funsec mailing list archives
RE: Vulnerability-based IPS Patent
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 30 Mar 2006 12:06:51 +1200
Drsolly to Richard M. Smith:
I *know* what was in Dr Solomon's Antivirus Toolkit :-)Are you (or anyone else) aware of prior art for this AV patent: http://tinyurl.com/39ntx Patent 5,319,776 In transit detection of computer virus with safeguard Abstract Data is tested in transit between a source medium and a destination medium, such as between two computer communicating over a telecommunications link or network. Each character of the incoming data stream is tested using a finite state machine which is capable of testing against multiple search strings representing the signatures of multiple known computer viruses. When a virus is detected the incoming data is prevented from remaining on the destination storage medium. Both hardware and software implementations are envisioned.
What (I think) they were trying to patent was the idea of virus- scanning conetnet coming into an off-site backup facility. IIRC, Hilgreave had an interest in one of those early "backup is easy if you don't mind your phone line being tied up 18 hours a day" services, back in the 2400/4800/9600 bps days. Their patent lawyers wrote a much broader patent though, virtually patenting the notion of "known virus scanning" itself. The patent is laughable on its face and the fact that it was never seriously challenged to the point of overturning it shows how difficult (or at least expensive) it is to get shockingly bad (US) sofwtare patents overturned (a good pragmatic reason for dissolving all existing US s/w patents and preventing the morons at the USPTO from ever issuing any more).
Filed: September 29, 1992Symantec seems to own the patent now: Symantec Buys Key Security Technology Patent, Records First Quarter Charge http://symantec.co.uk/press/2003/n030818a.html
Yes -- Hilgreave made a small pile of dosh (mostly non-public pay-outs suspected to be in the range of US$1 to several tens or hundreds of thousands) plus much publicity from the also required public apology/admission of infringement from it's patent lawyer's (and the patently nonsensical US legal system's) victims (most of the well-known AV companies). They did once "Email virus scanning" had become a necessary evil and most AV vendors had established a significant market base for such products in the US, leveraging the threat of a product sales ban against the exhorbitant cost of their victims actually showing what a pile of shit this nonsense patent is. (This was not helped by a few of the VERY large players being the first target and rapidly deciding that pay-up and publicly apologize was the best _commercial_ strategy. This also spurred a rash of similarly nonsense AV-related patents from most of those vendors burned by the Hilgreave action.) Anyway, back to the story -- as I recall (and I'm sure Rob Slade has a much better memory of this, and maybe even notes to look up to back it all up! 8-) ), somewhere down the line from this, Symantec and another large AV developer (I'm going to hazard Trend Micro, but it's pretty hazy) were in some other patent dispute and Symantec realized that its opponent had not settled with Hilgreave. It then became cheaper for Symantec to buy the patent rights from Higreave (or whoever then had them to protect itself from this other action than to settle that action directly.
Ah, the Hilgraeve patent, I remember that. I think Virus Guard (a TSR scanner) was previous to September 1992. I'd have to check back on old versions of the Toolkit to find out when we shipped it. I do remember that they wrote to us about 10 years ago suggesting that we might like to licence their patent, and we told them "No thank you", because we thought at the time that they'd have no claim. I don't think they took it any further at that time, so maybe they agreed with our opinion, or thought it wasn't worth disputing.
Yes, that was my take on Hilgreave's patent too -- _any_ pre-existing resident AV that used any form of pattern scanning and could block/ prevent/usurp copying of an infected file was _trivially obvious_ prior art, technically rendering the patent invalid.
Interesting sentence "Both hardware and software implementations are envisioned."; I'm pretty sure they didn't have an antivirus at the time, so they were patenting an idea, not an implementation.
Again, also my understanding. See my comments above about virus- scanning backups en route to an offsite storage facility... (I also have a very vague idea Hilgreave also took another operation to task that later (actually) implemented this, perhaps using McAfee as the "inline" virus scanner. This was somewhat before the Email virus scanning fiasco kicked off...) Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Vulnerability-based IPS Patent, (continued)
- RE: Vulnerability-based IPS Patent Roger Thompson (Mar 29)
- RE: Vulnerability-based IPS Patent Nick FitzGerald (Mar 29)
- RE: Vulnerability-based IPS Patent Richard M. Smith (Mar 29)
- RE: Vulnerability-based IPS Patent Nick FitzGerald (Mar 29)
- RE: Vulnerability-based IPS Patent Drsolly (Mar 30)
- RE: Vulnerability-based IPS Patent Richard M. Smith (Mar 30)
- RE: Vulnerability-based IPS Patent Drsolly (Mar 30)
- Re: Vulnerability-based IPS Patent der Mouse (Mar 30)
- Re: Vulnerability-based IPS Patent Drsolly (Mar 30)
- RE: Vulnerability-based IPS Patent Drsolly (Mar 30)
- RE: Vulnerability-based IPS Patent Nick FitzGerald (Mar 29)
- RE: Vulnerability-based IPS Patent Richard M. Smith (Mar 29)
- RE: Vulnerability-based IPS Patent Nick FitzGerald (Mar 29)
- RE: Vulnerability-based IPS Patent Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 29)
- RE: Vulnerability-based IPS Patent Richard M. Smith (Mar 29)
- Re: Vulnerability-based IPS Patent Valdis . Kletnieks (Mar 30)
- RE: Vulnerability-based IPS Patent Larry Seltzer (Mar 29)
- RE: Vulnerability-based IPS Patent Nick FitzGerald (Mar 29)
- RE: Vulnerability-based IPS Patent Larry Seltzer (Mar 29)