Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Patents Bug

Symantec Patents Multiple File Area Virus Scanning 226

Posted by Zonk from the kind-of-a-broad-area dept.
DigitumDei writes "Symantec announced on Wednesday that it has aquired a new patent (United States Patent - 6,851,057) titled "Data driven detection of viruses". Symantec has declined to comment on whether it will pursue litigation. Symantec's director of intellectual property Michael Schallop stated : 'We don't generally discuss how we will leverage this patent against competitors or others,'." From the article: "[The patent] could refer to any technology that allows antivirus researchers or antivirus products to use scripting to determine, dynamically, where in a file to scan and detect threats. It could also include the use of Javascript or other common scripting languages to direct antivirus scanning..."
This discussion has been archived. No new comments can be posted.

Symantec Patents Multiple File Area Virus Scanning More

Symantec Patents Multiple File Area Virus Scanning

Comments Filter:

  • Oxymoron (Score:4, Insightful)

    by Anonymous Coward on Thursday March 03, 2005 @11:04AM (#11833862)
    We don't generally discuss how we will leverage this patent against competitors or others
    He just did.

    • Re:Oxymoron (Score:4, Funny)

      by dfn5 ( 524972 ) on Thursday March 03, 2005 @11:14AM (#11833978) Journal
      We don't generally discuss how we will leverage this patent against competitors or others
      He just did.
      He's only discussing his lack of discussion. There's a difference.

    • No, he really didn't. He certainly implied that they would leverage it, but I don't see anything in there discussing how they would do so.

      I assume you were being facetious, because that's definitely not insightful.

  • More patent problems (Score:4, Interesting)

    by chris09876 ( 643289 ) on Thursday March 03, 2005 @11:05AM (#11833873)
    Here we go again... just another one of those slashdot posts about how the patent system is clearly flawed... Even I can't help ranting about it! Patents are granted to everybody who applies, and it's just left up to the courts to decide if it's valid or not.

    Companies just amass huge patent libraries. Hm... there should really be an exponential cost increase with each patent the company owns. That would prevent big companies from getting thousands and thousands of useless unenforcable patents. ...patents *do* have a place, they're just mis-used (and the system's broken). If a small developer could get a patent for $20, but then the next patent cost $40 and then $80 and so on, it would really discourage people from getting tons of patents. ...just a thought (I'm sure it's been suggested before...)
    • Patents are granted to everybody who applies, and it's just left up to the courts to decide if it's valid or not.

      Um, despite /. hyperbole, a lot of patents do get completely rejected until the prosecution runs out. Even if they are granted, the claims tend to get whittled down a lot during prosecution.

      As for small developers, it is possible to file under "small entity" status, which is cheaper. The most expensive part of getting a patent is the fees for the patent attorneys.

    • 'Leverage' why not just say 'use' ? (Score:3, Insightful)

      by Anonymous Coward
      Why do American corproate idiots insist on saying 'leverage' when they mean 'use'? It sounds so lame.

    • Re:More patent problems (Score:3, Insightful)

      by kmak ( 692406 )
      People set up dummy companies for tax purposes already. What's to stop them from doing the same for patent purposes?

      Talk about unenforceable laws..
    • Companies just amass huge patent libraries. Hm...

      For many engineers, there's a certain prestige in being able to say that they successfully submitted a patent. Not forgetting that additional bit of job security if layoffs might be in the near future.
      • ...that additional bit of job security if layoffs might be in the near future.

        LOL! I wrote some patents, and during layoffs, I was among the first to go - in many government contracting shops, writing patents is expressly an overhead (non-billable) activity, and when the bean counters review the quarterly billability, anyone writing patents comes out on the bottom!

        Don't think for an instant that just because you have a good idea, the company thinks its worth (its) money to stake a claim.

    • Re:More patent problems (Score:5, Insightful)

      by XorNand ( 517466 ) on Thursday March 03, 2005 @11:57AM (#11834497)
      If a small developer could get a patent for $20, but then the next patent cost $40 and then $80 and so on, it would really discourage people from getting tons of patents. ...just a thought (I'm sure it's been suggested before...)
      If you make patents cheaper than toner, how is this supposed to prevent companies from sweeping up countless bogus patents? The costs aren't the real issue here; I think you're looking at the wrong side of the equation. Look at PARC: A lot of bright people have churrned out a lot of novel patents. Should they be punished for that? What we need are greater standards to prevent junk patents; not playing pricing games in an attempt reduce the number applied for.
    • Another idea would be to only allow an absolute, finite number of valid patents (like about 10,000 or so).

