back to article MIMEsweeper maker loses UK High Court patent fight over 15-year-old bulletin board post

A commercial rival of email virus-scanning software firm Glasswall has lost its High Court attempt to use a bulletin board post from 2003 written by a former MessageLabs "imagineer" to have a patent declared invalid. The full judgement, which dismissed the application for the revocation of the patent, was handed down on Friday …

  1. Anonymous Coward
    Anonymous Coward

    "Imagineer"

    IIRC Alex (who seemed a good egg when I worked there, - he was one of the core ML devs / architects from the start) only adopted that title after the Symantec borging in 2009, when various senior people were able to cut nice golden handcuff deals - an acquisition where the people who built everything all leave is going to be pretty worthless. As well as wedge, "write your own job title" was evidently also available.

    1. Anonymous Coward
      Anonymous Coward

      Re: an acquisition where the people who built everything all leave is going to be pretty worthless.

      I tend to agree, but sometimes all the buyer wants is (e.g.) the customer and/or client lists (however shortsighted or wasteful that might be or seem to others).

      1. Anonymous Coward
        Anonymous Coward

        Re: an acquisition where the people who built everything all leave is going to be pretty worthless.

        but sometimes all the buyer wants is (e.g.) the customer and/or client lists

        Sometimes, but in the case of software it is more commonly the case of buying the IP of existing software because the buyer believes they can sell it better (usually to THEIR OWN customer base). A smaller number of cases involve buying and shutting down a competitor, but IME its very rare for a large software house to buy another software house for its customers.

        Amongst the distributors things could well be very different.

  2. FuzzyWuzzys
    Facepalm

    "Imagineer"?

    Sounds too much like "Fun-gineer" to me!

    One of those annoying words like "re-imaging", where anyone caught using them in a serious context in public should taken to the stockade for a face full of rotten veg!

    1. doublelayer Silver badge

      Re: "Imagineer"?

      What's wrong with "re-imaging"? Maybe I'm not thinking of the same definition as you are, but in the sense of "returning a computer or other device to a state where it was initialized to some level by writing a stored disk image to it", it seems descriptive enough. I do have a mild dislike of the term "Imagineer", though; at least I'd never want to be called such.

      1. John Brown (no body) Silver badge

        Re: "Imagineer"?

        "What's wrong with "re-imaging"?"

        I suspect he meant "re-imagining" and his brain was ahead of his fingers when typing.

    2. katrinab Silver badge

      Re: "Imagineer"?

      It sounds like the sort of thing Steve Bong (https://www.theregister.co.uk/Author/Steve-Bong/) would say.

      Edit:

      Actually, he did

      https://www.theregister.co.uk/2017/11/17/goodbye_steve_bong/

    3. Mark 85 Silver badge

      Re: "Imagineer"?

      I thought Disney used that term to describe the engineers who designed Disneyland.

      Update: yes indeed... From a quick bit of Googling:

      im·ag·i·neer

      /iˌmajəˈnir/

      noun

      noun: imagineer; plural noun: imagineers

      1. a person who devises and implements a new or highly imaginative concept or technology, in particular one who devises the attractions in Walt Disney theme parks.

      verb

      verb: imagineer; 3rd person present: imagineers; past tense: imagineered; past participle: imagineered; gerund or present participle: imagineering

      1. devise and implement (such a concept or technology).

      "theme parks are benefiting from a new era of imagineering"

  3. Tigra 07 Silver badge
    Facepalm

    Misread title as MINEsweeper...

    1. Zippy´s Sausage Factory
      Happy

      Well, Minesweeper surely is responsible for just as many wasted hours at work as spam email, surely?

      1. Michael H.F. Wilkinson Silver badge
        Happy

        Not if you install the BOFH modded version, in which whichever field you click on, you get blown up

    2. Byron "Jito463"

      Same here. I was very confused when they started on about virus scanning.

  4. Anonymous Coward
    Anonymous Coward

    Utter shite

    Our deployed code was _doing this_ in 2006 for end users, maybe earlier, along with other people using a combination of Postfix, Perl scripts, Spamassassin, Image Magik, various virus scanners, repuation lists and a MySQL database that enabled end users to modify their own reputation lists and overide systems level settings.

    Relying on BBS posts made by a commercial dev to capture a patent for themselves, rather than demonstrating what was happening in open source community at the time, they deserve to loose. The patent should be squashed out of existance and not belong to either party.

    If they ever tried to use the patent on me they'd get a single expletive in reply, can't desribe the level of comtempt I hold for these leeches.

