1. Technical Field
The present invention relates generally to an improved data processing system and in particular to a method and apparatus for managing data within a data processing system. Still more particularly, the present invention provides a method and apparatus for repairing damage caused by an unauthorized intrusion into a data processing system.
2. Description of Related Art
The Internet, also referred to as an “internetwork”, is a set of computer networks, possibly dissimilar, joined together by means of gateways that handle data transfer and the conversion of messages from a protocol of the sending network to a protocol used by the receiving network. When capitalized, the term “Internet” refers to the collection of networks and gateways that use the TCP/IP suite of protocols.
The Internet has become a cultural fixture as a source of both information and entertainment. Many businesses are creating Internet sites as an integral part of their marketing efforts, informing consumers of the products or services offered by the business or providing other information seeking to engender brand loyalty. Many federal, state, and local government agencies are also employing Internet sites for informational purposes, particularly agencies, which must interact with virtually all segments of society such as the Internal Revenue Service and secretaries of state. Providing informational guides and/or searchable databases of online public records may reduce operating costs. Further, the Internet is becoming increasingly popular as a medium for commercial transactions.
The Internet also is widely used to transfer applications to users using browsers. With respect to commerce on the Web, individual consumers and businesses use the Web to purchase various goods and services. In offering goods and services, some companies offer goods and services solely on the Web while others use the Web to extend their reach.
Further, the Internet has provided a medium for widespread messaging using electronic mail, also referred to as e-mail. With e-mail, a user may send a message to another user quickly over large geographic distances. For example, the sender of an e-mail may be located in New York while the recipient is located in Los Angeles. The transfer of e-mail may take only seconds as compared to days with the use of the post office to send a letter. Thus, more and more messages are being sent by e-mail rather than traditional mail.
With this widespread use of the Internet, threats from unauthorized intrusions, such as viruses, has become more common. A virus is a routine or program that can infect other routines or programs by modifying the target routines or programs, or the environment such that execution of the virus will result in the execution of a possibly modified copy of the virus. For example, if a program containing a virus is executed, the virus code is activated and attaches copies of itself to other programs in the system. Infected programs copy the virus to other programs. The effect of the virus may be a simple prank that pops up a message on screen out of the blue, or it may destroy programs and data right away or on a certain date. For example, a virus may lie dormant and damage a computer system once a year. Computer viruses and similar threats can be detected by matching patterns of known virus behavior in detailed system audit trails. In general, such a system is called an intrusion detection system (IDS). The IDS only detects the virus after it has run and infected the system, potentially damaging the system as well. Therefore, it would be advantageous to have an improved method and apparatus for repairing damage caused by an unauthorized intrusion of a data processing system.