      Then institute some kind of system which allows the patents to compete with each other based on a merit ranking (maybe auctions to determine how much companies think the patents are worth?) - patents which get bumped out of the valid slots become public domain.

      Obviousness & prior art would still invalidate patents (and would therefore make them worthless).
    • Oh, that's a brilliant idea. Symantec only has about $5 -billion- in liquid cash.

      Somehow I think $20 per extra patent isn't exactly going to discourage them.

      • Re:More patent problems (Score:4, Funny)

        by ultranova ( 717540 ) on Thursday March 03, 2005 @02:17PM (#11836085)

        Oh, that's a brilliant idea. Symantec only has about $5 -billion- in liquid cash.

        So, if the first patent costs $20, and each patent after that costs twice as much as the previous one, Symantec is going to go banckrupt after the 29th patent - which will cost about 5 billion dollars (the previous one costs 2 billion dollars, so 6 in total > 5).

        Geometric growth. Gotta love it or hate it :).

    • The real fix would be to get rid of "business method" and software patents entirely. Patents should be for physical devices, period. Patents are also supposed to protect you while you bring your idea to reality. If you cannot or will not create a prototype (or work with another company to do so) within a certain amount of time...you should lose the patent.
    • I've only had one turned down out of about 12 applications.

      The biggest factor in gaining a patent is to use a nice sound bitey/buzz-wordy title to dress up the obvious. (eg. "data driven" vs "scripting" or "parameters").

      That gets you the patent (more or less), but you still have to defend the patent on its substance.

      These days, some of a patent's value is in using it to make a news release and create stock buzz as per SCO. If that's the case then any patent is fine even if it is bullshit.

  • Please... (Score:4, Informative)

    by Foobar of Borg ( 690622 ) on Thursday March 03, 2005 @11:06AM (#11833887)
    before anyone starts frothing at the mouth and gives the usual /. response of "What? Someone got a patent? Kill! Kill! Kill!", please read claims 1, 8 and 14 (the independent claims).

    • Re:Please... (Score:3, Interesting)

      by leuk_he ( 194174 )
      Did you UNDERSTAND it? (New is that the patent is actually linked in this story)

      Kill kill kill.
      1. This is an obvious (ok, advanced,optimized ) method to scan for virusses. More or less they create a kind of vm to simulate if a program behaves like a virus.
      2. creating an virtual environment/sandbox to see how a virus behaves is nothing new.

      This kind of patent decription is not enough to recreate the system. That is what i understood for patents. By revealing the details of your invention it allows for othe
      • creating an virtual environment/sandbox to see how a virus behaves is nothing new.

        While I am against software patents, &c., I must remind you that patents can take a very long time to grant. It is possible that Symantec came up with this idea and implemented it before it was obvious, and that they are only being granted the patent now.

      • Software patents should require code to be submitted. When the patent runs out copyright should be forfeited as the patented code enters the public domain. Companies can then decide which protection suits them best but may choose only one.

  • Awesome! (Score:5, Funny)

    by null etc. ( 524767 ) on Thursday March 03, 2005 @11:07AM (#11833892)
    I love how patents encourage innovation. Now Symantec will be able to lock up the market and really innovate some cool stuff!

    • Re:Awesome! (Score:5, Insightful)

      by damian cosmas ( 853143 ) on Thursday March 03, 2005 @11:30AM (#11834167)
      Patents encourage innovation in a quite simple and straightforward manner, by providing financial incentive to innovate. If you invent something, you can exclusively profit from it for a period of time. Otherwise, those with more marketing power (or anyone capable of making a ripoff of your software/device/drug/&c.) can flood the market with copies of your invention, in which case you make no money and you and your family die of starvation. Dead inventors stifle innovation.
      • " If you invent something,"

        Except that software cannot be 'invented' - it's developped.

      • Re:Awesome! (Score:5, Insightful)

        by frankie ( 91710 ) on Thursday March 03, 2005 @12:10PM (#11834676) Journal
        That's an excellent explanation of the THEORY of patents. The REALITY is that:
        1. patent examiners are rated and promoted based on volume
        2. it takes more work to deny a patent than accept it
        3. patent applications have accelerated through the roof
        4. trivial, obvious patents are granted every week
        5. it has been over 50 years since SCOTUS properly slapped down USPTO [resource.org] for doing so
        6. such patents are used to STIFLE competition and innovation rather than spur it
        • You know this is a topic that comes up here, and is argued about, all the time.