    1. katrinab Silver badge

      Re: Utter shite

      I wrote a Perl script in about 2003 (I think) to scan email for viruses.

      It worked as a plugin for kmail, scanned the email using ClamAV, then added a header based on the result of the scan, and I set up a filtering rule in kmail to delete anything that was marked as having a virus.

      I was getting flooded with viruses that Outlook Express was vulnerable to at the time, and even though they wouldn't infect my computer, they were still a nuisance.

      It was only about two lines of Perl, and I'm not a Perl guru who can write a flight simulator game in about 1.5 lines of code, so I didn't think it was a particularly amazing invention.

      1. 2+2=5 Silver badge
        Joke

        Re: Utter shite

        > I wrote a Perl script in about 2003 (I think) to scan email for viruses.

        Careful with admissions like that... you might get sued.

        1. heyrick Silver badge

          Re: Utter shite

          "Careful with admissions like that... you might get sued."

          I wrote something similar (unpack the bits of an email, remove unwanted content, rebuild the email) back in the late '90s in BASIC! These were the days when it was common to see stuff like hotchick.jpg.exe (which would usefully appear on Windows as hotchick.jpg if the user had for extensions set to be hidden). Simplest approach was to simply whitelist accepted filetypes and throw away everything else.

          Either the legal argument was spectacularly badly made, or this is a judge that would struggle with anything more complicated than a light switch...

          1. jake Silver badge

            Re: Utter shite

            Some unis (Stanford and Berkeley for certain) were doing that with an early version of Sendmail 8.x back in the 4.4BSD days. Probably late '93ish, just substitute uuencoding for MIME ... and I vaguely remember somebody working on something similar with delivermail prior to that.

            Milters were invented partially because asking sysadmins to learn Sendmail's internal syntax wasn't really within the bounds of decency.

            Also note that originally we were tasked with removing and/or bouncing bunnies rather than the malware du jour, but it wasn't very long before the later entered the email admin's jurisdiction.

        2. Anonymous Coward
          Windows

          Re: Utter shite

          "I wrote a Perl script in about 2003 (I think) to scan email for viruses."

          >> Careful with admissions like that... you might get sued.

          I've patented all the words in that sentence and katrinab shall be hearing from my legal people.

          1. jake Silver badge

            Re: Utter shite

            "katrinab shall be hearing from my legal people."

            I know you're joking, katrinab probably knows you're joking, but katrinab's lawyer knows what the term "barratry" means[0]. Let's all be careful out there!

            [0] Strangely, the spall chucker that Firefox uses doesn't. Firefox also has a problem with spall and chucker, go figure.

            1. Mark 85 Silver badge

              Re: Utter shite

              Strangely, the spall chucker that Firefox uses doesn't. Firefox also has a problem with spall and chucker, go figure.

              Does it flag them or is the problem it doesn't? Both are legitimate words interestingly enough.

              1. jake Silver badge

                Re: Utter shite

                It flags them as misplelings. Which is b0rken. I fixored it.

                Would a .50 Browning be considered a spall chucker if you were trying to hide behind a cinder block wall?

      2. anothercynic Silver badge

        Re: Utter shite

        Sorry Katrina, but someone I know who knew ClamAV very well did something similar to this in the nineties for a corporate he worked for. Probably didn't include the pretty message footer, but he was very good with this. :-)

        I told him to milk the daylights out of that one... commercialise it to kingdom come. I don't think he did. Hi Ozzie Jack! *waves*

        1. katrinab Silver badge

          Re: Utter shite

          I'm not claiming to be a Perl genius, and that's the point. If I can do it, then it is obvious to anyone who isn't a complete idiot. Most of the difficult stuff was done by the author of whichever CPAN mail library I used, and the rest of it by the authors of ClamAV.

          I think the CPAN library in question was Mail::Internet, first published in 1995.

    2. Mage Silver badge
      Devil

      Re: Utter shite

      Indeed, whatever. While I fully support Patents, Registered Designs (Called a Patent in USA) and Copyright, the vast bulk of patents dating even from 19th C are garbage and should never have been issued. The system basically protects corporations that file early & often. Not innovation.

      Edison, RCA, IBM, MS, Oracle, HP, Kodak, Apple etc.

      If I'd really wanted to get rich and had more clued up parents and School Career Advisor, I'd have become a Patent Lawyer / "Engineer" and not worked in R&D doing electronics and programming. Anyway almost all stuff in corporations that makes money is marketing, based on development. The only "Research" budget in most companies is for filing patents.

      1. Anonymous Coward
        Anonymous Coward

        Re: Utter shite

        Patent attorney here, writing from my own perspective/experience.

