1. Technical Field
This invention relates to implementing a virus scan tool on a computer. More specifically, the invention relates to balancing between the requirements of scanning an object to detect a virus and maintaining efficient operation of a computing environment.
2. Description of the Prior Art
A computer virus is a self replicating piece of code or computer program written to alter the way a computer operates. For the most part, a virus is loaded into a computer without permission or knowledge of the user. Viruses can be intentionally destructive, e.g. destroy data or affect operating efficiency of a computer system, and others can be benign or merely annoying. Regardless of the intent of the virus, most computer users prefer to have a virus-free computer system.
One technique to protect a computer system against computer viruses and other undesirable software entities is to periodically scan the potentially infectable objects (e.g., applications, files, etc.) on the system for the presence of known viruses, or new viruses that are sufficiently similar to known viruses to be detected using available algorithms. However, this process can be time-consuming, especially as the size of computer systems and the number of known viruses increase.
More particularly, existing anti-virus software makes use of a large variety of algorithms to detect the presence of computer viruses and other undesirable software entities (hereinafter simply referred to as “viruses”.) As the size of a typical system increases, and the number and complexity of known viruses and the objects that they infect increases, the time required to check a typical system for viruses also increases. Various techniques for increasing the speed of these checks are known in the art. In general, most of these known techniques involve improved algorithms for deciding whether a given object contains a virus, independent of any information about the object other than its current contents.
Various techniques for increasing the speed of virus scanning are known in the art. One such technique uses a database to maintain information about the status of scanned objects at the time the last scan was performed, and then using that database to determine which objects are new, or have changed in significant ways, since the last scan. Scanning only these objects can significantly reduce the time taken to perform the scan. However, this technique is not effective when one or more new viruses have been added to the set being scanned for. That is, since the new viruses were not scanned for the last time, the fact that an object has not changed since the last scan cannot be taken as indicating that the object is free of a known virus. As new computer viruses continue to appear more and more frequently, and network connectivity makes it feasible to update the virus list more and more often, the effectiveness of these known techniques for increasing the speed of virus scanning can be expected to decline significantly.
As explained above, a scan of a computer system for a virus utilizes computer resources. Therefore, there is a need for a virus scan technique that effectively scans for a virus while mitigating utilization of computer resources. Such a technique should accommodate scanning changed and unchanged objects since the previous virus scan.