As the proliferation of the Internet increases, so too does the case with which individuals and commercial entities perform electronic transactions. However, along with these positive advances comes the threat from cyber hackers, terrorists, and other elements that focus on attacking computer networks in general and the Internet in particular. The continual attacks cause large financial losses for commercial entities as well as a concomitant loss of confidence among ordinary users. Hence, the need for and the expectation of electronic security are now greater than ever.
Unlike physical structures, which are vulnerable to physical attacks, computer networks are vulnerable to both physical attack and “virtual” attacks. Hackers execute these virtual attacks using specially designed computer programs like viruses. Since computer systems are accessible from anywhere on a network to which they are attached, they can be harder to protect than a physical structure. For example, a would-be hacker can attack a computer network from computer systems located in foreign nations far removed from the threat of United States or other law enforcement.
As the complexity and effectiveness of anti-virus and anti-intrusion methods has increased, so has the creativity of the hackers. Conventionally, a multitude of specially designed computer programs exist that have the potential to damage computer system and the networks with which they communicate. For example, conventional viruses exist that infect program files, infect the boot sector of disk drives, execute under the guise of a macro, operate as worms or Trojan Horses, as mimetic viruses, or use some other method to infect targeted systems. Each type of virus functions in at least a somewhat different manner, making them collectively harder to fight.
For example, a “classic” virus is a computer program that instructs the computer to do something harmful. The classic virus can also replicate itself and spread from one computer to another. A worm can be an even more dangerous iteration of the classic virus. Many conventional viruses spread across a network by attaching themselves to legitimate messages or programs. A worm, however, does not need to attach itself to a specific computer program. Instead, a worm copies itself across computer systems and networks without attaching to a host program. In contrast, the Trojan Horse programs appear to do something desirable, but also perform a harmful secondary function. A common example is a Trojan Horse program that secretly steals passwords from an unsuspecting user.
The need for better Internet security has never been greater. In 2000, viruses caused $17.1 billion in damages (Reuters, Aug. 31, 2001). Eradication of these programs can be very expensive. For example, according to Computer Economics, the “Love Bug” virus cost $8.75 billion to eradicate, the “Code Red” virus cost $2.62 billion, the “SirCam” virus cost $1.15 billion, and the “Nimda” virus cost $635 million. The major costs of virus cleanup include cleaning up infected machines, eradicating viruses, user downtime, and associated losses in productivity.
According to Businessweek Online, there are more than 36,000 known viruses and an average of 10-15 new viruses appear every day. Therefore, Internet security issues will continue to affect the financial health of commercial entities for the foreseeable future. A need exists to eliminate or at the very least minimize the effects of these conventional harmful computer programs.
Various conventional methods exist to control and eliminate computer viruses and other harmful programs. For example, anti-virus protection software can neutralize certain conventional viruses. When a virus is present on a computer system, the anti-virus software detects it. However, the effectiveness of the anti-virus software depends on how up-to-date the installed version of the software is on the computer system. One problem with these programs is that they rely on individual users to download current versions of the anti-virus software onto their systems. However, individual users, whose primary job function is not computer and network security and maintenance, tend not to actively update their computers for anti-virus software. Therefore, relying on individual users to update their anti-virus software is not an effective method to combat viruses and other harmful programs. Furthermore, if the virus software is outdated, a new virus that infects the user's computer may escape detection. If the virus goes undetected, when the user accesses an internal or external network server, the user may very well infect the server as well as any computers connected to a network to which the server is connected.
One conventional solution for the problem of maintaining effective virus protection is to assign a system administrator for a computer network to the task of monitoring anti-virus updates as they become available from the vendor. When they become available, the system administrator distributes the anti-virus software to individuals' computers without the active participation of the individual. The network administrator may utilize a centralized software management system to perform these updates. The centralized software management system distributes, updates and probes the computers on a network anti automatically installs updates as directed by the system administrator. Examples of such management systems include, but are not limited to, SIMPLE NETWORK MANAGEMENT TOOL, NOVELL IPX, MICROSOFT SERVICE MANAGEMENT SYSTEM (SMS), HP OPEN VIEW, AND IBM SYSTEM NETWORK ARCHITECTURE (SNA).
Typically, these software management systems inventory the current software on each individual computer, allow distribution, extraction and updating of software from a central location, monitor the network for problems and provide other methods that enable effective network management. Therefore, when using a centralized software management system, a dedicated system administrator would automatically update the computer to make sure that the virus program was current. Thus, the need for each user at each terminal to replicate this task is eliminated. Conventional systems focus on performing virus checks using these centralized software management systems to probe, monitor and update the network. Therefore, centralized software management systems achieve methods for network security. However, centralized software management systems are often expensive to implement and still rely on the system administrator to update the virus software.
U.S. Pat. No. 6,298,445 (the '445 patent) describes using a centralized management software system. The '445 patent describes a probe that monitors the system for security breaches and for security vulnerabilities. According to the '445 patent, the monitoring system assesses the operating systems of various computers and monitors the network for security vulnerabilities. Once the system administrator determines that enhancements are necessary, a push system sends the software enhancements to each system electronically.
However, not all computer networks have a network administrator who constantly updates individual computers' virus software. As the popularity and installed base of virtual private networks (VPN) increase, so does the risk of having unmanaged computers connected to the network. VPN systems are becoming increasingly popular because they provide cost savings by replacing more costly dedicated leased lines with secure connections across a public network. Furthermore, VPN systems do not require permanent links between sites, an advantage for users who need to travel. Unfortunately, with this freedom comes risk. If a remote computer becomes infected with a virus and accesses the VPN before receiving anti-virus software updates, the remote computer may infect the entire network.
A company may have other reasons for not utilizing a centralized software management system for managing every computer. For example, the cost of purchasing and implementing a centralized software management system may be prohibitive. Alternatively, a company may voluntarily choose not to link certain people's computers to the network because of the fear of compromising sensitive information present on certain computer systems. Therefore, in the absence of a centralized software management system, network security relies on individual users updating the virus protection programs on individual computers. In the absence of a diligent user performing these updates, harmful computer programs have an opportunity to attack an entire network. Thus, a solution is needed in which user security is maintained without the need for implementing a centralized software management system.
Another conventional solution to protect networks involves screening every data packet across the network for viruses and other harmful programs. U.S. Pat. No. 6,219,786 (the '786 patent) describes such a system. In the '786 patent, as data packets are transmitted throughout the network, each packet is analyzed at decision nodes distributed throughout the network. The decision nodes confirm if the user has the necessary security clearance to access/transmit that data across the network and check if the data packet has any viruses. If a virus is located in a data packet, the system alerts the user who is transmitting the virus. However, the system disclosed in the '786 patent requires decision nodes to screen every data packet transmitted across the network for viruses. For large networks, checking every data packet in every electronic transmission is impractical and cumbersome.
When a user accesses the Internet, the user is really accessing a computer server that contains the website. In principle, when accessing web pages or accessing a company server, the user is performing the same function, the user is accessing a server that contains the information the user wants. Users access servers or websites by many means. A user can access a website by a dedicated remote link or use an Internet browser and specify the address of the web page. The web page address merely directs the data packet to a computer server that contains the particular web page. Therefore, when the user requests to go to a particular website, the user is really specifying which file on a server the user wishes to access.
None of the conventional approaches to anti-virus protection provides a means of efficiently and effectively monitoring virus compliance of users whose systems are not maintained by a system administrator and without monitoring every data packet that is transmitted across the network. Such a means is needed.