The rapid development of computer and network technologies greatly facilitates information interaction. However, with the development of these technologies, computer viruses are being evolved and updated continuously and become a serious threat to normal uses of computers. Therefore, how to protect a computer against viruses has become a focus of people's interest. An important step for protecting computers against viruses is to recognize viruses before running the file, which is usually called virus scanning, therefore appropriate measures may be taken to protect computer systems from being infected by viruses.
A virus scanning method commonly adopted by prior antivirus software is signature matching method, which uses signatures (which are typically one or more segments of specific binary code stream) extracted from virus samples to perform matching in the scanning files. Since the signatures used in this method are extracted from the erupted or detected virus samples, they are fixed signatures and usually lag behind viruses. Thus, such method can not work in real-time monitoring and protection against those viruses in which the signatures are prone to change (i.e., the viruses prone to mutate) or new viruses (i.e., the viruses from which the signatures have not been extracted). Particularly in recent years, with an increasing number of viruses and the emergence and development of anti-anti-virus technologies, the disadvantage of lagging in the traditional “signature scanning” appears more and more serious, thereby resulting in many viruses being unable to be detected in real time. Once these real-timely undetected viruses run, computer resources will be completely exposed to computer viruses and be arbitrarily read or destroyed by them. Furthermore, as virus samples in the traditional “signature scanning” are usually required to be updated manually, they can not be added timely and automatically. Such that the problem of lagging in traditional “signature scanning” is more serious.
In order to overcome the problem of lagging in the traditional “signature scanning” and prevent the running of computer viruses from tampering or destroying sensitive resources, there is a need for a new method and apparatus for automatically protecting computers against harmful programs.