Cohen proved that there was no algorithm that can perfectly detect all possible viruses. Malicious Code Detection and Prevention Model (MCDPM) is a behavior-based malicious code detection mechanism, and its purpose is to get rid of the limitation of Cohen's findings. MCDPM disassembles program behaviors into virtual behavior parts and actual behavior parts, and monitors the virtual behaviors as well as the results of these behaviors. MCDPM determines whether an executable is malicious by analyzing the virtual behaviors of a program. Since the determination is made upon unchangeable program behaviors, it has a low false positive rate and a low false negative rate as well. To those non-malicious programs, MCDPM will perform their behavior results really taken place in the platform by the actual behavior function, so that the consistency of system is assured. MCDPM is effective in detecting unknown malicious codes, and it also supplies an accurate approach to clean the viruses in the system. MCDPM can also be used to provide the assurance to the transitive trust mechanism in trusted computing platform technology.