Code Blue

McAfee's Monopoly on Antivirus Software Could Prove Deadly

by Neil McAllister, Special to SFGate
(Originally published Thursday, August 16, 2001. Editor: Amy Moon)

Complain all you want; dealing with viruses has become a part of everyday computing life. Like the Love Bug and Melissa viruses before them, SirCam and at least three known variants of Code Red are out there wreaking havoc right now — and they're just the most publicized ones.

New viruses and Internet worms seem to appear almost daily. Easy-to-use tool kits let even the least talented of hackers create new ones in minutes, adding to what seems like a never-ending list.

Though it's probably wishful thinking to hope that even a single one of us will escape virus infection at one point or another, at least there's some comfort. Antivirus software is available to help us clean up the mess, and these programs are dutifully kept updated with fixes for all the latest bugs.

Suppose, however, that a single corporation were able to monopolize the market for antivirus software. It would be a nasty surprise to find that in our hour of need we had only a single place to turn for help; in effect, our computers would be held hostage to the financial gain of this one company. As far as fees are concerned, it could write its own ticket.

Enter McAfee.com

Far from being merely a hypothetical scenario, this situation may soon become reality, following the approval of U.S. Patent #6,266,774. This patent, awarded to antivirus-software vendor McAfee.com, describes a "method and system for securing, managing or optimizing a personal computer." The documented uses for this technique include hardware and software diagnosis, treatment of viruses, software updates over the Internet and other "maintenance tasks."

Precisely what McAfee.com intends to do with the patent is unclear, but the tone of the announcement is certainly ominous. When pressed on the issue, McAfee.com's CEO said other companies could either "work with us, or work around the patent."

Working around the patent may prove difficult, however, since its scope is so broad. Its language does admit that "a person skilled in the art may download software to accomplish other tasks in a similar manner."

"Accordingly," McAfee.com's patent application goes on to explain, "the scope of the present invention encompasses that as well."

That little clause is bound to raise a few eyebrows, since a comparable method of selling software as a service is key to the business plans of more than a few companies. In fact, among other things, McAfee.com's description of software delivery using a markup language like HTML or XML sounds remarkably similar to the SOAP protocol, a crucial part of Microsoft's .Net initiative.

The McAfee.com patent yet again underscores how problematic software patents can be. Whenever a single company attempts to corner the market on a certain technique or algorithm, the result is always a braking of the pace of innovation. In this instance, however, the harmful effects are further compounded by McAfee.com's role as a provider of antivirus solutions.

The Blame Game

Whenever a situation like the outbreak of one of these worms arises, the usual round of finger pointing ensues. Who is to blame? The obvious culprits are the virus authors themselves; but since many of them remain anonymous, that's a dead-end pursuit. Others take Microsoft to task for not doing enough to fix the flaws in its software that allowed these programs to work their mischief in the first place. And some even criticize the hapless victims themselves for not being better educated about safe computing procedures.

No matter who takes the blame, though, one question still remains: Who is responsible for fixing the problem once it arises?

McAfee.com certainly won't take that responsibility. Its own corporate interests preclude its assuming any type of liability for your ability (or lack thereof) to clean your computer of viruses. But with the award of this new patent, McAfee.com can also secure the position of being the only company that's allowed to offer network-distributed antivirus solutions at all — and that's where the problem lies.

For most of us, virus infection is a nuisance. But for businesses, where the IT-support requirements for dealing with viruses are multiplied across many machines, the effects of viruses like SirCam and Code Red can be severe.

Rather than damaging systems outright the way traditional viruses have done, SirCam instead quietly exploits vulnerabilities in Microsoft's Outlook mail reader. It e-mails random documents from the infected computer's hard drive to unsuspecting addresses from the user's contacts database. These documents could be sensitive or confidential in nature, making SirCam's potential threat to corporate assets significant.

Code Red and its sequels, on the other hand, attack a weakness in Microsoft's IIS Web server to gain privileged access to the host machine's functions. In some cases, the virus installs a secret "back door" to allow easy access to the infected server at a later date. Another variant attempts a denial-of-service attack against the White House's Web site.

In each case, the end result is a flood of network traffic that can quickly overwhelm infected systems. It's been suggested that, given enough infected systems acting in unison, Code Red might have the potential to overwhelm entire portions of the Internet itself.

So far, antivirus organizations and the high-tech industry alike have tried to downplay the significance of Code Red and its progeny. But reports have begun to trickle out from major corporations that indicate the threat is far from trivial. Some IT departments have gone so far as to disable all Web-related traffic on their networks until the spread of the virus could be halted — a fairly drastic reaction to a supposedly insignificant threat.

A Question of Ethics

As more and more viruses seem to appear almost daily, a monopoly position on network-delivered maintenance software could result in a constant revenue stream for McAfee.com. After all, a network-delivered cure seems the natural solution for network-delivered virus programs.

But the ethical dilemma here seems plain: Should a single company be allowed to monopolize antivirus cures, such that removal of damaging software from your system requires paying that company a fee?

At first glance, there might not seem to be anything wrong with it. It's business as usual, right? If you want someone to remove a virus from your computer, you should pay them for the service.

But remember, an infected computer system can potentially be a threat to more than just that one machine. As the Code Red worm has demonstrated, an infected system can be a risk to other computers as well, or to the network itself. With this being the case, it seems irresponsible to allow a single company to control technologies associated with removing such viruses.

For McAfee.com to compete on a level playing field with other antivirus software providers is one thing. For it to effectively hoard the tools that make halting the spread of viruses possible is quite another.

Systemic Failure

Ultimately, however, the problem lies not with McAfee.com but with the U.S. Patent Office itself. Too few patent examiners understand the complexities of the software industry, and still fewer resources exist to adequately investigate all the claims submitted to the office.

As a result, over time, questionable patents are bound to be issued for software processes. Given such an environment, can McAfee.com really afford not to pursue patents for its own software? If they don't, then surely someone else will.

Effectively, then, what we have now is likely to be a never-ending cycle. Until something is done to correct the system, bad software patents are one systemic ill that's liable to keep spreading.



2001 Article IndexArticles HomeNeil's Homepage

Valid XHTML 1.1!