstandard third-party application, changing the setting option of consume system resources, is a kind of means that current related security software or system management facility are conventional.
Particularly, the implementation making mobile phone self software get system highest weight limit is: first carry out ROOT operation to Android phone, then authorized by user ROOT initiatively, cell phone software is made to get the highest weight limit of system, finally, android system is injected (HOOK), thus reaches the object of Prevention-Security.
But if the mobile phone of user did not carry out ROOT operation, just cannot realize this injection mode, therefore, the mobile phone of user also just cannot carry out Initiative Defense.
Summary of the invention
The present invention is intended to solve one of technical problem in correlation technique at least to a certain extent.For this reason, one object of the present invention is to propose a kind ofly have safety defense method and the device that can carry out Initiative Defense under non-ROOT environment.
The embodiment of the present invention proposes a kind of safety defense method, comprising: obtain user to the trigger request of opening Initiative Defense function, obtain application program to be implanted according to trigger request, and uses application program to be implanted to replace application program corresponding to present terminal; Show the information that restarts, to make present terminal load application program to be implanted when restarting, wherein, when restarting, the loading of application program to be implanted is prior to the loading of third party application; And after present terminal has restarted, carry out Initiative Defense.
According to the safety defense method of the embodiment of the present invention; the application program to be implanted obtained is used to replace application program corresponding to present terminal; application program to be implanted is loaded when present terminal restarts; and after present terminal has restarted, carry out Initiative Defense, thus the Initiative Defense desired by user can be carried out under non-ROOT environment; drastically increase the fail safe of present terminal; protect the privacy of user preferably, bring conveniently to user, and be easy to realize.
The embodiment of the present invention proposes a kind of Prevention-Security device, comprise: replacement module, for obtaining user to the trigger request of opening Initiative Defense function, obtain application program to be implanted according to trigger request, and use application program to be implanted to replace application program corresponding to present terminal; Display module, for showing the information restarted, to make present terminal load application program to be implanted when restarting, wherein, when restarting, the loading of application program to be implanted is prior to the loading of third party application; And defense module, for after present terminal has restarted, carry out Initiative Defense.
According to the Prevention-Security device embodiment of the embodiment of the present invention, the application program to be implanted obtained is used to replace application program corresponding to present terminal by replacement module, the information restarted is shown by display module, above-mentioned application program to be implanted is loaded when restarting to make present terminal, and by defense module after present terminal has restarted, carry out Initiative Defense, thus the Initiative Defense that can carry out under non-ROOT environment desired by user, drastically increase the fail safe of present terminal, protect the privacy of user preferably, bring conveniently to user, and be easy to realize.
The embodiment of the present invention proposes a kind of mobile terminal, and this mobile terminal comprises housing, processor, memory, circuit board and power circuit, and wherein, circuit board is placed in the interior volume that housing surrounds, and processor and memory are arranged on circuit boards; Power circuit, for powering for each circuit of mobile terminal or device; Memory is used for stores executable programs code; Processor runs the program corresponding with executable program code by reading the executable program code stored in memory, for performing following steps: obtain user to the trigger request of opening Initiative Defense function, obtain application program to be implanted according to trigger request, and use application program to be implanted to replace application program corresponding to present terminal; Show the information that restarts, to make present terminal load application program to be implanted when restarting, wherein, when restarting, the loading of application program to be implanted is prior to the loading of third party application; And after present terminal has restarted, carry out Initiative Defense.
According to the mobile terminal of the embodiment of the present invention; the application program to be implanted obtained is used to replace application program corresponding to present terminal; application program to be implanted is loaded when present terminal restarts; and after present terminal has restarted, carry out Initiative Defense, thus the Initiative Defense desired by user can be carried out under non-ROOT environment; drastically increase the fail safe of present terminal; protect the privacy of user preferably, bring conveniently to user, and be easy to realize.
Accompanying drawing explanation
Fig. 1 is the flow chart of safety defense method according to an embodiment of the invention.
Fig. 2 is the flow chart of safety defense method in accordance with another embodiment of the present invention.
