The explosion of wide area networking, and in particular the Internet, has enabled people to share information in a way that has never been seen before. Many people currently collaborate and share information by exchanging files through their computers. They send files as attachments in e-mail. They transfer files through real-time chat clients. And they download files from the Internet. Tools have evolved to make file sharing very simple. Unfortunately, hackers are exploiting the simplicity of these mechanisms to proliferate viruses, spyware, and other malicious products. Often the hackers trick users by attaching a malicious payload to benign files, like including macro viruses in word processing documents. The hackers can then deliver that word processing document to others using any of the file sharing mechanisms just mentioned.
Today, basically every different type of program that supports file transfers implements its own type of mechanism for protecting against malicious or otherwise dangerous files. Most of the programs block specific “dangerous” file types (such as executable files) and provide strong warnings for less dangerous file types (such as word processing documents). This brute force model provides some protection, but it suffers from several problems. For instance, simply blocking all transfers of a particular type of file most often prevents valid file transfers. Users are frustrated because their options are generally to either trust all files of a particular type, or none at all. Users would prefer a more sophisticated discrimination tool.
Another problem is that each type of program that supports file transfers is essentially duplicating code because much of the trust evaluation being performed on incoming files is the same. Still another problem is that existing file transfer programs commonly prompt the user with inconsistent dialogs that can sometimes make less sophisticated users wonder whether they have made a mistake when downloading a file with an unfamiliar application, such as a new chat program. Different file transfer programs could also have different levels of trust associated with the same file type, leading to inconsistent trust determinations being made based on which file transfer program is used to download the file. And finally, users cannot take advantage of developments in trust evaluation technology without upgrading each of their installed file transfer programs.
These and other problems in the area of file transfers have vexed software developers for some time.