Trojan horses, viruses and worms are forms of logic code that can be executed on a computing system without the authorization of the system's user. The execution of such malicious code often results in the performance of unwanted operations on the computing system. Thus, the malicious code can harm user data (e.g., corrupt or erase data or file systems) and/or invade the user's privacy (e.g., collect and transport confidential data).
In some instances, a user may monitor system performance and access to system resources by way of special tools (e.g., Norton Antivirus™, Microsoft Windows Defender™). These tools can detect malicious code and prevent its execution. Most of these tools can also remove malicious code from an infected computing system and repair the system if needed.
A disadvantage of the above conventional tools is that these tools are only effective against malicious code that has been discovered. In other words, the conventional tools can only prevent the execution of a malicious code, only after the code has infected a plurality of systems, and after experts have identified and analyzed the code to provide a countermeasure.
Consequently, undiscovered malicious codes often continue to infect computing environments and can illicitly access system resources for some time, until they are discovered and removed. In most instances, the conventional tools are ineffective unless they are updated and executed frequently, so that they can detect and remove newly developed malicious code. Regretfully, the conventional tool cannot guarantee that an infected system can be cleaned or that lost or damaged data can be restored.
With the proliferation of the Internet as a medium for sharing software tools and resources, a great deal of software is now readily available for download. Most downloadable software genuinely perform operations that only access resources intended for their particular use. Unfortunately, there are also imposter software downloads that include malicious code that (instead or in addition to performing the proclaimed tasks) access resources that are not authorized by the user.
As such, cautious users generally limit themselves to downloading known software from trusted sources that can provide certificates of authenticity (e.g., Authenticode). Unfortunately, not all software is available for download through trusted sources. Further, a certificate of authenticity only declares that the software is provided through a particular vendor and makes available a digital signature for verification by a user.
Most users typically are not sophisticated enough to use this information for verification purposes. In case of a more sophisticated user, if the user is unfamiliar with a particular vendor, the user cannot be sure that downloading the software application is safe, even if the digital signature for that vendor is verifiable. Thus, in many instances, a user's options are limited to either risking exposure by downloading potentially hazardous software from untrusted or unknown sources; or alternatively not downloading the software at all.
Neither of the above options is plausible. Therefore, methods and systems are needed that can overcome the aforementioned shortcomings.