Fig. 3 is the structural representation of Prevention-Security device according to an embodiment of the invention.
Fig. 4 is the structural representation of Prevention-Security device in accordance with another embodiment of the present invention.
Embodiment
Be described below in detail embodiments of the invention, the example of described embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or has element that is identical or similar functions from start to finish.Be exemplary below by the embodiment be described with reference to the drawings, be intended to for explaining the present invention, and can not limitation of the present invention be interpreted as.
Below with reference to the accompanying drawings safety defense method and the device of the embodiment of the present invention are described.
Fig. 1 is the flow chart of safety defense method according to an embodiment of the invention.This safety defense method can be applied to client, and this client can be the terminal equipments such as mobile phone, panel computer (PAD) or computer.This safety defense method can carry out Initiative Defense when the operating environment of terminal exists leak.
As shown in Figure 1, this safety defense method comprises:
S101, obtains user to the trigger request of opening Initiative Defense function, obtains application program to be implanted according to trigger request, and uses application program to be implanted to replace application program corresponding to present terminal.
In this embodiment, client software is after determining that present terminal does not have the highest (ROOT) authority, the mark of Initiative Defense function is opened in display, after clicking the mark of opening Initiative Defense function user, obtain user to the trigger request of this mark, then according to this trigger request display prompting download information, application program to be implanted is downloaded to make user according to prompting download information.
Because application program to be implanted can be kept at server side, therefore download request can be sent according to the associative operation of user to server, and the application program to be implanted that reception server returns according to download request.
Wherein, application program to be implanted is system application (APP), such as, can be " SettingsStorage " APP.Application program to be implanted is generate after the application program corresponding to present terminal carries out decompiling, amendment code and Reseal, and client software, after acquisition application program to be implanted, covers with it and replaces original corresponding A PP.
S102, shows the information that restarts, and to make present terminal load application program to be implanted when restarting, wherein, when restarting, the loading of application program to be implanted is prior to the loading of third party application.
After completing replacement operation, client software can show the information restarted, user restarts present terminal according to this information, present terminal loads application program to be implanted automatically when restarting, during owing to restarting, the loading of application program to be implanted is prior to the loading of third party application, therefore the malicious act of third party application can be tackled after having restarted, reach and ROOT operation is not carried out to present terminal such as mobile phone, namely this present terminal does not have the highest operating right, just can carry out the effect of active safety defence.
Wherein, ROOT is present in unix system (as AIX, BSD etc.) and class unix system (Linux as each distribution version such as Debian, Redhat, Ubuntu and android system), ROOT authority refers to have authorities all in system, as started or stoped a process, delete or adding users, increase or forbid hardware etc.
S103, after present terminal has restarted, has carried out Initiative Defense.
In this embodiment, present terminal has restarted and has namely meaned that completing injection HOOK to application program to be implanted operates, because application program to be implanted is system application, therefore system highest weight limit can be obtained, therefore, client software can complete malicious act, the operation such as execution rights management, uninstalling system application etc. of interception third party application.
Above-mentioned safety defense method embodiment; the application program to be implanted obtained is used to replace application program corresponding to present terminal; application program to be implanted is loaded when present terminal restarts; and after present terminal has restarted, carry out Initiative Defense, thus the Initiative Defense desired by user can be carried out under non-ROOT environment; drastically increase the fail safe of present terminal; protect the privacy of user preferably, bring conveniently to user, and be easy to realize.
Fig. 2 is the flow chart of safety defense method in accordance with another embodiment of the present invention, and this embodiment is to exist MasterKey leak to describe concrete implementation procedure in Android (Android) mobile phone.
As shown in Figure 2, this safety defense method comprises:
S201, whether detection of handset has ROOT authority, if determine, mobile phone has ROOT authority, then obtain system highest weight limit, then inject, and carry out Initiative Defense, if determine, mobile phone does not have ROOT authority, then perform S202.
In this embodiment, first client software detects the ROOT environment of user mobile phone, when determining that mobile phone carries out ROOT operation, can obtain system highest weight limit, then injecting, thus reach the object of Initiative Defense; When determining that mobile phone does not carry out ROOT operation, prompting user is the need of unlatching Initiative Defense function.
