Wide area networks such as the Internet provide an ever-increasing community of users with a similarly increasing number of accessible network sites from which those users can gather information, applications, and entertainment. Such an open community also provides opportunity for malicious users and sites to spread malicious software (malware) such as viruses, worms, and the like. In order to protect users from such malicious activity, protection schemes have been devised to alert users to the presence of malware on their computers and to cleanse affected computers from malware.
In the past, computer protection schemes have been limited to reacting to the presence of malware on an affected computer. That is, once the presence of malware on a computer had been detected, only then could security software react to the malware and remove it from the computer. In order to proactively protect users' computers, a mechanism for warning users as to the presence of malware on a site that a user intends to visit is desirable. But in order to provide information as to the safety of a network site, a provider of such information has typically had to visit the network site and subject the site to analysis. Thorough security analysis of a network site can involve visiting every page of a site and subjecting each page to multiple levels of analysis.
As the number of available network sites increases, the task of visiting each one of those sites and analyzing each page of each of those sites becomes so resource intensive as to be impractical. Further, to the degree that sites are visited and analyzed, those sites can only be subjected to analysis at longer and longer intervals due to the number of other sites requiring analysis. Thus, issues arise with regard to the freshness of the information gained from analyzing a particular website.
It is therefore desirable to implement a network site analysis system that allows both broad coverage of malicious or potentially malicious network sites, as well as providing for reasonably fresh information upon which a user can decide whether to visit a specific network site. It is further desirable that such a system take into account limitations on the availability of network site analysis resources in deciding whether to subject a specific site to detailed analysis.