Trend Micro Sues Barracuda Over Open Source Anti-Virus 200
Anti-virus firm Trend Micro is suing Barracuda Networks over their use of the open source anti-virus product ClamAV. The issue is Trend Micro's patent on 'anti-virus detection on an SMTP or FTP gateway'. Companies like Symantec and McAfee are already paying licensing fees to Trend Micro. Groklaw carries the word from Barracuda that they intend to fight this case, and are seeking information on prior art to bring to trial. Commentary on the O'Reilly site notes (in strident terms) the strange reality of patents gone bad, while a post to the C|Net site explores the potential ramifications for open source security projects. "Barracuda has been able to leverage open source to bring down the cost of security. Early on Barracuda was blocking spam and viruses at roughly 1/10 the price of the nearest proprietary competitor (that was only selling an antivirus solution). Barracuda has helped to bring down prices across the board, and it has been able to do so because of open source. More open source equals less spam and more security. Trend Micro is effectively trying to raise the price of security." Slashdot and Linux.com are both owned by SourceForge.
Yes (Score:4, Insightful)
Um, that's what the patent system is supposed to do - to make it worthwhile investing in inventing things! Whether this is a reasonable thing to patent is another question, but you can't really complain about the patent system doing what it is meant to do.
Re:Yes (Score:5, Informative)
In theory it works like this. Your company is losing $10 million dollars a year because of lack of security. Fixing the problem would cost you $5 million. The inventor comes up with something that you would not have, that cuts the cost from $5 to $1, and he splits the savings with you. He walks of with $2M, you save $2M over doing it yourself of $8M over not doing anything.
It all breaks down when the patent system issues obvious patents of the form "apply well known technology X in common context Y." In that case, you (or somebody you hired) could solve the problem for $1M. The patent doesn't represent two million dollars of new savings, it represents a million dollars of new expenses.
Re:Yes (Score:5, Insightful)
Re:Yes (Score:4, Insightful)
Re: (Score:3, Insightful)
You don't violate the patent on the object just by typing the code, or even executing it. You violate the patent by actually having the robot arm create the final object. You could run the code to your heart's content if it were operating in 'test' without creating the final object without violating the patent.
Then you get an arm.. (Score:2)
Re:Yes (Score:4, Informative)
That may be the economic theory, but I don't think it's necessarily the legal theory. Legally, the patent system is supposed to induce inventors to create new processes, materials, machines, etc. and to disclose their inventions so that they will eventually be owned by the public. Something often lost on the discussions on this site is that any patented invention will become public domain. In 20 years, potential patent holders will have to overcome this "land grab" of patents that we're currently experiencing. The broader the patents now granted, the more difficult they will be to overcome in the future.
I personally believe that the current problem with our system is that the patent office (due in large part to a decision by the Supreme Court) didn't grant software patents (in the form of business method or machine patents) earlier. Had the land grab happened thirty years ago, and the patent office learned to deal with it then, this all would have been worked out by now. The hobbyist software creator didn't exist in large part thirty years ago, and the fights would have been between large companies like IBM and its challengers.
The case referred to above was Gottschalk v Benson [wikipedia.org] 409 US 63 [findlaw.com]. The Court held that mathematical expressions could not be patented, and essentially found that all computer programs were mathematical expressions. The patent in question was for a bit shifter (converting decimal numbers into binary). IMO, we would be better off today had they simply found the patented material to be obvious, which is what many amici suggested.
Re:Yes (Score:5, Funny)
Damn, I just vanished in a puff of logic!
Re: (Score:2)
Damn, I just vanished in a puff of logic!
Re: (Score:3, Insightful)
Had the land grab happened thirty years ago, and the patent office learned to deal with it then, this all would have been worked out by now. The hobbyist software creator didn't exist in large part thirty years ago, and the fights would have been between large companies like IBM and its challengers.
True that. Seriously, folks, who's got the patent on operating systems? Software that interfaces with hardware for you? That would be great. Software patents work great until it's something obvious that shouldn't be patentable, but who draws the line? That's what we're arguing here. An antivirus on an smtp or ftp gateway? In what way is that any less obvious than an operating system?
