Abstract: A whitelisting method for blocking script-based malware includes steps of: checking a command line of a process to confirm the process to launch a first interception point of a startup script file; checking whether the startup script file in a whitelist at the first interception point; determining that a test is passed when the startup script file exists in the whitelist, and launching the startup script file, wherein the startup script file at least includes a module script file; confirming the process to invoke a module loader to import and launch a second interception point of the module script file; checking whether the module loader is allowed to import the module script file, or is allowed to launch the module script file that has been imported by using the whitelist at the second interception point.

Abstract: A detection system for determining whether an update of at least one application installed on at least one whitelisted host is legitimate is provided. The system includes an update management server and update detectors installed with the application(s). During a process that software automatic update occurs in each update detector and a corresponding update installation package is executed, the executed update installation package generates at least one updater corresponding to each application. Each update detector transmits report information which includes the information of the at least one updater and sampled executable files to the update management server. The update management server obtains a number of update detectors, having performed the update operation of each application, according to the report information of each update detector. If the number is greater than or equal to a threshold value, it is determined that the update is legitimate.

Abstract: A method for preventing malicious software from attacking files of a computer system includes the following steps. Whether a file type of a specific file corresponding to an input/output (I/O) request is a to-be-backed-up file type is checked, wherein the to-be-backed-up file type belongs to one of multiple predetermined file types susceptible to malicious software attack. When the file type of the specific file is the to-be-backed-up file type, a backup already tag in a file context tag structure of the specific file is checked. When the backup already tag shows that the specific file has not been backed up, a backup process is performed for the specific file.

Abstract: A detection system for determining whether an update of at least one application installed on at least one whitelisted host is legitimate is provided. The system includes an update management server and update detectors installed with the application(s). During a process that software automatic update occurs in each update detector and a corresponding update installation package is executed, the executed update installation package generates at least one updater corresponding to each application. Each update detector transmits report information which includes the information of the at least one updater and sampled executable files to the update management server. The update management server obtains a number of update detectors, having performed the update operation of each application, according to the report information of each update detector. If the number is greater than or equal to a threshold value, it is determined that the update is legitimate.

Abstract: A method for preventing malicious software from attacking files of a computer system includes the following steps. Whether a file type of a specific file corresponding to an input/output (I/O) request is a to-be-backed-up file type is checked, wherein the to-be-backed-up file type belongs to one of multiple predetermined file types susceptible to malicious software attack. When the file type of the specific file is the to-be-backed-up file type, a backup already tag in a file context tag structure of the specific file is checked. When the backup already tag shows that the specific file has not been backed up, a backup process is performed for the specific file.