Slashdot Mirror
Symantec Patents Multiple File Area Virus Scanning
DigitumDei writes "Symantec announced on Wednesday that it has aquired a new patent (United States Patent - 6,851,057) titled "Data driven detection of viruses". Symantec has declined to comment on whether it will pursue litigation. Symantec's director of intellectual property Michael Schallop stated : 'We don't generally discuss how we will leverage this patent against competitors or others,'." From the article: "[The patent] could refer to any technology that allows antivirus researchers or antivirus products to use scripting to determine, dynamically, where in a file to scan and detect threats. It could also include the use of Javascript or other common scripting languages to direct antivirus scanning..."
Here we go again... just another one of those slashdot posts about how the patent system is clearly flawed... Even I can't help ranting about it! Patents are granted to everybody who applies, and it's just left up to the courts to decide if it's valid or not.
...patents *do* have a place, they're just mis-used (and the system's broken). If a small developer could get a patent for $20, but then the next patent cost $40 and then $80 and so on, it would really discourage people from getting tons of patents. ...just a thought (I'm sure it's been suggested before...)
Companies just amass huge patent libraries. Hm... there should really be an exponential cost increase with each patent the company owns. That would prevent big companies from getting thousands and thousands of useless unenforcable patents.
I store my recipes online (the way nature intended)
Symantec deserves to profit from their hard won intellectual property. The investors and employees of Symantec have taken enormous financial risks by investing in this business. There was a high probability of failure when they started. Now the public has benefitted from having their anti-virus tools protecting their computers and the Symantec investors have been rewarded for investing in a long shot.
Well I'm going to patent the use of the term patent. Anyone going for, or trying to obtain a patent must pay me royalties ... 1 case of beer ought to do it.
before anyone starts frothing at the mouth and gives the usual /. response of "What? Someone got a patent? Kill! Kill! Kill!", please read claims 1, 8 and 14 (the independent claims).
Similar to the upcoming US election results
Will this help them write more Viri per year?
A psychopath can't tell the difference between right and wrong. A sociopath knows the difference - he just doesn't care.
I love how patents encourage innovation. Now Symantec will be able to lock up the market and really innovate some cool stuff!
The U.S. is granting too many patents for too broad of topics. It's coming to a point where even new things can't be created simply because a patent exists that, not only covers part of the new invention, but the entire GENRE of the invention.
They need to reform the patent law before it gets even more out of hand than it already is... Up next: a patent for "any process whereas pages of paper are bound together.."
Finding out whether a file is infected by a virus is a case of looking at the file and seeing if that virus signature is present in the file. This is likely to be done by a program as its easier. These chunks of virus code will live in different places dependent on the type of file being effected. This is all obvious. Surely this patent isn't worth a damn as it can be challenged as such.
You may think me a tired, old, cynic. I'd have to disagree about the tired bit.
It is not the responsibility of the Federal Government to
A)Protect your business model.
B)Ensure you can "pay back your investors for a long shot" This patent is bullshit, it's like EA, just eliminate all competition, then what incentive is there to change or improve? None, slap 2006 on it and ship it. I want a patent on "Exchanging Oxygen for Carbon Dioxide utilizing organic muscle structures", and sue everyone who breathes.
I hate sigs.
I fully support companies retaining ownership of their intellectual property. However, how granular do we go. This is remincient of e-commerce being patented. If we follow old patent laws, we will surely stifle creativity. In contrast, if we do not have patents, we will likely stifle creativity since no one can claim ownership to their idea and profit accordingly.
"We don't generally discuss how we will leverage this patent against competitors or others"
Wow, no kidding.. I wonder if it has anything to do with not wanting to say "we intend to use this patent whenever we feel an antivirus competitor is becoming more successful than us, or when we need some money badly".
Beware: In C++, your friends can see your privates!
I can not wait for someone to file a patent for a virus, when the US patent office can accept this then they are sure to accept that too.
Spammers are suing those who filter their crap away, next thing we know virus authors are suing anti-virus vendors... it is truely a brave new world.
9/11: Never forget it was a false-flag operation
They talk about litigation at the time of acquisition? Just how "non-obvious" is this thing, that everyopne's already using it? What's next, litigation starting at the day of patent application?