I'm going to patent writing data to hard drives, and make millions off this system in the name of progress.
Re: (Score:3)
Sort of, yes, but mostly, no. (Or you are just be using "net cost" loosely.) Patent system isn't supposed drive down prices, it is supposed to drive up the benefits. Patent system also only works over time, sometimes quite a long time. One can't really make any claims or observations about the patent system at any sin
Re:Yes (Score:5, Funny)
Mario was furious and went to court he won, he had prior art. So after that he filed for a patent on all of his ways of making ideas. Mario now owned any intelligent thought. He renamed it Mario's idea machine, people had to pay him an annual fee of 200 dollars to have 2 good ideas a year, anymore and they would have to purchase extra licenses at a greater cost. Mario no longer had to have ideas of his own, he had a workshop of idea people, and the whole world had to pay him to have ideas. But there was a problem, no one wanted to have ideas because they couldn't afford to have them. People became stupid as having good ideas was no longer an excepted thing to do. The people in Mario's shop never came up with new and exciting ideas anymore because they were too busy fighting lawsuits against people who had ideas such as the pirate brain. The world stopped, hunger set in, the population decreased. Finally when the patent was about to expire Mario's great great grandchild had a great idea, extend the patent another 10 years. The law passed, only because by this time it was only accepted to have stupid ideas, seeing as how all the good ideas cost money.
Finally the patent expired, all that were left looked like mindless cavemen. They lived in shells of homes, with little to know food. All that was spoken were grunts, people had been afraid litigation for so long they were afraid to say something smart. Forest and animals have overgrown most of the cities, people had been living off of canned spam for years.
Moral of the story is stupid patents ruin society, stop it.
Re: (Score:2)
Where does it say that in the patent laws?
Re: (Score:2)
Re:Yes (Score:5, Insightful)
The patent system is *not* supposed to raise the price of security.
The patent system is supposed to:
To promote the Progress of Science and useful Arts [source: US Constitution [archives.gov], Article I, Sec. 8.
Making a profit from something as obvious as putting a filter in a firewall does little or nothing to achieve this goal. The largest patent holders (including IBM and Microsoft) all agree the system needs reform. But patent reform is a lot like campaign finance reform, everyone agrees there's a problem but no one really has anything they can realistically take to congress.
Re: (Score:2, Insightful)
But patent reform is a lot like campaign finance reform, everyone agrees there's a problem but no one really has anything they can realistically take to congress.
The congress is there to represent the People, not to rubberstamp bills crafted by corporations. As such, there is no need for them to wait for the private sector to take the initiative. They should just sit down, on their enlightened, elected asses, and come up with a law that really promotes the "Progress of Science and the useful Arts".
NO- government no longer works (Score:2)
Government by and for the corporations. The corps have hacked out most the democracy from the system. At least now more people are joining the minority who has
Concepts vs. Implementations (Score:2, Insightful)
Let's say that I invent a machine to separate cotton from the seeds. I am granted a patent on MY PARTICULAR "method and apparatus for separating cotton from seeds". That does NOT give me a monopoly on ALL machines to accomplish the same task. Someone else comes up with a completely different mechanism to accomplish the same task, now we have a competition without any
Re: (Score:2)
No, the patent system is supposed to make it worthwhile inventing things, not investing in inventing things.. Can you see the distinction?
Did Trend Micro invent "anti-virus detection on an SMTP or FTP gateway"? No. They didn't even invent the idea of "anti-virus detection on an SMTP or FTP gateway" (not that makes any difference).
They had a lawyer fill out a form before some other lawyer filled out
Yes - but with a correction (Score:2)
Not strictly true. Other US companies are supposed to pay them. Those of us who don't have software patents don't really care what Trend might think. Now, ask yourself, who is the US patent system helping? It doesn't matter a jot whether you argue the semantics of 'inventing' or 'investing', the vast majority or the people that are being penalised by this system live in N America
Not every Patent contains something novel. (Score:2)
Under the American system there is no penalty for filing a patent today on something as obvious and commonplace as 120 Volt AC Electricity. The only possible penalties you could suffer are 1. to have the Application rejected (see *) or 2. To have the patent thrown out when you attempt to defend it in court. The former is no punishment since it just puts y
Re: (Score:2)
Good thing that Microsoft copywrited Windows as opposed to patenting it....
