In today's highly computer dependant environment, computer security is a major concern. The security of computers is routinely threatened by malicious programs such as computer viruses, Trojan horses, worms and the like. Once computers are infected with these malicious programs, the malicious programs may have the ability to damage expensive computer hardware, destroy valuable data, tie up limited computing resources or compromise the security of sensitive information.
To guard against the risk of malicious programs, antivirus programs are often employed. Antivirus programs are computer programs that can scan computer systems to detect malicious programs embedded within computer memory and infected computer files. Malicious programs can then be removed from memory or infected files, infected files may be quarantined or the infected file may be deleted from the computer system.
Antivirus programs currently use a wide range of techniques to detect and remove malicious programs from infected computer systems. One technique for detecting malicious programs is to perform a virus signature scan. According to this technique, computer files, key hard disk sectors such as the boot sector and master boot record (MBR) and computer system memory are searched for the presence of virus signatures. Virus signatures are key patterns of computer code that are known to be associated with malicious programs. Virus signature scans are highly effective tools for maintaining computer system security provided that the virus signature scanner has access to a database of known virus signatures that is kept up to date. This is because the virus signature scanner cannot identify a malicious program unless a virus signature for that malicious program has been incorporated into the virus signature scanner's database of known virus signatures.
Another technique for detecting and removing malicious programs is to perform a heuristic virus scan. Heuristic virus scans are able to intelligently estimate whether computer code is a malicious program. This technique relies on programmed logic, called heuristics, to make its determinations. While a heuristic virus scan has the potential to protect against viruses that are new and unknown, the efficacy of these scanners are constantly improved by updated heuristics that are obtained and incorporated into the heuristic virus scanners in much the same way that new virus signatures should be obtained when using the virus signature scan technique.
New viruses are introduced to computers with increasing frequency. Previously, computers tended to exchange information primarily through floppy disks. Because of the limitations of this format, exchange of information between computers was slow and infrequent. Because malicious programs propagate from one computer to another through the exchange of information, this slow exchange of information limited the propagation of malicious programs.
Today computers are more interconnected than ever. The frequent use of email and the popularity of always-on high-speed internet connections provide fertile ground for the propagation of malicious programs.
The use of email is particularly suited for the propagation of malicious programs. Increasingly sophisticated malicious programs such as worms are able to commandeer the email client program on an infected computer and use it to send an email carrying the malicious program to every email address known to the email client program. For example a list of contacts or address book incorporated into the email client. The result is that the computer resources of a computer user are exploited to propagate the malicious program, often before the user even realizes that his or her computer has been infected. Because of the speed at which these malicious programs can propagate, a well-adapted malicious program can quickly turn into a global outbreak.
During such an outbreak, providers of antivirus programs move quickly to examine samples of the malicious program to ascertain its virus signature or new heuristics that can be used to detect it. The providers then distribute the virus signatures or heuristics to their customers. Once the customers receive the virus signatures or heuristics, they can incorporate it into their virus signature scanner's database of known virus signatures or heuristic virus scanner thereby protecting them from that particular outbreak threat.
However, because computer users are required to affirmatively download these virus signatures or heuristics and incorporate them into their database of known virus signatures or heuristic virus scanner, a user might not find out about the outbreak and download the required updates before the malicious program has already struck the user's computer and potentially used it to propagate further. The delay caused by users not downloading or delaying in downloading an update may result in a malicious program such as a virus or worm spreading across networks with no way to detect and clean the malicious program.