Trend Micro Sues Barracuda Over Open Source Anti-Virus 200
Anti-virus firm Trend Micro is suing Barracuda Networks over their use of the open source anti-virus product ClamAV. The issue is Trend Micro's patent on 'anti-virus detection on an SMTP or FTP gateway'. Companies like Symantec and McAfee are already paying licensing fees to Trend Micro. Groklaw carries the word from Barracuda that they intend to fight this case, and are seeking information on prior art to bring to trial. Commentary on the O'Reilly site notes (in strident terms) the strange reality of patents gone bad, while a post to the C|Net site explores the potential ramifications for open source security projects. "Barracuda has been able to leverage open source to bring down the cost of security. Early on Barracuda was blocking spam and viruses at roughly 1/10 the price of the nearest proprietary competitor (that was only selling an antivirus solution). Barracuda has helped to bring down prices across the board, and it has been able to do so because of open source. More open source equals less spam and more security. Trend Micro is effectively trying to raise the price of security." Slashdot and Linux.com are both owned by SourceForge.
MIMEsweeper prior art (Score:5, Informative)
They're not hard to find [clearswift.com]. Why not just ask them?
Re:Bad news for a lot of us (Score:3, Informative)
ClamAV does have a daemon mode [die.net]. Are you thinking of a local Windows client? Realtime filesystem scanning?
Re:Bad news for a lot of us (Score:2, Informative)
Re:Yes (Score:5, Informative)
In theory it works like this. Your company is losing $10 million dollars a year because of lack of security. Fixing the problem would cost you $5 million. The inventor comes up with something that you would not have, that cuts the cost from $5 to $1, and he splits the savings with you. He walks of with $2M, you save $2M over doing it yourself of $8M over not doing anything.
It all breaks down when the patent system issues obvious patents of the form "apply well known technology X in common context Y." In that case, you (or somebody you hired) could solve the problem for $1M. The patent doesn't represent two million dollars of new savings, it represents a million dollars of new expenses.
Re:Yes (Score:4, Informative)
That may be the economic theory, but I don't think it's necessarily the legal theory. Legally, the patent system is supposed to induce inventors to create new processes, materials, machines, etc. and to disclose their inventions so that they will eventually be owned by the public. Something often lost on the discussions on this site is that any patented invention will become public domain. In 20 years, potential patent holders will have to overcome this "land grab" of patents that we're currently experiencing. The broader the patents now granted, the more difficult they will be to overcome in the future.
I personally believe that the current problem with our system is that the patent office (due in large part to a decision by the Supreme Court) didn't grant software patents (in the form of business method or machine patents) earlier. Had the land grab happened thirty years ago, and the patent office learned to deal with it then, this all would have been worked out by now. The hobbyist software creator didn't exist in large part thirty years ago, and the fights would have been between large companies like IBM and its challengers.
The case referred to above was Gottschalk v Benson [wikipedia.org] 409 US 63 [findlaw.com]. The Court held that mathematical expressions could not be patented, and essentially found that all computer programs were mathematical expressions. The patent in question was for a bit shifter (converting decimal numbers into binary). IMO, we would be better off today had they simply found the patented material to be obvious, which is what many amici suggested.
A quick google for prior art... (Score:5, Informative)
Thanks to google and its archive of usenet posts: this query [google.com] on google groups of: "FTP SMTP virus proxy server group:comp.*" for the time period of 01-Jan-95 through 26-Sep-95 (the patent was filed on 26-Sep-95) returned this link [google.com].
It appeared in the comp.security.misc newsgroup and the first few paragraphs (emphasis added) suggests to me this might be prior art:
I don't have time right now to search further, but wanted to put this out there for others to follow up on. Any takers?
P.S. As a point of comparison, consider that the Morris Worm [wikipedia.org] was released onto the internet on 02-Nov-88 (more details here: A Tour of the Worm [std.com]) and THAT was nearly SEVEN YEARS before this patent was filed!
Re:Barracuda makes the problem worse (Score:3, Informative)
We use a pair of Barracudas where I work to filter incoming e-mail, and in all truth, they work really, really well. That is, until something breaks. One of our units had problems with its hard drive, so we called tech support. They dinked around with the box (on our network) for over a week without fixing it -- all the while it was spooling up mail, but not delivering it -- and then things got bad. The Tech Support genius working on the box finally figured out the drive was having problems writing to
Question for all you *nix gurus out there -- can a unix-like OS reboot without
Anyway, at this point we're livid. Our box has been out of commission for over a week, the Tech Support n00b has finally hosed the box beyond in-the-field repair, and now we've got to send the box to Barracuda for replacement. Unfortunately, we don't have instant replacement on our warranty service any more, so they want us to ship the box back to them, and then once they get it they will ship a replacement unit to us. Since that means something like another 5-10 days of downtime on a box that's already been down for over a week, we ask about buying the instant replacement policy on the unit, and they tell us that yes, we can do that, but we'll have to buy the policy from the date it expired, meaning we will have only another month or two left on the policy after we buy it, and that buying the instant replacement policy is something like 3/4 the cost of simply buying a new unit outright.
Re:Barracuda makes the problem worse (Score:2, Informative)
Exactly.
While Trend Micro's patent shakedown is underhanded, Barracuda's defense tactics are just as underhanded.
Up until they issued their press release, you could search in vain for any mentioned of Clam AntiVirus or ClamAV on their web site or in their product manuals. (You could find hits on GPL, but only because they mentioned that the source for GPL-licensed software was available.)
In short, Barracuda slaps a bunch of open-source products together, resells them at a hefty mark-up, and then runs slick ads in airports and trade rags to convince PHBs how great their products are. (Ads which, surprisingly enough, have no mention of GPL software or open source in them.) Is it any wonder Trend Micro targeted them?
Barracuda isn't fighting the patent because it's the "right thing to do". They're fighting the patent because they don't want to share their nice fat margins with Trend Micro, and because their marketing droids are gambling that open-source advocates will reflexively take their side (thus casting Trend Micro as the moustache-twirling villain).
I mean, look at the current headlines (as of 2008-01-29) on their web site:
Barracuda Networks Defends Free and Open Source Software from Patent Threat by Trend Micro
Barracuda Networks asks for help finding prior art to defend ClamAV
Barracuda to fight Trend over open source patent
Barracuda defends open-source antivirus from patent attack
Trend Micro sues Barracuda, potentially raises the cost of security for all
About the only one that's missing is, Trend Micro threatens to personally visit open source developers' homes and kick their cute, helpless puppies.
Yes, we should be concerned that Trend Micro is shaking the sabre patent at Clam AntiVirus (even by proxy). But the enemy of our enemy is not necessarily our friend. Barracuda Networks has been using open source products to line their pockets for years, with nary even the slightest lip service in return. But now that someone wants a slice of their pie, Barracuda would have us believe that they've spent these past years singing kumbaya and holding hands with Richard Stallman.
There are many companies more worthy of our support than Barracuda Networks.