StillSecure, After All These Years

Interesting interview with the CEO of Trend, Eva Chen at PC World on the Barracuda patent infringement suit that Trend has brought. A couple of things are pretty clear reading Chen's responses to the questions:

1. This law suit is being fought as much in the court of public opinion as it is in the courts of law.  For that Dean and the Barracuda crew deserve credit. They have done a good job of making this a Trend versus open source community suit.  From Chen's answer it seems Trend was taken totally by surprise by Barracuda's aggressive PR and their ability to turn elements of the open source community against Trend.  The pity for Trend is that Chen actually does make clear the difference between just Clam AV being a virus scanner and the way Barracuda uses Clam AV as part of the gateway. If they would stick to that and not about who makes money from it, they might be able to get the open source community to leave this one alone.

2. In Trend's view this is not about open source  but about money.  I think Chen shoots Trend in the foot with this argument.  She seems to say that because Barracuda is a for profit company that is why they are suing them. If ClamAV was making money, they would sue them too is dangling metaphor there. Here is what Chen says, "But we were not suing ClamAV. Barracuda is a for-profit company. They are taking ClamAV, putting it on their gateway and making money out of it. It's not free software that we are suing, it's Barracuda." So it is all about the money than. If ClamAV was making money Trend would sue them too?

3. After already suing and winning against IBM, McAfee and most of all Fortinet, Trend is very confident that their patent is the real deal in a court of law. If the Xie brothers couldn't find anything to throw this out, they are not worried about the likes of Dean Drako.  But as I said, while litigating this Trend is taking black eyes and body shots in the public opinion arena every day.

4. The last thing they want is to get Sourcefire involved in this suit.  You can't tell me that at this stage of the game Chen would not know if they have cut a deal with Sourcefire or not, the owners of ClamAV. Yet she plays as if she never even heard of them and would have to ask her lawyers. I suspect this is because they think that Sourcefire has more open source "chops" than Barracuda and this would turn this thing into a PR disaster for Trend.  It could be this same reason that played apart (I think is the big reason) in Barracuda bidding for Sourcefire.

In any event it will be interesting to see how PR and public opinion play in the eventual outcome of this suit.

I received an amusing email from a person at another security company yesterday.  They wanted to know how much revenue we did here at StillSecure and what we would be willing to pay as a license fee in regard to a recent patent they had been awarded.  Before the visions of Sugar Plums were deeply engraved in this persons mind, I had to tell them that, "sorry Charlie, Starkist wants tuna that tastes good".  The fact is their patent did not apply to how our product works.  But it brings up a bigger issue that has come up before, patent trolls. 

Our patent system is in drastic need of an overhaul.  In this particular case, I know for a fact that their use of this technology was not the first use in commercial instances.  There is little doubt in my mind that at a trial this claim would be laughed out of court.  The problem is getting this to trial.  A defendant even though successful would have to pay a hefty sum in attorney costs and bad PR around the suit while it was pending.  The courts are usually pretty reluctant to award attorney fees to the victorious side, let alone damages for harmed reputation. Plus the patent troll probably does not have the resources to pay such an award. I would like to see a statute put into law that if these trolls if and when they lose their law suits have to pay the legal fees and consequential and real damages suffered by the party they accused of patent infringement. In fact they should have to post a bond to make sure they are good for fees and damages in the event they lose.

Personally I think companies would be better off executing on making their product work and selling it in the market, rather than hoping to sneak a patent through the patent office and become bloodsuckers off of someone else's hard work. It is for exactly this reason that I do not even mention the company involved here.  Frankly, mentioning them on my blog would give them more daylight than they deserve.  Let them keep limping along with a handful of employees trying to make 30 cents out of a quarter, hoping that some lawsuit will do what their own efforts at building a company could not.

