The advance into ordinary households of ADSL (Asynchronous Digital Subscriber Line) services of late has been accompanied by an explosive increase in the frequency of computer viruses, and there are an increasing number of cases of serious damage imparted to networks.
The construction of IP (Internet Protocol) networks as communication networks is being studied and implemented. In communication networks of the prior art, dedicated hardware, software and other resources are provided, so that in general computer virus attacks were uncommon.
In contrast, servers used to construct an IP network are general-use machines, and the OS (Operating System) is Windows (a registered trademark of Microsoft Corporation), UNIX or similar, so that there are expected to be plentiful opportunities for a computer virus attack. Measures to counter computer viruses to date have focused primarily on preventing virus intrusion from outside the network.
However, there are a wide variety of computer viruses extant, and in cases in which a terminal (PC) already belonging to a network is infected with a virus, it is entirely possible that the virus may spread abruptly from the time at which the PC is connected to the IP network. The social effects resulting from disruption of the network may be far-reaching.
Similarly in enterprise LANs (Local Area Networks) as well, when a PC within the enterprise which has already been infected by a virus is connected, the virus may spread rapidly throughout the entire enterprise network, and the impact on the enterprise of a network shutdown due to the virus will be considerable.
As technology of the prior art, a technique has been proposed for preventing network propagation of a computer virus by dynamically altering the logical connection with the network and the unconnected state in computers or other information processing terminals connected to the network (see Japanese Patent Laid-open No. 11-73384).
In the invention according to Japanese Patent Laid-open No. 11-73384, a computer which already stores anti-virus functions (for example, a virus check program) is connected to a LAN. The anti-virus function is used with a file inserted into and executed on the computer, to judge whether the file is infected with a virus; when there is a virus infection, file transfer to the LAN is blocked.
However, in the technology of Japanese Patent Laid-open No. 11-73384, a virus check is performed only for a file inserted into a particular computer connected to the LAN.
Hence the technology of Japanese Patent Laid-open No. 11-73384 cannot be applied in a mode in which computers belonging to an enterprise LAN or similar are connected to and removed from the LAN as the occasion requires. That is, when a computer is itself already infected with a virus, a measure to block connection to the LAN is not possible.