          What about case study? We have had patents for what, 200 years? Surely examples can be produced for both the positive and negative aspects of patents. Let's here them.

          I'll start out. This is a story I've heard, and I don't have a significant amount of time to research it. From what I understand, George Eastman of Eastman Kodak used the patent system to lock up the photography industry for many, many years. He would wa
          • Nope, false [holonet.khm.de]. Kodak did not have a patent monopoly. In fact, they LOST patent suits to the inventors of celluloid film (Goodman) and instant cameras (Polaroid).

            • Re:Awesome! (Score:3, Interesting)

              by robertjw ( 728654 )
              OK, so I was wrong. Thanks for the link though - I think this is a good solution to the problem (from the article):

              Only in post-revolution France could an invention be given "free to all the world" and its inventor rewarded with a lifelong pension from the government.

              I vote we get rid of patents and do this.

      • Patents encourage innovation in a quite simple and straightforward manner, by providing financial incentive to innovate.

        No, patents prevent competition. Supposedly, this will encourage innovation by making it easy for people to make money using the idea in the patent, but that is not the direct or necessary effect of patents.

        Since the _only_ valid societal rationale for patents to exist is to promote the public good, it would be a LOT more simple & straightforward to promote innovation if society col

        • Re:Awesome! (Score:4, Interesting)

          by ScentCone ( 795499 ) on Thursday March 03, 2005 @12:51PM (#11835135)
          No, patents prevent competition.

          If you mean that patents prevent your competitors from using your invention without having to bear the costs of inventing a competing technology themselves, then, yes. But company X making profit off of their own invention means that company Y will need to innovate and compete by arriving at a better way to solve the problem (and thus win back those customers). Patents encourage the creative innovation of competing (and superior) patentable products/concepts/practices.

          Since the _only_ valid societal rationale for patents to exist is to promote the public good

          Really? I would think that being able to benefit from your labor and creativity is a strong incentive. Strong enough that the person who does it best gets rewarded accordingly, and only indirectly (though substantially) does the public benefit. The public benefit is frosting on the cake. Protection of an individual's claim to their own work is the heart of it.

          it would be a LOT more simple & straightforward to promote innovation if society collectively paid a lot of smart people to create useful ideas

          Excellent idea, Citizen Comrade! Why, in countries where that's been the practice, we see fantastic displays of innovation in the areas of stealing IP and technologies from those private innovators elsewhere that are actually getting it done faster, better, and with better-paid people in a higher standard of living. I'm sure some of the community-based researchers in North Korea, or perhaps the ones that prospered so well in the Sovier Union, would disagree with me, me being a clueless Yankee and all.

          The anti-competitive effect of patents just turns out to be prone to abuse

          Though I'd say that the abuse of the best and brightest people in any collective setting is a much more pervasive problem. In any academic, or even private "team"-based setting where a group of people are tasked with a complex goal, some small percentage of brighter bulbs will always be the people doing the heavy lifting and the creative thinking that actually moves the project forward. The only way not to burn people like that out is a merit-based system that rewards and encourages going the extra mile on (say) research and development. Your system would work fine, as long as the minority of the research communinity that actually innovates gets some sort of reward (and knows they will be getting some sort of reward) for their unique innovations. Oh, wait, that's called a patent and the right to use it.
      • There's another (implied) requirement for patents, from the premise of incentive to innovate. They need to expire before the technology is obselete. This gives people a reason to innovate beyond their (and others') current patents. When they do, you get the technology explosion we've seen in the internal combustion engine industry, which still hasn't stopped. I haven't checked how many patents there are for that industry, or how many have already expired, but I expect the number to be significant. When

  • Rediculous (Score:5, Insightful)

    by adennis ( 846411 ) on Thursday March 03, 2005 @11:07AM (#11833899)
    The U.S. is granting too many patents for too broad of topics. It's coming to a point where even new things can't be created simply because a patent exists that, not only covers part of the new invention, but the entire GENRE of the invention.

