Software vendors often provide updates (e.g., patches and other software and configuration updates) to address security vulnerabilities in software to protect computers from malicious and mischievous intrusions. However, many system administrators or users forgo or at least delay update installations as long as their systems are working properly to avoid a risk of unintended consequences (such as failures caused by installing faulty updates). As a result, their computers may be vulnerable to attack, despite the availability of preventative measures. This vulnerability is especially significant in large computer installations, e.g., data centers or large enterprises, where there are many nodes to attack, and where compromising one node can adversely affect the entire installation.
When a node is compromised, it can be shut down or at least isolated to protect the uncompromised nodes in the system. However, sudden removal of a node from a system can cause a loss of functionality or further problems. U.S. patent application Ser. No. 11/409,351, filed Apr. 21, 2006, discloses a method in which a compromised process or node is quarantined so that some functionality is maintained pending correction of its problem. However, in the ever-escalating battle between security providers and security breachers, further protective measures are desired that help maintain system functionality.
Herein, related art is presented to aid in understanding the present invention. Related art labeled “prior art” is admitted prior art; related art not labeled “prior art” is not admitted prior art.