A SERIES OF PATENT LAWSUITS IS CHALLENGING THE HISTORY OF MALWARE DETECTION

In early March, cybersecurity business firm Webroot and its parent visitor OpenText launched a series of patent litigation containing some eye-opening claims. Filed March quaternary in the famously patentholder-friendly Western District of Texas court, the four lawsuits claim that techniques fundamental to modern malware detection are based on patented technology — and that the company’south competitors are infringing on intellectual holding rights with their implementation of network security software.

The defendants named in the suits are a who’southward who of security companies: CrowdStrike, Kaspersky, Sophos, and Trend Micro are all named. According to OpenText, the companies are using patented technology in their anti-malware applications, specifically in the endpoint security systems that protect specific devices on a network. It’southward a sweeping lawsuit that puts much of the security industry in immediate danger. And, for critics, it’s a bitter reminder of how much damage a patent troll can even so do.

And then far, endpoint security companies take shown vehement opposition to the very thought of the case. A Kaspersky spokesperson said that the company is “reviewing the issue” but did non offer any farther comment on the case.

Sara Eberle, vice president of global public relations at Sophos, was more than forthcoming, telling
The Verge
that the company would fight the lawsuit: “Sophos prefers to compete in the marketplace rather than in the courtroom, but we will vigorously defend ourselves in this litigation,” Eberle said. “Nosotros invite Webroot and OpenText to join the ranks of serious cybersecurity companies that are trying to solve problems rather than create them.”

Responses from Tendency Micro COO Kevin Simzer and CrowdStrike’s senior director of corporate communications Kevin Benacci went further: both defendant OpenText of “patent trolling” in statements sent to
The Verge.

Made notorious past companies like Intellectual Ventures, “patent trolling” refers to the practice of buying up patents for utilise in litigation rather than research and evolution. The end result is a elevate on anyone building technology — only it tin can be quite lucrative for companies who can play the game well.

Only OpenText insists the lawsuits are near protecting intellectual property. In response to the defendants’ comments, OpenText’southward chief communications officer Jennifer Bell said that the lawsuits were beingness brought to defend the visitor against unfair and unlawful actions from its competitors. “OpenText brings these lawsuits to protect its intellectual property investments and to concord these parties accountable for their infringement and unlawful competition,” Bell said. “These lawsuits allege that defendants infringe and unlawfully compete against aspects of the OpenText family unit of companies’ endpoint security products and platforms. OpenText intends to vigorously enforce its intellectual property rights.”

Charles Duan, a postdoctoral fellow at Cornell University and specialist in intellectual property police force, described possible outcomes that could range from financial redress to an effective ban on the infringing software should the plaintiff win the case.

“The courtroom can issue a number of remedies here,” Duan said. “Ane of them is an injunction: they could say that all these other companies who are using the patented engineering science have to stop doing so. They can also issue money damages, basically maxim that these companies accept to compensate the visitor for using their patented technology.”

Only simple economics suggest that the nigh likely outcome is a settlement: a fact that points to the incentives for bringing even flimsy patent suits and highlights the textile footing for patent trolling.

“As a practical matter, a lot of these cases never actually get to that point [of judgment] just because the cost of litigation makes it not worth going through a whole trial, even if the patent is very questionable or it seems likely that the companies don’t infringe,” Duan said.

Though the lawsuit is beingness brought in 2022, a judgment would hinge in part on whether the techniques described in the patent were widely known at the time that the patent awarding was filed. One of the patents at the middle of the arrange — The states Patent No. viii,418,250, referred to as “the ‘250 patent” in the lawsuit — was granted in the U.s. in 2013 only first issued past the British patent office in 2005. Some other, US Patent No. 8,726,389 or the ‘389 patent, was also issued in the Britain in 2005 and granted in the US in 2014.

Even taking into account the age of the patents, some experts are clear that the techniques described in them are overly wide. Joe Mullin, senior policy analyst at Electronic Borderland Foundation (EFF), told
The Verge
that some of the features in the patent were potentially likewise abstract to exist unpatentable:

“The ‘389 patent claims very basic beliefs that could be performed with a pen and newspaper,” Mullin said. “It simply describes ‘receiving data’ so ‘correlating’ and ‘classifying’ the data, ‘comparing’ the data to other estimator objects, and and then classifying something as malware (or not) based on that comparing.”

“A core principle of patent police force is that you can’t become a monopoly on an ‘abstract thought,’ considering that would have abroad too much from the public and non represent a real invention by the patent holder. This patent should exist found invalid because it concerns ‘abstruse ideas,’” Mullin said.

But where critics run across a broad patent, OpenText paints the case as an argument about the evolution of network security itself. In its complaint filed against Tendency Micro, OpenText argues that where malware detection used to rely on a categorization of what a program
is,
the patented engineering is based on analysis of what a program
does. Instead of matching file data to a library of known viruses, modern endpoint security looks at actions performed within a computer system. Equally a issue, this kind of malware detection can flag and comprise previously unseen examples of malicious software. It’south a real shift in the way companies arroyo endpoint security. And, according to OpenText, the shift traces dorsum to the patents listed in the case.

Opponents to these claims — including not only the defendants just also cybersecurity researchers who have criticized the lawsuits online — have upshot with the broadness of the statement, alleging that the patented technology reflects full general developments in the evolution of malware detection over time. (As a strategy, patent trolling relies on this kind of generality: according to EFF, an overworked United states of america Patent and Trademark Part has issued “a alluvion of bad patents on so-called inventions that are unoriginal, vague, overbroad, and/or and so unclear that bad actors can easily utilize them to threaten all kinds of innovators.”)

What’s more, opposition to the lawsuits may be based on the fact that OpenText was not involved in the research that created the patent: instead, through conquering of Carbonite, which had previously acquired Webroot, OpenText came to ain a number of patents that were assigned to the smaller cybersecurity firm. Having bought the visitor that controlled the original patents, OpenText now has valuable IP and a adventure to extract value from it — regardless of skepticism over whether the techniques described in the patents can really be traced dorsum to innovations developed by one group of researchers.

There are nevertheless some protections for defendants. Where patents are overly vague, the fight against them can happen in venues other than the courtroom — with one other selection being an appeal to the patent office, Charles Duan explained. “In that location are proceedings that were created nigh 10 years ago, they go by the name of inter partes review or post-grant review, and these give companies the risk to contend to the patent office that when the office granted the patents they made a mistake,” Duan said. “That is probably an avenue that some of these security companies will be interested in pursuing.”

In a post-grant review procedure, companies attempt to convince the patent office that the techniques described in the patent should actually be considered unpatentable. If that argument is successful — and the patent office returns a decision earlier the trial engagement — then the basis for the lawsuit falls apart. Just, since any delay could evidence extremely costly, some companies tin’t accept the risk of waiting for that decision.

In the meantime, critics of the electric current patent organisation will come across the OpenText lawsuits every bit exemplary of an intellectual property framework that stifles innovation rather than promoting information technology.

“What may be going on hither is that [OpenText] is non actually trying to end these companies, and more that they’re signaling they will put up a fight before settling at some betoken,” said Duan.