    They need to reform the patent law before it gets even more out of hand than it already is... Up next: a patent for "any process whereas pages of paper are bound together.."
    • "They need to reform the patent law before it gets even more out of hand than it already"

      The will only happen when dubious software patents becomes a liability to the PTO, which means that we need to start suing it as soon a any patent that was used to kill off, sue out of existence, etc... a company is found invalid.

  • Obvious (Score:5, Interesting)

    by MrMickS ( 568778 ) on Thursday March 03, 2005 @11:09AM (#11833912) Homepage Journal
    Finding out whether a file is infected by a virus is a case of looking at the file and seeing if that virus signature is present in the file. This is likely to be done by a program as its easier. These chunks of virus code will live in different places dependent on the type of file being effected. This is all obvious. Surely this patent isn't worth a damn as it can be challenged as such.

    • Re:Obvious (Score:3, Insightful)

      by l2718 ( 514756 )

      "Finding out whether a file is infected by a virus is a case of looking at the file and seeing if that virus signature is present in the file. This is likely to be done by a program as its easier. These chunks of virus code will live in different places dependent on the type of file being effected. This is all obvious. Surely this patent isn't worth a damn as it can be challenged as such."

      Not quite. They are not patenting the idea of the anti-virus. They are patenting the idea of an anti-virus written

    • The nifty thing about all this is that not only are they abusing the patent system to step on "our rights on line", they are going to perk up the ears of other corporate blood-sucker -- sorry, other virus protection "security" companies. Let THEM bitch-slap Symantec.

  • It is not. (Score:5, Insightful)

    by Raven42rac ( 448205 ) on Thursday March 03, 2005 @11:10AM (#11833926)
    It is not the responsibility of the Federal Government to
    A)Protect your business model.
    B)Ensure you can "pay back your investors for a long shot" This patent is bullshit, it's like EA, just eliminate all competition, then what incentive is there to change or improve? None, slap 2006 on it and ship it. I want a patent on "Exchanging Oxygen for Carbon Dioxide utilizing organic muscle structures", and sue everyone who breathes.

    • Re:It is not. (Score:3, Insightful)

      by demachina ( 71715 )
      Look at this way, chances are high that patents on basic methods for dealing with spyware and viruses detection are probably the ONLY thing that is going to keep Microsoft from wiping out yet another third part software industry. In another year or two they are going to have firewalls, virus and spyware detection, and anti spam measures all bundled in to the OS, for free, and Symantec and McAfee will be toast. Their software might not be as good as Symantec and McAfee but it will be free and bundled so it
      • That whole monthly subscription thing on Norton Antivirus is overrated. You can always manually download the updates instead of doing "Live-Update".

  • Patent (Score:5, Interesting)

    by cyriustek ( 851451 ) on Thursday March 03, 2005 @11:10AM (#11833928)
    I fully support companies retaining ownership of their intellectual property. However, how granular do we go. This is remincient of e-commerce being patented. If we follow old patent laws, we will surely stifle creativity. In contrast, if we do not have patents, we will likely stifle creativity since no one can claim ownership to their idea and profit accordingly.
    • In contrast, if we do not have patents, we will likely stifle creativity since no one can claim ownership to their idea and profit accordingly.

      I have to disagree with you here. I don't think anyone should be allowed to "own" an idea. And apparently I'm in good company [cmu.edu].
      • Thomas Jefferson, in the first quote on the page you linked to, was not suggesting that people should not be ALLOWED to own ideas. He was stating that it is not possible for people to own (as in, keep other people from thinking them) ideas.

        It is very interesting, to me, that Jefferson puts the ownership of the products of the mind on the same level (rights-wise) as ownership of physical property (he uses land as an example). In other words, he thinks the right to own land is no more (or less) inherent th
    • I don't think anyone here is against patents, what people are against are obvious patents (which most software ones are), and that they're granted with no repurcutions to the PTO if they're found invalid, but everyone else is left to clean up the mess the PTO created.

  • "We don't generally discuss how we will leverage this patent against competitors or others"

    Wow, no kidding.. I wonder if it has anything to do with not wanting to say "we intend to use this patent whenever we feel an antivirus competitor is becoming more successful than us, or when we need some money badly".

  • next we know viruses are patented (Score:4, Interesting)

    by xiando ( 770382 ) on Thursday March 03, 2005 @11:11AM (#11833939) Homepage Journal
    I can not wait for someone to file a patent for a virus, when the US patent office can accept this then they are sure to accept that too.

