1. Field of the Invention
This invention relates generally to computer networks, and more particularly to a system and method for protecting clients from hostile Downloadables.
2. Description of the Background Art
The Internet currently interconnects about 100,000 individual computer networks and several million computers. Because it is public, the Internet has become a major source of many system damaging and system fatal application programs, commonly referred to as "viruses."
In response to the widespread generation and distribution of computer viruses, programmers continue to design and update security systems for blocking these viruses from attacking both individual and network computers. On the most part, these security systems have been relatively successful. However, these security systems are typically not configured to recognize computer viruses which have been attached to or masked as harmless Downloadables (i.e., applets). A Downloadable is a small executable or interpretable application program which is downloaded from a source computer and run on a destination computer. A Downloadable is used in a distributed environment such as in the Java.TM. distributed environment produced by Sun Microsystems or in the ActiveX.TM. distributed environment produced by Microsoft Corporation.
Hackers have developed hostile Downloadables designed to penetrate security holes in Downloadable interpreters. In response, Sun Microsystems, Inc. has developed a method of restricting Downloadable access to resources (file system resources, operating system resources, etc.) on the destination computer, which effectively limits Downloadable functionality at the Java.TM. interpreter. Sun Microsystems, Inc. has also provided access control management for basing Downloadable-accessible resources on Downloadable type. However, the above approaches are difficult for the ordinary web surfer to manage, severely limit Java.TM. performance and functionality, and insufficiently protect the destination computer.
Other security system designers are currently considering digital signature registration stamp techniques, wherein, before a web browser will execute a Downloadable, the Downloadable must possess a digital signature registration stamp. Although a digital signature registration stamp will diminish the threat of Downloadables being intercepted, exchanged or corrupted, this approach only partially addresses the problem. This method does not stop a hostile Downloadable from being stamped with a digital signature, and a digital signature does not guarantee that a Downloadable is harmless. Therefore, a system and method are needed for protecting clients from hostile Downloadables.