Oh, and for those who say OSS projects "can just code around it": try writing a program that scans files for viruses without using the protected "Method of scanning a file for viruses".
I know, not quite what they patented, but it'll come to that, mark my words! You cannot write around patents that completely cover the results you're trying to achieve.
Why do American corproate idiots insist on saying 'leverage' when they mean 'use'? It sounds so lame.
I say Symantec should just patent viruses and charge royalty fees on whoever decides to make them.
Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
""Data driven detection of viruses". "
how else are you going to detect them?
Symantec, the Microsoft of anti-virus software? Really, I think someone should develop an open-source antivirus product so all the windows users would have an alternative to these products produced by idiotic companies.
to use scripting to determine, dynamically, where in a file to scan and detect threats.
1.) the term "dynamically" covers quite a lot, doesn't it? that ranges from "reading from the virus database at runtime" to "incredible advanced AI"
2.) so, will this patent cover all embedded scripting languages in virus scanner software?
maybe this is a novel concept and worth protecting (although i doubt it), but all in all i am very critical of patents threatening to push obvious solutions into illegality! "obvious" is certainly a very subjective classification as good and novel ideas go into the mainstream after some time and seem natural (cookies for example). but shouldn't "abstract" patterns be a little more specific than just "dynamically by scripting choose an area to scan"? there can't possibly have gone much "research" into this and if the research yielded concrete results then maybe THOSE should be patented in a very restricting manner!
I think the immune system can claim it had this idea first.
I mean seriously scanning for virus useing a signature data base; who hasn't had this idea?
Technology, the cause of and solution to all of life's problems.
Now that Microsoft is getting into the anti-virus biz and presumably shipping it with the OS, Symantec knows its days are numbered.
Could someone give better summary claim by claim?
I'll provide the claims here to give a starting point. Let's try to actually see what's getting patented here and whether or not it really is novel.
I'd better get my patent on visual virus detection ASAP
If you write closed-source software, how would anyone prove your code infringes on a patent, unless they violate other laws and reverse engineer your program?
This issue is a bit more complicated than you think.
Actually, I take my previous comment back. This ~is~ a reasonable patent for Symantec. Go and actually read it. In it's entirety, it probably is non-obvious, and is a reasonable patent, though nothing particularly stellar.
It's especially not a problem because working around it doesn't look hard at all. You can do everything they do in the patent, for example, ommitting any intermediary code (P-Code), and you apparently wouldn't be violating it.
For that matter; the patent's main application is for files with multiple entry points and scanning specifically for polymorphic viruses using a scripting engine capable of handling different pieces of code off to different analysis engines and passing things around.
Again, not exactly brilliant, but probably a reasonable patent; also because it's probably not hard to code around.
I'd handle my workflow like fark.com, so this patent would come through as [OBVIOUS]
Another bad patent. A healthy market (including FOSS) for anti virus software is in everyone's interests. Imagine being forced into using junk from Symantec. Very nasty.
Slightly OT: What I'm wondering, is after doing a bit of research on software patents recently, I was struck by the amount of companies who have poor quality and notoriously weak products but have a vast library of (dodgy) patents, and companies with famously strong products who have very few or none. Personally I think that says rather a lot.
I just uninstalled and requested a refund of Norton Anti-virus 2005. The ***ed software would not activate itself. I've read about the software coninualy demanding to activate, but mine would never successfully activate. And as for support.... they wasted several days asking questions that I had answered in my original submission. They kept thinking that there was some firewall or proxy problem, which seems very unlikely given that I could extract the URL requested by the Anti-virus s/w from my squid logs and successfully request that same URL using a browser on the same machine. Plus there were no dropped packets reported in the logs or errors reported in the squid logs. Now they say that perhaps their own product (BIS ) is blocking the activation. Only problem -- I don't have NIS Lesson: Symantec has lost the plot with their activation.
The real "Libtards" are the Libertarians!
I'm moving to poland. I can handle the polish jokes any day over this software patent bullshit.
sig: Playfully doing something difficult, whether useful or not
That violates patent no. 649,343,280: "Any process that involves a process to do a thing."
