Abstract: A technique for detecting Trojans and worms within packed computer files uses fingerprint data derived from the unpacked resource data associated with the packed computer files. The number of entries, the position within the resource data and size of the resource that is the largest resource specified, a timestamp value of compilation and a checksum value derived from the whole of the resource data may be included within a fingerprint value as characteristic of a particular set of resource data. A library of such fingerprint values may be generated for known Trojans and worms, or other programs it is wished to detect, and then a suspect file compared against this library of fingerprints.

Abstract: Malware definition data for mobile computing devices 2 is generated from master malware definition data 44 by selecting those classes of malware threat to which the mobile computing device is vulnerable and then selecting the matching malware items from within the master malware definition data. A PC 6 to which the mobile computing device may be connected is responsible for downloading an updated version of the master malware definition data for its own use and generates appropriate mobile computing device malware definition data for transfer to the mobile computing device when it is connected to the PC. The scanner programs of both the PC and the mobile computing device may be similarly updated.

Abstract: When a user commands execution of a computer program to commence, a loader program 2 is first started. This loader program 2 reads an encrypted version of the computer program 6 and decrypts it using a public key. This generates an executable version of the computer program 9 which is written directly to the computer memory 8. When the loader program 2 has decrypted the whole of the computer program 9 it starts execution of the computer program 9 it has written into the computer memory 8 and terminates itself or is terminated by the computer program it started. The computer program 9 written into the computer memory 8 will be written into its own memory space and will have its own execution thread. The encryption used may be public key/private key encryption.

Abstract: Malware definition data for mobile computing devices 2 is generated from master malware definition data 44 by selecting those classes of malware threat to which the mobile computing device is vulnerable and then selecting the matching malware items from within the master malware definition data. A PC 6 to which the mobile computing device may be connected is responsible for downloading an updated version of the master malware definition data for its own use and generates appropriate mobile computing device malware definition data for transfer to the mobile computing device when it is connected to the PC. The scanner programs of both the PC and the mobile computing device may be similarly updated.

Abstract: When a user commands execution of a computer program to commence, a loader program 2 is first started. This loader program2 reads an encrypted version of the computer program 6 and decrypts it using a public key. This generates an executable version of the computer program 9 which is written directly to the computer memory 8. When the loader program 2 has decrypted the whole of the computer program 9 it starts execution of the computer program 9 it has written into the computer memory 8 and terminates itself or is terminated by the computer program it started. The computer program 9 written into the computer memory 8 will be written into its own memory space and will have its own execution thread. The encryption used may be public key/private key encryption.

Abstract: A technique for detecting Trojans and worms within packed computer files uses fingerprint data derived from the unpacked resource data associated with the packed computer files. The number of entries, the position within the resource data and size of the resource that is the largest resource specified, a timestamp value of compilation and a checksum value derived from the whole of the resource data may be included within a fingerprint value as characteristic of a particular set of resource data. A library of such fingerprint values may be generated for known Trojans and worms, or other programs it is wished to detect, and then a suspect file compared against this library of fingerprints.