A method and system for identity verification of executable code includes a central computer that is in communication with a computer network. The central computer includes a database that is adapted to store and analyze a plurality of executable code signatures, including signatures of malicious, legitimate, those executable codes identity of which is being investigated and those that have not been received for an investigation. The client computer has monitoring software that is adapted to monitor potentially dangerous events, such as an attempt to send or receive data over the network, receiving an e-mail, creation of a new process and likes. Any executable code on the client's computer in the current system is assumed to be potentially dangerous unless its identity and intent has been determined. In operation, unique signatures that relate to potentially dangerous executable codes are received by the central computer. Upon receipt, the unique signatures are compared with the plurality of executable code signatures in the database. Any executable code signatures of which are not already in the database are forwarded to the central computer for investigation. Once a determination is made regarding the status of the unique executable code (i.e., is it legitimate or malicious) the central computer transmits a command regarding the disposition of the respective executable code.