1. Technical Field
This invention relates generally to network computing systems that have one or more client computers. More particularly, the present invention relates to a method and system for selectively filtering traffic to and from a client computer by configuring the client computer's Network Interface Card (NIC).
2. Description of the Related Art
While early computers were “stand alone” and unable to communicate with other computers, most computers today are able to communicate with other computers for a variety of purposes, including sharing data, e-mailing, downloading programs, coordinating operations, etc. This communication is achieved by logging onto a Local Area Network (LAN) or a Wide Area Network (WAN). While this expanded horizon has obvious benefits, it comes at the cost of increased exposure to mischief, particularly from viruses.
A virus is programming code that, analogous to its biological counterpart, usually infects an otherwise healthy piece of code. The virus causes an undesirable event, such as causing the infected computer to work inefficiently, or else fail completely. Another insidious feature of many viruses is their ability to propagate onto other computers on the network.
The four main classes of viruses are file infectors, system (or boot-record) infectors, worms and macro viruses. A file infector attaches itself to a program file. When the program is loaded, the virus is loaded as well, allowing the virus to execute its mischief. A system infector infects a master boot record in a hard disk. Such infection will often make the hard drive inoperable upon a subsequent re-boot, making it impossible to boot-up the computer. A worm virus consumes memory or network bandwidth, thus causing a computer to be non-responsive. A macro virus is among the most common viruses, and infects word processor programs.
Another common type of virus is aimed at browers and e-mail. One such virus causes a Denial of Service (DoS) attack. A DoS virus causes a website to become unable to accept visitors. Usually, such attacks cause the buffer of the website to overflow, as a result of millions of infected computers being forced (unwittingly) to hit the website.
To counter viruses, anti-viral programs are written, and are constantly updated to be effective against new viruses. Such anti-viral programs are delivered either on physical media (such as CD-ROMs), or are downloaded off a network such as the Internet. Updates are typically downloaded as well, in order to provide rapid deployment of such updates. Such updates have problems and limitations, however. The most significant limitation is that such an update may not be downloadable if the client computer is already infected. That is, if the client computer has already been infected with a virus such as a system infector, then the computer will be completely unable to boot from its primary operating system, much less download an anti-viral program. Similarly, if the client computer is already infected with a worm virus, then the client computer will be non-responsive and unable to download the anti-viral program.
Another limitation is that the client computer is exposed to the network while downloading the anti-viral program. In the case of rapidly spreading viruses, this exposure can be critical, causing the client computer to be infected while looking for and/or downloading the necessary anti-viral program.
Another limitation is that downloading a software fix from an anti-viral program server requires user intervention or user action, such as accepting the download, selecting a drive and location to store the download, running the fix, often re-booting the computer after running the fix, et al. Many times the end user of the client computer will ignore a prompt or offer to download a fix, or will fail to manually perform an update check, thus leaving infected clients on a network, thus causing other client computers on the network to become infected.
Another limitation is that access to the client computer is typically unlimited by the client computer's Network Interface Card (NIC), thus allowing potentially detrimental network traffic to reach the client computer before the software fix is loaded.