Compliance Toolkit

Antivirus patent granted

Matt Hines CNET News

Published: 03 Mar 2005 16:15 GMT

Security specialist Symantec said on Wednesday it has been granted a US patent for the threat-detection technology built into its software products.

The technology, described in the patent as "data-driven detection of viruses", is used to uncover complex viruses, worms and spyware. Symantec features the tool throughout its software line-up for the business and consumer markets, and it is one of the central elements of the company's desktop, server and gateway products.

The company said the patented technology remains one of its most powerful tools for identifying new threats. Its researchers use the code to write simple programs for scanning and emulating executable files, and for working with complex threats such as self-mutating viruses, Symantec said.

Traditional antivirus software works by scanning the regions of a particular file that are most likely to contain a virus, typically the top or bottom of the file. Symantec said its tools are able to identify more complex threats, because they enable researchers to comb through other portions too. It also helps search for threats that have been spread across a file in an effort to cloak themselves from antivirus tools.

The detection tools were created by Carey Nachenberg, chief architect at Symantec Research Labs, who has been behind 16 security-related patents in the last eight years. Nachenberg said that he and his colleagues at Symantec have been working on the antivirus technology since the mid-1990s.

The researcher likened the antivirus technology to the non-invasive MRI scanners being adopted in the medical field, which improve on their coffinlike predecessors by allowing doctors to focus on a specific area of the body, rather than trying to scrutinise the entire physique at once.

"Unfortunately, the latest infections are much more complex, they mutate themselves, polymorph themselves, inject themselves in the middle of a file or spread their infection throughout a file," Nachenberg said. "All of this is making it very difficult for traditional antivirus scanners to detect an infection, because the infection is located or spread into regions where you wouldn't expect to see them."