Due to a wide spread of malicious programs, such as exploits, trojans, computer viruses, network worms and other software causing harm to the users and their data, many users currently prefer to use antivirus software on their computing devices (including mobile ones).
Initially, antivirus software was designed to detect and neutralize malicious applications, restore infected files and prevent infection of files or operating system. However, as new types of computer threats appeared, the set of functions performed by antivirus software constantly grew. Thus, today's antivirus applications, in addition to the file antivirus function, can also perform spam filtering, parental control, mail antivirus, web antivirus, firewall, anti-phishing, confidential information protection and other functions. It is also likely that the set of antivirus functions will continue to grow over time.
However, in order for an antivirus application to be able to perform each of the above mentioned functions, the antivirus application must be able to access specific resources in the system. For example, in order to fully perform the file antivirus function, the antivirus application must be able to access all files and folders of the system. To perform the firewall function, the antivirus application must be able to monitor the condition of all network connections being executed in the system. To act as a mail antivirus, the antivirus application must be able to monitor the flow of all incoming and outgoing electronic messages.
In almost all of today's operating systems, the above mentioned capabilities may not be provided to the antivirus application or may be provided only partially. The reason for this is that, in contemporary operating systems, all applications, including the antivirus applications are, for security reasons, executed on behalf of a user with restricted access rights. As examples, consider the operating systems for mobile devices such as those running the Android, iOS, LiMo, and Bada, in which all third-party applications have (by default) limited rights of access to resources, as well as the Windows Vista and Windows 7 operating systems, where the applications' access to certain resources is monitored by a user account control (UAC) tool.
In this situation, if the antivirus application is not able to access a certain system resource required for the performance of a specific function, the execution of such function becomes not only without benefit but even disadvantageous, as it requires utilizing a certain amount of computing capacity. Examples of such computing capacity utilization can be a certain amount of physical or virtual memory used by the process designed to perform the relevant antivirus application's function. Another example of such computing capacity utilization can be the storage space on the device's non-volatile memory taken by the antivirus application module designed to perform the function. Extra CPU cycles attributed to running processes that do not provide effective antivirus functionality due to the lack of access rights or resources contribute to excess drain on the batteries of mobile devices and take up computing resources that could otherwise be used for smoother running of the operating system, user interface, or useful applications.
There are various ways to modify the operating systems' configurations in order to change the capabilities provided to the applications installed in such systems. For example, the access rights restrictions for the applications in the Android operating system can be removed using a special programming operation known as “rooting”. A similar operation, applicable to the iOS operating system, is known as “jailbreaking.” The level of control for the access to certain resources by applications in Windows Vista and Windows 7 operating systems can be changed by making adjustments via the user account control tool.
In addition, there are various ways to expand the operating system resources which may be required for the performance of various antivirus application functions. One of these ways is installing system update packs.
Therefore, in the case where the execution of some antivirus application module was prevented or made impossible due to lack of access to the operating system's resources required for the execution of the module, and then the required resource later becomes accessible, then the security provided by the antivirus application will be in a reduced state relative to what could be provided knowing the antivirus application could be made more full-featured.
It should also be noted that, in addition to the dependence of the functions performed by the antivirus application on the availability of access to the resources provided by the operating system or software, the functions performed by an antivirus application also depend on the availability of access to hardware components of the device on which the antivirus application is installed. For example, if, on a personal computer, the devices designed to perform network connections (such as a network card or a wi-fi adapter) are absent or disabled, then the performance of the antivirus functions related to the network connection will be meaningless. Another example can be a disconnection of the cellular radio module (e.g., GSM, CDMA, or the like) in a mobile phone, rendering meaningless the functions of filtering SMS and MMS messages, as well as incoming calls (these functions are often included in the set of functions performed by antivirus applications designed to work on smartphones). In this case, the possibility of accessing the device's hardware components can change as they are turned on and off, such as when using a mobile device's “airplane mode.”
Adjustment of security functionality to meet the needs of variable system configurations is generally well-known. For example, antivirus applications running on personal computers interface with the operating system to detect the addition of new hardware components, such as a flash drive, for example, and offer to scan the device.
In U.S. Pat. App. Pub. No. 2006/0112416, a technique for applying security policies associated with particular device configurations is disclosed. A device configuration is determined, stored, and monitored for changes. Based on the detected device configuration, a security policy is obtained. A configuration change detection unit detects changes in configuration, and if any changes are detected, security functionality is adjusted to apply the proper security policy for the detected configuration. This approach is focused on ensuring that sufficiently robust security policies are provided for given system configurations. However, it does not address the possibility that a given system configuration can remain unchanged while access to various computing resources can be varied. For instance, certain security functionality could remain enabled even though there may be no use for it or even though it cannot properly be executed due to certain access restrictions, resulting in needless allocation of resources to support those security functionalities.
A solution is needed to provide improved efficiency while ensuring proper effectiveness of security functionality in an environment where accessibility to computing resources can vary.