With Internet use forming an ever greater part of day to day life, malicious software—often called “malware”—that steals or destroys system resources, data, and private information is an increasing problem. Governments and businesses devote significant resources to preventing intrusions by malware. Malware comes in many forms, such as computer viruses, worms, trojan horses, spyware, keystroke loggers, adware, and rootkits. Some of the threats posed by malware are of such significance that they are described as cyber terrorism or industrial espionage.
Even when a host machine has security software installed, malware may nevertheless avoid detection by the security software. When this happens, the host machine is considered to be “compromised.” In these instances, if a compromised host machine remains connected to the Internet after a malware intrusion, the malware can spread to network-adjacent host machines.
Operating systems include firewalls that, when enabled, restrict particular incoming and/or outgoing traffic to and/or from the host machine. Despite this capability, existing firewalls are not configured in such a way to address the aforementioned problem of a host machine becoming compromised by malware and allowing the malware to propagate to network-adjacent host machines through open Internet connections. Furthermore, most computer users are unsophisticated in terms of knowing how to create and/or modify firewall policies to achieve a desired result. Because of these factors, host machines remain vulnerable to security breaches and rapid spreading of malware.