Over the last day I have had more of a chance to think on the Trend Micro-Barracuda patent war.  I have also done some more research and reading on this one.  In my earlier article I said that this is not about open source so much as it is about gateway anti-virus.  Upon further reflection though I am not as sure.  Here are some other facts to consider:

1. ClamAV may have as many as 1 million users downloaded updates daily. This makes them at least a potential formidable competitor to Trend.  One that I am sure Trend would like to see go away because they can't compete with them on price.
2. Going after individual users of Clam would be like herding cats.  There is no way you can hit them all.  At best you may get a few high profile cases.
3. Barracuda has deep pockets. Instead of herding cats go after one fat cat who has deep pockets to pay you the kind of money you want and send a message to the rest of the cats that they could be next, so either use another AV (like Trend for instance) or pony up some fee for patent use. 

In fact the above scenario is not terribly different than the recording industry going after napster. It was easy to go after one relatively fat cat, rather than herding and chasing a bunch of smaller cats.  In fact the recording industry has given themselves something of a black eye by going after poor grandmothers and children for illegal downloads. I think Trend tries to avoid the same type of black eye by saying this is not about open source but just AV. It is about open source.  They just don't want to be perceived as going after open source and don't want to chase the small fry. But do they want ClamAV as a competitor? Probably not.

4. Trend's decision to pursue this in the ITC seems abusive.  Barracuda does not import the ClamAV software. It is downloaded from servers here in the US. The servers are assembled here in the US as well.  This case does not belong in the ITC and should be thrown out of there. It may have served Trend well with Fortinet who was importing their products into the US, but it is the wrong venue for this suit.

All that being said, I think that this more than ever still demands that Sourcefire as the owners of ClamAV step up to the plate here. If I was a paying customer of Sourcefire for Clam and was subject to a patent infringement case, I would expect them to defend.  I think the fact that Barracuda does not pay them today evidently for the use of Clam is not reason enough to let Barracuda take the brunt of this battle on.

Also looking at the proof gathered, I think there is a better than even chance that this patent will be thrown out. If so Barracuda will have done the open source community and the gateway AV industry a huge service.

Just a little while ago I wrote about the Trend Micro - Barracuda Networks legal tussle where Barracuda is alleging Trend with patent trolling with its controversial patent '600.  I made reference to the fact that why didn't Trend go after the big boys. I wanted to know where was the calvary coming to the rescue here, not leaving Barracuda to fight this fight alone.  Well it takes a big man to admit he did not know all there was to know on the subject.  As several folks pointed out to me, Trend has in fact sued both McAfee and Symantec over this very same patent. Though I have not been able to find anything that points to the outcome of this suit, it makes the most sense that probably there was a quiet cross-licensing deal worked out with some cash changing hands. Symantec and McAfee were not the only ones to be sued either. According to this article, Fortinet actually had a disruption in its distribution as a result of ITC investigation instigated by Trend (the same tactic they are using here), and then totally redid their AV module to avoid any technology that could be deemed to violate the patent in question. This article claims that several companies have been sued in the past and have settled out of court, despite never admitting to the validity of the patent.

I guess that means that Trend must be working out reasonable terms with these companies and begs the question, why didn't Barracuda take a deal?  Dean Drako claims he was never able to speak to someone to work out a deal, but who knows at this point. What does seem clear is that Barracuda has done some real research in trying to have this patent overturned.  If Dean and Barracuda are successful in doing so, more power to them and another blow struck against silly patents. 

Now what about the rest of the calvary? It still seems to me that this is too important an issue for Sourcefire who owns Clam to be sitting on the sidelines.  I am still waiting for them to join the fray or has Trend already scalped them too?

For those who don't know, Barracuda is involved in a wicked patent fight with Trend Micro over the use of Clam AV gateway anti-virus. It seems according to a 1995 patent issued to Trend Micro, they claim that virtually all gateway AV that removes viruses as they move through a SMTP or FTP proxy servers are covered under this patent. Barracuda uses the popular, open source Clam AV product in their appliances and Trend says their use violates the patent.  Evidently this little tiff has been going on for some time, with Trend filing a complaint with the US International Trade Commission in addition to the conventional law suits. Trend also claims that their position here is well established and several previous suits and claims have been upheld including a settlement with Fortinet (does Fortinet use Clam AV too?).

My position is that this is a perfect case of why so much of this patent  stuff is just full of beans.  How can Trend have a patent on gateway AV. If they do why are they wasting time piddling around with the likes of Barracuda.  Why don't they go after the big boys like Symantec or McAfee? Something tells me there is a reason why Trend does not.  Either they are not as confident in their claim as they make out to be or Symantec and McAfee know something that the rest of us don't.  Maybe they have proof of prior use before the patent was filed. 

