funsec mailing list archives
RE: Vulnerability-based IPS Patent
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 30 Mar 2006 15:13:56 +1200
Richard M. Smith wrote:
Here the folks that settled rather going to court over the '776 patent: - Symantec - Alladin - McAfee - Clearswift
Cheers -- was fairly sure that SYMC and McAfee did and Trend didn't. I know the threat or worry that they may be targetted by a worriesome Hilgraeve patent suit prevented or significantly delayed the release of several Email scanners, or at least resulted in their non-US developers not making them available to US customers, but happily selling them everywhere sensible on the planet...
A TSR product is a good place to look for prior art. However, the TSR had to operate on an incoming file before it is written to disk.
Yes, but don't thinking of "incoming" in local/remote terms. That's covered in Claim 16 and 19 (only?) as an "also" condition (or are these to be read as ANDs?? If so, Hilgraeve has _other_ problems...). The claims simply boil down to intercepting the making of a copy on a different storage medium (and poorly define even that). An on-access scanner preventing an infected file from being copied from a floppy to a local HDD, or vice versa, or from one local HDD to another and even from one partition on a physical HDD to another (see Claim 12), are technically covered by the Hilgraeve patent claims. I strongly believe that that was not what was intended to be claimed, as that would _CLEARLY_ have made the patent ungrantable on obvious prior art grounds, but if you read it carefully, that _IS_ what is claimed. (This is often the best way to attack a patent -- they tend to be worded in extremely vague and thus commonly "overly general" terms and that often makes it easy to show that they claim to cover something that the claimants (probably) would not have imagined they could cover _AND_ that is clearly exempted by prior art, albeit perhaps entirely unrelated to the apparent mainstay of the patent's claim. Hilgraeve is an astounding example of such bad claims drafting and if there were any justice in the US patents process it would have been thrown out years ago as a result.)
I thought that Hilgreave made terminal emulator software and they implemented a virus scanner for files being downloaded from a BBS. ...
Yes, that was pretty much it -- either you have a better memory than I, or more patience dredging through Google... (Or both! 8-) )
... Their patent lawyer generalized this idea a bit in the '776 patent. At the time, most DOS-based AV companies were focused on floppy-based viruses.
Well, not only "floppy-based" viruses, BUT data and program transfer via floppy was far and away the most common means of virus transmission between computers at the time and boot viruses were the most common and widespread type. (I started with PCs when virtually every diskette had at least a bare-bones system on it so you could start any machine from any diskette, and those 360KB 5.25" drives were slooooooow, even by the standards of the day. The first hard drive I ever bought for my own PC was a _huge_ 30MB drive, but at least it was only a half-height (i.e. one panel unit) device.) ... Oh, and on consideration, it would appear that even if we grant that the patent may, in fact, have merit, a process _otherwise_ apparently in breach of the patent could subvert that breach by not "inhibiting" the writing of the data in question, but simply writing it "elsewhere" (different filename/folder/etc) or "otherwise" (cyphered) _on the intended medium_. This gets around the "automatically inhibiting the screened digital data from being stored on said destination storage medium if at least one predefined sequence is present" issue, by (say) putting the "infected" Email message into a special holding queue rather than the "keep processing" queue or whatever. The writing of the data to the destination storage medium" is thus _not_ "inhibited", so long as the holding queue's data is stored on the same disk as the "continue processing" queue's... The Hilgraeve patent, whether intended to or not, claims to patent (a form of) on-access virus scanning which was already available in freeware and commercial applications _at least two years before_ the Hilgraeve patent was even _filed_. It is a nonsense, and that it even exists and companies have extorted money and/or other benefits from others as a result of its existence is a sad reflection on the state of US IP law and practice. Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Vulnerability-based IPS Patent, (continued)
- RE: Vulnerability-based IPS Patent Richard M. Smith (Mar 29)
- RE: Vulnerability-based IPS Patent Nick FitzGerald (Mar 29)
- RE: Vulnerability-based IPS Patent Drsolly (Mar 30)
- RE: Vulnerability-based IPS Patent Richard M. Smith (Mar 30)
- RE: Vulnerability-based IPS Patent Drsolly (Mar 30)
- Re: Vulnerability-based IPS Patent der Mouse (Mar 30)
- Re: Vulnerability-based IPS Patent Drsolly (Mar 30)
- RE: Vulnerability-based IPS Patent Drsolly (Mar 30)
- RE: Vulnerability-based IPS Patent Nick FitzGerald (Mar 29)
- RE: Vulnerability-based IPS Patent Richard M. Smith (Mar 29)
- RE: Vulnerability-based IPS Patent Nick FitzGerald (Mar 29)
- RE: Vulnerability-based IPS Patent Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 29)
- RE: Vulnerability-based IPS Patent Richard M. Smith (Mar 29)
- Re: Vulnerability-based IPS Patent Valdis . Kletnieks (Mar 30)
- RE: Vulnerability-based IPS Patent Larry Seltzer (Mar 29)
- RE: Vulnerability-based IPS Patent Nick FitzGerald (Mar 29)
- RE: Vulnerability-based IPS Patent Larry Seltzer (Mar 29)