Old Is New Department: Microsoft Patents Proactive Virus Protection - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // CIO Insights & Innovation
Commentary
5/21/2008
09:59 AM
Alexander Wolfe
Alexander Wolfe
Commentary
Connect Directly
Facebook
Twitter
RSS
E-Mail
50%
50%

Old Is New Department: Microsoft Patents Proactive Virus Protection

Microsoft has just snared a U.S. patent for proactive virus protection, which is how security software helps secure your PC when it encounters shape-shifting malware not already in its antivirus definition file. What I want to know is, what does this mean for all the other vendors -- like McAfee, Symantec, Kaspersky, and Trend Micro -- that have been selling proactive protection software for years? Do they now have to pay Microsoft protection; I mean, royalties?

Microsoft has just snared a U.S. patent for proactive virus protection, which is how security software helps secure your PC when it encounters shape-shifting malware not already in its antivirus definition file. What I want to know is, what does this mean for all the other vendors -- like McAfee, Symantec, Kaspersky, and Trend Micro -- that have been selling proactive protection software for years? Do they now have to pay Microsoft protection; I mean, royalties?Here's the quick low-down on the new Microsoft patent. Issued on May 20, patent number 7,376,970 is entitled "System and method for proactive computer virus protection." The inventor is Adrian Marinescu, who was at one point (maybe he still is) a lead developer on the Windows kernel team, heavily involved in the heap manager. He previously worked on Windows NT's object manager, which is a key software traffic-cop managing the interaction among all the executive kernel subsystems. All this is by way of saying that Mr. Marinescu clearly knows his operating-system internals.

So just how does Microsoft's "System and method for proactive computer virus protection" work? The way the patent explains it is pretty much just fancy language for what I told you above. Namely, that when the security software sees potential malware in action, it compares it against your PC's stored list of antivirus definitions.

If it's in there, bingo, you've got a match, but that'd officially be the regular, nonproactive portion of the security software taking charge. No match, then the proactive analysis kicks in. Here, the code is looking to see whether the malware is similar to an old virus, on the theory that similarity might be sisterhood and, again, bingo, you've got your match.

Here's how Marinescu's patent puts it:

"The current anti-virus software protection paradigm is a reactionary system; i.e., the anti-virus software is updated to protect a computer from malware only after the malware is released. Unfortunately, this means that at least some computers will be infected before anti-virus software is updated. . .

A substantial portion if not almost all unknown malware that exploits computer vulnerabilities are rewrites of previously released malware. Indeed, encountering absolutely novel malware is relatively rare. However, due to the pattern matching system employed by current anti-virus systems, it is not difficult to rehash/rewrite known malware such that the malware will get past the protection provided by anti-virus software.

In light of the above-identified problems, it would be beneficial to computer users, both in terms of computer security and in terms of cost-effectiveness, to have anti-virus software that proactively protects a computer against rewritten, or reorganized, malware designed for operating systems that make API calls. The present invention is directed to providing such software."

OK, so back to the question I raised at the beginning: Microsoft's patent is interesting and valuable stuff. But did they invent proactive virus protection? One wonders, given that McAfee, Symantec, Trend Micro, and Kaspersky all offer products implementing proactive protection (as do Microsoft's own Sybari security products).

Well then, the incisive patent watcher might ask, was Microsoft perhaps first to come up with this proactive protection approach? Microsoft's patent application was filed on Feb. 20, 2004 (the patent was awarded on May 20, 2008.) A cursory Google search turns up the fact that there were indeed proactive virus products on the market in 2003 -- Norton and McAfee appear in the first page of results. This would seem to suggest that prior art existed, which, again, would throw up at least some questions about the Microsoft patent.

I also checked whether any previous patents have been awarded for proactive protection (say, to McAfee, Symantec, Trend Micro, or Kaspersky. I couldn't find any. This would seem to put Microsoft in the driver's seat.

Hey, I'm not a patent lawyer, but one often wonders about software patents. I sure wonder about this one. I also wonder whether McAfee, Symantec, Trend Micro, and Kaspersky are going to be hearing from their friends in Redmond real soon.

Like this blog? Subscribe to its RSS feed, here.

For a mobile experience, follow my daily observations on Twitter.

Check out my tech videos on this YouTube channel.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
Slideshows
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
News
Northwestern Mutual CIO: Riding Out the Pandemic
Jessica Davis, Senior Editor, Enterprise Apps,  10/7/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Slideshows
Flash Poll