A computer that is connected to an untrusted networking environment such as the internet can be exposed to security attacks on a frequent basis. Such attacks may give a malicious attacker control of the target computer. Other types of attacks may send a virus payload onto the computer. Furthermore, the user or owner of the computer may be completely unaware of the fact that the user's computer has been compromised by an attacker.
A number of security technologies and products try to address this problem. However, these existing systems do so in a partial way. One example of this is anti-virus systems, which focus heavily on known descriptions of malicious software. Anti-virus software is generally programmed with descriptions of software vulnerabilities and/or malware that are known to the maker of the anti-virus software. Thus, the anti-virus systems are not able to provide protection against vulnerabilities and malware that are not known to the anti-virus software vendor. For instance, some virus attacks against computer systems are not detected when they are first launched into the wild and this is known as a zero-day vulnerability.
Another type of malware protection software is an intrusion detection system. Intrusion detection systems use a variety of heuristics to identify malware activity on the machine. There are many different intrusion detection systems, using a large variety of heuristics. Overall these systems detect malware that behaves according to the heuristics they implement. It is frequently possible to write malware software that is not detected by these heuristics.
In a similar fashion, Microsoft's KOMOKO system uses a large number of conditions that a correct Windows™ system may be desired to satisfy. These conditions are derived and programmed manually by experts about correct Window's configurations. Many types of malware cause some of these conditions to be violated. KOMOKO can test the conditions and detect such malware. However, these conditions are not complete in the sense that malware can be created that does not violate any of the pre-generated conditions.