It is impossible to imagine a modern office, regardless of its size, without a computer network. The networks allow quick and secure exchange of information between corporate computers, laptops, smart phones, tablets, printers, scanners and other networked electronic devices, which may be located in one building or in multiple offices located in distant geographic areas. Therefore, corporate information technology (IT) infrastructure can become quite complex and require constant administration and support in order to maintain its operation and solve various problems. For example, corporate computer networks are susceptible to attacks by malicious software, such as viruses, worms, Trojans and other types of malware. Malware typically exploits vulnerabilities in programs and applications running on the computers to penetrate corporate security infrastructure. Often malware may hide in software updates and infect a series of computers during large update processes. A malware that infects one corporate computer can then quickly spread through the network and infect other computers. These incidents adversely affect operation of the company because of the need to identify the infected computers and repair damage caused by the malware, as well as the loss of man-hours spent on fixing effected computers. Also, these incidents may lead to the leak or loss of confidential information, trade secrets, proprietary data and even theft of money. That is why control over the corporate networks, such as intranets, is very important, particularly, when it comes to execution and update of various applications deployed thereon.
The control over execution and update of programs and applications on corporate networks is typically performed by software security systems. These systems use different methods for controlling execution and update of software. For instance, some security systems allow execution of all software, which is not explicitly prohibited. In this case, an administrator may a list of specify prohibited applications, so that all other applications are allowed to execute or update on the computers. Other security systems prohibit execution of all software, which is not explicitly allowed. In this case, an administrator may specify a list of allowed applications, so that all other applications are prohibited to execute or update. As far as safety and effectiveness of administration are concerned, the security systems that use the method of denying the execution and update of all prohibited applications are considered to be more effective. These types of systems are sometimes called “Default Deny” systems.
In operation, “Default Deny” security systems of application control often maintain lists of authorized objects (e.g., a list of allowed applications or programs for one or more computers in the network). The system would allow execution an application that is on the list of authorized objects, and block all other applications and programs. These lists can be created based on particular information about the applications and programs, such as unique object identifiers, digital signatures, manufacturer's data, or other types of information. In addition, different lists of authorized objects may be maintained for different users. For example, a list of authorized applications for a graphics designer may include graphic design software; while a list of authorized applications for an accountant will include accounting software. In this mariner, “Default Deny” security systems maintain separate lists of authorized software for different users, thereby preventing access to unauthorized software to unauthorized users.
Generally, “Default Deny” security systems are effective in protecting corporate computers from malware. However, these types of security systems have a risk of incorrectly prohibiting execution of authorized software during software update, or even completely blocking some software updates. This can occur when, during software update, additional files are created or loaded to the computer by the updated software, which are not identified in the list of authorized objects, or when existing files are modified. Although these newly created, loaded and/or modified files are associated with authorized applications and, therefore, should be allowed to execute on the computer, the “Default Deny” security systems will typically block these files because they do not appear in the list of authorized objects, which results in a false positive detection of malware. Accordingly, there is a need for a security system for controlling and managing deployment and updates of software on corporate computers that minimizes spread of malware and at the same time prevents false positive detection of malware.