Trend Micro Sues Barracuda Over Open Source Anti-Virus

Anti-virus firm Trend Micro is suing Barracuda Networks over their use of the open source anti-virus product ClamAV. The issue is Trend Micro's patent on 'anti-virus detection on an SMTP or FTP gateway'. Companies like Symantec and McAfee are already paying licensing fees to Trend Micro. Groklaw carries the word from Barracuda that they intend to fight this case, and are seeking information on prior art to bring to trial. Commentary on the O'Reilly site notes (in strident terms) the strange reality of patents gone bad, while a post to the C|Net site explores the potential ramifications for open source security projects. "Barracuda has been able to leverage open source to bring down the cost of security. Early on Barracuda was blocking spam and viruses at roughly 1/10 the price of the nearest proprietary competitor (that was only selling an antivirus solution). Barracuda has helped to bring down prices across the board, and it has been able to do so because of open source. More open source equals less spam and more security. Trend Micro is effectively trying to raise the price of security." Slashdot and Linux.com are both owned by SourceForge.

MIMEsweeper prior art

[RupW]

From TFA (the Groklaw article):

We also believe that a product called MIMESweeper 1.0 from a company called Clearswift, Authentium, or Integralis anticipates several claims of the '600 patent. We have yet to locate a copy of this product and would appreciate anyone who has a copy sending it our way.

Yes, Clearswift currently own MIMEsweeper although Clearswift didn't exist back then - they're a merger of several firms who had similar products.

They're not hard to find [clearswift.com]. Why not just ask them?

Re:Bad news for a lot of us

[j-turkey]

There's a lot of mail admins out there - and a lot who consider a quick & dirty mail relay running Linux and ClamAV to be a pretty good first line of defense against email-borne trojans and virii. Seeing as ClamAV doesn't have a daemon mode, and end users in any large organisation can seldom be trusted to run their own AV scans as required[1] that's pretty much the biggest use for it.

ClamAV does have a daemon mode [die.net]. Are you thinking of a local Windows client? Realtime filesystem scanning?

Re:Bad news for a lot of us

[kc8tbe]

ClamAV does have a daemon, it just doesn't have on on-access scanner for Windows -- yet. The people over at Clamwin http://www.clamwin.com/content/view/35/27/ [clamwin.com] are working on one. Linux users interested in on-access scanning should look up Clamuko, but then if you run Linux you probably don't need an on-access virus scanner...

Re:Yes

[hey!]

Well, to be more accurate, what the patent system is supposed to do in a case like this is lower the net costs of security, and then reward the inventor by diverting some of the savings to him.

In theory it works like this. Your company is losing $10 million dollars a year because of lack of security. Fixing the problem would cost you $5 million. The inventor comes up with something that you would not have, that cuts the cost from $5 to $1, and he splits the savings with you. He walks of with $2M, you save $2M over doing it yourself of $8M over not doing anything.

It all breaks down when the patent system issues obvious patents of the form "apply well known technology X in common context Y." In that case, you (or somebody you hired) could solve the problem for $1M. The patent doesn't represent two million dollars of new savings, it represents a million dollars of new expenses.

Re:Yes

[radarjd]

Well, to be more accurate, what the patent system is supposed to do in a case like this is lower the net costs of security, and then reward the inventor by diverting some of the savings to him.

That may be the economic theory, but I don't think it's necessarily the legal theory. Legally, the patent system is supposed to induce inventors to create new processes, materials, machines, etc. and to disclose their inventions so that they will eventually be owned by the public. Something often lost on the discussions on this site is that any patented invention will become public domain. In 20 years, potential patent holders will have to overcome this "land grab" of patents that we're currently experiencing. The broader the patents now granted, the more difficult they will be to overcome in the future.

I personally believe that the current problem with our system is that the patent office (due in large part to a decision by the Supreme Court) didn't grant software patents (in the form of business method or machine patents) earlier. Had the land grab happened thirty years ago, and the patent office learned to deal with it then, this all would have been worked out by now. The hobbyist software creator didn't exist in large part thirty years ago, and the fights would have been between large companies like IBM and its challengers.

The case referred to above was Gottschalk v Benson [wikipedia.org] 409 US 63 [findlaw.com]. The Court held that mathematical expressions could not be patented, and essentially found that all computer programs were mathematical expressions. The patent in question was for a bit shifter (converting decimal numbers into binary). IMO, we would be better off today had they simply found the patented material to be obvious, which is what many amici suggested.

A quick google for prior art...

[martyb]

Thanks to google and its archive of usenet posts: this query [google.com] on google groups of: "FTP SMTP virus proxy server group:comp.*" for the time period of 01-Jan-95 through 26-Sep-95 (the patent was filed on 26-Sep-95) returned this link [google.com].

