A method, software, and computer system for defending against virus attacks is described. Assume that a computer system receives an instruction to run an executable file. Before the computer system runs the executable file, the computer system determines if the executable file is certified to run on the computer system. If the executable file is not certified, then the computer system prevents the executable file from running. If the executable file is certified, then the computer system determines if the executable file has been modified since being certified. If the executable file has been modified, then the computer system prevents the executable file from running. If the executable file has been certified and has not been modified, then the computer system runs the executable file. Because many viruses are included in executable files, virus attacks may be prevented by requiring executable files to be certified before they can run.