The invention relates to computer security systems and methods, and in particular, to systems and methods for protecting hardware virtualization environments from computer security threats.
Malicious software, also known as malware, affects a great number of computer systems worldwide. In its many forms such as computer viruses, worms, rootkits, and spyware, malware presents a serious risk to millions of computer users, making them vulnerable to loss of data and sensitive information, identity theft, and loss of productivity, among others. Computer security software may be used to protect computer systems from malicious software.
Several conventional computer security systems and methods employ a notification mechanism, wherein a module detects the occurrence of an event within a monitored host system or virtual machine, and notifies security software. The security software may then analyze the respective event to determine whether it indicates a potential security threat, such as malicious software, an intrusion, etc. Some prior art methods include suspending execution of the entity that triggered the respective event, while the event is analyzed. Such suspensions may negatively impact user experience.
Conventional security software may detect the occurrence of certain events using intrusive actions, such as modifying certain functions of the operating system (a technique commonly known as hooking). Hooking may be detected and disabled by malicious software, and may create performance and stability problems for the respective computer system.
There is a substantial interest in improving the efficiency of computer security operations, e.g., in developing systems and methods that address the above shortcomings related to event detection and analysis.