Early anti-virus products were designed to detect any event that may be considered suspicious activity such as, for example, an attempt to update an executable file. This purported suspicious activity would typically result in an alert to the user. The user could then choose to disable the activity or allow it to proceed. While some of the purported suspicious activity was the result of malicious or harmful software, some of this purported suspicious activity was actually benign activity. As such, users of these types of anti-virus products, possibly due to confusion, would often allow all activity presented in these alerts to occur.
This early type of anti-virus software was advantageous in that it enabled protection from unknown viruses. This was because it guarded against the potentially harmful activity that any virus might attempt to perform and did not need to recognize and eliminate the virus itself. However, because of the above mentioned confusion among users, this early type of anti-virus software was replaced by signature-based software that operated by recognizing and eliminating the viral code itself. The drawback to signature-based anti-virus software is that it may not recognize and eliminate new or unrecognized threats. Because new computer virus and malware threats emerge on an almost daily basis, many threats are not immediately detected and disabled by signature-based software.
As such, there exists a need for improved protection against these threats by focusing preventative efforts on the harmful actions of viruses and malware, rather than simply attempting to recognize and eliminate their code. These and other problems exist.