S202, the mark of Initiative Defense function is opened in display.
Particularly, in the mark pointing out user the need of unlatching Initiative Defense function can be shown when opening Initiative Defense function.
S203, obtains user to the trigger request of opening Initiative Defense function, obtains application program to be implanted according to trigger request, and uses application program to be implanted to replace application program corresponding to mobile phone.
After user confirms to open Initiative Defense function, prompting download information can be shown, point out and guide user to download application program to be implanted, namely exempt from ROOT and inject patch, and using application program to be implanted to replace application program corresponding in mobile phone, concrete substitute mode can be replaced for covering.
Wherein, application program to be implanted can be " SettingsStorage " APP.The effect of this APP is setting option record after user being changed in systems in which and preserves.This application program to be implanted is generate after carrying out decompiling, amendment code and Reseal to application program corresponding in mobile phone.
S204, shows the information that restarts, and to make mobile phone load application program to be implanted when restarting, wherein, when restarting, the loading of application program to be implanted is prior to the loading of third party application.
After completing replacement operation, client software can show the information restarted, user restarts mobile phone according to this information, " SettingsStorage " due to android system applies and android system operates in same process, so it is also a system-level application, and can when mobile phone power-on the very first time load, meet start shooting time just the necessary condition in code injection (HOOK) system.
Because " SettingsStorage " is system application, so after carrying out HOOK operation to it, client software just can obtain system highest weight limit, so the malicious act of interception third party application can be completed, reach and ROOT operation is not carried out to mobile phone, namely this mobile phone does not have the highest operating right, just can carry out the effect of active safety defence.
Wherein, HOOK technology refers to: after carrying out HOOK to target program event, once there is HOOK event in target program, the maim body carrying out HOOK to this event will receive the notice of system, at this moment maim body just can make response in the very first time to this target program event, such as, can intervene or change the result of target program event.Namely the result of target program event just can be intervened or change to client software.
S205, after mobile phone has restarted, has carried out Initiative Defense.
In this embodiment, mobile phone has restarted and has namely meaned that completing injection HOOK to application program to be implanted operates, because application program to be implanted is system application, therefore system highest weight limit can be obtained, therefore, client software can complete malicious act, the operation such as execution rights management, uninstalling system application etc. of interception third party application.
Above-mentioned safety defense method embodiment, the application program to be implanted obtained is used to replace application program corresponding to mobile phone, application program to be implanted is loaded when mobile phone restarts, and after mobile phone has restarted, carry out Initiative Defense, thus the Initiative Defense that can carry out under non-ROOT environment desired by user, drastically increase the fail safe of mobile phone, protect the privacy of user preferably, bring convenience to user, especially give and do not like carrying out ROOT operation to mobile phone or do not know how bringing conveniently to the user that mobile phone carries out ROOT operation, and be easy to realize.
In order to realize above-described embodiment, the present invention also proposes a kind of Prevention-Security device.
Fig. 3 is the structural representation of Prevention-Security device according to an embodiment of the invention.
As shown in Figure 3, this Prevention-Security device comprises: replacement module 31, display module 32 and defense module 33, wherein:
Replacement module 31, for obtaining user to the trigger request of opening Initiative Defense function, obtains application program to be implanted according to above-mentioned trigger request, and uses above-mentioned application program to be implanted to replace application program corresponding to present terminal; Display module 32 is for showing the information restarted, and to make present terminal load above-mentioned application program to be implanted when restarting, wherein, when restarting, the loading of above-mentioned application program to be implanted is prior to the loading of third party application; Defense module 33, for after above-mentioned present terminal has restarted, carries out Initiative Defense.
Wherein, present terminal can be the terminal equipments such as mobile phone, panel computer (PAD) or computer.
