RealTime IT News
McAfee Wins 'Malicious Behavior' Patent
By Sean Michael Kerner
October 21, 2004

McAfee today announced that it was awarded a patent to detect malicious software.

U.S. patent 6,775,780, "Detecting Malicious Software By Analyzing Patterns Of System Calls Generated During Emulation," covers a broad swatch of programs and situations.

"This patent involves determining whether software is likely to exhibit malicious behavior," Chris Hamaty, director of Intellectual Property for McAfee, told internetnews.com. "One of the ways the patent contemplates is by analyzing patterns and system calls made during emulation of a piece of software."

Software emulation is a process that occurs within an insulated environment, usually within a computer system. The emulated environment allows the application to be tested for malicious behavior without much risk of harm to the computer system as a whole.

According to the abstract filed with the U.S. Patent and Trade office, the system may also compare the pattern of system calls against a suspect patterns database. Upon the comparison, the system will be able to determine whether malicious behavior is likely to be exhibited by the software. The system may also be used for on-the-fly analysis.

On-the-fly scanning for potential malicious activity is not something that is new to the security and virus scanning industry. For years, McAfee and others have included something called heuristics scanning in their software to help identify potential threats based on suspect patterns.

"We think that the patent has relevance to the area of heuristics but the patent of course speaks for itself and may have other applicability," Hamaty said.

Hamaty noted that the patent is broad and is believed to cover "a variety of programs and products that are already being made and that will likely be made in the future."

The patent is intended to protect McAfee's intellectual property and give the company a degree of competitive advantage over its competitors in the highly contentious security software space.

"We think this is an important patent in concert with our other patents in order to help our defensive posture, protect our intellectual property and give us a strategic advantage," Hamaty said.