RE: Vulnerability-based IPS Patent

[Drsolly <drsollyp () drsolly com>]

I wonder why they didn't just claim prior art?

On Thu, 30 Mar 2006, Richard M. Smith wrote:

> Here's one of the rulings in HILGRAEVE v. MCAFEE: 
>
> http://www.law.emory.edu/fedcircuit/aug2000/99-1481.wp.html
>
> This appeal also dealt with the meaning of when something is written to
> disk:
>
> Hilgraeve contended that McAfee's accused product, VirusScan, infringes
> independent claims 1 and 18 and dependent claims 2 and 6 of the '776 patent.
> In other words, Hilgraeve alleged that VirusScan screens incoming digital
> data for viruses during transfer and before "storage" on the destination
> storage medium. McAfee, on the other hand, asserted that VirusScan does not
> infringe because it screens the incoming digital data only after it has been
> transferred and "stored" on the destination storage medium. Thus, the

I suppose Ram is a destination storage medium.

> critical issue in the infringement analysis is whether VirusScan screens
> before, or after, the time at which incoming data is present on the
> destination storage medium and accessible by the operating system and other
> programs.
>
> The courts were still trying to decide this issue in late 2001:
>
> http://seclists.org/lists/isn/2001/Oct/0065.html
>
> Richard  
>
> -----Original Message-----
> From: Drsolly [mailto:drsollyp () drsolly com] 
> Sent: Thursday, March 30, 2006 7:18 AM
> To: Richard M. Smith
> Cc: funsec () linuxbox org
> Subject: RE: [funsec] Vulnerability-based IPS Patent
>
> There's an interesting question on what is meant by "written to disk. 
> There's three stages; file opened for writing, bytes written, file closed. 
> You could argue that until the file is closed, the file isn't written to
> disk (if you look at the directory entry of a file that's interrupted at
> that point, you have a zero-byte file).
>
> Virus Guard scanned the file before it was written to disk, as I recollect.
> But before going on oath on that, I'd want to do some research to check my
> memory.
>
> On Wed, 29 Mar 2006, Richard M. Smith wrote:
>
> > So did these TSR scanners look at files after they were stored on disk 
> > or while the files were coming through DOS before being stored on 
> > disk?  The latter approach is required to be prior art for the patent.
> >
> > Richard
> >
> > -----Original Message-----
> > From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] 
> > On Behalf Of Nick FitzGerald
> > Sent: Wednesday, March 29, 2006 8:06 PM
> > To: funsec () linuxbox org
> > Subject: RE: [funsec] Vulnerability-based IPS Patent
> >
> > Richard M. Smith wrote:
> >
> > > Be interested to hear what you can dig up.  Virus Guard would have 
> > > had to ship before Sept. 29, 1991 to be considered prior art.  Had 
> > > it shipped between 9/29/1991 and 9/29/1992 things are more murky.  
> > > In addition, it's functionality would have to match up with all the 
> > > patent
> > claims.
> >
> > Further to Alan's and Roger's recolections that they shipped TSR 
> > scanners prior to the prior-art cut-off for this patent, I submit the 
> > following text verbatim from the Virus-L (don't ask) archives):
> >
> > ------------------------------
> >
> > Date:    Tue, 30 Jan 90 08:36:04 -0600
> > From:    James Ford <JFORD1@UA1VM.BITNET>
> > Subject: New files to MIBSRV. (PC)
> >
> > These files have been placed on MIBSRV.MIB.ENG.UA.EDU (130.160.20.80) 
> > for anonymous FTP.  They are:
> >
> > SCANV57.ZIP   -   ViruScan 2.7V57 (update)
> > SCANRS57.ZIP  -   TSR version of ViruScan (update)
> > NETSCN57.ZIP  -   Network Version of ViruScan (update)
> > CLEANP57.ZIP  -   Clean-Up Virus Remover (update)
> >
> > NETFIX10.ZIP  -   Equivalent to NETSCAN & CLEAN-UP (*new*)
> >
> > All files were downloaded directly from Homebase BBS on 1/29/90
> > - ----------
> >     James Ford - JFORD1@UA1VM.BITNET, JFORD () MIBSRV MIB ENG UA EDU
> >
> > ------------------------------
> >
> > I don't know _when_ McAfee shipped the first TSR version of their 
> > scanner (though soemone there should be able to tell you and a "near
> enough"
> > reference might be found in very old back issues of Virus Bulletin), 
> > but by 30 Jan 1990 they were shiopping _updates_ for it, so the first 
> > ever version presumably shipped somewhat before that date.
> >
> > You can check the above reference (and search for more, back or 
> > forward in the archive) at:
> >
> > http://www.phreak.org/archives/The_Collection/newsletr/virus/virus_l/1
> > 99
> > 0/vlnl03.026
> >
> >
> > I'd be surprised if there were not earlier references to TSR scanners, 
> > BUT note that a lot of talk about TSR AV at that time was about 
> > _behaviour blockers_ (Ross Greenburg's (sp?) FluShot[+], disk boot 
> > record integrity checkers, etc) and NOT scanners.
> >
> >
> > Regards,
> >
> > Nick FitzGerald
> >
> > _______________________________________________
> > Fun and Misc security discussion for OT posts.
> > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> > Note: funsec is a public and open mailing list.
> >
> > _______________________________________________
> > Fun and Misc security discussion for OT posts.
> > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> > Note: funsec is a public and open mailing list.
>
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.