"So - logically - the solution is to observer BEHAVIOUR of the code during it's operation at all times. What does it normally interact with (processes & threads, other code, registry values, open application ports) and then BASELINE this as acceptable. Then if the code DEVIATE from this - by calling code it does not normally use, or making calls that are outside of the baseline, then QUARANTINE it."
And if its behavior is NORMALLY random or scatterbrained, such that you CAN'T find a baseline pattern (which could distinctly be possible as more code is multi-threaded and multi-tasking)?
Biting the hand that feeds IT
