During recent years, attacks on computers and computer networks by malicious software has increased as has the dependence of individuals, companies, and government agencies on their computers and computer networks. Malicious software (e.g., rootkits, viruses, worms) can include software designed to perform unwanted actions (e.g., damage computers, disrupt operation, gain information, gain unauthorized access to system resources).
Antivirus software programs can be used to detect, prevent, and/or remove malicious software. Prior solutions using antivirus software programs include running an antivirus program on a computing device (e.g., desktop computer). When running an antivirus software program on a computing device, the program makes requests to an operating system of the computing device to scan (e.g., read) a number of files to determine whether the files are infected with malicious software. However, in some instances, malicious software (e.g., rootkits) can intercept these requests and modify the resulting action, for example, by returning an uninfected version of the file to the antivirus software program or hiding an infected file entirely. Therefore, in some instances, data coming from an infected operating system cannot be trusted.
Some antivirus programs enabled a computing device to boot to a CD, Universal Serial Bus (USB), and/or a separate partition that runs an antivirus software program that scans the computing device for malicious software. However, in such instances the operating system of the computing device can be unavailable to a user because the computing device has been booted to the CD, USB, and/or separate partition.
Malicious software detection and/or removal programs can also use system resources when running. As a result, computer performance can be degraded when the malicious software detection and/or removal programs are used. One remedy has been to schedule the programs to run during hours when the computer is not in use, for example, during the night. This, however, merely avoids the problem of degraded computer performance and does not provide a resolution for the actual problem of degraded performance.