In addition, as shown in Figure 2, this Prevention-Security device can also comprise: mark display module 34, this mark display module 34 for: above-mentioned replacement module 31 obtain user to the trigger request of opening Initiative Defense function before, the mark of Initiative Defense function is opened in display.Like this, after clicking the mark of opening Initiative Defense function user, replacement module 31 can obtain the trigger request of user to this mark, then according to this trigger request display prompting download information, downloads application program to be implanted to make user according to above-mentioned prompting download information.
Particularly, this replacement module 31 comprises: acquiring unit 311 and replacement unit 312, wherein: acquiring unit 311 is for showing prompting download information, according to the above-mentioned application program to be implanted of above-mentioned prompting download acquisition of information according to above-mentioned trigger request; Replacement unit 312 replaces application program corresponding to above-mentioned present terminal for using above-mentioned application program to be implanted to cover.More specifically, above-mentioned acquiring unit 311 can send download request according to above-mentioned prompting download information to server, and receives the application program above-mentioned to be implanted that above-mentioned server returns according to above-mentioned download request.Wherein, application program to be implanted is system application (APP), such as, can be " SettingsStorage " APP.Application program to be implanted is generate after the application program corresponding to above-mentioned present terminal carries out decompiling, amendment code and Reseal.
In addition, this Prevention-Security device can also comprise: determination module 35, and this determination module 35, for before the mark of above-mentioned mark display module 34 display unlatching Initiative Defense function, determines that above-mentioned present terminal does not have the highest ROOT authority.Further, Prevention-Security device can also comprise: detection module 36, at above-mentioned determination module 35, this detection module 36 is for before determining that above-mentioned present terminal does not have the highest ROOT authority, detect above-mentioned present terminal and whether there is ROOT authority, if determine, above-mentioned present terminal has ROOT authority, then carry out Initiative Defense.Particularly, the malicious act of interception third party application can be completed, perform the operation such as rights management, uninstalling system application.
Comprise replacement module 31, display module 32, defense module 33, process that the Prevention-Security device of mark display module 34, determination module 35 and detection module 36 carries out Initiative Defense see Fig. 1 or Fig. 2, can not repeat herein.
Above-mentioned Prevention-Security device embodiment, the application program to be implanted obtained is used to replace application program corresponding to present terminal by replacement module, the information restarted is shown by display module, above-mentioned application program to be implanted is loaded when restarting to make present terminal, and by defense module after present terminal has restarted, carry out Initiative Defense, thus the Initiative Defense that can carry out under non-ROOT environment desired by user, drastically increase the fail safe of present terminal, protect the privacy of user preferably, bring conveniently to user, and be easy to realize.
In order to realize above-described embodiment, the present invention also proposes a kind of mobile terminal, this mobile terminal comprises housing, processor, memory, circuit board and power circuit, wherein, foregoing circuit plate is placed in the interior volume that above-mentioned housing surrounds, and above-mentioned processor and above-mentioned memory are arranged on foregoing circuit plate; Above-mentioned power circuit, for powering for each circuit of above-mentioned mobile terminal or device; Above-mentioned memory is used for stores executable programs code; Above-mentioned processor runs the program corresponding with above-mentioned executable program code by reading the executable program code stored in above-mentioned memory, for execution following steps:
S101 ', obtains user to the trigger request of opening Initiative Defense function, obtains application program to be implanted according to trigger request, and uses application program to be implanted to replace application program corresponding to present terminal.
In this embodiment, present terminal refers to mobile terminal, after determining that present terminal does not have the highest (ROOT) authority, the mark of Initiative Defense function is opened in display, after clicking the mark of opening Initiative Defense function user, obtain user to the trigger request of this mark, then according to this trigger request display prompting download information, download application program to be implanted to make user according to prompting download information.
Because application program to be implanted can be kept at server side, therefore download request can be sent according to the associative operation of user to server, and the application program to be implanted that reception server returns according to download request.
Wherein, application program to be implanted is system application (APP), such as, can be " SettingsStorage " APP.Application program to be implanted is generate after the application program corresponding to mobile terminal carries out decompiling, amendment code and Reseal, and the software in mobile terminal, after acquisition application program to be implanted, covers with it and replaces original corresponding A PP.
