As ever more sophisticated techniques are employed to enable malware to evade detection by security routines employed to detect malware, the techniques required to detect malware must consume ever greater processing and/or storage resources. As a result, an increasing proportion of processing and/or storage resources of processing devices must be diverted to detect malware and away from performing the functions for which those processing devices were originally acquired.
By way of example, commonplace pieces of malware increasingly make use of various byte packing techniques, including data compression techniques, to make it harder for security routines to identify those pieces of malware through use of known signatures, such as particular combinations of instructions that may be unique to pieces of malware. To make use of known signatures with packed pieces of malware, unpacking of those pieces of malware must first be performed, which may consume much of the available processing and/or storage resources of a processing device.