Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Patents Multiple File Area Virus Scanning

Posted by Zonk on from the kind-of-a-broad-area dept.

DigitumDei writes "Symantec announced on Wednesday that it has aquired a new patent (United States Patent - 6,851,057) titled "Data driven detection of viruses". Symantec has declined to comment on whether it will pursue litigation. Symantec's director of intellectual property Michael Schallop stated : 'We don't generally discuss how we will leverage this patent against competitors or others,'." From the article: "[The patent] could refer to any technology that allows antivirus researchers or antivirus products to use scripting to determine, dynamically, where in a file to scan and detect threats. It could also include the use of Javascript or other common scripting languages to direct antivirus scanning..."

6 of 226 comments (clear)

  1. Rediculous by adennis · · Score: 5, Insightful

    The U.S. is granting too many patents for too broad of topics. It's coming to a point where even new things can't be created simply because a patent exists that, not only covers part of the new invention, but the entire GENRE of the invention.

    They need to reform the patent law before it gets even more out of hand than it already is... Up next: a patent for "any process whereas pages of paper are bound together.."

  2. Obvious by MrMickS · · Score: 5, Interesting

    Finding out whether a file is infected by a virus is a case of looking at the file and seeing if that virus signature is present in the file. This is likely to be done by a program as its easier. These chunks of virus code will live in different places dependent on the type of file being effected. This is all obvious. Surely this patent isn't worth a damn as it can be challenged as such.

    --
    You may think me a tired, old, cynic. I'd have to disagree about the tired bit.
  3. Patent by cyriustek · · Score: 5, Interesting

    I fully support companies retaining ownership of their intellectual property. However, how granular do we go. This is remincient of e-commerce being patented. If we follow old patent laws, we will surely stifle creativity. In contrast, if we do not have patents, we will likely stifle creativity since no one can claim ownership to their idea and profit accordingly.

  4. Re:Awesome! by damian+cosmas · · Score: 5, Insightful

    Patents encourage innovation in a quite simple and straightforward manner, by providing financial incentive to innovate. If you invent something, you can exclusively profit from it for a period of time. Otherwise, those with more marketing power (or anyone capable of making a ripoff of your software/device/drug/&c.) can flood the market with copies of your invention, in which case you make no money and you and your family die of starvation. Dead inventors stifle innovation.

  5. Lots of prior art on this patent by oldfogie · · Score: 5, Informative
    FWIW, I am an (ex-)anti-virus author, and I actually looked at this patent.

    First, the person who wrote the text should be shot... it's worded to be as confusing as possible, so that even an expert in the field can't readily tell what is being covered in the patent.

    Next, from what I can tell, the patent seems to cover 3 main points (in various flavors, to come up with their 20 points):
    1) We don't just scan for strings, we take into consieration what sort of virus it might be, and only scan in the appropriate place.
    2) We have a "scripting language" that can direct the virus scan.
    3) We can emulate a "virus target" and see if the virus goes for it.
    All of these points were done years ago. The first two points were "state of the art" as of 1990. The product I worked on (name withheld for various reasons. Sorry about that...) was, at the time, unlike the other virus scanners out there. It used "precision scanning" in which the nature of the virus being scanned for was taken into account, and was scanned for ONLY AT THE LOCATION AT WHICH THE INFECTION WOULD OCCUR. This was a major differentiation from the "bulk scanners" (i.e. run the entire file through a string filter that contains all virus signatures, and see if there are any matches. As a trivia note, "bulk scanners" are why all anti-virus scanners use encrypted (in some trivial way) virus signatures -- so that a virus scanner would not be identified as an infected file by another virus scanner, or even by itself!) that all other major anti-virus vendors used.

    Also, the virus scanner I wrote included a scripting language so that users could add their own virus scan and remove definitions.

    As for emulating a virus target and seeing if the virus "bites", that is also old hat. While a commercial product was never introduced, a lab prototype was publically demonstrated in 1996, in which files under examination were interpreted in a virtual 80x86 environment, including OS and file system, both to see if they did anything suspicious, and to see if they "tagged along" on "provocative" system calls.

    And, yes, I still have my old code sitting around. It would be a pity if someone suddenly showed it to Symantec or the patent office...
  6. Re:Awesome! by frankie · · Score: 5, Insightful
    That's an excellent explanation of the THEORY of patents. The REALITY is that:
    1. patent examiners are rated and promoted based on volume
    2. it takes more work to deny a patent than accept it
    3. patent applications have accelerated through the roof
    4. trivial, obvious patents are granted every week
    5. it has been over 50 years since SCOTUS properly slapped down USPTO for doing so
    6. such patents are used to STIFLE competition and innovation rather than spur it