What do I have to do to get a sig around here?! www.bearscanfly.org
I'm sure they're going to use it against other antivirus companies as well, but I'd bet money this was put in the works a while ago to protect Symantecs extremely lucrative virus protection business against being wiped away by Microsoft, who has been making noises about releasing its own virus software for a while now.
I wouldn't be surprised if Symantec refuses to allow Microsoft to obtain a license to the patent no matter how much money Micrsoft offers. One might hope tactics like this would convince businesses that software patents are a bad idea, but what they are more likely going to do is make businesses do more of the same so they can have simmilar dominance over this or that market segment.
Hell, this is even a really good reason to outsource software development to foreign coders. They aren't encumbered by software patents, and if you're only using the generated code internally, it's a lot harder to prove patent violations.
So if I patent virus can I take Symantec to court for reverse engineering?
-- This Sig has been scanned and is virus free!
Unix vendors like Red Hat, Sun, and Apple design their operating systems so as to render theoretical viral infection pretty difficult -- note how nobody has unleashed a virus on all the Linux servers.
It's only a matter of time until Microsoft builds basic antivirus functionality into Windows, which along with better design would run a lot of security companies out of business.
And DigitumDei doesn't.
Does that answer your question?
Microsoft should patent some of its security flaws, it could make a killing by licensing the ability to patch said flaws to anti-virus companies.
This comment does not represent the views or opinions of the user.
Maybe Microsoft could patent their virus vulnerabilities.
...when did Symantic's work on anti-virus detection begin? I know that IBM had a anti-virus lab at the T.J. Watson Research in 1989, so I would find it difficult to believe that Symantic's work predates this.
It's my firm belief that a "YGTBFKM" troll would make more of a positive contribution to /. than JonKatz ever did.
because
When is Symantic claiming that their work began?
I know for a fact that IBM had an anti-virus lab established in 1989 at the T.J. Watson Research Center in Yorktown Heights, NY. It was run by the now IBM Fellow (I believe) David Chess.
Symantic would be hard pressed to predate that.
Comments?
First, the person who wrote the text should be shot... it's worded to be as confusing as possible, so that even an expert in the field can't readily tell what is being covered in the patent.
Next, from what I can tell, the patent seems to cover 3 main points (in various flavors, to come up with their 20 points): All of these points were done years ago. The first two points were "state of the art" as of 1990. The product I worked on (name withheld for various reasons. Sorry about that...) was, at the time, unlike the other virus scanners out there. It used "precision scanning" in which the nature of the virus being scanned for was taken into account, and was scanned for ONLY AT THE LOCATION AT WHICH THE INFECTION WOULD OCCUR. This was a major differentiation from the "bulk scanners" (i.e. run the entire file through a string filter that contains all virus signatures, and see if there are any matches. As a trivia note, "bulk scanners" are why all anti-virus scanners use encrypted (in some trivial way) virus signatures -- so that a virus scanner would not be identified as an infected file by another virus scanner, or even by itself!) that all other major anti-virus vendors used.
Also, the virus scanner I wrote included a scripting language so that users could add their own virus scan and remove definitions.
As for emulating a virus target and seeing if the virus "bites", that is also old hat. While a commercial product was never introduced, a lab prototype was publically demonstrated in 1996, in which files under examination were interpreted in a virtual 80x86 environment, including OS and file system, both to see if they did anything suspicious, and to see if they "tagged along" on "provocative" system calls.
And, yes, I still have my old code sitting around. It would be a pity if someone suddenly showed it to Symantec or the patent office...
Spike: Buffy, you don't have the patent on bad relationships.
Buffy: Wouldn't it be cool if I did!
because you are not one of the editors buddies ?
What keeps me going is my inertia.
Now this sounds cool - I wonder how long it would take to patent the encryption used in a particular stealth virus and then be able to sue the AV companies for using it in their tools, as well as threaten them with the DMCA act into the bargain?
Sigh - if only there were all the hours in the day to do this kind of thing.
Argh! Start the riots! Symantec has patented all virus detection systems!
Get a grip, people.
If a job's not worth doing, it's not worth doing right.
