Modern computer networks are vulnerable to an ever widening variety of attacks and exploits. These attacks degrade the performance of individual hosts and of the network as a whole. They lead directly to the loss of critical data, privacy and, of course, money. A key characteristic of these attacks is the installation of unwanted programs/code into the host nodes that comprise the network. Backdoors, trojans, root-kits, and other types of malicious programs are injected into the networked computers unbeknownst to system users, admins, and owners. This injected malware then does the bidding of unknown masters elsewhere on the network.
Host-based file integrity checkers are sometimes used to detect intrusive attacks that may have compromised critical operating system files. Conventional host-based integrity checkers utilize a database of critical properties for key system files. During this process, the host computer applies this set of stored file signatures to detect whether the critical files of the operating system have been compromised. The file signatures which are used in the integrity checking process for the host computer are typically stored on the host system, or in a database stored on one other computer, and the system checking processes for a given host computer are run on that host computer. Storage of the signature data on the host itself (or a single other computer) renders the integrity checkers vulnerable to compromise. That is, an intrusive or malware program on that host can alter the signatures to prevent detection and conceal its intrusion. In addition, malware, once installed on the host, can prevent or otherwise disrupt the integrity checking processes which are run on that host.