Malicious software (malware) is designed to harm or access a computer system without the informed consent of the owner. Malware is a serious threat to many computer systems, particularly in an online environment. Malware includes computer viruses, Trojan horses, worms and other malicious and unwanted software programs. Trojan horses, for example, install themselves on user machines without being perceived by the user. Trojan horses may then enable a controller to record data from an infected machine (e.g., key loggers), listen in on conversations (e.g., Man in The Middle or MiTM), or even hijack an HTTP session from within a browser (e.g., Man in The Browser or MiTB). Trojan horses are able to record keyboard entries at given web sites, and thereby steal the users' user names and passwords. Trojan horses are also able to change transactions as they occur. Thus, the user may think he or she is performing a legitimate transaction (e.g., paying a bill) but in reality the user is sending money to another account. Trojan horses also allow session hijacking, whereby a remote fraudster performs transactions via the user's infected machine.
A number of security techniques have been proposed or suggested for reducing the susceptibility of a user to such malware. For example, strong authentication methods, such as multi-factor authentication (such as “something you have” and “something you know”) or a challenge response protocol can be used to improve the security of communications between the user and an application server over a network.
In addition, U.S. patent application Ser. No. 12/854,641, filed Aug. 11, 2010 and entitled “Disposable Browser for Commercial Banking,” incorporated by reference herein and hereinafter referred to as the “'641 U.S. patent application,” discloses a virtual environment for secure communications between a client-side computing device and a remote application server through a virtual computing environment provided by an intermediate virtualization server. The virtual computing environment includes a disposable component, allowing all settings to be initialized to a secure state after each user session.
In an e-commerce environment, reliability and resilience are also important requirements. Reliability is often measured as a percentage of time that a system is available. Resilience is the ability to provide and maintain an acceptable level of service even in the presence of faults and other challenges to normal operation. In addition, it is important that such systems maintain reliability and resilience, even as they grow. Scalability is the ability of a system to accommodate growth.
A need exists for improved techniques for reducing the susceptibility of a user to malware while maintaining acceptable measures of reliability, resilience and scalability.