Several approaches exist for protecting a computer against malicious software (i.e., malware). In one approach, an antivirus application allows execution of all programs on the computer, but detects and blocks malicious programs. The detection of malware can be done via a search for the signature of the malware in one of the antivirus databases, heuristic analysis, behavioral patterns analysis, proactive protection or other techniques. In another approach, only trusted programs are allowed to run while being monitored, and untrusted software is completely blocked (for example, its execution is prohibited). This second approach for ensuring computer safety is often called the “default deny” protection mode.
Besides malicious programs, harm can also be done to a computer by all kinds of files containing unsafe scripts. The script files are typically executed by special programs known as interpreters, which understand the format and syntax of the script file and perform actions in the computer system as specified in these script files. The interpreter program, which also executes the script, may be trusted and will even be executed in “default deny” mode.
Antivirus applications must be adept in detecting malicious scripts in order to sensure safety of computer systems particularly those operating in “default deny” mode.