Personal computers and business computers are continually attacked by trojans, spyware, and adware, collectively referred to as “malware” or “pestware.” These types of programs generally act to gather information about a person or organization—often without the person or organization's knowledge. Some pestware is highly malicious. Other pestware is non-malicious but may cause issues with privacy or system performance. And yet other pestware is actually beneficial or wanted by the user. Wanted pestware is sometimes not characterized as “pestware” or “spyware.” But, unless specified otherwise, “pestware” as used herein refers to any program that collects and/or reports information about a person or an organization and any “watcher processes” related to the pestware.
Software is available to detect and remove some pestware, but many types of pestware are difficult to detect with typical techniques. For example, pestware may be obfuscated with encryption techniques so that a pestware file stored on a system hard drive may not be readily recognizable as a file that has spawned a pestware process. In yet other instances, pestware is known to be polymorphic in nature so as to change its code, data, size and/or its starting address in memory. In yet other instances, variants of known pestware are developed that alter relatively little of the functional aspects of the pestware, yet render the pestware undetectable.
Although present pestware-detection systems detect some or even most pestware, they are not sufficiently accurate or otherwise satisfactory. Accordingly, a system and method are needed to address the shortfalls of present technology and to provide other new and innovative features.