S102 ', shows the information that restarts, and to make present terminal load application program to be implanted when restarting, wherein, when restarting, the loading of application program to be implanted is prior to the loading of third party application.
After completing replacement operation, mobile terminal can show the information restarted, user restarts present terminal according to this information, present terminal loads application program to be implanted automatically when restarting, during owing to restarting, the loading of application program to be implanted is prior to the loading of third party application, therefore the malicious act of third party application can be tackled after having restarted, reach and ROOT operation is not carried out to present terminal such as mobile phone, namely this present terminal does not have the highest operating right, just can carry out the effect of active safety defence.
Wherein, ROOT is present in unix system (as AIX, BSD etc.) and class unix system (Linux as each distribution version such as Debian, Redhat, Ubuntu and android system), ROOT authority refers to have authorities all in system, as started or stoped a process, delete or adding users, increase or forbid hardware etc.
S103 ', after present terminal has restarted, has carried out Initiative Defense.
In this embodiment, present terminal has restarted and has namely meaned that completing injection HOOK to application program to be implanted operates, because application program to be implanted is system application, therefore system highest weight limit can be obtained, therefore, the software in mobile terminal can complete malicious act, the operation such as execution rights management, uninstalling system application etc. of interception third party application.
Above-mentioned mobile terminal embodiment; the application program to be implanted obtained is used to replace application program corresponding to present terminal; application program to be implanted is loaded when mobile terminal restarts; and after present terminal has restarted, carry out Initiative Defense, thus the Initiative Defense desired by user can be carried out under non-ROOT environment; drastically increase the fail safe of mobile terminal; protect the privacy of user preferably, bring conveniently to user, and be easy to realize.
In another embodiment, above-mentioned processor can also be used for performing following steps:
S201 ', whether detection of handset has ROOT authority, if determine, mobile phone has ROOT authority, then obtain system highest weight limit, then inject, and carry out Initiative Defense, if determine, mobile phone does not have ROOT authority, then perform S202.
In this embodiment, first detect the ROOT environment of user mobile phone, when determining that mobile phone carries out ROOT operation, system highest weight limit can be obtained, then inject, thus reach the object of Initiative Defense; When determining that mobile phone does not carry out ROOT operation, prompting user is the need of unlatching Initiative Defense function.
S202 ', the mark of Initiative Defense function is opened in display.
Particularly, in the mark pointing out user the need of unlatching Initiative Defense function can be shown when opening Initiative Defense function.
S203 ', obtains user to the trigger request of opening Initiative Defense function, obtains application program to be implanted according to trigger request, and uses application program to be implanted to replace application program corresponding to mobile phone.
After user confirms to open Initiative Defense function, prompting download information can be shown, point out and guide user to download application program to be implanted, namely exempt from ROOT and inject patch, and using application program to be implanted to replace application program corresponding in mobile phone, concrete substitute mode can be replaced for covering.
Wherein, application program to be implanted can be " SettingsStorage " APP.The effect of this APP is setting option record after user being changed in systems in which and preserves.This application program to be implanted is generate after carrying out decompiling, amendment code and Reseal to application program corresponding in mobile phone.
S204 ', shows the information that restarts, and to make mobile phone load application program to be implanted when restarting, wherein, when restarting, the loading of application program to be implanted is prior to the loading of third party application.
After completing replacement operation, show the information restarted, user restarts mobile phone according to this information, " SettingsStorage " due to android system applies and android system operates in same process, so it is also a system-level application, and can when mobile phone power-on the very first time load, meet start shooting time just the necessary condition in code injection (HOOK) system.
Because " SettingsStorage " is system application, so after carrying out HOOK operation to it, client software just can obtain system highest weight limit, so the malicious act of interception third party application can be completed, reach and ROOT operation is not carried out to mobile phone, namely this mobile phone does not have the highest operating right, just can carry out the effect of active safety defence.
Wherein, HOOK technology refers to: after carrying out HOOK to target program event, once there is HOOK event in target program, the maim body carrying out HOOK to this event will receive the notice of system, at this moment maim body just can make response in the very first time to this target program event, such as, can intervene or change the result of target program event.Namely the result of target program event just can be intervened or change to client software.
