Along with development of the Internet, more and more users are used to searching and downloading resources of their interest from the Internet. However, while providing convenience for the users, the Internet also provides a propagation environment for malicious programs such as computer virus and Trojan virus. Producers or propagators of malicious programs often disguise the malicious programs as other resources, or hide and entrain the malicious programs in other resource packets. If other users download such resources into the computer, the computer is very easily infected by virus or Trojan so as to result in various undesirable consequences.
In order to improve the security of a computer system, a majority of users choose to install anti-virus software in the computer. The anti-virus software generally has a real-time monitoring function, the basic principle of which is to perform feature matching between the data to be written into the local computer and the features in a virus database or Trojan database of the anti-virus software, and to refrain the data from being further saved to the local computer if the data is judged to be virus or Trojan.
The real-time monitoring function of current anti-virus software may effectively prevent malicious programs in the network from entering and staying in the local computer and from further propagation. However, this manner still has some drawbacks. Since comparison between data and features will be performed, it is usually necessary to completely download the data into the local computer before performing a detection. The anti-virus software may remove the virus before the malicious programs run, but the downloading has already been done at this time, so the user's efforts and time are still wasted and the network bandwidth resource is occupied uselessly. As the size of the resource to be downloaded increases, this problem will become more obvious.