1. Technical Field
The present disclosure relates generally to computer security and, more particularly, to methods and systems for computer security.
2. Description of the Related Art
With the growth of the Internet, the increased use of computers and the exchange of information between individual users poses a threat to the security of computers. Computer security attempts to ensure the reliable operation of networking and computing resources and attempts to protect information on the computer or network from unauthorized corruption, access or disclosure. Computer system(s) as referred to herein may include(s) individual computers, servers, computing resources, networks, etc. Among the various security threats that present increasingly difficult challenges to the secure operation of computer systems are computer viruses, worms, Trojan horses, etc. Computer viruses are programs that can infect other programs by modifying them in such a way as to include a copy of themselves. Unlike computer viruses, worms do not need to infect other programs. Worms are independent programs that are capable of reproducing themselves, spreading from machine to machine across network connections, often via email.
Among the activities that can rapidly infect an unprotected computer system are sending and receiving email, sharing files, using online resources and conducting real-time transactions. Most recent virus outbreaks seem to be primarily propagated by email.
Users may utilize anti-virus programs in order to protect their computer systems and their email from security threats. Anti-virus programs, such as antivirus scanning programs, operate to protect computer systems against the spread of viruses by detecting the virus and isolating or removing the viral code. For example, an antivirus scanning program may contain a list of previously defined virus signatures, containing the binary patterns of a virus, each associated with a virus and can scan the various files of a system looking for a match to a particular virus signature. If a virus is detected, the user may be notified and further steps may be taken to rid the system of the malicious code.
Most anti-virus vendors offer a subscription service that provides users with virus signature updates as new virus outbreaks occur. These signatures can be automatically deployed to the subscriber or can be individually requested by the subscriber. Antivirus scanning agent software located on the computer system can then use the signatures to scan email for known viruses. FIG. 1 is a flow chart illustrating the standard subscription service. An antivirus agent contacts the antivirus server (Step S101). If the server is available (Step S102), then the antivirus agent updates the local virus signatures (Step S103). If the server is not available (Step S102), then the antivirus agent attempts to contact the server again (Step S101).
FIG. 2 is a flow chart illustrating an email antivirus strategy. An antivirus agent intercepts an email (Step S201) and checks the email (e.g., the email body and/or attachment) against the virus signatures (Step S202). If it is determined that the email is not infected (No, Step S203), then the antivirus agent delivers the email to the user's inbox (Step S204). However, if it is determined that the email is infected (Yes, Step S203), then the antivirus agent blocks the email and/or attachment (Step S205) and notifies the user of the infection (Step S206).
Anti-virus programs, such as virus scanning agent software described above may detect viruses present in the system, but may do nothing to prevent them from infiltrating the system in the first place. The virus scanning agent software should be continuously updated in order to be effective in detecting new and modified viruses. This not only proves to be a very tedious and time consuming task for computer users, but also may not happen often enough to provide adequate safeguards against foreign intrusions. Furthermore, many machines can become infected before a new virus signature is even available.
Accordingly, it would be beneficial to provide a reliable and effective way to prevent virus outbreaks propagated through email altogether before a virus signature is made available to detect the virus.