This is patently ridiculous?
befuddled (noun) 1. Unable to create a pithy sig
Actually, the opposite is true. The bigger the company is, the more chances it has to acquire and abuse patents, killing all its competition.
So much for the myth of the "nice little company" that Symantec is. I still remember the days when Peter Norton was a figure of innovation. But then again so was Mr eBill. All companies are the same, they all need to make profits and they will kill if necessary to get them. And if they don't, the financial community bureaucracy will.
Lets say I create a few seperate systems, one scans a stream of data for a match say a header on a tape.
I'll call this grep --file
another system finds blocks of data 'signatures' that I want to match.
I'll call this grep -o
A third lists all the files on my filing system.
I'll call this file.
So, symantic has patented a system where grep --file , grep -o and file cannot be used together if your looking for virus signatures.
(maybe with a little winedump and gzip thrown in for good measure).
There's something called 'Abstraction,
Filtration, Comparison',, applied in this case you would end up with nothing.
thank God the internet isn't a human right.
You're wrong. Symantec is in the business of selling computer security products and services, if they don't develop and maintain these things to detect current threats then they don't maintain their market position and don't eat. Patents have nothing to do with it nor provide any particular financial incentive, what it does let them do is block competitors, increasing costs to the end user in the process!
While talking to my boss Chris about how Mcafee patented the firewall a few weeks back He made the point: "Do you think the guy who awarded the patent even know what a firewall is?" I think the point still stands.
Behold, another webcomic!
We cannot fight patents directly, so we will need to attack its foundation directly: boycott capitalism now!
stop using money altogether!! pay your food by coding free software that purposedly infringes on patents!!
here's the plan: with wireless access going ubiquitous and sourceforge.net, all you need is an old pentium laptop (you can find one at the nearest dumpster) with a wireless adapter, a cord to recharge the laptop at the local shelter and a cardboard box to live in!
now NOBODY can sue you for patent infringement, even GWB, since you aren't making any money and have nothing anyway!
but the fun part is that while you infringe on the patents you can send hundreds of threatening emails to the respective patent holders saying that if they don't enforce the patent, they will automatically lose them etc! you will be safe, since the lawyers won't be able to find you since they cannot approach the 3-mile radius of where you live because of the stench!
Yup, more patent crap.
As I said lately, I can't wait till some company patents a list of sentences. Then they will sue the heck out of anybody who has used, uses or will use these sentences in any book, article, speech or whatever. Dear Lord, poor world we live in.
... we just bought the binaries from an offshore supplier and they didn't give us the source code...
I wouldn't be surprised if Symantec refuses to allow Microsoft to obtain a license to the patent no matter how much money Micrsoft offers.
It is unwise for a publicly traded company such as SYMC to refuse to offer a license at any price, as such behavior opens the company to hostile takeovers.
That title seems kind of vague. Isn't that how all virus scanners work?
Using Visual Basic to detect viruses? *head explodes*
How about open source organizations such as OSDL, GNU, FSF, and yes even OSTG start patenting any and all ideas, algorithms, business practices, etc and start "leveraging" that intellectual property?
It looks like our broken patent system is here to stay, so why not play the game?
Why would a virus author not be able to claim copyright protection? What would happen if you engineered a virus that could only be removed using a certain technique then patented the technique and sued grandma for running a virus scanner?
The patent system is not broken, being broken implies it can be fixed. The patent system would be better though off as a terminal mental ailment.
I use AVG. Will this affect the product? I think the free AVG is great and nobody should come near them.
This is my sig. There are thousands more, but this one is mine.
I have just submitted a patent for "Method of sending information in the form of ion fluxes generating electrical impulses across a semi-permeable barrier, over the phrenic nerve". As soon as it gets approved, anyone who wants to breathe will have to purchase a license from me. Prior art you say? There's no proof, and even if there is - the USPTO won't care. Muhahahaha!
I hadn't known there were so many idiots in the world until I started using the Internet -Stanislaw Lem
I disagree, all they've done is change their virus definition (a series of tokens in some format) to pseudo code (a different series of tokens in some other format with program like qualities).
I presume the other virus programs already use IF and LOOP tokens to handle polymorphism of virus's because polymorphism is already detected by other companies products.
