Introducing content from sources external to a computer or other processing system, exposes the computer or system to a variety of threats. Such content may be introduced by a variety of mechanisms, such as by downloading files from the Internet, or through introduction of the content through a machine-readable media, such as a networked computer, a CD or DVD or other optical drive, or a Flash memory “thumb” drive. In many instances, threatening code is disguised as content sought after by a user (e.g., images, music, video clips, etc.). Typically, such content is presumed to be both desired and safe. However, there is always a risk that the content will contain malicious code, including code conventionally known in the field by a number of names, including “viruses”, “worms”, “Trojan horses”, “spyware”, “adware”, and others. Such malicious code can have effects ranging from relatively benign, such as displaying messages on a screen, or taking control of limited functions of a device; to highly destructive, such as taking complete control of a device, running processes, transmitting and/or deleting files, etc. Thus, any assumption that desired content is safe leaves the system vulnerable to a user unwittingly executing threatening code when attempting to access the content assumed to be desired.
To address such vulnerabilities, security measures have been implemented to specifically address content downloaded or otherwise introduced to a system. In some such conventional systems, when downloading a file, the file is evaluated to determine if the file is of a type capable of hosting threatening code. If the file appears to be of a type that is potentially dangerous based on the evaluation, then the user is notified. However, identification of files as potentially dangerous based on file type may lead to spurious warnings displayed to a user, for example, who has purposefully downloaded an application. The proliferation of spurious warnings essentially eliminates the effectiveness of the warnings since users typically begin to disregard the warnings.
Warnings may also be ignored by users if the warnings fail to convey meaningful information. For instance, information about embedded files (e.g., archived files, compressed files, archived and compressed files, etc.) may not be accessible for security analysis. Information about embedded files may not be available until extracted or removed from the containing file, or may not be available until other data or information is available. Hence, a generic warning is displayed. A user typically dismisses the generic warning since there is no indication as to character of the containing file or embedded files. Dismissal of the generic warning is a security vulnerability since the user will likely access the file at a later date. This security vulnerability can be exploited since the user will likely have forgotten about the dismissed generic warning when activating the file at the later date. Accordingly, a technique for providing meaningful security, with minimal impact to the user experience would be useful.