ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > IT Management

Compliance Toolkit

Antivirus patent granted

Matt Hines CNET News.com

Published: 03 Mar 2005 16:15 GMT

Security specialist Symantec said on Wednesday it has been granted a US patent for the threat-detection technology built into its software products.

The technology, described in the patent as "data-driven detection of viruses", is used to uncover complex viruses, worms and spyware. Symantec features the tool throughout its software line-up for the business and consumer markets, and it is one of the central elements of the company's desktop, server and gateway products.

The company said the patented technology remains one of its most powerful tools for identifying new threats. Its researchers use the code to write simple programs for scanning and emulating executable files, and for working with complex threats such as self-mutating viruses, Symantec said.

Traditional antivirus software works by scanning the regions of a particular file that are most likely to contain a virus, typically the top or bottom of the file. Symantec said its tools are able to identify more complex threats, because they enable researchers to comb through other portions too. It also helps search for threats that have been spread across a file in an effort to cloak themselves from antivirus tools.

The detection tools were created by Carey Nachenberg, chief architect at Symantec Research Labs, who has been behind 16 security-related patents in the last eight years. Nachenberg said that he and his colleagues at Symantec have been working on the antivirus technology since the mid-1990s.

The researcher likened the antivirus technology to the non-invasive MRI scanners being adopted in the medical field, which improve on their coffinlike predecessors by allowing doctors to focus on a specific area of the body, rather than trying to scrutinise the entire physique at once.

"Unfortunately, the latest infections are much more complex, they mutate themselves, polymorph themselves, inject themselves in the middle of a file or spread their infection throughout a file," Nachenberg said. "All of this is making it very difficult for traditional antivirus scanners to detect an infection, because the infection is located or spread into regions where you wouldn't expect to see them."

Did you find this article useful?
84 out of 146 people found this useful

Post a comment

Full Talkback thread

2 comments

Well done Norton/Symantic. Hopefully this action w... Peter Mitchell
You guys are too technical for me...why not say "n... Anonymous

Related Jobs

SAS Analyst required Financial services West Midlands 25-35K+

Storage Consultant - SAN, Unix, Windows - get trained /accredited

Technical Consultant - Symantec / Veritas Netbackup / Enterprise Vault

Loading Video Player ....

Featured Talkback

There will be further activation issues to watch out for as Microsoft plans to offer a similar service to independent software vendors whereby they can "control" licensing through activation and other measures similar to the Software Protection Platform.