What interests me, is that if this was a patent for a Spinning Jenny we would *know* if there is prior art from looking at the previous machines and I wouldn't have to 'presume' anything.
But because this is software we have to guess whether other companies use programming constructs like IF and LOOP in their virus definition files that would qualify as the use of P-Code in virus detectors.
I also wonder if they need the patent to protect that idea, if they don't document the virus file format who would know?
Seems to me if they didn't disclose it and it was a real invention then they would have plenty of opportunity to make money from it.
Its like patents are being used as a fight mechanism..... and Symantic has hit out with a left patent hook, meanwhile McAfee strikes with a sneaky undercut design patent.....
rather than a mechanism to reward invention.
Instead of doing the impossible, it would be smarter to patent taxes on various stuff.
But of course you'd need to write it in different words..
so when government want to start puttinx taxes on taxes (we have that sort of thing here!!!) you can just shove up the patent in their faces =)
why they just don't patent the virus?
100% of windows computers have virus, so they can sue anyone that uses windows and don't have a license for the viruses.
They could outcame bill gates fortune since most computers would require an average 200 liceses each.
It won't be long before virus writers scan patent databases and actively target patented detection techniques. Why? Because unless everybody uses the same virus scanner or licenses that code, it'll be a free for all. Clamwin may be targeted first. I have a feeling that in a few years a lot of collaborative software development will go underground.
What if Digg added local news and a Slashdot inspired comment karma system? ---
http://houndwire.com
In the software industry, "financial incentive to innovate" is totally unnecessary. Innovation is occurring at a break-neck pace (and has been for decades). This is *in spite of*, not because of, the patent system. Software patents are unnecessary to encourage innovation. Instead, they just make it more dangerous for the real innovators, for as soon as they start to compete with the big boys, they might be sued into oblivion by a large stagnant corporation with an arsenal of mostly-kinda-valid patents.
Microsoft patented hundreds (thousands?) of software gizmos last year. I bet as many as half of those patents are bogus. But to prove one was bogus, would cost you hundreds of thousands of dollars in court (and you still might lose).
The system is BROKEN.
...makes my head spin in confusion. Do we hate Symantec now?
I'm not good in groups. It's difficult to work in a group when you're omnipotent. - Q
contented Linux user... who gets to enjoy all his CPU cycles... :)
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
That's true of the other areas Microsoft has moved into. MS' own product offerings are never spectacularly great compared to the competition. MS' forte has always been commoditizing a very expensive piece of software. There are generally "good enough" for 80% of the populace that they feel no need for buying the better featured and generally more expensive one. Even less so if it comes as part of the OS or bundled (MS Works) with the computer.
Should we call them Symanterrorists now?
What they're doing is a form of terrorism that's sadly not illegal. In fact, it's terrorism through the legal system. It's "legal terrorism" in two meanings at once.
Dammit, Bush, if you want to fight a war against terrorism, fight one against legal terrorism too. We could use one.
I support the Center for Consumer Freedom
director of intellectual property
Kind of scary that they have a position for that.
Coder's Stone: The programming language quick ref for iPad
Given the reality of the US patent system, maybe the "patent pending" icon should read "patent granted"?
I can explanate how to administrate your network. You must configurate and segmentate it, so it can computate.
...until this becomes legal in Europe! I'm so glad that the government is there looking after me and my business.
"Symantec announced on Wednesday that it has aquired a new patent (United States Patent - 6,851,057) titled "Brain driven detection of burgulars". From the article: "[The patent] could refer to any technology that allows a homeowner to look around his house and detect the presence of a burgular." A Symantec spokesman noted that, "We value our intellectual property, and want homeowners to know that they can't simply use this technology without a license."
Why doesn't Symantec just patent the Polymorphic Virus? That way only they would be able to make them.
Havoc Video
I think software patents are lame!
.. the US has a headstart on many other nations in the software industry and other industries. With globalization and new upcoming countries like China and Europe, the US is trying to KILL the competition by maintaining its MONOPOLY.. by enforcing patents.
How can a baker make money without patenting bread you ask? Like they already do world wide!
Those who 'invent' it, already have a headstart. They can make great software products and exploit technology to the fullest to try and defend that and use their headstart to dominate the market.