S205 ', after mobile phone has restarted, has carried out Initiative Defense.
In this embodiment, mobile phone has restarted and has namely meaned that completing injection HOOK to application program to be implanted operates, because application program to be implanted is system application, therefore system highest weight limit can be obtained, therefore, client software can complete malicious act, the operation such as execution rights management, uninstalling system application etc. of interception third party application.
Above-mentioned mobile terminal embodiment; the application program to be implanted obtained is used to replace application program corresponding to mobile phone; application program to be implanted is loaded when mobile phone restarts; and after mobile phone has restarted; carry out Initiative Defense; thus the Initiative Defense that can carry out under non-ROOT environment desired by user; drastically increase the fail safe of mobile phone; protect the privacy of user preferably; bring convenience to user; especially give and do not like carrying out ROOT operation to mobile phone or do not know how bringing conveniently the user that mobile phone carries out ROOT operation, and be easy to realize.
In the description of this specification, specific features, structure, material or feature that the description of reference term " embodiment ", " some embodiments ", " example ", " concrete example " or " some examples " etc. means to describe in conjunction with this embodiment or example are contained at least one embodiment of the present invention or example.In this manual, to the schematic representation of above-mentioned term not must for be identical embodiment or example.And the specific features of description, structure, material or feature can combine in one or more embodiment in office or example in an appropriate manner.In addition, when not conflicting, the feature of the different embodiment described in this specification or example and different embodiment or example can carry out combining and combining by those skilled in the art.
In addition, term " first ", " second " only for describing object, and can not be interpreted as instruction or hint relative importance or imply the quantity indicating indicated technical characteristic.Thus, be limited with " first ", the feature of " second " can express or impliedly comprise at least one this feature.In describing the invention, the implication of " multiple " is at least two, such as two, three etc., unless otherwise expressly limited specifically.
Describe and can be understood in flow chart or in this any process otherwise described or method, represent and comprise one or more for realizing the module of the code of the executable instruction of the step of specific logical function or process, fragment or part, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can not according to order that is shown or that discuss, comprise according to involved function by the mode while of basic or by contrary order, carry out n-back test, this should understand by embodiments of the invention person of ordinary skill in the field.
In flow charts represent or in this logic otherwise described and/or step, such as, the sequencing list of the executable instruction for realizing logic function can be considered to, may be embodied in any computer-readable medium, for instruction execution system, device or equipment (as computer based system, comprise the system of processor or other can from instruction execution system, device or equipment instruction fetch and perform the system of instruction) use, or to use in conjunction with these instruction execution systems, device or equipment.With regard to this specification, " computer-readable medium " can be anyly can to comprise, store, communicate, propagate or transmission procedure for instruction execution system, device or equipment or the device that uses in conjunction with these instruction execution systems, device or equipment.The example more specifically (non-exhaustive list) of computer-readable medium comprises following: the electrical connection section (electronic installation) with one or more wiring, portable computer diskette box (magnetic device), random access memory (RAM), read-only memory (ROM), erasablely edit read-only memory (EPROM or flash memory), fiber device, and portable optic disk read-only memory (CDROM).In addition, computer-readable medium can be even paper or other suitable media that can print described program thereon, because can such as by carrying out optical scanner to paper or other media, then carry out editing, decipher or carry out process with other suitable methods if desired and electronically obtain described program, be then stored in computer storage.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple step or method can with to store in memory and the software performed by suitable instruction execution system or firmware realize.Such as, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: the discrete logic with the logic gates for realizing logic function to data-signal, there is the application-specific integrated circuit (ASIC) of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is that the hardware that can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, this program perform time, step comprising embodiment of the method one or a combination set of.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, also can be that the independent physics of unit exists, also can be integrated in a module by two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and the form of software function module also can be adopted to realize.If described integrated module using the form of software function module realize and as independently production marketing or use time, also can be stored in a computer read/write memory medium.
