As the Internet continues to expand in terms of both connectivity and number of users, the amount of malicious software (“malware”) existing across the Internet continues to increase at a significant rate. Malware, in the form of, for example, viruses, Trojan horses, spyware, backdoor viruses, and worms, is essentially software code written to infiltrate and/or damage a computer system. In general, such malware spreads across computer systems via e-mail and file downloads over the Internet. In some worst case scenarios, malware can destroy important data, render a computer system virtually useless, and/or bring down a network of hundreds or thousands of computer systems. Recovering a computer system or network from a successful malware attack often requires considerable resources. Further, malware, while typically attacking computer systems connected to the Internet, can also spread from one computer system to the other by, for example, a non-Internet based file transfer between computer systems.
In an effort to protect computer systems against malware, various companies design and offer anti-malware programs (e.g., Norton Antivirus™ by Symantec Corporation). Generally, anti-malware programs use “signatures” and “heuristics” to detect malware. A signature of a particular type of malware is the binary pattern of the malware. Anti-malware programs rely on signatures to detect and identify specific malware. Stored signatures must be kept up-to-date in order for anti-malware programs to remain effective as malware evolves over time.
The reliance of anti-malware programs on heuristics involves detecting behaviors that indicate the presence of malware. The behavior could be based on code that is running or on code patterns in files.
Thus, as described above, an anti-malware program contains data for malware signature and heuristics analysis. The anti-malware program also contains data for remediating detected malware. The anti-malware program is deployed onto a computer system by distributing, either via local installation or network transfer, all the data forming the anti-malware program to the computer system.
As the amount of malware continues to grow both in terms of number and types, the amount of data needed for an effective anti-malware program will commensurately increase. Thus, it would be beneficial, at least in part, to reduce the amount of anti-malware data needed to be distributed to a computer system without sacrificing effectiveness of the anti-malware program.