« Is PCI 6.6 good for web application firewalls? | Main | Extended Validation SSL certificates not going anywhere, as predicted »

Barracuda Networks is defending itself, the rest is spin

February 12, 2008

I've been following the Trend Micro v. Barracuda Networks case with mild amusement. (A very good overview is available at Linux.com.) Here we have a case of one U.S. company suing another U.S. company over a patent; a perfectly common affair in the U.S. legal system. Other similar disputes would normally make the headlines only to be used as another excuse to protest against the U.S. patent practice, and then quickly forgotten. Not this one. It so happens that the dispute is over a functionality which is in part provided by an open source project ClamAV, which Barracuda Networks is embedding in their appliances.

Barracuda Networks decided to spin the case to present itself as the defender of ClamAV and the free and open source world and then gave enough rope for a number of open source followers (individuals and organisations alike) to join in their defence. Some have even decided to call for a boycott of Trend Micro.

This case is indeed about patents, but not necessarily about open source. Trend Micro had previously sued both Symantec and McAfee and settled with them. Neither of these products involved open source. I think that it's reasonable to believe that Trend Micro is suing the vendors who, they believe, are infringing on their patents. Is ClamAV a threat to Trend Micro? Ultimately, I don't think it is. It is true that a large number of people is using ClamAV but those people wouldn't be buying anyway. Barracuda Networks, on the other hand, is a competitor, claiming a slice of the market. And even if the suit was about ClamAV, I doubt the open source nature of the project matters. The licence and the philosophy are not a threat, the cost—free—can be perceived as one.

Furthermore—I dare say—it does not seem to me that ClamAV is infringing. The patent concerns itself with virus-detection when used on an FTP or an SMTP proxy. ClamAV does not provide this sort of functionality on its own. To infringe it would need to be combined with other components, which is what Barracuda Networks is doing in their appliances.

While I think that, as a matter of principle, we need to stand up to unreasonable patents, and this one appears to fall into the category, we should not neglect to observe how Barracuda Networks is presenting itself in this case, using ClamAV as bait to get open source supporters on its side. They are doing the right thing—fighting rather than settling—but the spin is all wrong.

Disclosure: As of February 2008 Barracuda Networks competes in the web application firewall space. I work for Breach Security, a web application firewall vendor.