To protect computer systems against the ever-growing number of security threats manufacturers of security tools for computer systems and networks are constantly developing and improving upon techniques for detection of malicious programs and their components. At the same time, advances in computing capacity are providing more opportunities for security functionality.
Computer users have many options at their disposal for configuring their security applications. However, this abundance of options presents its own set of challenges, namely, selecting the best options to provide a solid level of protection without unduly burdening their computing resources with excessive security functionality that provides little additional benefit.
Techniques for automatically configuring security applications are well-known. Some involve examining the type of computer resources that are available, and selecting the appropriate security functionality based on a previously defined knowledge base. Others take the additional step of looking at what applications are installed on a computer system, and adjusting the security functionality to provide an adequate level of protection based on the nature of the user's applications. Still others take into account such factors as the current computational load of the computer, location—in terms of exposure to risks on a network, and other factors relating to the present circumstances in which the computer operates.
These known techniques tend to adjust the security settings relatively slowly, since a device configuration tends to vary only from time-to-time. Likewise, computing capacity and environmental factors provide relatively coarse inputs that tend to require analysis and adjustment of the security settings to keep up, and this analysis takes up further resources.
To-date no practical solution has been proposed for fine-tuning security settings as applications are executing. Applying known methods would tend to either lack sufficient sensitivity and response time in the detection of the operating regime changes, resulting in either a lack of sensitivity to any changes, or an over- or under-correction, or require too much computing to determine the proper settings, thereby unduly burdening the computing resources in carrying out the security settings configuration process.
Accordingly, a solution is needed that avoids some of the drawbacks described above, and that is preferably capable of addressing other needs as well.