1. Field of the Invention
Embodiments of the present invention generally relate to computer security systems and, more particularly, to a method and apparatus for securing a computer from complex malicious threats through generic remediation.
2. Description of the Related Art
Due to increasing utilization of data and computer networks, complexity and number of malicious threats to a computer (e.g., malicious software programs such as computer viruses, worms, Trojans, rootkits, malicious drivers and/or the like) are also increasing exponentially. For example, the rootkits are software programs designed by intruders to hide processes, files and activities from an operating system and an authorized user of the computer. Furthermore, the malicious software programs may exert control over an operating system of the computer and modify various parts (e.g., a system registry) and/or install malicious drivers. As a result, the intruders may gain complete access to the computer while avoiding detection and hence, exploit computer resources for illegitimate benefits.
In particular, the malicious software programs may be distributed in a variety of ways, such as downloading and opening infected files (e.g., email), exerting control over computer operations and transmitting the malicious software programs over a network without any direct intervention by a user. Once the malicious software program resides on the computer, a variety of problems may occur, including impairment of the computer resources, intentional destruction or corruption of stored information, causing the computer to shut down and/or crash, misappropriation of personal and/or confidential information and/or the like.
Generally, the malicious threats are distinct from one another. For example, the malicious software programs include different software code and thus, perform different operations. In some instances, one or more malicious software programs may corrupt the stored information; whereas, another malicious software programs may disable and/or exhaust the computer resources. Consequently, the malicious threats may also differ in complexity.
Currently, various security software programs (e.g., anti-virus, anti-spyware, anti-phishing software programs) employ one or more techniques (e.g., running human-generated and tested scripts, rebooting the computer and/or the like) to remediate the complex malicious threats. The one or more remediation techniques may be specific to a particular complex malicious threat. On the other hand, one or more remediation techniques may be generic for most malicious threats (e.g., unknown and/or very complex malicious software programs). For example, the security software program may execute a security scan of the computer to detect the malicious software programs embedded within infected computer files. In addition, the security software programs provide various remedial measures such as, removing the malicious software programs from the infected files, quarantining the infected files, or deleting the infected files from the computer.
Typically, the human-generated and tested script remediation technique depends upon signature-based detection technologies. For example, a cleanup script is generated in accordance with a detected signature of the malicious software program to remediate the complex malicious threat. The cleanup script indicates a list of processes to kill, programs to remove the malicious software programs from the file system, and to delete or restore configuration data to its default values. However, a significant amount of time may be consumed in generating the cleanup script and meanwhile, the malicious software program may be proliferated within the computer as well as other computers over the network. Moreover, the cleanup script may be error prone (e.g., due to errors made during the generation of the cleanup script). In other words, the human-generated cleanup script is not scalable in terms of accuracy and as a result, may fail to remediate the complex malicious threats from the computer.
Alternatively, various other security software programs may utilize generic remediation technique to remediate the complex malicious threats from the computer. Sometimes, the generic remediation technique fails to completely remediate the complex malicious threats from the computer. For example, the generic remediation technique may not be able to remove each and every malicious software program from an infected file and hence, the computer remains infected. Furthermore, such failed generic remediation may make the computer non-bootable and hence, the operating system is required to be re-installed on the computer. As a result, security of the computer may be compromised.
Therefore, there is a need in the art, for a method and apparatus for securing a computer from malicious threats through generic remediation.