        >If I'd really wanted to get rich and had more clued up parents and School Career Advisor, I'd have become a Patent Lawyer / "Engineer" and not worked in R&D doing electronics and programming.

        A lot of patent attorneys started in R&D. I too did research and later development, both in electronics and later software before switching to patents.

        >Anyway almost all stuff in corporations that makes money is marketing, based on development. The only "Research" budget in most companies is for filing patents.

        Perhaps my clients are atypical but they don't call it research or development, they just call it work. A lot of projects start out to overcome everyday problems that others have just accepted as "the way we do it here."

    3. Anonymous Coward
      Anonymous Coward

      Re: Utter shite

      >Our deployed code was _doing this_ in 2006

      If you really can document that and also do a convincing claim construction (*), it would help people in having this patent revoked. Being AC on a forum does not kill a patent.

      (*) A reference to the patent was provided in the article, but was not a helpful one. Also the claims had a lot of features that I cannot see have been discussed here. Remember the all features requirement.

  5. Jamie Jones Silver badge

    What the patent describes...

    Follow the standards. Cope with deviations from the standards. Follow the standards to extract, and parse the mail headers, and the mime attachments.

    If email restruction is necessary, use the standards to do it.

    It's parsing a mime message (like mail reader software does), and scanning it (like virus software does)

    How are those steps anything patentable?

    What am I missing?

    If anyone owns anything on this it's the people who wrote the MIME spec.!

    1. Loyal Commenter Silver badge

      Re: What the patent describes...

      These were my thoughts exactly. Isn't a patent supposed to be both novel and non-obvious? Parsing an email according to the RFC is the exact opposite of novel, and virus-scanning any attachments and the body text before reconstituting the email (again according to the RFC) is pretty obvious.

      If there's anything here patentable, it's the actual mechanism of doing the virus scanning, but IMHO, the surrounding steps are not (or should not be) patentable. I can only assume those bringing the case failed to pay any expert witnesses to state the obvious to the (clearly non-technical) judge.

      1. oiseau Silver badge
        FAIL

        Re: What the patent describes...

        ... those bringing the case failed to pay any expert witnesses to state the obvious to the (clearly non-technical) judge.

        Indeed.

        I've seen this type of thing happen in my profession.

        But it's not always the fault of the expert witness or the lawyer on the case.

        I've seen more than one case where a judge would simply not understand any of it, no matter how simple or detailed the explanation put forth was.

        O.

        1. ICPurvis47 Bronze badge
          Devil

          Re: What the patent describes...

          "I've seen more than one case where a judge would simply not understand any of it, no matter how simple or detailed the explanation put forth was."

          Although not patent related, I was a victim of a (for me) very expensive miscarriage of justice, which resulted in the loss of my home. The original judge said that I had a very good case, but that she didn't have time to hear the complicated arguments in the time slot allotted for the hearing, and adjourned until a longer slot could be scheduled, along with a 20 minute "Reading Time". However, at this adjourned hearing, a different judge was presiding, he clearly hadn't done the "Reading" that was allowed for, and refused to accept either my Solicitor's explanation, or the fact that there was Legal Precedence for my defence. As a direct result of that miscarriage, I am over a quarter of a million UK Pounds out of pocket, I have lost my home of 35 years, and now live in rented accommodation away from my family and friends.

          1. This post has been deleted by a moderator

            1. ICPurvis47 Bronze badge
              Unhappy

              Re: What the patent describes...

              "As a direct result of that miscarriage, I am over a quarter of a million UK Pounds out of pocket, I have lost my home of 35 years, and now live in rented accommodation away from my family and friends.

              At that point of circumstances, there wouldn't be a "lost home" to be left standing. Certainly somebody would be feeling the pain right along with me."

              I am sorry, I can't quite understand your point. Please could you enlarge on it and explain what you mean? My "home" is still standing, is owned by someone else, and has been rented out to itinerant workers. It was valued at £250,000 when I was forced to sell it, at a substantially lower figure to get it sold within the time allowed by the court, and that nearly all went to paying off the mortgage. That, plus the monthly repayments I paid during the 9½ years of the mortgage meant I was out of pocket to the tune of £276,000, and could not afford to buy another property to call "home". That house is still "home" to me, as it was where we brought up our children, and where I nursed my wife through her terminal illness. I thought that I could live out my days in the home that I loved, but now I am effectively "of no fixed abode", because I have no security of tenure beyond a Short Tenancy Agreement.

    2. Anonymous Coward
      Anonymous Coward

      Re: What the patent describes...

      >What am I missing?

