Microsoft Patents Proactive Virus Protection

Microsoft has just snared a U.S. patent for proactive virus protection, which is how security software helps secure your PC when it encounters shape-shifting malware not already in its antivirus definition file. What I want to know is, what does this mean for all the other vendors -- like McAfee,Symantec, Kaspersky, and Trend Micro -- that have been selling proactive protection software for years? Do they now have to pay Microsoft protection; I mean, royalties?

Marinescu's patent: "The current anti-virus software protection paradigm is a reactionary system; i.e., the anti-virus software is updated to protect a computer from malware only after the malware is released. Unfortunately, this means that at least some computers will be infected before anti-virus software is updated. . .

A substantial portion if not almost all unknown malware that exploits computer vulnerabilities are rewrites of previously released malware. Indeed, encountering absolutely novel malware is relatively rare. However, due to the pattern matching system employed by current anti-virus systems, it is not difficult to rehash/rewrite known malware such that the malware will get past the protection provided by anti-virus software.

In light of the above-identified problems, it would be beneficial to computer users, both in terms of computer security and in terms of cost-effectiveness, to have anti-virus software that proactively protects a computer against rewritten, or reorganized, malware designed for operating systems that make API calls. The present invention is directed to providing such software."

http://www.neowin.net/news/main/08/05/22/microsoft-patents-proactive-virus-protection#

Was thinking of putting it in the AV forum but it's a pretty big deal and does deal with software...

Lol...so other Security companies are going to have to pay MSFT? Haha. That means paid AV's might charge more for their product and current FREE AV's may not be free anymore...or will just be behind. This meaning that malware and viruses are affected on your computer before software definitions are updated. As the article says...its rare for completely new malware to be written, but nonetheless possible.
Would be interesting to see how the other Security companies react !

 

As one of the comments mentioned, if all those security companies are already using technology that is truly described in that patent, then they have nothing to worry about. The patent's effect on them is limited by the fact that the technology would be considered in 'general use'. That's why someone can't patent the wheel, because it's general knowledge.

 

Either this patent is very narrowly written, or it will be thrown out. You can't patent an idea that has been talked about for a long time.

 

Heuristics anyone? Behavioural analysis?
As if all current antivirus programs are signature based only.
I really don't see what's new about " to have anti-virus software that proactively protects a computer against rewritten, or reorganized, malware designed for operating systems that make API calls. The present invention is directed to providing such software."

For instance, let's take a look some ESET info, for instance from July 2007;
Beyond Signature-Based Antivirus: New Threat Vectors Drive Need for Proactive Antimalware Protection; link.
What ESET's active heuristics is about; "ESET's active heuristic technology creates a virtual computer within the scanning engine which allows the scanner to observe what the program might do if allowed to run on a real computer. This can reveal potentially malicious activities that other detection techniques would not identify."

Mind you, ESET is not unique, there are more AV-companies who think strong heuristic engines are necessary for a good AV program.
I only took some ESET info as an example.

The MS patent ("Our wheel will be rounder!") sounds like BS to me.

 

The interesting thing is that MS has tons of these patents.... mostly as a defense AGAINST companies that troll patents. You know the ones, they mostly file in Texas... and you never heard of them before.

But it is fashionable to automatically assume MS is out to do harm without having any facts or researching the issue. Even the original article on informationweek falls very short of good journalism... but I guess they get away with it... it is only a blog post btw.

 

Pro-active heuristic engines have been around before MS filed the patent on Feb. 20, 2004, this article from SecurityFocus is just one example describing this technique in 2002.
If you had read the blogpost accurately you could have found that the writer did some research and did come up with some facts.
He points out that both McAfee and Norton had implemeted those techniques in 2003 prior to the patent filing.

 

I understand...

No disrespect, but I don't think the blog guy or anyone answering here happens to be a patent attorney. Guess I missed that bloggers "research." lol

Then again, this patent could be worthless.

But the base of my post was to mention that many times MS files these patents to keep others from abusing the patent system.

Blogger and research in the same sentence is almost funny....

All good... no more argument from me, it does not matter either which way or the other....