Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Patents 'Proactive' Virus Protection

Posted by CmdrTaco on from the mine-mine-mine dept.

An anonymous reader writes "InfoWeek blogger Alex Wolfe wonders whether Microsoft will go after McAfee, Symantec, Trend Micro, and Kaspersky for software royalties for proactive virus protection software. The technique enables security software to protect a PC against malware which isn't yet in the antivirus definition file, by comparing whether the new malware is similar to an old virus. Wolfe reports that Microsoft has been awarded U.S. patent 7,376,970 for "System and method for proactive computer virus protection," but that McAfee, Symantec, Trend Micro, and Kaspersky have all been selling products implementing proactive virus protection for years before Microsoft even filed for the patent. Writes Wolfe: "One often wonders about software patents. I sure wonder about this one. I also wonder whether McAfee, Symantec, Trend Micro, and Kaspersky are also going to be hearing from their friends in Redmond real soon"."

18 of 169 comments (clear)

  1. Prior art by Dancindan84 · · Score: 4, Insightful

    If they get challenged prior art is obvious in this case and it wouldn't last 5 minutes if MS tried to extort them using it.

    --
    "Always forgive your enemies; nothing annoys them so much." - Oscar Wilde
    1. Re:Prior art by Anonymous Coward · · Score: 4, Insightful

      Actually I think that Microsoft SHOULD be banned from the Virus/Malware protection market.

      It is their DUTY to release that kind of thing FREE as they all deal with fixing their own products flaws.

    2. Re:Prior art by morgan_greywolf · · Score: 5, Insightful

      It is their DUTY to release that kind of thing FREE as they all deal with fixing their own products flaws.
      Or, more correctly, their software shouldn't be so exploitable.

      If Microsoft really wants to release a great OS product for Windows V8, they need stop worrying about vendor lock-in, "checklist features", DRM, eye candy, and other useless stuff that they focused on for Vista and focus all of their attention on making the OS secure. Start from the ground up if they need to.

      In the end, anti-virus protection should be more about system integrity checking and less about pattern matching for known viruses.

      Then again, they've never done that before, so why should we expect them to start now?
      --
      My blog
    3. Re:Prior art by zappepcs · · Score: 4, Insightful

      This problem with the patent system has been brought up many times before. Clerks without technical knowledge often let patents that shouldn't slip through. Sometimes patent trolls abuse this to extort companies into paying them royalties because it's either cheaper or because they don't have the money for the legal battle to fight it. This isn't one of those times. The prior art is obvious, the companies have the means to fight and probably would fight as it's part of their primary business model. I sort of agree, but I'm having EXTREME difficulty understanding how a patent inspector is put on this little project and somehow does NOT know about the prior art? WTF!

      If they don't know enough about computers to know how obvious the prior art is, WHY are the involved with computer software patent applications in the first place? Just how fscking incompetent is the USPTO? I can't see any other way to describe this but pure, unadulterated, and blatant incompetence.

      wow, just wow
      --
      Support NYCountryLawyer RIAA vs People
    4. Re:Prior art by Yogiz · · Score: 1, Insightful

      Bothering the user all the time does not make the System more secure. Quite the opposite. Users don't even bother to think anymore but just click 'Allow' for everything. Also you must not have read the actual security reports. Vista is no more secure then XP.

    5. Re:Prior art by Tikkun · · Score: 2, Insightful

      If the OS worked as promised they wouldn't have anyone to sell the upgrade to in 3-5 years.

  2. A plea by getto+man+d · · Score: 4, Insightful

    Before this discussion turns into a patent debate I just want to say that good code would do Microsoft so much more good than these forays outside of Windows.

    Please, just please focus on the consumer again and release something the world can appreciate or spend every last dime trying to strangle Linux/Apple/Google/anything innovative that isn't yours.

  3. Even ignoring the patent issues by solweil · · Score: 4, Insightful

    Even ignoring the patent issues, I thought that the current problem is that viruses use encrypted payloads and redundant code to make sure they cannot be easily matched with known malware while retaining the same function. I don't see how this microsoft scheme, even if workable, will change the status quo.

  4. Anyone else remember... by hyperz69 · · Score: 3, Insightful

    MSAV? Seriously. Microsoft does NOT have the best track record, but people are going to see microsoft and POW it's going to be installed. I guess at least it's not Norton. Though seriously, everytime I see windows, for every person I care about... they get a little AVGFREE action, and they never complain.

  5. Might not be a totally bad patent? by Tridus · · Score: 5, Insightful

    From deeper in the patent: "In accordance with the invention, a virtual operating environment for simulating the execution of programs to determine if the programs are malware is created. The virtual operating environment confines potential malware so that the systems of the host operating environment will not be adversely effected during simulation. As a program is being simulated, a set of behavior signatures is generated. The collected behavior signatures are suitable for analysis to determine if the program is malware."

    So it looks like what its actually doing is letting the virus run in a virtual environment, watching it, then using heuristics to say "yep, thats probably a virus."

    The question on the patents validity becomes not if someone else has done "proactive" virus protection, but if they did it the same way. AFAIK Mcafee's stuff just watches the program while its actually running and says "hey this thing emailing itself to all your friends might be a virus." Thats similar, but patent-wise not actually the same thing.

    (Not that I like software patents or anything, but the "patents suck" line of comments will be covered by 500 other people.)

    --
    -- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
  6. Conflict of Interest. by Hankapobe · · Score: 4, Insightful

    Actually I think that Microsoft SHOULD be banned from the Virus/Malware protection market. It is their DUTY to release that kind of thing FREE as they all deal with fixing their own products flaws.

