1. Technical Field
The present invention relates generally to an improved data processing system and in particular to a method and apparatus for processing data. Still more particularly, the present invention relates to a method, apparatus, and computer instructions for responding to threat conditions.
2. Description of Related Art
Computers and computer networks are vulnerable to threats. These threats include, for example, viruses, worms, and Trojan horses. A virus is a small piece of software that may piggyback itself on a real program. For example, a virus may attach itself to a spreadsheet program. Each time the spreadsheet program is run, the virus also runs and may spread and cause mischief or damage. A worm is a small piece of software that exploits computer networks and security holes to replicate itself and spread. A Trojan horse is a computer program that may claim to perform one function, but performs another, such as erasing a hard disk drive. A threat condition indicates that an infection is present in a set of computers or a network. The level of infection of a set of computer systems or network by viruses or worms determines the threat condition of the network as a whole. If more systems are infected or if the infection is a particularly virulent form of a worm, the threat condition is considered to be high.
Current responses to a threat condition, such as a worm infection, include running virus scanning software on all data processing systems in the network, closing or turning off ports where the worm has been detected, and installing patches to fix security holes. All of these methods are labor intensive and do not affect collections of data processing systems. Further, these methods do not result in any intelligent response to the worm posing the threat condition. A brute force cleaning operation is required to remove the threat. This brute force cleaning may require network administrators to painstakingly comb through the different data processing systems, storage media, and other devices on the network to remove or eradicate the worm. The current processes are performed on a per system response, which is very time consuming. Similar actions are required with respect to viruses.
The current methods used to respond to threat conditions are very labor intensive and time consuming. Thus, it would be advantageous to have an improved method, apparatus, and computer instructions for responding to threat conditions.