Microsoft Patents 'Proactive' Virus Protection

An anonymous reader writes "InfoWeek blogger Alex Wolfe wonders whether Microsoft will go after McAfee, Symantec, Trend Micro, and Kaspersky for software royalties for proactive virus protection software. The technique enables security software to protect a PC against malware which isn't yet in the antivirus definition file, by comparing whether the new malware is similar to an old virus. Wolfe reports that Microsoft has been awarded U.S. patent 7,376,970 for "System and method for proactive computer virus protection," but that McAfee, Symantec, Trend Micro, and Kaspersky have all been selling products implementing proactive virus protection for years before Microsoft even filed for the patent. Writes Wolfe: "One often wonders about software patents. I sure wonder about this one. I also wonder whether McAfee, Symantec, Trend Micro, and Kaspersky are also going to be hearing from their friends in Redmond real soon"."

IBM, some years ago

[StCredZero]

I remember seeing something from IBM research some years ago on this. But a Google Search on "proactive virus protection" turns up a reference from 2001 and another from 2004 soon after.

Re:Might not be a totally bad patent?

Actually, antivirus software already uses a sandbox technique exactly as described. That's one reason software takes longer to load with A/V software; first, it runs the executable in the "virtual machine" (sandbox). If it checks out, it runs normally. This is ancient in terms of technology, and not novel.

I seem to recall

[confused+one]

that the old IBM anti-virus from over a decade ago used an adaptive pre-emptive algorithm.

Wrong question

[booch]

The question being asked in the article/summary is "are the competitors using proactive computer virus protection?" But the question should be "are the competitors using this method of proactive computer virus protection?"

People seem to get really worked up about patents, while seemingly not understanding how the system works. The patent does not cover all methods of proactive computer virus protection -- it covers one method.

For some historically REALY old Prior Art

[DrYak]

There a nice page about the history of ThunderByte AntiVirus (TBAV), which pioneered heuristic detection of polymorphic viruses, at a time when most of the other Antivirus were purely signature based (well. mostly. there also have been antivirus using regular expressions as signature, in order to handle some degree of polymorphism).

This specific antivirus was started in 1988, more than 15 years before Microsoft submited its patent (2004).
I think here microsoft broke a new world record.

(engine paper)

[DrYak]

Paper about TBAV's engine linked on the page I mentioned above.

Patent Lawyer Job Security Programme

[Doc+Ruby]

The current patent system works like this: most claims are granted. Any initial challenge in court merely establishes the evidence, and is tried by judges without any expertise in either patents or the technology being patented. Only in the appeals court is any real judgement exercised. By which time the process has cost big money, usually millions of dollars, and years of uncertainty in collecting revenue from sales of the invention.

So only the rich, who can afford to pay their way through those risky years, get anything like their due process.

Patents are a monopoly. Obtaining one from the government should require the applicant to prove beyond a reasonable doubt that their patent is necessary "to promote the progress of science and the useful arts", the only Constitutional basis for these monopolies. That argument should require the applicant to produce evidence of an exhaustive search of prior art, not just launch a "submarine" claim and wait for it to torpedo some prior artist who then must go through the process at their expense. They should also produce similarly supported evidence of the other requirements, such as novelty and utility. If thatevidence is shown to be incomplete, the Patent Office should reject the application, with a fee that actually covers processing it, plus probably a fine for wasting the public's time and clogging its offices. If that evidence is shown to be fraudulent, like when the applicant is proven to have hidden ignored evidence of disqualifying facts, the applicant should be charged with attempting to create an illegitimate monopoly, as well as with practicing the fraud. The applicant should even have to prove the case that their specific invention promotes science or useful arts only with patent protection, and disprove the progress in science or the useful arts possible without the patent.

Getting a patent should be hard. It should be a cost of doing business. The upfront process should put the burden on the applicant. The patent should not be the asset, but should be only that occasional compromise with both free expression and modern economics that requires a temporary monopoly to protect progress (not necessarily the inventor) from predatory competition which doesn't invent, but simply outspends inventors to exploit a known invention. When that gotcha doesn't actually impede progress, the patent isn't necessary, and should never be granted.

John Hardin's Sanitizer

[flyingfsck]

The procmail based email sanitizer has been around since some time before the dinosaurs: http://www.impsec.org/email-tools/procmail-security.html It detects known and unknown viruses.