In the world of mass use of computer devices, such as desktop and portable personal computers and smartphones, tablets, and other mobile devices, various types of computer threats have become widespread. Examples of computer threats are network worms, Trojan programs and computer viruses.
One of the most effective methods for countering computer threats is the use of antivirus software—a software package designed for removing malicious (or potentially malicious) objects from the operating system of a computer device. As methods for detecting malicious objects, antivirus programs use various approaches, for example, an analysis using a database of signatures of known malicious objects, and a heuristic analysis, which determines the malicious nature of an object with a certain degree of probability by a number of characteristics and rules. One of the traits of malicious objects is their spontaneous launch in a computer system (without the user's knowledge). Often, such a launch follows an automatic (not requiring confirmation from a user) download of a malicious object from an internet site visited by the user. This method of launching a malicious object is known in the art as a “drive-by download”.
There are many known solutions designed for monitoring the events in the operating system in order to analyze the objects attempting to launch themselves for potentially malicious purposes.
For example, U.S. Pat. No. 7,467,409 describes a system designed for determining the safety of files sent to a computer device using client programs, such as e-mail clients, instant messaging programs or browsers. The system's operation is based on the use of an interface common for all clients, which, in order to check the received files, can call for programs designed to provide computer security (for example, antivirus applications).
The above mentioned approach is realized in the Attachment Manager technology—a tool built in the Windows operating system (starting from the XP SP2 version), designed for protection against unsafe files downloaded from the Internet and against unsafe attachments in received e-mail messages. If the Attachment Manager determines that the attachment file is not safe, it can prevent the opening of the file or warn the user before the file is opened. The file's safety is determined based on the following criteria: the file's type, the type of the application being used, and the security settings for the network area from which the file was downloaded. In addition, the Attachment Manager tool's settings allow to activate the possibility of notifying the registered antivirus application on the files opened by the user, in order to check them. The Attachment Manager tool is used by all the applications of the Microsoft Office package and most browsers.
However, the use of the above-mentioned solution causes an inevitable delay when the file is launched, due to the fact that the call for the antivirus application and the subsequent check require some time.
A new solution is needed to effectively prevent malicious activity in downloaded files without the accompanying delay associated with conventional security solutions.