The above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.Although illustrate and describe embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, and those of ordinary skill in the art can change above-described embodiment within the scope of the invention, revises, replace and modification.
Claims (14)
1. a safety defense method, is characterized in that, comprising:
Determine that present terminal does not have the highest ROOT authority, obtain user to the trigger request of opening Initiative Defense function, application program to be implanted is obtained according to described trigger request, and use described application program to be implanted to replace application program corresponding to present terminal, wherein, described application program to be implanted is generate after the application program corresponding to described present terminal carries out decompiling, amendment code and Reseal, and is system application;
Show the information that restarts, to make present terminal load described application program to be implanted when restarting, wherein, when restarting, the loading of described application program to be implanted is prior to the loading of third party application; And
After described present terminal has restarted, carry out Initiative Defense.
2. method according to claim 1, is characterized in that, before described acquisition user is to the trigger request of unlatching Initiative Defense function, also comprises:
The mark of Initiative Defense function is opened in display.
3. method according to claim 1, is characterized in that, describedly obtains application program to be implanted according to described trigger request, comprising:
According to described trigger request display prompting download information, application program to be implanted according to described prompting download acquisition of information.
4. method according to claim 1, is characterized in that, the described application program to be implanted of described use replaces application program corresponding to present terminal, comprising:
Use described application program to be implanted to cover and replace application program corresponding to described present terminal.
5. method according to claim 1, is characterized in that, described after described present terminal has restarted, and carries out Initiative Defense, comprising:
After described present terminal has restarted, the malicious act of interception third party application.
6. method according to claim 3, is characterized in that, described according to described prompting download acquisition of information application program to be implanted, comprising:
Send download request according to described prompting download information to server, and receive the application program described to be implanted that described server returns according to described download request.
7. method according to claim 1, is characterized in that, described determine that described present terminal does not have the highest ROOT authority before, also comprise:
Detect described present terminal and whether have ROOT authority, if determine, described present terminal has ROOT authority, then carry out Initiative Defense.
8. a Prevention-Security device, is characterized in that, comprising:
Determination module, for determining that present terminal does not have the highest ROOT authority;
Replacement module, for obtaining user to the trigger request of opening Initiative Defense function, application program to be implanted is obtained according to described trigger request, and use described application program to be implanted to replace application program corresponding to present terminal, wherein, described application program to be implanted is generate after the application program corresponding to described present terminal carries out decompiling, amendment code and Reseal, and is system application;
Display module, for showing the information restarted, to make present terminal load described application program to be implanted when restarting, wherein, when restarting, the loading of described application program to be implanted is prior to the loading of third party application; And
Defense module, for after described present terminal has restarted, has carried out Initiative Defense.
9. device according to claim 8, is characterized in that, also comprises:
Mark display module, for: before described replacement module acquisition user is to the trigger request of unlatching Initiative Defense function, the mark of Initiative Defense function is opened in display.
10. device according to claim 8, is characterized in that, described replacement module comprises:
Acquiring unit, for showing prompting download information according to described trigger request, application program to be implanted according to described prompting download acquisition of information.
11. devices according to claim 8, is characterized in that, described replacement module comprises:
Replacement unit, replaces application program corresponding to described present terminal for using described application program to be implanted to cover.
12. devices according to claim 8, is characterized in that, described defense module, specifically for:
After described present terminal has restarted, the malicious act of interception third party application.
13. devices according to claim 10, is characterized in that, described acquiring unit, specifically for:
Send download request according to described prompting download information to server, and receive the application program described to be implanted that described server returns according to described download request.
