Recently, attention has been focused on security techniques to protect a computer system's hardware and software from a disaster, an accident, an unjust investigation, a destruction or a change by a computer virus. Especially, in proportion to the rapid spread of Internet or Intranet, security on a network is attached importance.
In the prior art, in order to protect against a mixture of computer viruses, a countermeasure using filtering software (for example, Virus Buster presented by TrendMicro Inc.) is mainly adopted. In this filtering software, countermeasure data called as “vaccine” detects the computer virus and deletes it.
Furthermore, as for the computer virus which attacks and damages a security hole of an operating system (for example, Windows® presented by Microsoft Inc.), damage caused by the computer virus is prevented by applying a modification program to stop up the security hole.
However, in the prior art, the countermeasure for the computer virus is executed after the computer virus is found and specified. Briefly, the countermeasure is forestalled in every attempt for damage of new (unknown) computer virus. In other words, there is a time lag corresponding to a period from the generation of the computer virus to the countermeasure of the computer virus. Accordingly, the computer virus may rapidly spread in several hours before countermeasure data, such as the vaccine or the modification program, are distributed. As a result, the computer system is greatly damaged in the several hours by the computer virus.