Prior art? (Score:4, Interesting)
Re:Prior art? (Score:4, Insightful)
Er WTF? (Score:2)
An idea has to be ORIGINAL and NOVEL to be patentable. Just saying "take A and B and do them together!" does not a patent make.
Re: (Score:2)
Re: (Score:3, Funny)
Why not say that this behavior is the inadvertent result of placing 2 products, an SMTP gateway, and an antivirus client, side by side on the same server? the gateway stores the mail in a temporary store, whereupon the antivirus just happens to sanitize it, before the mail is again sent on it's way. This is obviousness in the extreme.
That's a good idea, you should patent it.
"Virus scanning of cache and temporary files before end user utilization."
Re: (Score:2)
To spare everyone else, this conversation is from 1994 + 10 years.
Re: (Score:2)
Re: (Score:2)
Bad news for a lot of us (Score:2, Interesting)
[1] Yes I know all you geeks might be OK. But you're not the sort to open every silly email you receive. The reception
Re: (Score:3, Informative)
There's a lot of mail admins out there - and a lot who consider a quick & dirty mail relay running Linux and ClamAV to be a pretty good first line of defense against email-borne trojans and virii. Seeing as ClamAV doesn't have a daemon mode, and end users in any large organisation can seldom be trusted to run their own AV scans as required[1] that's pretty much the biggest use for it.
ClamAV does have a daemon mode [die.net]. Are you thinking of a local Windows client? Realtime filesystem scanning?
Re: (Score:2)
Yes, you're quite right. I was thinking of a local Windows client with realtime filesystem scanning.
I completely mis-worded that.
Comment removed (Score:5, Funny)
Re: (Score:2)
Re: (Score:2, Informative)
ClamAV and on-access scanning (Score:3, Interesting)
> Seeing as ClamAV doesn't have a daemon mode
The stackable filesystem team (the ones who wrote Unionfs [sunysb.edu]) put together a filesystem that uses ClamAV [sunysb.edu] to perform on-access virus scanning in the kernel.
Re: (Score:3, Insightful)
Also, while I do believe the patent is overly broad, this is what the patents are for. It is not like Trend Micro is a patent hoarding firm, they do make products, in fact they actually make products that relate to the patents they hold, so
Re: (Score:2)
I suggest you do research before making such ridiculous claims.
me@mymachine:~$> man clamd
Clam Daemon(8) Clam AntiVirus Clam Daemon(8)
NAME
clamd - an anti-virus daemon
DESCRIPTION
The daemon listens for incoming connections on Unix and/or TCP socket
and scans files or directories on d
Prior art or obviousness? (Score:3, Insightful)
Go barracuda!
Re: (Score:2, Insightful)
MIMEsweeper prior art (Score:5, Informative)
They're not hard to find [clearswift.com]. Why not just ask them?
Re: (Score:2)
Either way, the mere fact that people were asking for such a product on usenet prior to the filing date should help their case.
Granting frivolous patents should be punishable (Score:4, Interesting)
If I file a patent for the process of giving names to children so they can be distinguished and it's granted, is there someone responsible for that? When a judge overturns the patent, the granter should suffer the consequences somehow.
Re: (Score:2)
Besides, the whole point of banding together to form a collective, whether it be a corporation, a non-profit, or a government institution, is that people can have a greater effect on society by pooling their work together into a coordinated effort while limiting their liability.
If you would like the USPTO as a whole to be penalized for the aggregate proportion of lame versus useful patents, that would be more acceptable, but still hard to impl
Re:Granting frivolous patents should be punishable (Score:4, Insightful)
Re: (Score:3, Insightful)
If you did that, nobody would want to work for the patent office.
That only means it's underpaid.
Lot's of people work in positions that would instantly fire them at the first mistake, and with much subtler mistakes than those we are arguing about*. They still like those jobs because, as long as they can keep them, they pay well.
