The rise of the Internet and networking technologies has resulted in the widespread transfer of code, data and files between computers. This material is not always what it seems to be. For example, code that is accessed on a remote machine and downloaded to a computer system can contain hostile algorithms that can potentially destroy code, crash the system, corrupt code or worse. Some of these hostile algorithms are viruses, worms, and Trojan horses.
Hostile, malicious and/or proscribed code, data and files (“code” as used hereinafter generally includes “data” and “files”) can infect a single computer system or entire network and so posit a security risk to the computer system or network. The user and/or administrator (generally referred to hereinafter as “user”) may wish to intercept, examine and/or control such code. The user might also wish to intercept, examine and/or control other code as well, for example, code which the user does not know to be hostile, but wishes to intercept nonetheless, for example, potentially sexually or racially harassing email, junk email, etc. This latter type of code is known hereinafter as “predetermined code”.
Antivirus or other similar packages attempt to protect the system or network from hostile, malicious, predetermined and/or proscribed code (generally referred to hereinafter as “proscribed code.”) VFIND®, from CyberSoft, Inc., is one such product that protects systems and networks from proscribed code. Any programs standing alone, such as VFIND®, must be run by the user, however, and run frequently, otherwise the protections offered by the programs are lost. Also, these programs is do not generally intercept proscribed code as the code is transferred from machine to machine, nor do these programs protect against hostile or unauthorized access to a machine or network.
A firewall is generally used to intercept proscribed code or protect against hostile or unauthorized access. When a firewall is installed, communications are routed through the firewall, and the firewall determines whether particular code is authorized to pass to the internal network. Firewalls have a number of disadvantages. A firewall must be placed at a “choke point” at which a network (an “internal” network) interfaces with one or more other networks (an “external” network.) Although placement of a security device at a choke point is proper practice, because all traffic must travel through the choke point, the firewall becomes a potential central point of failure: if the firewall fails, the entire connection to the network fails. Additionally, the firewall will usually add latency to the connection by performing its function. This firewall latency often degrades, linearly or logarithmically, the bandwidth such that all available bandwidth cannot be utilized. Also, since a firewall does not exist between the users on the internal network, a user can attack the internal system. It is an observation within the security industry that 80% of all attacks against a system originate on the internal network while only 20% of attacks originate from an external network.
Accordingly, because of these and other known disadvantages, firewalls alone cannot provide efficient, effective, and transparent protection for any machine or network.
Therefore, it would be beneficial to have an automatic system and method for simply and effectively scanning incoming and outgoing code in an efficient and effective manner transparently or almost transparently to the end-user, with little or no operational effort required by the user.
Accordingly, it is an object of the present invention to provide apparatus and methods that intercept, control, and/or examine code.
It is yet another object of the present invention to provide apparatus and methods that simply and effectively intercept, control, and/or examine incoming and outgoing code in an efficient and effective manner transparently or almost transparently to the enduser, with little or no operational effort required by the user.