The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
As attempts to compromise security of computer networks become more and more sophisticated, methods of infecting data files with malicious code also have become more complex. Computers are usually protected at an edge of a network by specialized appliances such as firewalls. However, many firewalls have been ineffective in protecting the network from virus and worm penetration. Firewalls may be configured to detect computer viruses which have already penetrated a network. For example, some firewalls may be configured to detect that a suspicious activity is taking place in the network, and subsequently transmit notifications about the activity to technicians who may take actions to minimize consequences of the suspicious activity. Upon receiving the notifications, the technicians may for example, scan files stored on the network's devices, or change access passwords for the files. However, by then, the network is at least partially compromised. Better techniques for computer security in this context are needed.