With Internet use forming an ever greater part of day to day life, malicious software—often called “malware”—that steals or destroys system resources, data, and private information is an increasing problem. Governments and businesses devote significant resources to preventing intrusions by malware. Malware comes in many forms, such as computer viruses, worms, trojan horses, spyware, keystroke loggers, adware, and rootkits. Some of the threats posed by malware are of such significance that they are described as cyber terrorism or industrial espionage.
A current approach to counter these threats includes using a security agent that executes locally on a host computing device and interacts with a remote security system in “the Cloud.” The security agent and the remote security system work together to detect malware attacks by observing and analyzing events that occur on the computing device, and possibly other host machines as well. When it comes time to deploy an upgrade to the security agent, a programmer can develop the source code for the upgrade. Because host machines can run a variety of different operating system (OS) kernel versions, the source code for a given upgrade may produce multiple different binaries that correspond to each different OS kernel version. As an example, imagine that there are 100 different OS kernel versions that are to be supported for a given software upgrade. In this example, 100 distinct binaries would be generated; one binary for each OS kernel version.
However, there are problems with this “one binary per OS kernel version” approach to deploying software upgrades. Firstly, each binary program is to be tested before being deployed. Such testing may be aimed at diagnosing compiler bugs, for example, which can be a computationally expensive process. Secondly, resources (e.g., memory, processing, and/or networking resources) are consumed as part of the upgrade process that may involve downloading binary programs over a computer network. As the number of supported OS kernel versions continues to increase, a large amount of these resources are consumed during an upgrade, which is suboptimal.