Will Patent Battles Make Your Computer Less Secure?

from the hurray-for-patents dept

Just as a new study is coming out suggesting that anti-virus software is getting worse at actually protecting your computer comes some other news that there's a brewing patent battle in the anti-virus world, with one firm, Trend Micro, going after a bunch of other companies for daring to use similar techniques in trying to protect computer equipment. If ever there were a perfect example of patents being used to hold back progress, this would be it. Computer security is incredibly important -- but it's a rapidly changing field, as both the "good guys" and the "bad guys" need to be constantly adjusting. Preventing firms from being able to use one method (and to improve on it, change it, build on it, etc.) simply gives the malware writers a huge leg up. They have no such qualms about building off of others' work, and this will simply lead to malware getting further and further ahead of security software, as security companies are held up in their ability to continue to adapt.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: computer security, patents, security
Companies: trend micro


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    drew, 27 Dec 2007 @ 2:33am

    ok so i'm going to write some cheesy malware and then patent how to safely remove it then sue anybody that removes it = PROFIT

    link to this | view in thread ]

  2. identicon
    Patrick, 27 Dec 2007 @ 4:24am

    Great Idea Drew

    That is in fact the way they think it is done, Complete BS, But still ... This article makes a good point, The Malware is going to improve while security is at a stand still - All I have to say about that is .. " DUH"!!!

    link to this | view in thread ]

  3. identicon
    Rich Kulawiec, 27 Dec 2007 @ 5:11am

    AV software is unimportant to security

    AV software companies exist almost entirely because of the pathetic weakness of Microsoft products. (For example, to a very good first approximation, there is no such thing as an email virus; they are only Outlook viruses, and that is because despite its enormous financial and human resources, Microsoft has completely, utterly failed to write even a modestly-secure email client.)

    I don't use AV -- I don't have to, because I take the far superior approach of not using operating systems and applications that are vulnerable to malware written by children. So if the parasites at the AV companies want to hobble each others' efforts by engaging in a foolish patent war, so be it. This will have no impact whatsoever on the security measures used by qualified professionals.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 27 Dec 2007 @ 5:48am

    Re: AV software is unimportant to security

    Please.... Put any OS into a majority of desktop computer use it catogory and point the full force of the hacker community at it and it will be crack hacked and virus infected. You can however keep your rose colored glasses on for the time being.

    link to this | view in thread ]

  5. identicon
    Rich Kulawiec, 27 Dec 2007 @ 6:19am

    Re: AV software is unimportant

    Of course, this has already happened and the results have not turned out to be what you've predicted. Moreover, as all competent security people know, there is no correlation between popularity and susceptibility.

    If there are "rose-colored glasses" being worn, then they're perched on the noses of those who rely on AV technology -- which is guaranteed to fail when it will be needed most. For an excellent article which touches on this point, find Marcus Ranum's "The Six Dumbest Ideas in Computer Security", and read thoroughly.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 27 Dec 2007 @ 7:26am

    Re: Re: AV software is unimportant to security

    You forgot the ubuntu hackers, the linux hackers, the GNU hackers, and KDE hackers and more.

    I think there are more hackers than crackers so we'll be pretty to tough to beat if crackers want to start manufacturing computer viruses for the Linux OS.

    link to this | view in thread ]

  7. identicon
    Rich Kulawiec, 27 Dec 2007 @ 8:14am

    Re: AV software is unimportant to security

    I've forgotten none of them, actually. I simply recognize that (and this is one reason why I referenced Ranum's excellent article) defenses which rely on frequent signatures updates (or their equivalent) are inherently flawed. AV products aren't the only things that fall into this category, they're just one of the more prevalent.

    Real security does not come from band-aids like AV. Real security comes from OS and application software that is written to be secure, which is subjected to peer review, which is thoroughly audited for weaknesses, and which utilizes concepts such as default-deny, least-privilege, etc. Now, granted, sometimes it happens that even though all those things are done, there's still a problem. We are, after all, still learning. But it should be obvious to everyone who's watched the last 20-30 years of computer security unfold that this approach actually has a fighting chance of working, whereas use of band-aids (like AV) is a path to certain failure.