    Spammers are suing those who filter their crap away, next thing we know virus authors are suing anti-virus vendors... it is truely a brave new world.
    • Or better yet, someone should copyright their virus and use the DMCA to sue all the anti-virus companies out of existance when they reverse engineer their copyrighted program.

      That's something I'd like to see. Symantec execs being escorted to jail for "Virus Piracy"

  • OMG Virus (Score:3, Funny)

    by improfane ( 855034 ) on Thursday March 03, 2005 @11:13AM (#11833960) Journal
    I say Symantec should just patent viruses and charge royalty fees on whoever decides to make them.

  • i dont get it (Score:4, Insightful)

    by JeanBaptiste ( 537955 ) on Thursday March 03, 2005 @11:13AM (#11833968)
    ""Data driven detection of viruses". "

    how else are you going to detect them?
  • to use scripting to determine, dynamically, where in a file to scan and detect threats.

    1.) the term "dynamically" covers quite a lot, doesn't it? that ranges from "reading from the virus database at runtime" to "incredible advanced AI"

    2.) so, will this patent cover all embedded scripting languages in virus scanner software?

    maybe this is a novel concept and worth protecting (although i doubt it), but all in all i am very critical of patents threatening to push obvious solutions into illegality! "obvious"
  • I think the immune system can claim it had this idea first.
    I mean seriously scanning for virus useing a signature data base; who hasn't had this idea?

  • They've got to do something... (Score:4, Insightful)

    by the_skywise ( 189793 ) on Thursday March 03, 2005 @11:17AM (#11834011)
    Now that Microsoft is getting into the anti-virus biz and presumably shipping it with the OS, Symantec knows its days are numbered.
    • Even if they do bundle the anti-spyware or virus tools with Windows (which is unlikely, as people are noticing antitrust more now) it should still be good enough to allow other companies' products. For an example, look at the SP2 Firewall, which is good enough for home users but lacks a few features (extensibility, outbound connection blocking, stuff not blocked by default, etc) that allows companies like Kerio and Zone Labs to make better ones.
      • That's true of the other areas Microsoft has moved into. MS' own product offerings are never spectacularly great compared to the competition. MS' forte has always been commoditizing a very expensive piece of software. There are generally "good enough" for 80% of the populace that they feel no need for buying the better featured and generally more expensive one. Even less so if it comes as part of the OS or bundled (MS Works) with the computer.

  • Claim by Claim analysis? (Score:5, Informative)

    by SuperficialRhyme ( 731757 ) on Thursday March 03, 2005 @11:17AM (#11834012) Homepage
    I'm not an antivirus software developer so I really don't know what exactly these claims are referring to. The background of the patent helps a bit, but it seems to me that the patent refers to a program which uses an emulator to catch the point where a program's code being passed off to viral code.

    Could someone give better summary claim by claim?

    I'll provide the claims here to give a starting point. Let's try to actually see what's getting patented here and whether or not it really is novel.

    I claim:

    1. A virus detection system for detecting if a computer file is infected by a virus, the file having a plurality of potential virus entry points, the system comprising:

    an engine for controlling operation of the virus detection system responsive to instructions stored in an intermediate language, the instructions adapted to examine the plurality of potential virus entry points and post for emulating ones of the plurality of potential virus entry points exhibiting characteristics indicating a possible virus;

    an emulating module coupled to the engine for emulating the posted entry points of the file in a virtual memory responsive to the engine, wherein the virus may become apparent during the emulation of an entry points of the file infected by the virus; and

    a scanning module coupled to the engine for scanning regions of the virtual memory for a signature of the virus responsive to the engine and the emulating module, wherein presence of the virus signature in a scanned region indicates that the file is infected by the virus.

    2. The virus detection system of claim 1, further comprising:

    a custom module coupled to the engine for executing custom virus-detection code responsive to invocation by the engine.

    3. The virus detection system of claim 1, wherein the intermediate language is P-code and the engine comprises:

    a P-code interpreter for interpreting the P-code and controlling the operation of the virus detection system responsive thereto.

    4. The virus detection system of claim 3, wherein the engine further comprises:

    primitives for performing operations with respect to the file and the virtual memory responsive to invocations of the primitives by the P-code.

