Current anti-virus technology is designed to quarantine or disinfect files and data damaged or destroyed by a malicious software attack, such as a virus or worm, generally referred to herein as malware. However, reversing the damage requires knowledge about the malware that was used in the attack, such as the type of damage caused by a specific virus and instructions to reverse the damage. Obtaining such knowledge is a labor-intensive process, as anti-virus researchers must reverse engineer the specific virus and develop the instructions to reverse the damage, i.e., a signature to identify and remove the malware must be developed. Consequently, there is often a delay in obtaining the signatures necessary to repair the files and data affected by the attack. Moreover, the resulting repair may not cover variants of the malware, which require obtaining updated signatures. This is especially problematic, since the devices under attack are frequently personal computers of consumers that have not installed anti-virus software, or who have allowed their anti-virus subscriptions to lapse and, therefore, do not have updated signatures.
Malware sometimes opens a “back door” into the device under attack that can be exploited by other malware to further compromise the device. Because it is not always possible to know what other malware exploited the back door and installed itself, the device may be in an indeterminate state of infection, and the damage may not be easily repaired using signature-based removal.
Malware can also leave the device in a state in which the operating system files are no longer intact. This requires a recovery step to replace the damaged operating system files before attempting to repair the remaining damage.
In some cases, the damage caused by malware may be irreparable. For example, malware that propagates via file infectors can damage executables or user data in a non-reversible way, leaving the files infected or disabled. Malware can also maliciously delete files which existing anti-virus technology cannot restore.
These problems coupled with the speed with which malware can infect massive numbers of devices before being detected, as well as the prevalence of malware that can infiltrate process in such a way as to bypass existing anti-virus defenses, presents numerous challenges in defending against malware attacks.