informa
/
4 min read
Commentary

Old Is New Department: Microsoft Patents Proactive Virus Protection

Microsoft has just snared a U.S. patent for proactive virus protection, which is how security software helps secure your PC when it encounters shape-shifting malware not already in its antivirus definition file. What I want to know is, what does this mean for all the other vendors -- like McAfee, Symantec, Kaspersky, and Trend Micro -- that have been selling proactive protection software for years? Do they now have to pay Microsoft protection; I mean, royalties?
Microsoft has just snared a U.S. patent for proactive virus protection, which is how security software helps secure your PC when it encounters shape-shifting malware not already in its antivirus definition file. What I want to know is, what does this mean for all the other vendors -- like McAfee, Symantec, Kaspersky, and Trend Micro -- that have been selling proactive protection software for years? Do they now have to pay Microsoft protection; I mean, royalties?Here's the quick low-down on the new Microsoft patent. Issued on May 20, patent number 7,376,970 is entitled "System and method for proactive computer virus protection." The inventor is Adrian Marinescu, who was at one point (maybe he still is) a lead developer on the Windows kernel team, heavily involved in the heap manager. He previously worked on Windows NT's object manager, which is a key software traffic-cop managing the interaction among all the executive kernel subsystems. All this is by way of saying that Mr. Marinescu clearly knows his operating-system internals.

So just how does Microsoft's "System and method for proactive computer virus protection" work? The way the patent explains it is pretty much just fancy language for what I told you above. Namely, that when the security software sees potential malware in action, it compares it against your PC's stored list of antivirus definitions.

If it's in there, bingo, you've got a match, but that'd officially be the regular, nonproactive portion of the security software taking charge. No match, then the proactive analysis kicks in. Here, the code is looking to see whether the malware is similar to an old virus, on the theory that similarity might be sisterhood and, again, bingo, you've got your match.

Here's how Marinescu's patent puts it:


"The current anti-virus software protection paradigm is a reactionary system; i.e., the anti-virus software is updated to protect a computer from malware only after the malware is released. Unfortunately, this means that at least some computers will be infected before anti-virus software is updated. . .

A substantial portion if not almost all unknown malware that exploits computer vulnerabilities are rewrites of previously released malware. Indeed, encountering absolutely novel malware is relatively rare. However, due to the pattern matching system employed by current anti-virus systems, it is not difficult to rehash/rewrite known malware such that the malware will get past the protection provided by anti-virus software.

In light of the above-identified problems, it would be beneficial to computer users, both in terms of computer security and in terms of cost-effectiveness, to have anti-virus software that proactively protects a computer against rewritten, or reorganized, malware designed for operating systems that make API calls. The present invention is directed to providing such software."

OK, so back to the question I raised at the beginning: Microsoft's patent is interesting and valuable stuff. But did they invent proactive virus protection? One wonders, given that McAfee, Symantec, Trend Micro, and Kaspersky all offer products implementing proactive protection (as do Microsoft's own Sybari security products).

Well then, the incisive patent watcher might ask, was Microsoft perhaps first to come up with this proactive protection approach? Microsoft's patent application was filed on Feb. 20, 2004 (the patent was awarded on May 20, 2008.) A cursory Google search turns up the fact that there were indeed proactive virus products on the market in 2003 -- Norton and McAfee appear in the first page of results. This would seem to suggest that prior art existed, which, again, would throw up at least some questions about the Microsoft patent.

I also checked whether any previous patents have been awarded for proactive protection (say, to McAfee, Symantec, Trend Micro, or Kaspersky. I couldn't find any. This would seem to put Microsoft in the driver's seat.

Hey, I'm not a patent lawyer, but one often wonders about software patents. I sure wonder about this one. I also wonder whether McAfee, Symantec, Trend Micro, and Kaspersky are going to be hearing from their friends in Redmond real soon.

Like this blog? Subscribe to its RSS feed, here.

For a mobile experience, follow my daily observations on Twitter.

Check out my tech videos on this YouTube channel.