    Ranum's article, by the way, is here.

    link to this | view in thread ]

  8. identicon
    Matt, 27 Dec 2007 @ 8:57am

    Re: Re: AV software is unimportant to security

    I would have to disagree with both of you. I have been using a Microsoft OS for years. I used to get the AV softwares, but I haven't had one for the past few years (4-5) and I have never gotten a virus or spyware. It has nothing to do with the software, but educating the user. If you can educate the user on proper and safe web browsing. Then all malware and viruses will be obsolete.

    link to this | view in thread ]

  9. identicon
    Rich Kulawiec, 27 Dec 2007 @ 9:30am

    Re: AV software is unimportant to security

    You've got to be kiddding, Matt. There's plenty of malware that relies on propagation vectors other than HTTP to gain entry to systems. A pointed example would be the Slammer (aka Sapphire) MSSQL-exploiting worm. Internet != web.

    Moreover, "educating the user", as Ranum points out in the article that I've now repeatedly referenced, is clearly a total failure and should be abandoned as a strategy. As he says, "if it was going to work, it would have worked by now". It doesn't. It won't.

    link to this | view in thread ]

  10. identicon
    Joe Krahn, 27 Dec 2007 @ 9:35am

    Re: Re: AV software is unimportant to security by

    Matt, that is wrong. For example, a bad e-mail client can be so susceptible to viruses that the only way to ensure safety is to never open any email that has not been scanned. Lately, this has gotten easier because service providers scan email even if the user does not, and Microsoft is finally starting to add security to it's products (even though adding security as an after-thought causes the sort of hassles seen in Vista).

    As for non-Microsoft platforms, they do have vulnerabilities to hacking, but not viruses. Viruses are a Microsoft feature. Linux does not need AV software, but does need the firewall and other built-in security features.

    link to this | view in thread ]

  11. identicon
    Walter Dnes, 27 Dec 2007 @ 3:01pm

    Re: Re: Re: AV software is unimportant to security

    > If you can educate the user on proper and safe web browsing.

    That doesn't work anymore. Used to be if you stayed away from porn and warez sites, you were safe. The bad guys have responded with...

    - compromising trusted domains, like the official websites of the Superbowl teams almost a year ago

    - compromising the adservers that serve ads to a lot of mainstream trusted domains

    - cache-poisoning (Microsoft Windows based) DNS servers, so that *EVEN IF YOU PROPERLY TYPE IN THE NAME OF A "SAFE" SITE*, you still end up being re-directed to an evil site.

    link to this | view in thread ]

  12. icon
    Technofear (profile), 13 Feb 2008 @ 12:02am

    Popularity does indirectly correlate to susceptibi

    “Moreover, as all competent security people know, there is no correlation between popularity and susceptibility.”

    We also know that as the popularity of an OS increases so does the amount of malware that targets it.

    Much of the reason many OSs are considered ‘safe’ is that no one bothers to investigate / create attack methods for them.

    If these ‘secure’ OSs had the same market share (== probability of finding a target fro your malware) as Windows then they would have many more security vulnerabilities exposed.

    Why spend time creating malware that attacks

    link to this | view in thread ]

  13. icon
    Technofear (profile), 13 Feb 2008 @ 12:04am

    Popularity does indirectly correlate to susceptibi

    “Moreover, as all competent security people know, there is no correlation between popularity and susceptibility.”

    We also know that as the popularity of an OS increases so does the amount of malware that targets it.

    Much of the reason many OSs are considered ‘safe’ is that no one bothers to investigate / create attack methods for them.

    If these ‘secure’ OSs had the same market share (== probability of finding a target fro your malware) as Windows then they would have many more security vulnerabilities exposed.

    Why spend time creating malware that attacks

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.