Symantec announced Wednesday that after a five-and-a-half-year process, one of its chief researchers had been granted a patent on anti-virus technology that speeds up detection of complex threats.

Carey Nachenberg, the chief architect of Symantec Research Labs, received a patent for what''s described as "data driven detection of viruses," a technology that''s used throughout the Cupertino, Calif.-based security giant''s desktop, server, and gateway anti-virus products.

"Traditional virus scanners work by scanning a few fixed parts of the file for signs of infection," said Nachenberg. That technique relies on the habits of virus and worm writers'', who typically insert their code in the same specific spots in an executable file, often at the beginning or the end of the file.

"As viruses have evolved, their creators have stated to put their code anywhere," said Nachenberg. "That poses a challenge for traditional AV software."

What Nachenberg''s invention does is allow an anti-virus researcher to write a script that allows him to quickly analyze the potentially-infected file and ID the most likely areas of infection. Those are the areas on which the scanner''s aimed.

In some cases, he said, the script looks for markers planted by virus writers; sometimes hackers use such markers to note that the file is infected so another infection attempt moves on.

"It''s analogous to the difference between going in for a full-body scan that delivers a lot of radiation and takes a long time, and your doctor examining you first," said Nachenberg. "If your doctor identifies the three or four areas where you need a scan, that reduces the amount of time, and the amount of radiation, you''re exposed to."

The patented technology not only allows researchers to spot infections, particularly the most complex kind that can easily morph and mutate, or use numerous attack vectors, but speed up the virus definition creation process. "It really reduces our response time," said Nachenberg, an important consideration as the windows between vulnerability and attack continue to shrink.

But the technology is also part and parcel of all Symantec''s products, where it''s used to cut the scanning time. "It lets our products inspect files for possible and probable infection points before we commit to a full scan of the file," said Nachenberg.

When used to investigate the most complex threats -- Nachenberg cited the Zmist Trojan as an example -- the technology can halve the scanning time. "In some instance these complex threats can''t be detected any other way," he claimed.

While most viruses and worms remain relatively simple, threats are constantly evolving, said Nachenberg, and anti-virus technologies must keep up. "Many of the simpler threats today wouldn''t have been detected with the technology available a number of years ago," he said.

While Symantec was willing to crow about the patent, it was less forthcoming about what it might do now that it legally owns the intellectual property.

Michael Schallop, the director of intellectual property for Symantec, said that the purpose of the announcement was simply "to let people know that we''ve patented the technology," and said no thought had yet gone into investigating whether rivals might be using technology similar enough to trigger a patent infringement lawsuit.

"We see this patent, and the others we hold, as a fundamental way to differentiate ourselves from the competition," said Schallop. That goes for current competitors as well as those looming in the future, such as Microsoft, he added.

Symantec currently owns 121 patents in a variety of areas, ranging from anti-virus and security management to compression and update distribution. This patent, in fact, is Nachenberg''s sixteenth in the last eight years.