It appeared in the comp.security.misc newsgroup and the first few paragraphs (emphasis added) suggests to me this might be prior art:

FOSE '95, WASHINGTON, March 21 /PRNewswire/ -- Norman Data Defense Systems, Inc. today introduced the Norman Firewall, a firewall providing a single, highly secured route for data traveling between networks and the Internet.

"We are proud to deliver a new level of data defense for networks that are currently vulnerable to attack from a variety of global data security threats, including hackers and viruses," said Norman Data Defense Systems, Inc. President and CEO David J. Stang, Ph.D.

Like a sentry positioned to identify visitors and then authorize or deny entry, the Norman Firewall combines an integrated front-end server, proxy server, and virus detector to defend systems and information. The Norman Firewall essentially opens incoming and outgoing data packets, and inspects, virus-checks (against more than 6,500 known viruses), and repackages the data packets, before delivery to their destination. No packets ever need to directly enter or leave internal networks.

I don't have time right now to search further, but wanted to put this out there for others to follow up on. Any takers?

P.S. As a point of comparison, consider that the Morris Worm [wikipedia.org] was released onto the internet on 02-Nov-88 (more details here: A Tour of the Worm [std.com]) and THAT was nearly SEVEN YEARS before this patent was filed!

Re:Barracuda makes the problem worse

[element-o.p.]

Not to mention that my six year old daughter could provide better tech support than Barracuda does :(

We use a pair of Barracudas where I work to filter incoming e-mail, and in all truth, they work really, really well. That is, until something breaks. One of our units had problems with its hard drive, so we called tech support. They dinked around with the box (on our network) for over a week without fixing it -- all the while it was spooling up mail, but not delivering it -- and then things got bad. The Tech Support genius working on the box finally figured out the drive was having problems writing to /var, so he *comments the line mounting /var from /etc/fstab* and reboots the box.

Question for all you *nix gurus out there -- can a unix-like OS reboot without /var being mounted?

Anyway, at this point we're livid. Our box has been out of commission for over a week, the Tech Support n00b has finally hosed the box beyond in-the-field repair, and now we've got to send the box to Barracuda for replacement. Unfortunately, we don't have instant replacement on our warranty service any more, so they want us to ship the box back to them, and then once they get it they will ship a replacement unit to us. Since that means something like another 5-10 days of downtime on a box that's already been down for over a week, we ask about buying the instant replacement policy on the unit, and they tell us that yes, we can do that, but we'll have to buy the policy from the date it expired, meaning we will have only another month or two left on the policy after we buy it, and that buying the instant replacement policy is something like 3/4 the cost of simply buying a new unit outright.

Re:Barracuda makes the problem worse

[qralston]

They're not in this to help out the Internet or stop spam or anything else admirable: they're in this to make money

Exactly.

While Trend Micro's patent shakedown is underhanded, Barracuda's defense tactics are just as underhanded.

Up until they issued their press release, you could search in vain for any mentioned of Clam AntiVirus or ClamAV on their web site or in their product manuals. (You could find hits on GPL, but only because they mentioned that the source for GPL-licensed software was available.)

In short, Barracuda slaps a bunch of open-source products together, resells them at a hefty mark-up, and then runs slick ads in airports and trade rags to convince PHBs how great their products are. (Ads which, surprisingly enough, have no mention of GPL software or open source in them.) Is it any wonder Trend Micro targeted them?

Barracuda isn't fighting the patent because it's the "right thing to do". They're fighting the patent because they don't want to share their nice fat margins with Trend Micro, and because their marketing droids are gambling that open-source advocates will reflexively take their side (thus casting Trend Micro as the moustache-twirling villain).

I mean, look at the current headlines (as of 2008-01-29) on their web site:

Barracuda Networks Defends Free and Open Source Software from Patent Threat by Trend Micro

Barracuda Networks asks for help finding prior art to defend ClamAV

Barracuda to fight Trend over open source patent

Barracuda defends open-source antivirus from patent attack

Trend Micro sues Barracuda, potentially raises the cost of security for all

About the only one that's missing is, Trend Micro threatens to personally visit open source developers' homes and kick their cute, helpless puppies.

Yes, we should be concerned that Trend Micro is shaking the sabre patent at Clam AntiVirus (even by proxy). But the enemy of our enemy is not necessarily our friend. Barracuda Networks has been using open source products to line their pockets for years, with nary even the slightest lip service in return. But now that someone wants a slice of their pie, Barracuda would have us believe that they've spent these past years singing kumbaya and holding hands with Richard Stallman.

There are many companies more worthy of our support than Barracuda Networks.