The present invention discloses an improved information security system and method. A polymorphic engine is used to enhance the security features of a software application and the data generated by or made available to the application and/or the operating system. The polymorphic engine operates to randomly alter the standard executable code of the original application while preserving its functional characteristics. Each polymorphed instance of the application differs from any other instance of the same application in form only. Various other security features operate to protect the polymorphic engine itself and/or the polymorphed code generated therefrom. These other security features include: just-in-time instruction code decryption; virtual CPU instruction code pre-processing; call mutation; stack manipulation; secure hook-capture of device input; secure display device output; application level decryption of encrypted hardware data streams; and a dynamic, randomly configured graphical keypad interface.