Unwanted data is generally a sequence of commands or instructions that interfere with a user's operation of, or cause damage to, his or her computer system. Such unwanted data may include viruses, Trojan horses, worms, spyware, and so forth. As an example, unwanted data may damage a computer system directly, such as by deleting files or formatting a disk, or indirectly, such as by altering system protective measures, thus making the computer vulnerable to probing or other attacks. Other types of unwanted data may simply inconvenience a user of a computer, for example, by displaying an unwanted political message in a dialogue box, tracking actions performed on the computer by such a user (e.g. tracking websites visited by a user, etc.), theft of personal information, etc.
Unwanted data therefore presents a significant threat to the integrity and reliability of computer systems and continues to present such a threat due to the interconnecting of computers (e.g. through networks, the Internet, etc.). The increase in computer-to-computer communications, via the Internet for example, has caused a commensurate increase in the spread of unwanted data because infected files are spread more easily and rapidly than ever before.
Detection of unwanted data is thus an essential element in the effective maintenance of computer systems. In order to detect unwanted data, a detection program is generally employed in conjunction with a series of “profiles” or “signatures” which represent characteristics or patterns of known unwanted data. One type of detection routine monitors a program suspected of being infected by unwanted data. The behavior of the program is compared to a profile of operating characteristics of known unwanted data and, if a match is found, the program is assumed to contain the unwanted data.
One solution for detecting unwanted data is set forth in U.S. Pat. No. 6,230,288.