Many in the open source community including Richard Stallman (no surprise there) and Eben Moglen of the Software Freedom Law Center have joined in to support Barracuda in this legal battle.  Barracuda is in fact very much painting this as an attack on open source and looking to the community for support.  Trend for their part says that this is not about open source or even Clam AV, it is about filtering virus pursuant to the techniques they patented.  Again, my view is I don't think Barracuda is doing anything different than other ClamAV users.  Though Trend's claims may go to all gateway AVs, clearly this is about Barracuda using Clam and about Clam. 

So here is my question: Why haven't we heard from the owners of ClamAV. Sourcefire bought them in August I thought.  This could effect them as much as anyone. They are big supporters of open source and as a public company can bring resources to bear on this.  Why has Marty, Wayne and gang been silent on this.  I would think they should be leading the charge here and standing up for their product.  Leaving Dean Drako and Barracuda to fight this fight on behalf of the Clam community is not fair and also could have repercussions down the road to Sourcefire without them being involved. Is it that Barracuda is not paying for their use of Clam?  I don't know what the answer is but it will be interesting how this plays out.

Following up to my article yesterday I had a chance to catch up with Gary Milefsky, CTO of Net Clarity. I have known Gary for years now, going back to my Interliant days.  Gary assures me that the lawsuit against Sourcefire has merit and they are confident of winning this trial.  I did not get into the merits of the suit with him, as I don't think it is fair for Gary to comment on a case currently in trial.  However, Gary does feel confident of victory.

On the issue of Nessus, Gary says Net Clarity has a policy that they do not divulge what they use or do not use in their product.  However, he gives me his assurance that they do not violate anyone's IP or copyrights or licenses.  Now I had heard the nessus stuff independently of my own knowledge from 3rd parties.  Not having used the Net Clarity product, I don't know for sure.  But if Gary wants to be less than truthful with me, that is on his own conscience.  I will give him the benefit of the doubt based up on the years I know him and say OK, they are not violating anything here.  If someone knows differently please feel free to comment or drop me a line.  Gary, I am changing my mind and taking back what I wrote earlier based upon your representations to me and our long relationship.  I hope that trust is not misplaced!

I have been following the Sourefire IPO saga for some time now, literally since the Checkpoint deal was quashed and Team Marty announced they were going to IPO.  Like others here and here, I never thought that the IPO would actually happen.  I thought that someone would come in and snatch them up.  However, recently there has been some scuttlebutt about the potential liability from the Predator Watch/Net Clarity lawsuit hanging over the IPO.  Nick Selby over at the 451 Group wrote an article detailing the facts as they are known publicly here.  Then Dave Rosenberg questions how there can be IP questions when the source code is readily available for review.

I find Dave's comments frankly naive.  I don' t think the Predator Watch/Net Clarity law suit has anything to do with open source or a similarity in source code, but rather a similarity in functionality. Nor would a similarity in source code have anything definitively to do with the merits of the suit, unless the source code itself was copied, which is not the claim here I believe.  I think the claim is that the idea of how it works was what was allegedly divulged to Sourcefire. That being said though, I think Nick gives this suit more than its due. I think ultimately this suit amounts to little more than aneffort by a small business trying to cash in on someone else's success.  What is even more ironic about this particular tale is that the company doing the suing does not exactly have clean hands, as far as I can tell about using someone elses IP.  I think they still are using the Nessus scanner and NASL rule set in possible violation of the license for such as issued by Tenable Network Security.  There is a principle in law that a plaintiff should have "clean hands".  If that principle is applied here, Net Clarity's use of Nessus and NASL scripts could be construed as not having clean hands on the matter. Now they are calling in Checkpoint, to see if they found anything out about this in the due diligence for the aborted acquisition.  Sounds like a classic fishing trip to me and the court should stop this farce and waste of time and get to the facts of the case.

