1. Field of the Invention
The present invention relates generally to systems and methods for maintaining security of computer systems connected to one or more networks (Local Area Networks or Wide Area Networks) and, more particularly, to a system and methodology for securing newly acquired computers from security breaches by applying a preconfigured or preset security update policy.
2. Description of the Background Art
The first computers were largely stand-alone units with no direct connection to other computers or computer networks. Data exchanges between computers were mainly accomplished by exchanging magnetic or optical media such as floppy disks. Over time, more and more computers were connected to each other using Local Area Networks or “LANs”. In both cases, maintaining security and controlling what information a computer user could access was relatively simple because the overall computing environment was limited and clearly defined.
In traditional computing networks, a desktop computer largely remained in a fixed location and was physically connected to a single local network (e.g., via Ethernet). More recently, however, an increasingly large number of business and individual users are using portable computing devices, such as laptop computers, that are moved frequently and that connect into more than one network. For example, many users now have laptop computers that can be connected to networks at home, at work, and in numerous other locations. Many users also have home computers that are remotely connected to various organizations from time to time through the Internet. The number of computing devices, and the number of networks that these devices connect to, has increased dramatically in recent years.
In addition, various different types of connections may be utilized to connect to these different networks. A dial-up modem may be used for remote access to an office network. Various types of wireless connectivity, including IEEE (Institute of Electrical and Electronics Engineers) 802.11 and Bluetooth, are also increasingly popular. Wireless networks often have a large number of different users. Moreover, connection to these networks is often very easy, as connection does not require a physical link. Wireless and other types of networks are frequently provided in cafes, airports, convention centers, and other public locations to enable mobile computer users to connect to the Internet. Increasingly, users are also using the Internet to remotely connect to a number of different systems and networks. Thus, it is becoming more common for users to connect to a number of different networks from time to time through a number of different means.
One of the implications of this increasing number of devices occasionally connected to different networks is that traditional corporate firewall technologies are no longer effective. Traditional firewall products guard a boundary (or gateway) between a local network, such as a corporate network, and a larger network, such as the Internet. These products primarily regulate traffic between physical networks by establishing and enforcing rules that regulate access based upon the protocol and type of access request, the source requesting access, the connection port to be accessed, and other factors. For example, a firewall may permit access to a particular computer using TCP/IP on TCP port 80, but deny remote access to other computers on the network. A firewall may also permit access from a specific IP address or range (or zone) of IP addresses, but deny access from other addresses. Different security rules may be defined for different zones of addresses. However, traditional firewall technology guarding a network boundary does not protect against traffic that does not traverse that boundary. It does not regulate traffic between two devices within the network or two devices outside the network. A corporate firewall provides some degree of protection when a device is connected to that particular corporate network, but it provides no protection when the device is connected to other networks.
One security measure that has been utilized by many users is to install a personal firewall (or end point security) product on a computer system to control traffic into and out of the system. An end point security product can regulate all traffic into and out of a particular computing device. For example, an end point security product may expressly seek authorization from a user or administrator (or from a policy established by a user or administrator) for each network connection to or from a computing device, including connections initiated from the device and those initiated from external sources. This enables a user or administrator to monitor what applications on a device are accessing other machines or networks (e.g., the Internet). It also enforces security by obtaining authorization for each Internet or network connection opened to (or from) the device, including connections initiated both internally and externally. In the home environment, for instance, an end point security product enables a home user to monitor the applications he or she is using and enforces security by requiring his or her authorization for each connection. Typically, for connections initiated from the device, a user may configure application permission rules that permit certain applications to connect to one or more networks or devices, such as a local area network (LAN) or a wide area network (WAN), such as the Internet. These application permission rules may, for instance, permit a particular application, such as a Web browser program, to open connections to the Internet. A rule may also be configured to permit an application to access another computer on the same LAN, but prohibit this application from opening an Internet connection.
Despite the increasing use of end point security and antivirus products, issues remain. Consumers currently face a particular problem when buying a new computer. Because of restrictions during the manufacturing process (e.g., due to cost/overhead issues, licensing restrictions, etc.), computers today tend to be outdated in terms of security by the time consumers actually have an opportunity to purchase those computers. For example, computers are frequently sold to consumers with an antivirus program already installed. However, the antivirus program and/or the virus definition files are typically out of date by the time the computer is actually received and placed into use by consumers. In order to update a computer for bringing it into compliance with current security updates, the user is required to connect the new computer to the Internet for accessing certain vendor sites, for example for obtaining the latest antivirus definition file. Since a number of manufacturers update hard disk images for their computer lines only once or twice a year, a user may need to not only update data files (e.g., virus definition files) but also completely update the underlying security software itself, such as updating the underlying antivirus software (engine). Manufacturers' practice of annual or semi-annual updating is highly problematic. In terms of protection for a computer, that practice translates into a security system that may be up to 12 months out of date by the time the system actually gets into consumer hands.
Even if a consumer does everything exactly right with a new computer (e.g., updating antivirus software and data files, updating firewall software, updating operating system software, patching any applications with known vulnerabilities, etc.), he or she is required to spend a considerable amount of time online in order to get the “new” machine to a point where its security system is no longer out of date. For example, a new virus software update (e.g., from Symantec or McAfee) can easily run 15-20 MB to download. A new operating system service pack update (e.g., from Microsoft) may require a 100+ MB download. All told, the present day approach to delivering new computers requires consumers to spend a considerable amount of time online with an outdated security system—that is, a system which may have a long list of known vulnerabilities that hackers constantly scan for. As a concrete example from the inventor's own experience, a new notebook computer purchased while traveling was infected with the MS-Blast worm before even the brief task of downloading current firewall software (e.g., ZoneAlarm®, which is a fairly small download) could be completed.
To date, the only approach to addressing the foregoing is to preinstall antivirus and firewall/end point security software, as part of a computer's manufacturer-provided hard disk image. However as outlined above, with the current approach of manufacturing hard disk images, the preinstalled software is out of date by the time it actually reaches consumers. Accordingly, the foregoing problem of an initial infection has continued to plague consumers. Further compounding the problem, once a new machine has sustained an initial affection, the malicious software (e.g., virus, worm, etc.) can sabotage the machine, thus preventing the user from getting required downloads in order to bring the computer's security system up to date. In other words, the initial infection prolongs the user's inability to get appropriate updates. Since malicious software often tends to be poorly written, infected machines tend to be prone to crashing. Although the failure comes from the infection, users may instead blame the computer manufacturer for a defective device: they bought a brand new machine and it failed, therefore it must be a defective machine. This leads to increased support/warranty costs and product returns for manufacturers, even though the failures are not necessarily a result of manufacturing defects.
What is needed is a solution for protecting newly purchased computers from viruses, worms, and other malicious software. The solution should protect the computer when it is initially received by the user and should facilitate the process of obtaining required updates in order to bring the computer's security system up to date. The present invention provides a solution for these and other needs.