1. Field of the Invention
The present invention relates generally to computer systems. More particularly, the present invention relates to a method and apparatus for behavioral detection of malware in a computer system.
2. Description of the Related Art
Consumers and businesses increasingly rely on computers to store sensitive data. Consequently, malicious programmers seem to continually increase their efforts to gain illegitimate control and access to others' computers and sensitive data. Such malicious programmers continue to create viruses, Trojan horses, worms, and like type programs meant to compromise computer systems and sensitive data belonging to others. These malicious programs are often generally referred to as “malware”.
Security software companies are combating the growing tide of malware by developing various client security products, such as anti-virus, anti-spyware, or other types of anti-malware products. Many anti-malware products are subscription-based in that users periodically pay subscription fees for the right to keep the products up-to-date with the latest detection capabilities. Once a user subscribes to a product, the product may periodically download new detection information over the Internet, such as virus definitions. Some malware threats may attempt to exploit this subscription model by modifying a computer's system clock. For example, a threat may attempt to change the year of the system clock in order to trick the security product to expire. If the security product is expired, the product will not download new detection information and may fail to adequately protect the computer against malware. In another example, a threat may change the system time in an attempt to trick the security product to believe it has up-to-date detection information, when in fact the product is using older possibly out-of-date detection information.
Accordingly, there exists a need in the art for a method and apparatus for behavioral detection of malware in a computer system that overcomes the aforementioned advantages.