With Internet use forming an ever greater part of day to day life, malicious software—often called “malware”—that steals or destroys system resources, data, and private information is an increasing problem. Governments and businesses devote significant resources to preventing intrusions by malware. Malware comes in many forms, such as computer viruses, worms, trojan horses, spyware, keystroke loggers, adware, and rootkits. Some of the threats posed by malware are of such significance that they are described as cyber terrorism or industrial espionage.
Current approaches to these threats include traditional antivirus software, such as Symantec Endpoint Protection, that utilizes signature-based and heuristic techniques to detect malware. These techniques involve receiving malware definitions from a remote security service and scanning a host device on which the antivirus software is implemented for files matching the received definitions.
There are a number of problems with traditional antivirus software, however. Purveyors of malware are often able to react more quickly than vendors of security software, updating the malware to avoid detection. Also, there are periods of vulnerability when new definitions are implemented or when the security software itself is updated. During these periods of vulnerability, there is currently nothing to prevent the intrusion and spread of the malware. Further, antivirus software tends to be a user mode application that loads after the operating system, giving malware a window to avoid detection.