1. Field of the Invention
Embodiments of the present invention generally relate to computer security systems and, more particularly, to a method and apparatus for evaluating internet resources for any potential threats using a computer health metric.
2. Description of the Related Art
Currently, computer networks, such as the internet are widely used to access various resources (i.e., internet resources) available across a plurality of networked computers. Such internet resources include web pages (e.g., Hypertext Markup Language (HTML) documents), virtual private networks, online services, games, web applications, databases, domains and the like. A user of a computing device (e.g., a laptop, a Personal Desk Assistant (PDA) and the like) may access one or more internet resources through a browser application that is configured to interact with the internet resources. For example, the browser application may process documents and instructions associated with the internet resources and present such documents to the user through a browser window. Accordingly, the user may visit and exchange data with the internet resources through the browser application.
The internet resources, however, can also pose a potential threat to the computer of the user. For example, malware may reside within a particular internet resource awaiting an opportunity to attack the computer. Generally, malware includes malicious code designed to disrupt, destroy and/or exert control over the computer. Occasionally, the user may download the malware onto the computer through the browser application upon a visit to the particular internet resource. The malware impacts the system health of the computer (e.g., degrades performance and stability of the computer). The performance and stability of the computer may degrade in terms of an overloaded processor, an increase in a number of page faults, an increase in disk access latency, a decrease in a data transfer rate associated with a hardware device (e.g., data storage device, processor among others), a decrease in available network bandwidth and/or the like.
According to one of the prevalent methods, internet resources are examined for safe use by the public through the use of security programs that evaluate such internet resources for any potential threats, such as malware, viruses, phish and the like. If a particular internet resource comprises one or more potential threats to the user, the particular internet resource receives a rating/score that indicates an unsafe internet resource. Any user that navigates to the particular internet resource will be warned or stopped altogether.
According to yet another method, a crawler program extracts and processes content hosted by the particular internet resource in order to determine whether the particular internet resource includes malware. Accordingly, the crawler program assigns a rate/score to the particular internet resource indicating a level of safety based on the evaluated content. However, the above mentioned methods operate under the incorrect assumption that malware detection technologies, such as heuristics based approaches and signature based approaches, are errorless. Furthermore, the ratings may be spoofed by an internet resource such that the ratings are made intentionally erroneous. As a result, the user ends up navigating to unsafe internet resources and/or downloads content that includes malware due to erroneous ratings.
Accordingly, there is a need in the art for a method and apparatus for evaluating internet resources for any potential threats using a computer health metric.