Wholl Fill the Gap in the Gateway Security Market?

Opinion: The big three AV companies got a big boost from the ITC decision. It's going to be easiest for competitors simply to license them from now on.

A ruling against Fortinet by the US International Trade Commission has triggered a silent crisis in the network anti-virus market. The number of products that potentially infringe in the same way as Fortinet is very large.

The ruling finds that Fortinets products violate a Trend Micro patent and may not be imported to the United States. Just about all network appliances, especially the inexpensive ones, are manufactured abroad, so many companies are at risk.

The Trend Micro patent at issue, which covers the use of network proxy servers to perform anti-virus scanning on FTP and SMTP communications, is not one of the clearly stupid patents for which the USPTO is famous (like this one, which has the bright idea of removing white space before evaluating a macro).

In 1995, when it was filed, it was actually a fairly clever idea, and SMTP had certainly not become the wasteland of abuse that it is today. The fact that McAfee and Symantec settled with Trend Micro back in 1998 indicates that they saw enough merit in it not to resist. Because of these settlements, licensees of McAfee and Symantec, such as Servgate, are also unthreatened by this legal development.

The other antivirus companies will either have to license the patent, which Im sure Trend Micro will be happy to do, or find some noninfringing technique. Ive been told that there are companies that use a packet filter approach as opposed to an actual proxy and that this may be noninfringing, but it seems problematic to me. How do you filter files if you only look at packets? It has to limit the flexibility of the scanner.

It seems odd to me that the patent limits itself to the FTP and SMTP protocols, but perhaps the expectations back then of the patent office were a little higher than they are now, and broader claim of all network proxy scanning was risky. In any event, they hit the jackpot with SMTP, clearly the most important protocol for such scanning. There are dozens of antivirus appliances and network that perform this function.

Next Page: Interesting Issue of ClamAV