Kaspersky patents virus scan acceleration
Russian antivirus specialist Kaspersky has been granted a patent on a method and system for anti-malware scanning with variable scan settings. The patented method is based upon a risk analysis of the file being executed. Based on whether the file is known or unknown, where the file originated, if the file is digitally signed and other factors, the patent's method decides upon what malware scanning is applied to that file before being it is allowed to be executed. If a file is known, it is subject a simple signature check, but unknown files are subjected to a more rigorous scanning and analysis process.
Andreas Marx of AV-Test thinks the patented methods are "not really innovative". In an interview with heise Security he said that while the competitors have used such techniques for quite some time but that they have seldom made this public. The methods are "obvious for any good programmer", said Marx. Because the state of the art has not been published, however, such patents are easily granted, he added.
Kaspersky has also been granted a patent for detecting rootkits. The method described is based on taking snapshots of individual areas of the operating system and the registry before booting. By comparing these snapshots, driver manipulations can subsequently be detected. A third Kaspersky patent relates to object oriented plug-ins.
These patents are unlikely to lead to legal actions against other vendors. Other antivirus companies have enough patents to defend themselves against Kaspersky, explained Marx. The US patent database confirms his opinion; it only lists 17 Kaspersky patents, while Symantec has 1004 patents.