Complex computer file formats—which allow for extensibility and enhanced functionality—are becoming increasingly popular. Unfortunately, they also provide a vehicle within which authors of malicious viral software may hide malevolent executable code. To combat this situation, an “arms race” exists, wherein anti-viral (AV) software makers isolate copies of each new virus and obtain a “signature” for the new virus, so that it may be subsequently recognized.
Accordingly, anti-viral (AV) software is configured to scan input files looking for signatures of each known virus. Where no known signature is found, an input file is assumed to be clear of viral infection.
Unfortunately, it is frequently the case that a new virus will pass through the AV software because the AV software has not yet been updated to include the new virus. While the AV software makers tend to respond quickly, in many cases damage is done before they are able to respond with an upgrade, and before the consumer installs the upgrade. Accordingly, a need still exists for techniques that are better able to prevent a new software virus from infecting a computer system.