      You are missing the principle about patent claims since you refer to what the patent describes as opposed to what the patent claims. And indeed the judge points out this important distinction early in the judgment.

      So, am I the only one to have actually read the document??

  6. Gordon 10 Silver badge

    Im confused

    Did the good guys win or lose this one? Or is it the usual US Patent car crash where the consumer loses?

    1. Anonymous Coward
      Anonymous Coward

      Re: Im confused

      I’m going with the good guys on the basis that they’re the ones who pay my wages... :-)

    2. Spazturtle

      Re: Im confused

      Glasswall patented something that was already known about and that people had been using for years. Clearswift sued them to get the patent invalidated, judge rejected their case because he failed to understand the topic.

  7. Version 1.0 Silver badge

    I rest my case

    This would appear to be as good a reason as any for invalidating the ENTIRE software patent industry.

  8. Anonymous Coward
    Anonymous Coward

    The Patent Claim at issue

    In the interests of informed debate...

    The original application was filed on 9 June 2005:

    1. A computer implemented method of resisting the spread of unwanted code and data in an electronic file, the method comprising:

    receiving an incoming electronic file wherein the incoming electronic file is an email having plural parts from a sender,

    each part of said file containing content data in a pre-determined data file type,

    each data file type having an associated set of rules;

    said rules including the rules making up the file type specification and additional rules constraining the values and/or ranges that content and parameters can take on;

    determining a purported predetermined data file type of each part;

    parsing the content data of each part in accordance with the rules associated with the purported predetermined data file type;

    determining if the content data of each part does conform to the rules associated with purported predetermined data file type;

    regenerating the conforming parts of parsed content data, upon a positive determination from the determination means, to create a substitute regenerated electronic file in the purported predetermined data file type, said substitute regenerated electronic file containing the regenerated content data;

    blocking the parts of the parsed content data that do not conform to the rules associated with the purported predetermined data file type so as to block them from inclusion in the substitute regenerated electronic file;

    storing a list of file types and sources associated with said file types that are not considered a threat; forwarding the non conforming parts to a threat filter;

    determining by the threat filter for each non conforming part whether that non conforming part is to be allowed through on the basis of the stored list and the sender of the file and the data file type; and

    allowing a non-conforming part to by pass the blocking and including the by passing non-conforming part in the substitute regenerated electronic file it determined to be allowable.

    =====

    Without getting onto the details of the judgement, I don't know which feature or features were deemed not to be obvious, but it could be any.

    Generally Judges are not idiots and the defendants would have tried to take this apart, but failed. Since it survived then it probably has good merit.

    1. Ken Hagan Gold badge

      Re: The Patent Claim at issue

      A MIME-encoded email is just a way of packing a "directory's worth" of files into a single (text) message. That is, in fact, more or less the reason why MIME was invented. So we can without introducing inventiveness or novelty replace "electronic file" with "directory" and "part" with "file". At which point, the supposedly amazing break-through made in 2005 is clearly just a rather pedestrian description of what AV systems had been doing ever since they were invented. It is rather a long time ago, so I'm not sure, but I suspect that AV systems as we now know them didn't go mainstream until after things like the Morris worm which is, what, late 80s?

      So we have a decade-or-two of prior art (in AV systems), camouflaged with a standardised (RFC) technology (MIME) being used for exactly its intended purpose.

      Edit: You said "Generally Judges are not idiots and the defendants would have tried to take this apart, but failed. Since it survived then it probably has good merit." and this is generally true, but this particular case has precisely zero merit and I actually feel somewhat insulted that anyone ever thought this was worth filing. So ... either the defendants lawyers are idiots, or the judge should have excused themselves on the grounds of not understanding computery things, or El Reg has grossly mis-reported the case to make everyone involved look like a berk.

      1. Robert Forsyth

        Re: The Patent Claim at issue

        The article said the judge thought "using the whitelist indexed by part/file type (and sender) to bypass the AV rejection" was non obvious.

        The plaintive, if not idiots, badly presented the evidence i.e. a shedload of documents with no narrative.

        According to Wikipedia, Dr. John Harrison described whitelisting applications to prevent the execution of malware in 2005.

        Access Control Lists have been around since 1984, and could be considered a whitelist, also the passwd file on Unix.

        1. Anonymous Coward
          Anonymous Coward

          Re: The Patent Claim at issue

          Doormen described white listing decades ago, if your name ain’t down, you ain’t getting in. Same method, but on a computer is whitelisting to prevent malware.

          This is a case of a judge being an idiot who doesn’t understand the simplest of concepts.

