In the space of just a few years, the Internet, because it provides access to information, and the ability to publish information, in revolutionary ways, has emerged from relative obscurity to international prominence. Whereas, in general, an internet is a network of networks, the Internet is a global collection of interconnected local, mid-level, and wide-area networks that use the Internet Protocol (IP) as the network layer protocol. Whereas the Internet embraces many local- and wide-area networks, a given local- or wide-area network may or may not form part of the Internet.
As the Internet and its underlying technologies have become increasingly familiar, attention has become focused on Internet security and computer network security in general. With unprecedented access to information has also come unprecedented opportunities to gain unauthorized access to data, change data, destroy data, make unauthorized use of computer resources, interfere with the intended use of computer resources, etc. As experience has shown, the frontier of cyberspace has its share of scofflaws, resulting in increased efforts to protect the data, resources, and reputations of those embracing intranets and the Internet.
Security threats have evolved significantly with the increased popularity of the Internet. Advanced hybrid threats have been designed to attack systems on multiple fronts, sometimes searching for vulnerabilities until one is found. New threats also attempt to attack security technology itself.
For example, one class of viruses is known as “share-hopping worms” (e.g. W32/Nimda, etc.). On an infected unprotected computer, the virus may search the network for writable shares on other computers. When it finds one, the virus may infect all the executable files it can find in that share.
While traditional virus scanners are capable of detecting when a file becomes infected and removing the infection, such traditional virus scanners typically react to each and every infection. For example, if a computer has a writable share with 100 executable files, the virus would infect them, and the virus scanner would detect and clean every one.
Unfortunately, this places an unnecessary load on the computer and on the network. There is thus a need for overcoming these and other related security problems.