Via the Internet, individuals and organizations with malicious intent author and distribute software that damages computer systems and/or is used to steal the personal information of users (including individual users and entities such as companies). Such malicious software, or malware, often exploits code vulnerabilities and/or gets installed onto users' computer systems by tricking users into taking some action.
To protect against malware, contemporary antimalware software products use a variety of mechanisms to catch and quarantine malware. Contemporary antimalware technology has led to a cycle in which the antimalware vendors improve their products to provide protection against the latest malware, and the malware authors respond with improved malware that defeats these improvements, forcing antimalware vendors to continue the cycle.
Malware authors have one advantage, however, in that antimalware vendors are able to reverse engineer the operation of an antimalware engine given enough resources/time, and/or tweak their techniques versus the latest engine using “black-box” probing until their next generation of malware is able to defeat it. This occurs because antimalware vendors encode their techniques in the software delivered to customers and thus (unavoidably) to malware authors. The antimalware software cannot effectively conceal any techniques from the malware authors, and thus once revealed and defeated, the antimalware vendors have to produce a software release or update with changed techniques, (typically a signature update).