*: I do believe that in patent granting there must be really convoluted and complex cases that involve very uses of previous knowledge in subtle ways. However I don't believe those cases conform the majority.
Re: (Score:2)
Wait, I'm confused. Are you arguing that this is bad or good?
My ISP... (Score:2, Interesting)
If so, I think I quite fancy changing ISPs. I could be paying to support this ludicrous patent.
Re: (Score:2, Insightful)
Bandwagon? (Score:2)
They invented a few of the modern ways to scan for and stop virus, spyware and spam email from getting into a windows box, pretty much every one else in the industry will accede to that, why do these guys think, they can get a free lunch for something someone else invented a fair while back.
Symantec wouldn't be paying up unless th
Re: (Score:2, Insightful)
Re: (Score:2)
Hate to say it, but this patent (1) seems non-obvious, (2) is by a company doing useful work in the area, and (3) seems cheap e
Re: (Score:2)
If by "invented" you mean "applied established techniques in a way that's obvious to a five-year-old and thus is not eligable for patent protection except if the patent office is out of control and making up the law as
Re: (Score:2)
As to email, filtering systems like Procmail have been around a lot longer than this patent, and all an AV scanner on a mail server is is a specialized filter that links an AV scanner into the incoming mail queue.
Re: (Score:2)
Re: (Score:3, Interesting)
Phooey. Here's a fairly common scenario:
(1) Company gets questionable patent
(2) Company offers a very inexpensive license to a big-name suspected infringer
(3) big-name suspected infringer buys the license because it's a lot cheaper than litigating
(4) Company goes around to others and says "big-name suspected infringer has a license, so it must be legit. Pay up." Only, this time, Company asks for a lot more money.
The US Patent
"Symantec wouldn't be paying up unless..." (Score:2)
Re: (Score:2)
Re: (Score:2)
PHB: "OpenOffice is an MS Office clone... Microsoft could sue us for using OpenOffice to make money!"
You: "Well, it doesn't really..."
PHB: (mumbling to himself) "And Pidgin, and Firefox, and GNU..."
Simple effective solution (Score:2)
TWW
All Too Easy To Fix (Score:2)
Done.
NOT AT All Too Easy To Fix (Score:2, Interesting)
That won't work in this case. The patent is for "A system for detecting and eliminating viruses on a computer network includes a File Transfer Protocol (FTP) proxy server, for controlling the transfer of files and a Simple Mail Transfer Protocol (SMTP) proxy server for controlling the transfer of mail messages through the system." So for Barracuda to comply they must stop scanning e-mails for viruses in their products.
This also means that it is not the use of Cla
Re: (Score:2)
Barracuda makes the problem worse (Score:5, Interesting)
Note that Barracuda's products are notorious for generating spam. Barracuda's engineers were informed of the problem years ago, provided with a fix -- and stubbornly refused to address the situation. It's no wonder that there are now thousands of Barracuda installations on various blacklists. (Two examples: Backscatterers [backscatterers.com] and Backscatterer.org [backscatterer.org]) Barracuda doesn't seem to care as long as they make money.
A secondary point is that Barracuda's products are NOT open-source. Oh, they're built almost entirely on open-source (an open-source operating system, an open-source mail server, an open-source anti-spam scanner, an open-source anti-virus scanner, etc.) but they're not open-source. Essentially what they've done is take all of that open-source code, slap a web front-end on it for the point-and-drool crowd, and then sell it. They're not in this to help out the Internet or stop spam or anything else admirable: they're in this to make money, and they're perfectly willing (see first point) to make the spam problem worse if it increases their profits.
They're not alone in that -- there are others out there who are in business to profit from our collective misery. An excellent way of spotting such companies is to ask the question: "What would happen if the problem they claim to address was actually solved?" If the answer to that question is "they would go out of business", then their motivation for always treating the symptoms and never treating the underlying cause will become clear.
