The Internet has given users and companies access to an ever growing network of information and services. Millions of computers are connected in this vast worldwide network and more computers are being added daily. If the Internet has allowed a form of liberation, it also has attracted the attention of rogue programmers interested in deploying malicious and disruptive contents.
Current and traditional security solutions are dependant on digital signatures for each and every piece of malicious software, e.g., viruses, worms, Trojans, and spyware (collectively “malware”), to uniquely recognize and contain attacks while producing a very small number of false positives (false detections). These security solutions thus need to be constantly updated to understand and be able to handle ever more aggressive and fast propagating malware. During the first hours (and even days) of a new attack, computers waiting for updated malware signatures are left completely exposed to the new threats and indeed become infected in large numbers.
Anti-virus and anti-spyware companies have accelerated the process of protecting subscribers through the creation and delivery of malware detection signatures. However, these providers have now reached a point where additional optimization of their processes no longer yields measurable improvements to shorten the delivery of updates and protection. In contrast, malware propagation speeds have increased leaving computers more and more exposed. In the race of malware propagation versus the delivery of timely protection signatures, malware is often getting the upper hand.
For most malware attacks it is necessary to have users actually download and run the malware or a malware installation program, or extract and run a malware email attachment. While one could assume that users would not volunteer to perform such detrimental actions, clever social engineering which misleads users into installing malware without their understanding of the consequences has become prevalent and successful. An additional challenge for security solutions is thus to protect users from downloading and running malware or to help users by designating downloads as safe or malicious before a download is instantiated.
The information included in this Background section of the specification, including any references cited herein and any description or discussion thereof, is included for general reference purposes only and is not to be regarded subject matter by which the scope of the invention is to be bound.