1. Field of the Invention
This invention pertains in general to computer security, and more specifically to detecting and monitoring a third party security product vendor's use of another vendor's signatures.
2. Description of the Related Art
Many types of security software use signature-based detection of malware (e.g., viruses, worms, spyware, crimeware, Trojan horses, etc.) that employs known malicious patterns or fingerprints to uniquely identify the malware. Security software can scan and compare computer files against a database of known malware signatures to identify matches that indicate that the file is likely infected. Similarly, signatures for files that are known to be clean or non-malware files can be used to identify that a file is not a malware threat. Signatures for detecting malware or for detecting non-malware are commonly identified or developed by security software companies. Due to the continually growing number of software programs available today and the constant new advances in malware, a great deal of work goes into identifying valid signatures. Each security software company typically has a collection of its own in-house developed signatures for use in its security products, which provides a significant advantage to the company.
Given all of the work committed by each security software vendor in developing their sets of signatures, it is advantageous to prevent theft of the signatures or scanning products. Yet, the difficulty of preventing theft of their signatures by other companies is a growing problem. Cloud computing, in which virtualized resources are provided via a server over the Internet, is becoming more and more ubiquitous, and so many companies now employ cloud-scanning or cloud security technology. As cloud-scanning technology for malware becomes more prevalent, many software vendors can “hide behind the cloud” and usurp any number of their competitor's scanning technologies. These companies can use their competitor's technologies to augment their own or even replace their own detection technologies. As one example, some companies provide what is known as “fake AV” software that purports to be security software, but is really just adware or some other non-security product that utilizes the technologies of a valid security company as its own. Currently, there is no way to readily detect blatant stealing of a security vendor's products or signatures and prevent others from benefitting from the vendor's hard work.
In some cases, security software vendors license their technologies for use by other companies. Even with this authorized use of the vendor's products, there comes some risk. If the licensee is not regularly updating the products with the newest signatures provided by the vendor or is otherwise improperly using the products, the vendor's brand name can be damaged. Currently, there is no way for the security vendor to readily monitor even authorized usage of its signatures to ensure that the signatures are being properly used and updated regularly.
Therefore, there is a need in the art for a solution that permits detecting the use, whether improper or proper, of one security software vendor's signatures/products by another vendor.