    5. The virus detection system of claim 1, further comprising:

    a virus definition file coupled to the scanning module for holding virus signatures for use by the scanning module.

    6. The virus detection system of claim 1, wherein the instructions stored in the intermediate language post regions of the file for scanning by the scanning module.

    7. The virus detection system of claim 6, wherein postings identifying overlapping regions are merged into a single posting identifying the regions of the merged postings.

    8. A method for detecting a virus in a computer file, the file having a plurality of potential virus entry points, the method comprising the steps of:

    executing instructions stored in an intermediate language representation, the instructions performing the steps of:

    examining regions of the file for possible infection by viruses and posting for scanning any regions exhibiting characteristics indicating a possible virus infection;

    examining the plurality of potential virus entry points of the file for possible infections by viruses and posting for emulating ones of the plurality of potential virus entry points exhibiting characteristics indicating a possible virus infection; and

    examining the posted regions of the file to algorithmically determine whether the file is infected with a virus.

    9. The method of claim 8, wherein the instructions further perform the steps of:

    merging overlapping regions posted for scanning.

    10. The method of claim 8, wherein the instructions further perform the step of:

    calling a custom executable program to determine when the file is infected with a virus.

    11. The method of claim 8, further comprisi

  • Closed source protects against this? (Score:4, Interesting)

    by NotQuiteReal ( 608241 ) on Thursday March 03, 2005 @11:18AM (#11834040) Journal
    If you write closed-source software, how would anyone prove your code infringes on a patent, unless they violate other laws and reverse engineer your program?
  • I just uninstalled and requested a refund of Norton Anti-virus 2005. The ***ed software would not activate itself. I've read about the software coninualy demanding to activate, but mine would never successfully activate. And as for support.... they wasted several days asking questions that I had answered in my original submission. They kept thinking that there was some firewall or proxy problem, which seems very unlikely given that I could extract the URL requested by the Anti-virus s/w from my squid logs
    • You did fine. The days when "Norton" products were any good are long past by. They seem to have him stuffed in position with arms crossed for the photos alone these days.

      I would reccomend Avast! antivirus [avast.com] - uses a fraction of the resources of NAV200x, and works quite better too, IMHO. The difference in performance after replacing NAV for A! on my mother's PC was ridiculous.

      Not only that, registration is free for personal use.
    • I did the same. Mine actually activated, but would randomly "deactivate" itself and claim I never activated it. I also had Norton Firewall which would occasionally start totally blocking *all* ports. I ended up having to simply disable it. Norton suckx.
      • I have at least one call a week come in complaining about Norton AV fucking up email transfers or that hideous Internet Security locking down port 80 (that's really bright). I wouldn't recommend Norton/Symantec products to my worst enemy. They are garbage.

  • This was mainly done to target Microsoft (Score:3, Interesting)

    by analog_line ( 465182 ) on Thursday March 03, 2005 @11:24AM (#11834107)
    I'm sure they're going to use it against other antivirus companies as well, but I'd bet money this was put in the works a while ago to protect Symantecs extremely lucrative virus protection business against being wiped away by Microsoft, who has been making noises about releasing its own virus software for a while now.

    I wouldn't be surprised if Symantec refuses to allow Microsoft to obtain a license to the patent no matter how much money Micrsoft offers. One might hope tactics like this would convince businesses that software patents are a bad idea, but what they are more likely going to do is make businesses do more of the same so they can have simmilar dominance over this or that market segment.

    Hell, this is even a really good reason to outsource software development to foreign coders. They aren't encumbered by software patents, and if you're only using the generated code internally, it's a lot harder to prove patent violations.
  • So if I patent virus can I take Symantec to court for reverse engineering?

    -- This Sig has been scanned and is virus free!

  • The era of the antivirus is almost over (Score:3, Interesting)

    by JeffTL ( 667728 ) on Thursday March 03, 2005 @11:29AM (#11834157)
    Unix vendors like Red Hat, Sun, and Apple design their operating systems so as to render theoretical viral infection pretty difficult -- note how nobody has unleashed a virus on all the Linux servers.

    It's only a matter of time until Microsoft builds basic antivirus functionality into Windows, which along with better design would run a lot of security companies out of business.

  • hmm.. (Score:3, Funny)

    by t_allardyce ( 48447 ) on Thursday March 03, 2005 @11:33AM (#11834196) Journal
    Microsoft should patent some of its security flaws, it could make a killing by licensing the ability to patch said flaws to anti-virus companies.

