Kaspersky Lab announces that it has obtained a patent for a system and method of correcting antivirus records. Patent No. 2487405 issued by Rospatent, the Russian patent office, covers a mechanism that helps to make security systems significantly easier to use thanks to the prompt correction of errors caused by false positives generated by a PC security system.
The key feature of any quality security solution is its ability to detect malicious programs quickly and accurately. A signature is one of the main tools for detecting malicious programs. A signature is a record in an antivirus database which describes the unique characteristics of an individual malware specimen or an entire malware family. In a substantial majority of cases, consulting this signature database means security solutions are able to identify which files on a user’s computer are dangerous, and which are not.
In some cases, however, a signature created to detect a malicious program inadvertently blocks secure software. A false positive may occur for various reasons: sometimes malware has similar structures and behavior to legitimate programs; sometimes human error can result in a virus analyst creating a signature which triggers matches with some legal programs as well as the target malware.
The real problem with false positives is that there is often a delay between detecting a false positive and correcting it; during this time, users may encounter some difficulties working with their computers.
In general, false positives are a common problem for all vendors of security software. At present there is no reliable mechanism that can completely eliminate the possibility of these incidents. However, Kaspersky Lab’s experts have developed a method to minimize any negative impact of false positives.
Kaspersky Lab’s newly patented technology helps reduce the period between detecting an error and correcting it, from several hours to several minutes. When a false positive is detected, the solution uses an algorithm which incorporates a number of checks to automatically correct the virus record. The corrected records can be sent to every computer which reports the error in question.
“We know that false positives cannot be eliminated without compromising user security, but that won’t stop us trying to deal with the problem as best we can. That is why we decided to create this technology. Our patented mechanism means we can correct possible detection errors as fast as possible, minimizing any problems for users without compromising security levels,” said Oleg Ishanov, Director of Anti-Malware Research at Kaspersky Lab and a member of the Technology Development team.
Kaspersky Lab continues to obtain more and more patents for its cutting-edge digital security technologies. As of early August 2013, Kaspersky Lab’s portfolio included over 160 patents issued in the US, Russia, the EU and China. In addition to that, over 210 patent applications are currently under consideration by patent authorities in these countries.
UPDATE. On 20 May 2014, Kaspersky Lab was granted a US patent on this technology. Patent № 8732836 System and Method for Correcting Antivirus Records to Minimize False Malware Detections.