14. devices according to claim 8, is characterized in that, also comprise:
Detection module, before determining that described present terminal does not have the highest ROOT authority at described determination module, detect described present terminal and whether have ROOT authority, if determine, described present terminal has ROOT authority, then carry out Initiative Defense.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410188859.XA CN104023122B (en) | 2014-05-06 | 2014-05-06 | Safety defense method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410188859.XA CN104023122B (en) | 2014-05-06 | 2014-05-06 | Safety defense method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104023122A CN104023122A (en) | 2014-09-03 |
| CN104023122B true CN104023122B (en) | 2016-04-06 |
Family
ID=51439685
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410188859.XA Expired - Fee Related CN104023122B (en) | 2014-05-06 | 2014-05-06 | Safety defense method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104023122B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104239797B (en) * | 2014-10-13 | 2017-07-07 | 北京奇虎科技有限公司 | Active defense method and device |
| CN104239786B (en) * | 2014-10-13 | 2017-08-04 | 北京奇虎科技有限公司 | Exempt from ROOT Initiative Defenses collocation method and device |
| CN106874769B (en) * | 2016-12-30 | 2019-05-24 | 腾讯科技(深圳)有限公司 | The defence method and device of loophole |
| CN111489478A (en) * | 2020-04-24 | 2020-08-04 | 英华达(上海)科技有限公司 | Access control method, system, device and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7779422B1 (en) * | 2005-10-05 | 2010-08-17 | Mcafee, Inc. | System, method, and computer program product for compatibility among hooking applications |
| CN202652255U (en) * | 2012-05-25 | 2013-01-02 | 中国电力科学研究院 | SQL injection safety protection system |
| CN103324887A (en) * | 2013-07-05 | 2013-09-25 | 百度在线网络技术(北京)有限公司 | Mobile terminal, security defense device thereof and security defense method thereof |
-
2014
- 2014-05-06 CN CN201410188859.XA patent/CN104023122B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7779422B1 (en) * | 2005-10-05 | 2010-08-17 | Mcafee, Inc. | System, method, and computer program product for compatibility among hooking applications |
| CN202652255U (en) * | 2012-05-25 | 2013-01-02 | 中国电力科学研究院 | SQL injection safety protection system |
| CN103324887A (en) * | 2013-07-05 | 2013-09-25 | 百度在线网络技术(北京)有限公司 | Mobile terminal, security defense device thereof and security defense method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104023122A (en) | 2014-09-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104023122B (en) | Safety defense method and device | |
| CN104731625B (en) | A kind of method, apparatus and mobile terminal loading plug-in unit | |
| CN105427096B (en) | Payment security sandbox implementation method and system and application program monitoring method and system | |
| US11221838B2 (en) | Hot update method, operating system, terminal device, system, and computer-readable storage medium for a system process | |
| Poeplau et al. | Execute this! analyzing unsafe and malicious dynamic code loading in android applications. | |
| Wei et al. | Permission evolution in the android ecosystem | |
| US20100287544A1 (en) | Secure patch updates of a virtual machine image in a virtualization data processing system | |
| US20150371040A1 (en) | Method, Device And System For Processing Notification Bar Message | |
| EP2626803A1 (en) | Information processing device and method for preventing unauthorized application cooperation | |
| CN105574414B (en) | Method of loading a file into a random access memory in an electronic device and associated electronic device | |
| US20170068810A1 (en) | Method and apparatus for installing an application program based on an intelligent terminal device | |
| CN105676993A (en) | Method and device for saving electric quantity and electronic equipment | |
| CN104751049A (en) | Application program installing method and mobile terminal | |
| CN104156414A (en) | Terminal, device and method for clearing junk files | |
| CN106341732B (en) | Management method of desktop starter and intelligent television | |
| CN108647317B (en) | Incremental file generation method and device, storage medium and electronic equipment | |
| CN104134036B (en) | Method and device for obtaining Root permission | |
| CN105335184A (en) | Application installation method and apparatus | |
| CN105809055A (en) | Access control method and device, and related equipment | |
| CN104239098A (en) | Automatic software upgrading method and device and mobile terminal | |
| CN104036194A (en) | Vulnerability detection method and device for revealing private data in application program | |
| CN105451223A (en) | Information monitoring method and device, and mobile terminal | |
| CN103024558B (en) | Television camera privacy security protection method and system | |
| CN104657187A (en) | Application installation processing method, application installation processing device and electronic equipment | |
| CN106682504B (en) | A kind of method, apparatus for preventing file from maliciously being edited and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160406 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |