1. Field of the Invention
The present invention relates generally to containment of malware. More particularly, the present invention relates to the containment of malware attacks from digital devices upon connection to a communication network.
2. Background Art
As the workplace becomes more automated, the use of computers and networks is commonplace. Computers have become indispensable tools that afford access to files and resources. Unfortunately, computers and networks can also place those files and resources at risk.
Computers can become infected with worms and viruses that replicate themselves and seek to damage files or limit network resources. As such, it is not uncommon to read in newspapers of a single infected computer that limited or destroyed the functionality of one or more networks. The cost caused by the damage from these attacks is enormous.
Currently, information technology (IT) staff and administrators have sought to limit worms and viruses by cleaning individual computers of worms/viruses, requiring anti-virus applications, and installing firewall applications on network servers and routers. Once the network is clear of worms and viruses, the IT staff and administrators continue to upgrade antivirus/firewall applications as well as virus/worm definitions for each server and router.
Even if the network is clean of viruses and worms, computers may still become infected. In one example, users of computers connected to an otherwise “clean” network may bring their computer home from work where the computer becomes infected over the Internet or a home network. Even if the computer has an anti-virus application resident on the machine, the anti-virus application may be insufficient to block or correct all possible attacking worms or viruses. Further, the anti-virus application or the worm/virus signature files may be out of date. Moreover, some worms or viruses may not be identified by some anti-virus applications or the worms or viruses may not be previously identified (e.g., a “zero day” attack) and, as such, a worm/virus signature that identifies the worm or virus may not exist. When the computer is brought back to work and reconnected to the network, the worm or virus may activate, make copies of itself, identify other machines on the network, gather information about the network, compromise network security, and/or infect other machines.
IT staff will occasionally apply agents to individual computers to search for updates or patches to the operating system or anti-virus to reduce the possibility of malware attack. Unfortunately, the agents must be installed onto each computer. Further, the different agents must be configured and installed on different machines with different operating systems. Even if the proper agent is installed on a machine, the agent may only seek to update the operating system or anti-virus application after predetermined periods of time. If a computer becomes infected due to outdated anti-virus applications, outdated virus definitions, or an operating system vulnerability, the corrective patch or update may not be retrieved by the agent until damage is already caused.