1. Field of the Invention
The present invention relates generally to computer security, and in particular, to a computer system and method for ensuring scanning of suspicious computer files sent to a target computer.
2. Description of the Related Art
The deployment and growth of large computer networks such as the Internet has facilitated the proliferation of malicious software programs known as malware. Malware programs are designed to infiltrate a target computer without the owner's permission in order to exploit the security weaknesses of the system and network. Malware is typically used to adversely impact performance or steal information stored in the target computers, such as account numbers, passwords, social security numbers, credit card numbers, etc.
Malware has become the preferred mode of operation for organized crime in the Internet, as malware can be spread with ease via email attachments, web downloads and file transfers. Malware carries code that damages host systems, creates backdoors to networks, allows attackers free entry into the network, redirects search engine results to paid advertisements, creates denial-of-service attacks and takes control of infected host systems.
One form of protection used to protect a target computer from malware encompasses scanning suspicious files at the network level, i.e., at a network device, such as a router, instead of at the target computer. This approach ensures that the suspicious files are scanned before the suspicious files are forwarded and executed at the target computer. Scanning suspicious files at the network level requires that the suspicious file be cached on the network device. The network device then scans the suspicious file and determines whether the suspicious file does not contain malware. If the suspicious file is not malware, the network device forwards the suspicious file to the target computer.
Scanning the suspicious file at the network device introduces significant latency and network throughput problems. For example, if the network device is simultaneously downloading and scanning suspicious files for a large number of users, the network device will likely experience a higher than normal processing delay. The performance of the network will be negatively affected, causing end users to experience long delays. Given the limited capability of network devices, many network devices limit the number of users that can download files simultaneously, resulting in a traffic bottleneck at the network device. The performance and capacity of the network becomes limited by the processing ability of the network device. Delays increase the response time of the network, which is especially undesirable for delay-sensitive and critical applications, such as time-sensitive protocols like HTTP and FTP.
The impact of network delay on applications can result in a significant increase in application response times and even possible application failure. Significant network delay can be caused by the simultaneous download of suspicious files. The traffic bottleneck at the network device causes network congestion, pushes the network bandwidth limits and ultimately results in end user dissatisfaction.
Moving the scanning to the target system is likewise problematic. A target computer, such as a target computer may or may not have a security program installed. If the target computer has a security program installed, the security program may or may not be up to date. Even if security software is installed in the target computer, a user of the target computer may decide to disable anti-virus and anti-spyware security software installed on the target computer. Similarly, the user of the target computer may decide to execute the suspicious file at the target computer without first scanning the suspicious file. If the suspicious file is malware, the target computer will become infected with malware, and will pose a threat to other systems connected to the network.
Therefore, what is needed is a computer system and method for ensuring scanning of files sent to the target computer.