Or should NCSA or whoever, have patented webbrowsers? Or Kazaa patent P2P concept? Or IBM the concept of 'a computer'? Where do you draw the line between something so general and something so specific?
Patents are quite expensive actually. If I had a good idea, but not good enough in my judgement to pay the money needed to patent it, I won't. Big companies can patent dozens and perhaps only make money on a few.
Software patents only serve to strengthen monopolies. Since money is no issue for large companies, it shouldn't be for small companies either..
Any idea how much patents cost? The whole process, the legal costs of defining the patent as well as the legal costs to litigate? Big companies all have a big advantage here, that discourage or destroy small companies, hurting technological development, advancement and healthy economy.
The reason why the US is pursuing software patents in Europe, is for that very reason only,
The best system is a system where "each individual can develop itself to its full potential, in order to serve mankind optimally". Communism failed in the first part, capitalism is failing in the latter. Patents support the interests of a few, denying it to many. Yes, without patents, there is still pleny of motivation to invent: our very urge to perfect our world, our headstart with having an idea first. Not ideas, but products should make money. Those who have the ideas, have a headstart and are allowed to do whatever it takes, technologically to prevent others from figuring it out. Copyright laws and laws should be enough. Products should not be copied, ideas are too abstract. Before you know it, we won't even be allowed to think certain thoughts anymore because they are patented.
Like I said, you don't need to patent bread to make money as a baker.
Since the competition is basically going to get sued ,they don't have to to write and release as many viruses as they did before to keep sales up.
The public good as seen by the beholder.
:-)
Knowledge transfer IS the public good. The patents provide YOU the opportunity to learn a considerable amount about technology being employed. They give YOU the opportunity to examine another's insight into how one 'solves' a 'problem'.
The reality of this static intellectual property documentation is that it is truly static and will remain collectively as an example of the thinking of the period. Go back and read the patents from the twenties and thirties then fold the page and read the patents form the late 1800's. It is most assuredly an eye opener when people hop on their high intellectual horse...
The meager protection a patent affords comes at significant cost to the innovators. The reaping the rewards form innovation is rare at the very best, at least that's the extrinsic take. The intrinsic rewards, on the flip side, makes it a very worthy process.
The biggest factor in gaining a patent is to use a nice sound bitey/buzz-wordy title to dress up the obvious. (eg. "data driven" vs "scripting" or "parameters").
That gets you the patent (more or less), but you still have to defend the patent on its substance.
These days, some of a patent's value is in using it to make a news release and create stock buzz as per SCO. If that's the case then any patent is fine even if it is bullshit.
Engineering is the art of compromise.
Sue the virus writters for patent infringment!
clever!
I know who I won't be buying my next virus tool from, currently I am using the 'common sense' virus scanner, it even detects viruses that no other system knows about, basically any bin file I don't trust!
hurrah.
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
It should be mentioned here that Polaroid has a patent on instant cameras, and to this day, no one else can make one. In fact, I remember futzing around with my parents' Kodak instant camera, and I remember Polaroid put a stop to Kodak's instant camera competition some time in my infancy/early childhood.
:)
Wonder how much that Kodak instant camera would be worth if it were still around? Damn kids!
This is actually quite similar to what has happened to copyright. The original idea was to *ENCOURAGE* innovation, but over the years the laws were rewritten by the publishers to stifle and prevent innovation, both by extending the term of copyright to ridiculous lengths, and by extending the notion of "derivative works" to its current obscene levels. Now it's almost impossible to come up with a "new" idea that someone can't make a copyright claim against. Again, the most viable option for the actual creator is to sell the idea to some company that has enough lawyers to support and defend the copyright--but the actual profits go to the companies, not the creators.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
"Good for Symantec", as long as you're using a virus open OS, you need to pay Symantec so they can pay investors, employees, Iam happy to know that one person likes being locked in by patents. While Symantec and the other one McAfee, make their *fair* profits for "their hard work", and this happens to raise the price of your isp cost, because Symantec wants more money for their new patent, then you will being paying double to Symantec hihi; and when that happens, will you still think so highly of them and their "hard work" ?.
The cost, pass it on !.