1. Field of the Invention
This invention pertains in general to computer security and in particular to reducing the size of definition packages used to detect malicious software.
2. Description of the Related Art
Users of modern electronic devices face a wide variety of threats. For example, innocent-looking websites can surreptitiously hide malicious software (malware) such as computer viruses, worms, Trojan horse programs, spyware, adware, and crimeware in files downloaded from the websites. The malware can capture important information such as logins, passwords, bank account identifiers, and credit card numbers. Similarly, malware can provide hidden interfaces that allow the attacker to access and control the compromised device, or that cause the compromised device to malfunction.
Security software protects electronic devices by detecting and remediating malware. One way to detect malware is through the use of malware definitions. A malware definition describes characteristics of particular type of known malware. Typically, malware definitions are generated by the provider of the security software and are deployed to the electronic device. The security software on the electronic device uses the deployed malware definitions to scan the device for malware.
The security software provider must deploy many malware definitions to the electronic devices in order to provide protection against the many different malware threats. Deploying the malware definitions to a large number of electronic devices consumes a significant amount of computing resources. For example, deploying the malware definitions consumes a significant amount of network bandwidth. In addition, the malware definitions consume a large amount of memory on the electronic devices.