The most common method for detecting computer problems such as viruses or corrupted files is by “scanning”. This method involves searching files in a computer system for data signatures that are unique to the target. For example, a virus may be identified by a particular string of data. A typical virus scanner operates by loading a set of virus data signatures into memory and then sequentially scanning the host system files for the presence of these data signatures.
If a scan reveals the presence of a virus or corrupted files, any number of protocols may follow, usually beginning with the deletion of the unwelcome data. As with most aspects of data processing systems, the speed and accuracy at which such diagnostics are performed is critical, since it may take only milliseconds for a virus to cause damage of staggering proportions.
However, the number of computer viruses is continually growing. There are currently over 50,000 known computer viruses. As a result, the process of virus scanning is becoming more time consuming. For example, scanning a system with 20,000 files for a data set of 50,000 virus signatures would involve a total of one billion searches. Thus, the need to improve the efficiency of virus detection is greater than ever.
Currently, virus scanning is done in a linear fashion. In other words, scanning is performed as a single, step-wise process. This is because, until now, most viruses have infected computers with operating systems that do not support multitasking. For example, the Linux® operating system, which supports multitasking, has been more than 99% resistant to viruses because of its strong file system security.
However, new viruses have emerged that can now infect multitasking operating systems such as Linux®. In addition, the number of multitasking operating systems on the market is growing, most of which are susceptible to the new strains of computer viruses. For example, Windows CE® is a popular operating system that supports multitasking. Windows CE® is designed to run efficiently on mobile devices such as handheld personal data assistants, pocket computers and wireless phones. Currently, Windows CE® can support 32 simultaneous tasks.
Similarly, Windows 2000® is a new operating system that can support multitasking by utilizing and supporting multiple central processing units (CPUs). For example, Windows 2000® Datacenter Server is an operating system that can currently support up to 32 simultaneous processes on 32 separate CPUs.
As explained above, prior art diagnostic systems are limited to scanning in a linear fashion. Currently, the prior art has no provision for automatically and dynamically optimizing the efficiency of scanning based on the resources available to a data processing system (such as multitasking or available memory). As a result, the linear approach has two serious disadvantages.
First, when these prior art linear diagnostic routines are performed, one or more other operations are usually halted. This causes a substantial loss of productivity, especially when linear scanning operations fail to take advantage of all of the memory that may be available. In other words, system resources (such as memory) may be underutilized or even idle while the scanning is underway. This is especially troubling when other operations must halt and wait to use those resources that are already idle.
Second, linear scanning does not take advantage of multitasking operating systems in order to improve efficiency of scanning by creating multiple processes that run in parallel.