Anti-malware software programs, also known as anti-malware programs, are designed to protect computers from malware software (“malware”), such as a virus or Trojan horse. Generally described, malware is any type of program designed to perform malicious tasks that damage or disrupt a computer system. Malware often includes information about anti-malware programs, such as .exe or .dll file names, signatures of anti-malware files, the size of anti-malware files, and/or the location of those files. This information may be used by a malware program to locate and destroy the anti-malware process in a computer's memory, remove registry keys that allow the anti-malware to startup properly, and delete the anti-malware or portions of anti-malware from the computer's hard disk.
To protect anti-malware programs from being destroyed by malware, the anti-malware must detect the malware before it has the opportunity to perform its malicious tasks. Typically, such detection is accomplished using anti-malware scanners and detection engines to analyze files as they are added to or created on a computer. Scanners determine the signature of a new file and compare that signature with signatures stored in a malware library that is maintained by the anti-malware program. Detection engines quarantine files and analyze the behavior of the file to determine if it is likely to be malware. If a scanner or detection engine determines that a file is malware, the anti-malware program prohibits the file from remaining on the computer and does not allow the file to execute. In order for anti-malware scanners and detection engines to be able to detect all of the different forms of malware, the malware library must be frequently updated with information about new malware.
However, malware is being developed and released in large numbers (generally a malware program is released in small numbers then replicates) and many of those creations are complex and difficult to detect, even with information about the malware. Due to the number and complexity of malware being created and released, it is becoming difficult to keep anti-malware programs up-to-date with information that is needed to detect the newly created malware. If such information is not maintained and as malware becomes more complex, the likelihood increases that a malware program intended to destroy anti-malware programs will accomplish its task.
Thus, the existing techniques for protecting anti-malware from malware attacks are becoming insufficient. Accordingly, there is a need for a system and method that provide additional protection for anti-malware programs and associated files. Additionally, such a method and system should make malware that is designed to overcome the additional protection easier to detect, thereby providing further protection.