The amount of malicious software, also known as malware, is steadily growing. Moreover, malware creators are have started releasing increasingly more sophisticated types of malware, which are proving more difficult to detect and respond to than previous types. Therefore, antivirus companies are faced with new challenges to create new methods of detecting, responding to, and recovering from malware. Known methods for detection of malicious software, which were successful at detecting malware in the past, often fail to detect new types of malware. Currently, the most popular malware detection methods include: heuristic analysis, signature analysis, behavioral analysis, and hash sum analysis. The signature and hash sum techniques are well suited for detecting known malware (i.e., software that has already been investigated and for which a specimen has been entered in a database of malicious software). However, these techniques often fail to properly detect and categorize modified malware code. Heuristic analysis partially overcomes this shortcoming, but may still fail to detect obfuscated or substantially modified malware. Behavioral analysis often proves most effective in detecting modified malware, but even this method has a number of shortcomings. For example, in order to analyze the behavior of a program using this method, the program needs to be triggered first; however, malware may inflict serious harm to the system before triggering behavioral analysis and a subsequent quarantine/cleaning routine. Given the limitations of each of these methods, malware remains a constant threat for computer users and the costs associated with a failure to promptly detect and properly quarantine or otherwise respond to a malware infection may be severe. For example, a malware infection may result in the loss or corruption of irreplaceable user data if it is not detected and dealt with quickly.
Antivirus and malware detection software has become increasingly more sophisticated in order to combat malware. However, even the best antivirus software is unable to recognize all possible threats, especially new or unusual forms of malware. As such, there is a general need in the art for improved methods of preserving and protecting user data from modification or loss due to malware. Such methods may operate in conjunction with, or in some cases as an alternative to, comprehensive antimalware scanners.