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
You know, I ask that of the War on Terror / Drugs / Communists / File Sharers on a daily basis
Re: (Score:3, Informative)
We use a pair of Barracudas where I work to filter incoming e-mail, and in all truth, they work really, really well. That is, until something breaks. One of our units had problems with its hard drive, so we called tech support. They dinked around with the box (on our network) for over a week without fixing it -- all the while it was spooling up mail, but not delivering it -- and then things got bad. T
Re: (Score:2)
The rest of your post might be spot on, but this is a piss poor litmus test. I can't imagine any specialist profession that the answer to that question wouldn't be "they would go out of business". For example, "What would happen to all the oncologists if cancer were cured?" => "They would go out of business!". But this hardly
Re: (Score:2)
Clarification: I meant that remark to apply only to various anti-spam vendors, not to doctors or anyone else.
I'd like to add that there's nothing wrong with symptomatic treatment as an adjunct to root-cause treatment; it's generally a good idea unless it gets in the way (say by masking the problem, making it tougher to pinpoint). However, I think there is something wrong with only doing symptomatic treatment when root-cause treatment techniques are well-known and readily available. And that's what I thin
Re: (Score:2)
They're not alone in that -- there are others out there who are in business to profit from our collective misery. An excellent way of spotting such companies is to ask the question: "What would happen if the problem they claim to address was actually solved?" If the answer to that question is "they would go out of business", then their motivation for always treating the symptoms and never treating the underlying cause will become clear.
Exactly like the pharmaceutical industry.
Yes. Like the pharmaceutical industry. Also like Medicine in general. (Why should I promote a healthy lifestyle? If my patients eat more, I get to treat them for all sorts of problems!) Also most branches of software engineering. (Hey: MSOffice2K/IE4/Netscape 4.0x works great. Let's give up now while we're ahead!) Answer: This is why we can't have nice people. (http://xkcd.com/374/) At some point we have to trust others. I do it the President Reagan way: Trust but verify.
Re: (Score:2)
Citation please? I ask, because one of the dominant "non profit" health insurance companies, the various Blue Cross / Blue Shields, have been involved in several class action suits, attorney general suites and various Problems that look suspiciously like the ones that the "for profit" firms seem to have trail them around.
In t
Re: (Score:2)
drugs that cause so many side effects that you have to take 5
other drugs just to deal with the unwanted side effects of the
first one.
Big pharma is a big scam.
Re: (Score:2)
Nonsense. It is perfectly RFC-compliant to issue an SMTP refusal during the conversation with the SMTP client. This leaves responsibility for the returning an NDR with that client, thus avoiding the generation of backscatter/outscatter. Moreover, this has been a very well-known best practice for the better part of a decade -- even casual and novice mail server operators are well aware of it. Surely anyone claiming even minimal expertise in the anti-spam area should not only be well aware of it, but have
Re: (Score:2)
Two-part answer: first, there are many, MANY of those boxes out there that have NDR enabled. They're all spamming. It's unlikely that anyone has a complete list, but the two blacklists I cited in the original article have quite a few of them. Latest one seen locally: barracuda.corning-cc.edu. Second, Barracudas have been observed sending backscatter even when that switch turned off. Not often, to be sure, but it's been noted -- and reported to Barracuda. I've yet to see any response and/or fix from them.
Re: (Score:2)
Jason
Google? (Score:2)
Err (Score:3, Funny)
Re: (Score:2)
patent idea reversal (Score:2, Funny)
Hang on a second... (Score:5, Insightful)
I have configured for a number of my clients their own SMTP servers for which I charge. These servers are generally gateways with postfix as the server. The anti-virus is ClamAV which is called by postfix.
Or to put it another way they have 'anti-virus detection on an SMTP or FTP gateway'.
Does this this mean I have violated this patent? Or should the patent be rewritten as 'Patent 5,623,600: Installing software on a computer'?
Re: (Score:2)
you don't hold the copyright (Score:2)
Re: (Score:2)
(To be fair I'm sure you're right - I'm just being facetious in response to a spurious patent).
A quick google for prior art... (Score:5, Informative)
Thanks to google and its archive of usenet posts: this query [google.com] on google groups of: "FTP SMTP virus proxy server group:comp.*" for the time period of 01-Jan-95 through 26-Sep-95 (the patent was filed on 26-Sep-95) returned this link [google.com].
