Antivirus and other protection software (hereinafter referred generally to as “protection software”) are designed to identify, thwart and eliminate computer viruses and other malicious software (malware) such as, for example, computer worms, Trojan horses and other malicious attacks on a computing system. As should be known, a computer virus can replicate itself and infect a computing system, and can spread to other computing systems by infecting files on a network file system or a file system that is accessed by another computer. Some viruses are programmed to damage programs, delete files, etc.; whereas, other viruses are designed to simply replicate themselves and make their presence known by presenting text, video, or audio messages.
In any event, protection software typically uses two techniques to identify, thwart and eliminate computer viruses and other malicious software (malware). These techniques include:                Examining (scanning) files to look for known viruses matching definitions in a virus dictionary; and        Identifying suspicious behavior from any computer program which might indicate infection. Such analysis may include data captures, port monitoring and other methods.Most protection software uses both of these approaches, with an emphasis on the virus dictionary approach.        
Using the known techniques, the known protection software reduces computing performance by making considerable demands on resources. For example, in operation the known protection programs load to the operating system and, once loaded, begin the scan of the physical hardware and software. The known protection programs, though, scan 100% of the files, with all of the files being marked regardless of whether the files were previously accessed and/or updated. Although this provides 100% protection, it also uses a considerable amount of resources.
Moreover, known protection programs are tightly coupled into the existing operating system of the computing system. These programs are thus visible to the operation. In such situation, unbeknownst to the user or protection software, malicious scripts can be downloaded to “fool” the operating system into believing that a scan was performed when, in fact, the scan was not performed by the protection software. In these cases, the protection software will report a “pass” scan to the user, even though a scan was never performed.
Accordingly, there exists a need in the art to overcome the deficiencies and limitations described hereinabove.