1. Field of the invention
The present invention relates generally to computer systems. More particularly, the present invention relates to a method and apparatus for reducing false positive detection of malware.
2. Description of the Related Art
Consumers and businesses increasingly rely on computers to store sensitive data. Consequently, malicious programmers seem to continually increase their efforts to gain illegitimate control and access to others' computers and sensitive data. Such malicious programmers continue to create viruses, Trojan horses, worms, and like type programs meant to compromise computer systems and sensitive data belonging to others. These malicious programs are often generally referred to as “malware”.
Security software companies are combating the growing tide of malware by developing various client security products, such as anti-virus, anti-spyware, or other types of anti-malware products. Some anti-malware products, however, impact client computer performance, as they are configured to monitor and analyze files and other sub-systems upon every access using various assessment rules. While some anti-malware products may cache results of the analysis for accessed files and sub-systems, such results are invalidated when assessment rules are changed. For example, in some anti-virus products, when the anti-virus signatures change, the previous assessment results are invalidated. This results in decreased client computer performance as each file/sub-system access is again analyzed. The problem is further compounded by the fact that anti-malware products look for known bad files on computers that typically do not have malware. Thus, anti-malware programs may decrease computer performance, while providing very little benefit for most computer systems and users.
Accordingly, there exists a need in the art for a method and apparatus for reducing false positive detection of malware.