For a good look at a VC's view of this sort of issue, I know Brad Feld has written about why VC's don't sign non-disclosure agreements.  It is exactly for this type of situation.  I think the Predator Watch/Net Clarity people are going to find out that they are better off trying to build a business based on their products working better than the competition, than trying to beat them in the courtroom.

As I have written in the past, I don't put much stock in the current state of US Patent Office decisions.  So when I read the press release from Mirage Networks the other day, that they had been granted a patent for Network Access Control capability, I did not get too worked up.  I did take the time to go to the US Patent Office site and look up the documents on the patent though.  It seems, getting through the legal gobbledygook, that this patent is for performing quarantine using Mirage's much maligned ARP twiddling.  I left it at that and did not want to write again about how ridiculously unenforceable I think many patents issued lately are. I did think to myself though, how this would effect Insightix's and Ofir Arkin's pending patent for their own ARP twiddling approach.  But at the end of the day, who really cares about ARP twiddling anyhow, it is not really taken too seriously by many people as a secure quarantine method.

However, Internetnews.com ran an article today by Sean Michael Kerner, that besides some quotes and information from Mirage, also contains some vicious attacks from some NAC competitors.  Geez, talk about bullys, the guys from Lockdown and Nevis, really take some shots.  First, lets look at what Mirage has to say.  They claim that while yes, the patent does cover an ARP approach, it "could" include DHCP.  Yeah, good luck enforcing that one. Then their CTO mentions that of course Mirage has an "active technology licensing program" so others can benefit from using NAC.  I bet the line is out the door and around the block on that one.

More, ominous to me though was Cisco and Juniper's comments, who both claim their own patents around NAC.  Now, you understand why the cloak and dagger stuff with Microsoft and Novell on patents was there.  Or why so many have called for a major overhaul of our patent system.  This is a situation out of control.  I have done my own research and it seems that even if you want to challenge a patent filing before it is granted, you may lose certain rights later on, so it does not pay to challenge what you think is a bogus patent application.  I think that and the cost in enforcing and challenging them, is why we don't see as much litigation over them and why many just don't pay attention to them.  I think they look nice when you are packaging up a company for sale and that may be the real reason behind Mirage's move.

But Lockdown and Nevis, as I said take the chance to take some cheap shots (I know, who am I to talk, but hey at least I am honest about it).  Someone of no less the stature than Dan Clark, VP of marketing at Lockdown is quoted as saying, "While ARP is a bit harder to defeat than DHCP, it's still far too easy to bypass," Clark said. "Lockdown prefers to enforce access on network control points like switches or WAPs, making enforcement much more robust." Hey I don't necessarily disagree, but Clark shows he does not know it all when he talks about Mirage's approach using agents.  I agree ARP twiddling is a joke, Mirage however does not use agents.  To top it off, though Lockdown touts their own agentless, using the simple, older, slower, less accurate, open source 2.x version of Nessus, they also offer an agent I believe.  On top of that, what is their preferred enforcement method?  Why none other than SNMP and I don't care what their sales people say, it does not stand for secure network management protocol.  Nevis via Kristi Kilpatrick, also goes for the jugular saying, "... it's a stretch for Mirage to say they have a NAC solution at all, since they are primarily focused on the detection and mitigation of Malware after authentication. Mirage is another company trying to catch the "buzz" wave of NAC, by re-purposing a technology designed for a whole other purpose." Whoa, that was hard hitting, but actually right on.  If you talk to the co-founders of Mirage, they will tell you that originally that is what the product was designed for, but they said it, not me.  Maybe, Kristi can talk to Joel Snyder and convince him that Nevis is better than in the recent bake off against ConSentry, where Joel and company spanked Nevis pretty good!

Anyway, it is all good.  Ultimately, the best NAC products will rise to the top.  Look for my next article on that one.

I have written in the past for my disdain of the current state of the US Patent office.  In another example of absurdity they have issued to Cisco a patent for any "system and method for providing integrated voice, video and data to customer premises over a single network."  Seems like if Cisco wished to enforce this one there are going to be some pretty big fights with carriers of all kinds (cable, phone, etc.).  Hard to believe that someone did not realize that this is something that many people have been doing for some time.  Just another example of why something has to be done here. You can read more about this one here.