Computer software applications and systems provide various levels of software virus detection for their users. For example, whenever a new content stream arrives via a web portal, conventional virus protection protocols rely on high level scanning algorithms to scan the payload of the content stream to detect signatures that identify potentially dangerous software components that can be used to compromise the operating environment of network connected computing devices, such as, personal computers (PC's), laptops, network servers, PDA's, cellular phones, and the like.
Typically, these algorithms identify package names and byte lengths of the incoming content stream. However, the algorithms may not identify attack packages within the payload that include hidden names or that include component structures that arrive at the target device in a disassembled state. For example, conventional virus detection software functions at lower levels (e.g. kernel mode) as a filter driver that is implemented into stacks within the operating system level. The virus detection software inspects signatures or scans content on an incoming frame-by frame or block-by-block basis as the data passes through the disk in an attempt to instantiate portions of the data to identify problematic data before the data is written to the disk or is implemented within the operating system. Therefore, these types of virus protection protocols are too high level in their approach and may subsequently miss attack packages that are sufficiently obfuscated. Other conventional virus protection protocols provide byte-stream analysis to cure the above identified deficiencies. Unfortunately, byte-stream analysis via software implementation is computationally intensive thereby potentially creating a performance tax on all network I/O assets. Moreover, byte-stream analysis techniques may not be able to scan encrypted files. Furthermore, such virus detection methods may operate on data that has already been introduced to the computing device's architecture and are unable to check data streams before they have entered the networked devices computing system.
What is desirable is a system and method that provides users with a sufficient level of virus detection without overall system performance degradation.