Software is identified while in main memory by examining small portions of its executable image or by examining the results of its execution. These portions, or an encoding of them, are then compared with previously stored identifying information about at least one Software through an approximate matching process.