1. Technical Field
The present disclosure relates generally to security and, more particularly, to a method and system for computer security.
2. Description of the Related Art
With the growth of the Internet, the increased use of computers and the exchange of information between individual users has posed a threat to the security of computers. Computer security attempts to ensure the reliable operation of networking and computing resources and attempts to protect information on the computer or network from unauthorized access or disclosure. Computer system(s) as referred to herein include(s) individual computers, servers, computing resources, networks, etc. Among the various security threats that present increasingly difficult challenges to the secure operation of computer systems are computer viruses, Trojan horses, worms, etc. Computer viruses are programs that can infect other programs by modifying them in such a way as to include a copy of themselves. A Trojan horse is an executable program that appears to be desirable but is merely disguised as “friendly” and actually contains harmful code, allowing an attacker to come in through the “back door” and perform malicious actions on the computer system.
Worms are independent programs that are capable of reproducing themselves, spreading from machine to machine, usually across network connections. Unlike computer viruses, worms do not need to infect other programs and do not need any user action to spread. Worms exist as a separate code in memory and spread silently on their own from computer system to computer system (instead of just spreading within one system). Worms are thus self propagating pieces of code designed to copy themselves from one computer system to another, trying to infect as many machines as possible, clogging up communications between, for example, computer systems and the Internet.
Email viruses use email to propagate from computer system to computer system. Infection of an email virus can occur when an attachment is opened that contains the virus. The attachment may appear to be harmless to the user because it might be sent from a contact that the user knows. However, the contact's email client, infected by the virus, may have sent copies of itself to the email addresses listed in the contact's address book. Thus, when a user opens the attachment that contains the virus, its own email client becomes infected and also starts sending the virus to the contacts in that user's address book. This process continues, causing the virus to spread throughout the Internet at a high rate, slowing down local area networks and the Internet.
System administrators responsible for the efficient operation of computer networks may utilize scanning programs in order to protect their computer systems from security threats such as worms, viruses, etc. Scanning programs operate to protect from the spread of these threats by detecting the threat and isolating and/or removing the malicious code. Scanning programs may contain a list of previously defined threat signatures or definitions, containing the binary patterns or signatures of the threat. The scanning programs scan the various files of a system looking for a match to a particular threat's signature. If a threat is detected, the user may be notified and further steps may be taken to remove or isolate the malicious code. However, conventional scanning products may not provide comprehensive protection against these threats. Scanning software may detect the threats present in the system, but it does nothing to prevent them from infiltrating the system in the first place. The scanning software should be continuously updated in order to be effective in detecting new and modified threats. This not only proves to be a very tedious and time consuming task for computer users, but also may not happen often enough to provide adequate safeguards against new threats. Even if a user is diligent about updating the signature database (e.g., weekly), this still leaves a large window of opportunity for new worms to propagate and infect a large number of machines. Malicious code can therefore spread very quickly and infect many computer systems before being detected.
Accordingly, it would be beneficial to have methods and systems for providing a quick and effective way of ensuring that exploitation of system vulnerabilities will not come to light.