The invention relates to systems and methods for protecting computer systems from malware.
Malicious software, also known as malware, affects a great number of computer systems worldwide. In its many forms such as computer viruses, worms, rootkits, and spyware, malware presents a serious risk to millions of computer users, making them vulnerable to loss of data and sensitive information, identity theft, and loss of productivity, among others.
Security software may be used to detect malware infecting a user's computer system, and additionally to remove or stop the execution of such malware. Several malware-detection techniques are known in the art. Some rely on matching a fragment of code of the malware agent to a library of malware-indicative signatures. Other conventional methods detect a set of malware-indicative behaviors of the malware agent.
To evade detection and/or undermine the operation of security software, some malware agents employ obfuscation techniques, such as encrypting their code, or using slightly different code versions on each infected computer system (polymorphism). Other exemplary detection avoidance methods divide malicious activities into several actions, each action performed by a separate agent, possibly with a time delay. In other examples, malware may try to actively attack and disable the security software, for instance by using privilege escalation and/or by overwriting the security software's code.
To keep up with a rapidly changing set of malware threats, there is a strong interest in developing robust and scalable anti-malware solutions.