Antivirus programs protect computer platforms from an ever-increasing number of threats, such as viruses, worms, trojan horses, spyware, adware, and other malware. Malware is typically software, code, scripts, or other content that is designed to disrupt or corrupt computer operation, gather personal or confidential information, or provide unauthorized access to computer systems. Anti-malware applications, such as antivirus software, use malware detection signatures to identify and remove malware from infected machines or to detect and block malware from being loaded on machines. The anti-malware application uses a stored list of malware detection signatures to detect malware. These signatures comprise, for example, characteristics to identify malware including where it may be found on a machine. Existing solutions address this problem by loading signatures for all known threats or using a fixed subset of the signatures.
However, as the list of threats increases, it can be difficult to protect against all potential threats and to identify which subset should be used for a particular machine. To reduce the amount of storage space required for malware detection signatures, it is advantageous to protect against only relevant threats for a given machine. However, due to the networked nature of many computer platforms and architectures, the list of relevant threats often includes more than just the threats that are capable of running on or targeted to a given computer platform and architecture. Instead, the list of relevant also includes threats to other machines in the network or user's environment.