    Duty aside, it will also eliminate any conflicts of interest. If they're selling anit-virus software, what's to prevent them from making security a very low priority. No, I honestly do not think they would write viruses or purposely cripple their OS: just make security a low priority.

  7. Not necessarily any prior art by mollymoo · · Score: 5, Insightful

    Jesus, does nobody on this fucking planet understand patents? Microsoft have not and can not patent "proactive virus protection". They have patented a particular method of performing it. If it is novel (ie. not the same method as that used by the AV vendors) it won't impact the AV vendors, they can just carry on using whatever they use now. If the AV vendors do use the same method but chose to keep their methods a trade secret then, well, I guess they should have patented it when they had the chance.

    --
    Chernobyl 'not a wildlife haven' - BBC News
    1. Re:Not necessarily any prior art by RiotingPacifist · · Score: 3, Insightful

      And nobody on this planet, apart from the us, gives a fuck about software patents. AFAIK, they arnt worth the paper they're written on in Europe.

      --
      IranAir Flight 655 never forget!
  8. All these companies have "fundamental" patents. by JoJoTheDFB · · Score: 4, Insightful

    If Microsoft tries to sue McAfee, Symantec, etc. for violating this patent, they will countersue Microsoft for all the patents they got on fundamental stuff years ago. It just won't happen. What we have is a sort of "old boys network" where they all agree to not sue each other.

    The real point of getting patents on these kind of fundamental technologies is to prevent new players (that don't have huge patent portfolios) from entering the market.

  9. Claim 1 by Cassini2 · · Score: 3, Insightful

    Looking at Claim 1 in the patent, Microsoft has patented profiling by running a target application in a virtual machine at run-time. They then use the profiling data to determine if the program is malware. The patent includes many different ways of saving the profiling output too.

    I'm pretty sure the technology being patented is already in widespread use. Many virus companies create mini-virtual environments to find out what blocks of self-modifying code really do. Otherwise, a sufficiently well disguised virus can "hide" by encrypting the payload with random blocks of keys, and then only keeping the malicious code in memory as long as it is executing. In effect, the virus code is generating itself from a randomly encrypted block of memory at run-time. The virus scanner then has only a limited window of time to spot the dangerous code. To solve this problem, virus scanners allow blocks of self-modifying code to execute (in a safe manner), to see what they will actually do.

    It could be that Microsoft's anti-virus technology is obsolete, and they are actually a long distance behind the competition. ;-)

  10. Before the big brains at MS figure it out... by bill_kress · · Score: 2, Insightful

    how about someone patents "Detecting changed files" as an indication of a virus. Too obvious? I guess there is prior art (tripwire), but why the HELL can't they implement such a no-brainer?

    If they wanted to, they could even put a hardware-locked little USB drive to store the checksums. If you update an executable, you press a button on your little drive to allow a single write (or maybe a limited number of writes over the next 2 seconds.)

    Code either on the add-on drive or in ROM checks the checksum of every executable loaded before it's started--even during bootup (guess that means it's in rom). Hell as long as I'm designing their app for them, Only this unchangeable rom routine can write to the USB drive. (Routine should be so simple as to never require updates, and should be stored in ROM, flash ram)

    Oh, I see, they don't want to solve the problem... I see, they want to sell "antivirus updates" for the rest of eternity.

    There, somebody go off and make that for me please. Or if you have the ability to do the hardware part, contact me and I'll do the software. We'll make millions (but not as much as people who can trick you into actually "Subscribing" to software, that's genius. no wonder their brain blocks out any more permanent solution)

  11. Read the claims first... by PatentMagus · · Score: 5, Insightful

    If you want to know what is being patented, read the claims first. The claims tell you exactly what is patented. Pick apart the abstract or detailed description is mere wankery without first dissecting the claims. For example: Claim 1: A computer-implementable method for determining the behavior of an executable comprising: selecting evaluation calls made by the executable to the interface of an operating system; loading stubs into a virtual address space, the stubs: mirroring the calls made to the interface of an operating system wherein mirroring the calls made to the interface of the operating system includes mirroring a set of full implemented DLLs; and determining a behavior signature for the selected calls; wherein the calls are included in dynamic link libraries (DLLs) and wherein loading stubs include loading stub DLLs into said virtual address space; executing the selected calls inside of a virtual operating environment using the loaded stubs dynamically linked libraries; and determining the behavior signatures resulting from said execution of the selected calls inside of a virtual operating environment. So, this is basically running some code inside a stubby VM. That is the prior art to look for. All the stuff about looking for code similar to already known malware is BS. It doesn't matter how long that has been done - it isn't prior art with regard to the claims.

    --
    I am a lawyer, but not yours. Anything I tell you might be a total lie intended to benefit my clients at your expense.
  12. All that effort to avoid fixing the core problem . by Anonymous Coward · · Score: 2, Insightful

    .. that Windows sucks 7 ways to Sunday when it comes to security.

    I have by now heard almost 10 years worth of promises, with the last 5 years or so a more pronounced focus on security because that's what end users are asking. But they have IMHO yet to deliver anything that is simple and works, like a secure basis to start from.

    Like your average Big Name consultancy, they will NEVER sell you a finished product, because you wouldn't need them any more.

    They don't sell solutions. They sell hope. Hope that the next version MAYBE will address the problem you have today. If you talk about green computing, well you just found where waste occurs.