1. Field of the Invention
The present invention relates to the protection of computer systems. More particularly, the present invention relates to a method and apparatus for updating malicious code protection information on computer systems.
2. Description of Related Art
Security applications such as anti-virus applications rely upon updates from security vendor update sites. These updates are an essential component of the security applications. For example, as new viruses are created, new virus definitions are distributed as an update to allow for detection of the new viruses.
Recognizing the importance of updates to security applications, new generations of malicious code, e.g., W32.Yaha, W32.Cone, W32.HLLW.Polybot, block access to security vendor update sites by maliciously modifying the hosts file. Specifically, new generations of malicious code manage to block access to update sites by modifying the “hosts” file such that the names used by the security applications to find update sites resolve incorrectly. Usually, names are resolved to addresses using the Domain Name System (DNS); however, the hosts file can be used to override DNS resolution. Thus, malicious code can prevent security applications from obtaining updates through malicious modifications to the hosts file.
If successful in blocking access, the malicious code defeats the ability of the security applications to access and download updates from the security vendor update sites. In this manner, the malicious code reduces or eliminates the effectiveness of the security applications in protecting the host computer system.