          1. jake Silver badge

            Re: The Patent Claim at issue

            Milters (Sendmail 8.10 "FFR", mid 2000) have done exactly what the patent claims right from the git-go.

    2. Mark 65

      Re: The Patent Claim at issue

      Generally Judges are not idiots and the defendants would have tried to take this apart, but failed. Since it survived then it probably has good merit.

      ...until it comes to technical discussions whereby Judges, politicians, <insert person in position of authority or power> etc suddenly become utter fuckwits. A large section of the population, irrespective of IQ, are utterly useless when faced with a computer or other interactive electronic devices and exhibit an extremely poor level of understanding so I see no reason why Judges would not fit in with this.

  9. Sam 10

    Systems to do this have existed a long time!

    https://www.ispreview.co.uk/news/EpAFyZAppFKGVajsbN.html

    NDO Newt was one such system that used rulesets and white lists to clean emails and remove specific attachments, I'm not sure this patent should stand...!

  10. Zmodem

    when the day comes for my EM Drive, and forcefields, and impact collision physic's graphite hulls, perpetual generators, i will just laugh and say american's

    they invented everything, is the american dream

  11. Anonymous Coward
    Anonymous Coward

    Come play with me

    Reminds me of the late 90's when I installed a Mimesweeper appliance in a 'Chartered Institute' to filter their Uniplex mail. It came with a word/phrase blacklist which wasn't black enough for my liking so I added words of a sexual slang and expletive deleted nature. The alerts were sent to the entire IT Department so imagine our surprise when almost immediately we started getting multiple alerts which included the offending email in full.

    We never looked at our extremely attractive (is that allowed?) receptionist in the same light again and had a secret tinge of envy for the To: recipient who was the object of her blacklisted vocabulary. *sigh* - the 90's when IT admins had the power. Now all this GDPR bol***ks and social notworking s**t has taken the fun away

  12. Steve B

    All Software patents should automatically be invalid.

    Software is just a set of instructions to the computer.

    Anyone who can code can come up with the same or different instructions to perform the same task.

    Therefore as one develops a program, they are all obvious and non patentable.

    As with literature and books, there is some merit in look/feel but imagine if someone in the 1920s had got a patent for all stories where the hero is a government agent, fighting to right the wrongs of enemies of the state, which is basically what is being allowed with software patents.

    1. jake Silver badge

      Re: All Software patents should automatically be invalid.

      "imagine if someone in the 1920s had got a patent for all stories where the hero is a government agent, fighting to right the wrongs of enemies of the state"

      Someone named Gilgamesh on line one, claiming prior art ...

  13. Anonymous Coward
    Anonymous Coward

    Bad Chemistry?

    Not sure how many studied the judgement. It seems the judge took a strong dislike to Mr Shipp:

    > The second criticism of Mr Shipp was that “he was there to argue his case”. I accept this criticism to a very small degree.

    Classic British understatement. Between the lines it is clear that he was considered an unreliable witness. Looking instead at the expert witness from the other side:

    >Professor Mitchell was a very knowledgeable witness who was able to explain the technology in an accessible fashion.

    In plain English: he is reliable. Novelty is usually clear cut. Inventive step requires more judgement, especially under English law, though also to some extend under the rules of the European Patent Office, that granted this patent.

  14. Chris Evans

    And the consequences are?

    I'm very surprised that ElReg didn't include any comments from Security experts of what the consequences are of this ruling?

    Maybe a follow up article?

    1. Michael Wojcik Silver badge

      Re: And the consequences are?

      There aren't any to speak of, for "IT security" considered broadly.

      Malware scanning contributes only slightly to an organization's security. Most malware is not caught by scanners - developers make use of services that check it against extant signature lists and detection systems, then tweak it if it's detected, often using an automated process.

      Scanning email is an even smaller portion of that.

      Of the various companies selling email-scanning products and services, either they'll pay royalties to Glasswall, or they'll fight Glasswall, or Glasswall will never ask them for royalties in the first place. (If Glasswall come after any of the big players, they'll probably be acquired and squelched.) This is one small patent in one small corner of IT security.

  15. Anonymous Coward
    Terminator

    Resisting the spread of unwanted code and data

    Email content scanners normally dismantle, parse and regenerate emails before dropping them into recipients' mailboxes, occasionally deleting attachments or body text if something malicious is detected

    None of which would be necessary if the geniuses could come up with an OS that isn't compromised by reading an email msg.

    1. Zmodem

      Re: Resisting the spread of unwanted code and data

      download toolwiz time freeze > here and sandbox your computer, any changes made will be restored to the snapshot taken when you enable it, after you disable it or restart the computer

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020