2001年的紅色警戒(Code Red)病蟲在12個小時之內擴散至全球,而2003年的Slammer只花了僅約10分鐘!當惡意程式攻擊事件發生之時,組織內部僅能依靠防毒軟體廠商所更新之病毒碼或是病毒引擎來解除此一威脅。但是,從受害者出現到防毒軟體廠商發布可供全球使用的病毒碼至少需要1至數天的時間,這也就是防毒軟體廠商所謂的「防毒空窗期」;再則,越來越多的惡意程式包含干擾或終止防毒軟體之功能,導致即使已經有了新的病毒碼,仍必須先手動進行特定程序後才能復原被害電腦。 然而,若引發此攻擊事件的惡意程式具備破壞系統或資料之行為,除了等待之外,我們該如何因應呢?因此,本研究提出可供組織內部針對防毒空窗期進行控制與緩和的概念性架構。此架構可以讓組織內部建立一個緩和或終止惡意程式執行的緊急應變機制,以有效降低防毒空窗期所造成之影響。
The "Code Red" virus spread out globally within 12 hours in 2001 and the "Slammer" merely took about 10 minutes in 2003! When mal-ware attacks, co-operations can only depend on the protection of the latest version of virus pattern or anti-virus engine from the anti-virus vendors. On the one hand, the period from the first victim computer occurs to the corresponding virus pattern available, this is so called "Anti-Virus Latency", and that usually takes several days. On the other hand, more and more mal-ware have the ability to stop or disturb the anti-virus software which is a challenge to cure the victim computers even the updated virus pattern is available. However, what else can we do besides waiting when the mal-ware destroys the operating system or data? Therefore, It is essential to introduce a conceptual framework to provide the mitigation and control mechanism for the Anti-Virus latency. Co-operations can implement the framework to create an emergency reaction mechanism and make the “anti-virus latency” control and mitigation more effective.