This disclosure relates generally to security for data processing systems such as computers.
Malware software, such as a computer virus, can sometimes be included with legitimate software, such as software that has been signed by the developer of the software. For example, malware written to appear to be a plug-in software module for the legitimate software can be included with legitimate software in, for example, a zip package (or other package/archive format) that the user expands, and the zip package can include both a signed (and therefore legitimate) software application and a folder containing plug-ins. The malware software can be one of the plug-ins in the folder and can be executed by the software application when it loads one or more plug-ins in the folder. The software application will often cause the plug-in to be loaded by specifying a relative path in the file system (rather than an absolute path) to the plug-in. The present disclosure describes embodiments which can prevent such malware software from being executed.