Symantec has been granted a patent on anti-virus technology that speeds up detection of complex threats, after a five and a half year process.
Carey Nachenberg, the chief architect of Symantec Research Labs, received a patent for "data driven detection of viruses", a technology used throughout the security giant's desktop, server, and gateway anti-virus products.
"Traditional virus scanners work by scanning a few fixed parts of the file for signs of infection," said Nachenberg. That technique relied on virus and worm writers inserting their code in the same specific spots in an executable file.
"As viruses have evolved, their creators have started to put their code anywhere," said Nachenberg. "That poses a challenge for traditional anti-virus software."
Nachenberg's invention lets an anti-virus researcher write script that allows him or her to quickly analyse the potentially infected file and identify the most likely areas of infection.
Sometimes the script looks for markers planted by virus writers. Sometimes hackers use such markers to find if the file is infected.
"It's analogous to the difference between going in for a full-body scan that delivers a lot of radiation and takes a long time, and your doctor examining you first," said Nachenberg.
"If your doctor identifies three or four areas where you need a scan, that reduces the amount of time and radiation you're exposed to."
The patented technology helped researchers spot infections, particularly the most complex kind that can easily morph and mutate or use numerous attack vectors.
It also sped up virus definition creation. "It really reduces our response time," said Nachenberg.
That would be an important consideration as the windows between vulnerability and attack continued to shrink.
In Symantec's products, it's also used to cut scanning time. "It lets our products inspect files for possible and probable infection points before we commit to a full scan of the file," said Nachenberg.
When used to investigate the most complex threats -- Nachenberg cited the Zmist Trojan as an example -- the technology can halve the scanning time.
"In some instance these complex threats can't be detected any other way," he claimed.
Michael Schallop, intellectual property director at Symantec, said no thought had yet gone into investigating whether rivals had similar technology that could trigger a patent infringement lawsuit.
Symantec has 121 patents in areas ranging from anti-virus and security management to compression and update distribution. This patent is Nachenberg's sixteenth in eight years.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
