Although users and operating systems may work hard to prevent it, personal computers can become hotbeds of malicious software. So-called malware (e.g., worms, trojans, downloads, etc.) can attack a computer, delete files, steal personal information, propagate itself to a user's contacts, and generally make life difficult for the unsuspecting user. When a computer becomes infected with malware, user productivity decreases due to the loss of work product, the loss of computer performance, and the time spent trying to clean up the mess. Such productivity losses cost individuals and businesses great deals of time and money every year.
FIG. 2 depicts a variety of software entry points for a computer 209. Each entry point presents a possible channel for malware and other undesirable software to be copied or installed onto computer 209. The term malware is used to mean intentionally malicious software, and can include computer viruses (e.g., worms, Trojan horses), keystroke loggers, adware, spyware, and other programs that may have nefarious purposes running counter to the interests of the user or corporation to whom computer 209 belongs.
Not all undesirable software is necessarily malware. Such software may have no nefarious purpose, but may have side effects which are undesirable. For example, some corporations do not allow their employees to use instant messaging software, due to the distraction that such programs can create. Parents and other organizations may find that peer-to-peer file swapping networks are inappropriate on their computer, perhaps due to the likelihood of catching a computer virus from a download. Other reasons why otherwise benevolent software may be considered undesirable include excessive file size, excessive network traffic, system incompatibility, age-inappropriate material, or the program may just be plain annoying.
Returning to FIG. 2, there are many entry points through which executable code can be downloaded, copied, or otherwise installed onto computer 209. Returning to FIG. 2, there are many entry points through which executable code can be downloaded, copied, or otherwise installed onto computer 209. Perhaps the most prevalent source of malware and other undesirable software is the Internet 201, whether unfiltered, or partially filtered by a firewall 202. Executable code can be downloaded intentionally or unintentionally via web browsers, email programs, file swapping networks, instant message programs, Internet Relay Chat (IRC), and other programs which connect to the Internet. Usually, users initiate the download of malware from the Internet unintentionally (other undesirable software may be intentionally downloaded), although some malware can be injected onto computer 209 by a hacker or by another computer via existing software vulnerabilities on computer 209.
Another software entry point for computer 209 sitting on a network is second computer 203, which may be connected directly or indirectly via a LAN connection. A user may initiate a file copy from a second computer 203, or second computer 203 may automatically copy a file over to computer 209. Second computer 203 may be a server or any other compromised computing device connected by a network. Users are more likely to trust executable code which comes from within their own network, a potential vulnerability which has been exploited by some malware.
Additional sources of malware and other undesirable software may include personal digital assistant 204 or other synching devices, such as music players or cellular phones (not shown). Also, portable memory devices such as USB drive 205, or an external hard drive (not shown), may be a source of software. Conventional sources of software, such as a DVD ROM 206, CD ROMs, floppy diskettes, and so forth may also contain undesirable code. Ultimately, even a user 210 with enough experience could enter malicious or undesirable code directly into computer 210, without ever copying a single file. Such a user 210 could type in a script, for example, and execute it to track all keystrokes or credit card numbers used on computer 209.
The spectrum of personal computers users can be divided into three categories, based on the attention each pays to computer security. At one end are the extremely diligent users. These are the users who run firewalls and anti-virus programs, apply patches promptly, check the digital certificates of downloads, and research all software before installing it. At the other end are the carefree users. These are the users who install anything and everything, swap files on untrusted networks, ignore security messages, and whose machines are a veritable menagerie of software, both beneficial and malicious.
In between these extremes, there is the largest group of users overall. These conscientious users would like to keep their computers secure, but either don't have the time to commit to researching new software or malware, or don't understand enough about the implications of each installation decision. Despite these users' good intentions, they can easily be tricked into installing malware, sometimes without their knowledge. Even users who avoid the known malware tricks can't avoid some software due to the rapid evolution of malware. Once infected, these users have a difficult time finding and removing all vestiges of malicious software.
Ultimately, conscientious users of personal computers need new methods and systems for defending their computers against malware. They need to be able to make reliable decisions about installing new programs without having to waste a lot of time researching each publisher and application. They need a way to reliably keep their computers in the known good state the machine was probably in when it left the computer factory. They need to be able to avoid the trickery employed by makers of malware, and/or other problems with software, without having to become software experts. For a solution to the problem of malware and other undesirable software to be effective, it must be able to protect computer 110 from software arriving through most if not all of the entry points described above.