Although the Internet has had great successes in facilitating communications between computer systems and enabling electronic commerce, the computer systems connected to the Internet have been under almost constant attack by hackers seeking to disrupt their operation. Many of the attacks seek to exploit vulnerabilities of the application programs or other computer programs executing on those computer systems. One of the most destructive methods of attacking a computer system has been to send a “worm” to a computer program. A worm is a self-propagating attack that exploits a vulnerability by taking control of the computer system and using that computer system to launch attacks (i.e., send the same worm) against other computer systems with the same vulnerability. A worm is a message or sequence of messages designed to exploit a vulnerability of the receiving computer program. Upon receiving the message or messages, the computer program performs some action that allows the worm to take control of the computer system.
Developers of applications and administrators of computer systems go to great effort and expense to identify and remove vulnerabilities. Because of the complexity of applications, however, it is virtually impossible to identify and remove all vulnerabilities before applications are released. After an application is released, developers can become aware of vulnerabilities in various ways. A party with no malicious intent may identify a vulnerability in an application and may secretly notify the developer so the vulnerability can be removed before a hacker identifies and exploits it. If a hacker identifies a vulnerability first, the developer may not learn of the vulnerability until it is exploited—sometimes with disastrous consequences.
Regardless of how a developer finds out about a vulnerability, the developer typically develops and distributes to the system administrators “patches” that remove the vulnerability. If the vulnerability has not yet been exploited (e.g., might not be known to hackers), then a developer can design, implement, test, and distribute a patch in a disciplined way. If the vulnerability has already been widely exposed, then the developer often rushes to hastily distribute a patch without the same care that is used under normal circumstances. When patches are distributed to the administrators of the computer systems, they are responsible for scheduling and installing the patches to remove the vulnerabilities.
Unfortunately, computer systems are often not kept up-to-date with the most current patches, also referred to as security levels, for various reasons. For example, administrators often delay the installation of patches to remove vulnerabilities because of the time it takes to install the patch or because the patch may have unintended side effects that may be worse than the exploitation of the vulnerability itself. As another example, a computer network may allow “visiting” computers to connect to it. These visiting computers may have applications with very different security levels depending on how often their owners decide to install patches. If a vulnerability of an application on such a visiting computer is exploited, it may wreck havoc on the computer network.