  • Lots of prior art on this patent (Score:5, Informative)

    by oldfogie ( 547102 ) on Thursday March 03, 2005 @11:45AM (#11834347)
    FWIW, I am an (ex-)anti-virus author, and I actually looked at this patent.

    First, the person who wrote the text should be shot... it's worded to be as confusing as possible, so that even an expert in the field can't readily tell what is being covered in the patent.

    Next, from what I can tell, the patent seems to cover 3 main points (in various flavors, to come up with their 20 points):
    1) We don't just scan for strings, we take into consieration what sort of virus it might be, and only scan in the appropriate place.
    2) We have a "scripting language" that can direct the virus scan.
    3) We can emulate a "virus target" and see if the virus goes for it.
    All of these points were done years ago. The first two points were "state of the art" as of 1990. The product I worked on (name withheld for various reasons. Sorry about that...) was, at the time, unlike the other virus scanners out there. It used "precision scanning" in which the nature of the virus being scanned for was taken into account, and was scanned for ONLY AT THE LOCATION AT WHICH THE INFECTION WOULD OCCUR. This was a major differentiation from the "bulk scanners" (i.e. run the entire file through a string filter that contains all virus signatures, and see if there are any matches. As a trivia note, "bulk scanners" are why all anti-virus scanners use encrypted (in some trivial way) virus signatures -- so that a virus scanner would not be identified as an infected file by another virus scanner, or even by itself!) that all other major anti-virus vendors used.

    Also, the virus scanner I wrote included a scripting language so that users could add their own virus scan and remove definitions.

    As for emulating a virus target and seeing if the virus "bites", that is also old hat. While a commercial product was never introduced, a lab prototype was publically demonstrated in 1996, in which files under examination were interpreted in a virtual 80x86 environment, including OS and file system, both to see if they did anything suspicious, and to see if they "tagged along" on "provocative" system calls.

    And, yes, I still have my old code sitting around. It would be a pity if someone suddenly showed it to Symantec or the patent office...
  • Spike: Buffy, you don't have the patent on bad relationships.

    Buffy: Wouldn't it be cool if I did!
  • The /. blurb reads like they've patented scripting languages, when in fact it looks like they've patented a method of emulation-based scanning using a scripting language. If you read clams 1, 8, and 14, it sounds like they have a system wherein they grab an executable file, run the first bit of it under emulation in some sort of script-driven sandbox, then check the result to see if a virus has decrypted itself. I mean, if people are going to selectively read the patent, they might as well go all-out and on
    • If I'm not mistaken, this technique was already designed back "in the day" to discover DAME-concealed viruses.

      (Dark Avenger's Mutating Engine)

  • Don't you think... (Score:3, Funny)

    by tdhillman ( 839276 ) * on Thursday March 03, 2005 @11:50AM (#11834424)
    This is patently ridiculous?

  • Very smooth... (Score:3, Insightful)

    by Rs_Conqueror ( 838344 ) on Thursday March 03, 2005 @12:14PM (#11834710)
    While talking to my boss Chris about how Mcafee patented the firewall a few weeks back [slashdot.org] He made the point: "Do you think the guy who awarded the patent even know what a firewall is?" I think the point still stands.
  • It won't be long before virus writers scan patent databases and actively target patented detection techniques. Why? Because unless everybody uses the same virus scanner or licenses that code, it'll be a free for all. Clamwin may be targeted first. I have a feeling that in a few years a lot of collaborative software development will go underground.
  • what's a "virus"...

    contented Linux user... who gets to enjoy all his CPU cycles... :)

  • Given the reality of the US patent system, maybe the "patent pending" icon should read "patent granted"?
  • "Symantec announced on Wednesday that it has aquired a new patent (United States Patent - 6,851,057) titled "Brain driven detection of burgulars". From the article: "[The patent] could refer to any technology that allows a homeowner to look around his house and detect the presence of a burgular." A Symantec spokesman noted that, "We value our intellectual property, and want homeowners to know that they can't simply use this technology without a license."
  • Sue the virus writters for patent infringment!

    clever!

    I know who I won't be buying my next virus tool from, currently I am using the 'common sense' virus scanner, it even detects viruses that no other system knows about, basically any bin file I don't trust!

    hurrah.

Slashdot Top Deals

UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn

Close