Currently, malicious software targets computers worldwide and antivirus service providers are constantly developing new techniques in order to combat new threats. Often, vulnerabilities exist in particular software applications such as word processing applications, spreadsheets, document readers and writers, etc. Malware is able to target these software applications and take advantage of these vulnerabilities. Moreover, there may be different vulnerabilities in different versions of these applications, and antivirus service providers need to be able to protect all of these different versions from attack, and need to be able to detect malware occurring in all of these different versions.
In the prior art, antivirus products use multiple virtual machines on a single computer in order to be able to execute all of the different versions of a particular software application in order to detect malicious behavior in all of the versions. Unfortunately, multiple virtual machines require more resources (including CPU time, memory and disk) and require more management time (installation, configuration, etc.). If the software application includes many different versions, often this multiple virtual machine approach ignores certain versions due to resource limitations, resulting in a decrease in the malware detection rate.
Accordingly, a new approach is desired that is able to detect malicious behavior in many different versions of a software application without the drawbacks associated with the prior art.