The present invention relates to computer security, and more particularly to updating computer security software.
Computer security is affected by numerous factors. One example of such factors is the infiltration of computers by computer viruses. The generation and spread of computer viruses is a major problem in modern day computing. Generally, a computer virus is a program that is capable of attaching to other programs or sets of computer instructions, replicating itself, and performing unsolicited or malicious actions on a computer system. Generally, computer viruses are designed to spread by attaching to floppy disks or data transmissions between computer users, and are designed to do damage while remaining undetected. The damage done by computer viruses and computer Trojan horses may range from mild interference with a program, such as the display of an unwanted political message in a dialog box or stealing sensitive data, to the complete destruction of data on a user""s hard drive. It is estimated that new viruses and Trojans are created at a rate of over 100 per month.
A variety of programs have been developed to detect and destroy computer viruses. As is known in the art, a common method of detecting viruses is to use a virus scanning engine to scan for known computer viruses in executable files, application macro files, disk boot sectors, etc. Generally, computer viruses are comprised of binary sequences called xe2x80x9cvirus signatures.xe2x80x9d Upon the detection or a virus signature by the virus scanning engine, a virus disinfection program may then be used to extract the harmful information from the infected code, thereby disinfecting that code. Common virus scanning software allows for boot-sector scanning upon system boot-up, on-demand scanning at the explicit request of the user, and/or on-access scanning of a file when that file is accessed by the operating system or an application.
In order to detect computer viruses, a virus scanning engine is generally provided in conjunction with one or more files called xe2x80x9cvirus signature filesxe2x80x9d (also known as virus definitions or scanner updates). The virus scanning engine scans a user""s computer files via a serial comparison of each file against the virus signature files. Importantly, if the signature of a certain virus is not contained in any of the virus signature files, that virus will not be detected by the virus scanning engine.
Generally speaking, a recent trend is for manufacturers of antivirus applications to update their virus signature files as new viruses are discovered and as cures for these viruses are developed, and to make these updated signature files available to users on a periodic basis (e.g. daily, weekly, monthly, etc.). For example, an antivirus program manufacturer may post the update file on a bulletin board system, on an FTP (File Transfer Protocol) site, or on a World Wide Web site for download.
Currently, when any new virus appears that has public attention, the various antivirus companies provide some sort of xe2x80x9crisk assessmentxe2x80x9d (RA). Corresponding threat description including this RA is usually posted on the Internet. This helps users determine if they need to update their systems, and how quickly. Unfortunately, these same users have to decide on their own whether some particular virus risk is high enough for their environment. They may also have to read the virus description, and check which update is associated with the virus. Moreover, they may need to check when such update is made available. If there are several threats they will have to do that more then once.
In addition, this process is prone to mistakes and delays, namely because it relies on a human to digest the information. Also, the current system has no way of conveying the information about the risk of an update to the users in an automatic manner. Human analysis is expensive and the delays in the process can have serious ramifications. For example, the assessment may not be completed and the essential update may not be deployed in sufficient time to be effective.
These issues are particularly important in the corporate environment where deploying updates is a very expensive task because of the number of computers that need updating (i.e. requiring bandwidth, network and human resources, etc.). Often, information technology (IT) managers spend a lot of time determining which updates are important and which can wait.
A system, method and computer program product are provided for updating security software on a client. Initially, a parameter is received which is associated with a security update file. Next, a security program is conditionally updated with the security update file based on the parameter.
In one embodiment, the parameter may represent a priority associated with the security update file. Further, the parameter may represent a risk associated with a virus that the security update file is capable of detecting. Still yet, the parameter may represent a size of the security update file, or a cost associated with the security update file. As an option, the parameter may represent a prevalency associated with a virus that the security update file is capable of detecting.
In another embodiment, an array of parameters may be received. Each of the parameters of the array may correspond with one or more records of the security update file. In such embodiment, the security program may be conditionally updated with the one or more records of the security update file based on the associated parameter. Optionally, the array of parameters may be expandable and customizable.
In still another embodiment, the parameter may identify a difference between the security update file and a previous security update file with respect to a particular aspect. A plurality of the parameters associated with the security update file may be received each time the security update file is updated. During use, the parameters may be summed. As such, the security program may be conditionally updated with the security update file based on the summed parameters.
In still yet another embodiment, the security program may be conditionally updated with the security update file based on a test involving the parameter. Such test may involve a threshold. Further, the threshold may be updated by a user. Still yet, the threshold may be selected based on the security program. The default value of the threshold can be included in the update also.