Nowadays, antivirus software is widely used to detect virus programs for purpose of information security protection. More specifically, to avoid information from being stolen or ruined, computers are generally installed with antivirus software which has a virus database. The virus database is configured to record signatures of virus programs that are currently known. Thus, the antivirus software can detect files in a computer one by one by comparing the signatures of viruses with those of the files. If, according to the comparison result, a file is found to have the same signature as that of a virus, then the file is determined as a virus program.
However, with rapid and wide spread of the virus programs, updating of virus program signatures in virus databases of the antivirus software becomes inadequate to deal with the flooding virus programs. In other words, whether antivirus software is able to detect a virus program depends on comparison with a virus database, so if the virus database fails to obtain a signature of a new virus program in real time, a false determination would result from the comparison. On the other hand, as the volume of signatures stored in the virus database is expanding increasingly with the number of virus programs, continuous extension of the virus database on a general home computer or personal mobile device would lead to a lower operating speed or impose a burden on a device that has a small storage capacity.
In view of this, the so-called cloud computing has been adopted by some existing antivirus software. According to this solution, a virus database is stored in a remote server that has a strong computing power and a large storage capacity, and the server detects virus programs in terminals through a network connection. However, although this may alleviate the burden on the terminals, the problem that signature updating of the virus database falls much behind growth of virus programs still exists with this solution because detection of virus programs is still based on signatures stored in the virus database. Therefore, there is still a high risk of false determination regardless of whether the antivirus software uses a local virus database or a remote virus database for detection of virus programs, thus causing serious loopholes in terms of information security.
Accordingly, it is highly desirable in the art to provide a solution that can efficiently and completely detect virus programs in real time.