The rise of Internet attacks via computer viruses and other techniques has caused significant financial damage to many corporations. Current anti-virus software operates by comparing incoming files against a list of “offensive” code (e.g., known viruses). If a file looks like one of these offensive codes, then it is deleted and the system protected. There are several major problems with this approach, however, with regard to modern virus attacks.
First, if the virus is new and not in the list of known viruses, the anti-virus solution will not identify it is a virus and therefore it will not keep it from spreading. Second, modern worms such as “code red” and “SQL slammer” do not rely on any of the methods of transmission guarded by most virus protection systems. These new strands of viruses are designed to attack the computer system directly by exploiting faults in the software used by the computer to perform its operations. The viruses are therefore able to crack corporate networks and replicant without the intervention of anti-virus software.
Another critical factor in preventing anti-virus software from protecting modern networks is the speed of modern virus replication and propagation. Whereas years ago it could take years for a virus to disseminate across the United States, modern viruses can spread across the whole world in a matter of minutes.
At the root of the modern virus problem lies system management and maintenance. All network applications are vulnerable to some level of attack, but the software manufacturers work diligently to resolve these errors and release fixes to the problems before they can be exploited by virus producers. In fact, most of the time the application manufacturers have released the fixes to the application that would have prevented a virus from utilizing these holes before the viruses are even released. Unfortunately, due to the complexity of modern networks, most system administrators are unable to keep pace with the increasing number of security patches and hot fixes released from the software manufacturers on every computer in the network.
What is needed is a solution that automates the process of identifying and managing network application security holes. Typical solutions to this problem involve the user of multiple applications installed one various computers. These applications are executed when certain conditions occur. For example, a company may install several anti-virus components that each execute upon the detection of certain conditions. There are several problems, however, with this approach, especially when it relates to managing network application security holes. Each overall task (such as antivirus) typically requires multiple applications, each compiled together. This can make development and maintenance difficult, however, as changes to one application necessitate the recompiling of others. Additionally, the execution of multiple applications simultaneously can waste memory and processor resources. There may be no need for a particular application to run at a certain time, yet prior art solutions require that an application be run if it is compiled together with another application that is running.
What is needed is a solution that overcomes the drawbacks of the prior art.