It appeared in the comp.security.misc newsgroup and the first few paragraphs (emphasis added) suggests to me this might be prior art:
I don't have time right now to search further, but wanted to put this out there for others to follow up on. Any takers?
P.S. As a point of comparison, consider that the Morris Worm [wikipedia.org] was released onto the internet on 02-Nov-88 (more details here: A Tour of the Worm [std.com]) and THAT was nearly SEVEN YEARS before this patent was filed!
Specific SMTP Prior Art (Score:2)
It looks like it's still around in some form from foxT [tfstech.com]. So long as the SMTP part is invalidated, I think the Internet will live on, and maybe FTP can just g
Isn't their real argument against ClamAV? (Score:2)
Seriously, it seems to me that this patent is another one of those overreaching ones. It's coming upon obvious technology, not created by itself and rushing to get a patent so that everyone who uses this technology to fight viruses
Re: (Score:2)
But they're not going after small potatoes ClamAV for violating their patent. They're going after bigger potatoes, someone using a free service. This would be like if your computer uses an operating system, you've got to pay a fee to Microsoft no matter which OS you use--oh wait!
Seriously, it seems to me that this patent is another one of those overreaching ones. It's coming upon obvious technology, not created by itself and rushing to get a patent so that everyone who uses this technology to fight viruses has to pay a fee.
I don't buy the "ClamAv will be sued" too. Last thing a security company needs is making near all server admins mad. Even OS X Server comes with Clamav installed, go figure.
I didn't see any notorious action from Trend Micro all these years, for example the offer OS X/Linux users free commercial quality antivirus running in Firefox via Java ( http://housecall.antivirus.com/ [antivirus.com] with Firefox/OSX ). Imagine what would happen if Symantec came with a similar solution. They never came up with the abuse of "Theoreti
Trend Micro and open source... (Score:3, Interesting)
If Trend Micro is really trying to prevent other companies from offering cheap solutions for anti-virus/anti-spam gateways, I would take a long hard look at how they themselves got to where they did at this point in time.
Is it just me, or.. (Score:3, Interesting)
The patent system was invented quite some decades ago to protect inventors from other people, who just stole their inventions and made profit of it.
Back in that days, inventions were actually realy made and development was so slow, that 20 years were a reasonable time for the protection of the invention.
Then time moved on, the number of real inventions did not realy rase, but most stuff was just a mere reorganization of existing stuff, but the number of patents went up.
Nowdays, if someone realy invents something, that would make the world a better place, some big corporation ensures, that it never surfaces bigger public, because that would harm their bussiness. (Like some drafts of more effective engines, and the like).
Now we start putting patents on Software, which is like a book, and should get copyright, but why on earth sould it be patented? And where does that benefit the creation of new inventions? It clearly does the opposit in most perspectives.
So maybe I'm missing the point, but I don't realy see, why this kind of system can keep existence, even thow it slowly brings economy to ruin and helps humanity to get a step closer to selfdestruction. Hmm.. Maybe I'm a bit exagerating, please prove me wrong.
Sweden (Score:2)
procmail (Score:2)
Sigh... (Score:2)
Now they've fallen into the "asshole" category in my mind (man, it's gettin
PLEASE, OUT OF BUSINESS NOW!! (Score:2)
"AppRiver...apply directly to your eMail! AppRiver... apply DIRECTLY to your eMail! AppRiver... apply directly to YOUR eMail!"
I've got a baseball bat I want to apply to someone's fucking head!
(first person that points out the obvious, that I c
More likely (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
RA [rapro.com] and Wildcat [santronics.com] both did this.
You are looking for an "upload door".
Remote Access + F-prot used to be nice (Score:2)
Any file coming in through the modem/internet was automatically scanned upon drop after zmodem/ftp had finished it's transfer.
Any messages with attachments had the same treatment; I've never spread a virus through my BBS in the 7 years it was open.
Re: (Score:2)
The almost religious fervor which sysops applied to scanning uploads was a response to the popular p