Personal computers and business computers are continually attacked by viruses, trojans, spyware, and adware, collectively referred to as “malware” or “pestware.” These types of programs generally act to gather information about a person or organization—often without the person or organization's knowledge. Some pestware is highly malicious. Other pestware is non-malicious but may cause issues with privacy or system performance. And yet other pestware is actually beneficial or wanted by the user. Wanted pestware is sometimes not characterized as “pestware” or “spyware.” But, unless specified otherwise, “pestware” or “malware” as used herein refers to any program that is malicious in some way and/or collects and/or reports information about a person or an organization and any “watcher processes” related to the pestware or malware.
Software is available to detect malware, but scanning files for malware often requires a system to look at files stored in a data storage medium (e.g., a disk drive) on a file by file basis. When the scanner is accessing data in a storage medium (e.g., a serially-accessed storage medium), however, the rate at which other processes (e.g., user applications) are able to access data from files stored on the storage medium is substantially reduced. In addition, anti-malware scanners add additional overhead (e.g., time and processing cycles) to every file that is saved by scanning the file while blocking the saving thread from doing additional work.
For example, if 100 files are copied onto a system with a typical anti-malware product installed, after each file has been copied, the scanner will block the thread that is writing the file from doing any more work until the scanner has scanned the file in question. And if scanning a file takes 100 ms on average, copying 100 files takes 10 seconds longer with the scanner installed than without it. Tests show that typical scanners, on average, add somewhere between 10% and 30% in time to saving a file, and for an individual file this can be as much as 2000%.
As a consequence, users are, at the very least, inconvenienced by the slow file access times. Accordingly, current software is not always able to scan and remove malware in a convenient manner and will most certainly not be satisfactory in the future.