Cybersecurity firm Webroot is suing Trend Micro, Sophos, Kaspersky and CrowdStrike for allegedly infringing several of its malware detection patents, some dating back to 2005. Webroot and its parent company OpenText filed the four suits in the Western District of Texas, famed in recent years for its generous rulings in favour of plaintiffs in patent infringement cases. Both CrowdStrike and Trend Micro also have their HQs in Texas.
Open Text told The Stack: "On March 4, 2022, Open Text Corp.‘s subsidiaries filed patent infringement lawsuits against a number of companies and several of their installers and partners... OpenText brings these lawsuits to protect its intellectual property investments and to hold these parties accountable for their infringement and unlawful competition. These lawsuits allege that defendants infringe and unlawfully compete against aspects of the OpenText family of companies’ endpoint security products and platforms" it added.
"OpenText intends to vigorously enforce its intellectual property rights.”
A CrowdStrike spokesperson told The Stack by email: “Legitimate licensing discussions start with a phone call, not a lawsuit. This type of action is something I would expect from a patent troll, not cyber security companies that should be laser-focused on protecting their customers, not suing competitors.”
Kaspersky said it was "reviewing the issue".
Trend Micro has also been approached for comment. Sophos declined to comment.
Unlike typical "patent troll" lawsuits which target small companies who often have no choice but to settle, Webroot and OpenText have gone after four of the highest profile cybersecurity players in the world, and for technologies which many observers regard as fundamental to the functioning of malware detection systems.
Alex Moss, executive director of the Public Interest Patent Law Institute, told The Stack: "This seems more like a 'patent bullying' lawsuit—where one entity uses its patents to block competitors instead of competing in the market on the basis of consumer appeal."
Webroot sues over "AV equivalent to breathing"
Reaction to the news of the lawsuits, which Webroot filed on 3 March 2022 but which only came to light this week, was not kind to the company. On Twitter the MalwareHunterTeam account compared the broadness of the patents to “basically… the AV’s equivalent of what breathing is for humans”.
The patents under discussion cover techniques such as: classifying items as malware by comparing data about an item, such as its size, name or location, from different computers; monitoring and alerting based on suspicious behaviour including execution from non-executable memory, identification of an invalid base pointer, identification of an invalid stack return address, etc; or analysing an executable file without unpacking it.
Regarding the oldest patent, Webroot's lawsuit states: "[T]he ‘250 Patent describes and claims methods and systems that include receiving behavioral data about or associated with a computer object from remote computers on which the object or similar objects are stored; comparing in a base computer the data about the computer object received from the remote computers; and, classifying the computer object as malware on the basis of said comparison if the data indicates the computer object is malware."
The six main patents Webroot is suing over are: US Patent numbers 8,418,250, 8,726,389, 9,578,045, 10,257,224, 10,284,591, and 10,599,844. Carbonite acquired Webroot in February 2019 for $618m, and was in turn acquired by OpenText in November 2019 for $1.42 billion. In contrast CrowdStrike is valued at around $40 billion, Sophos was acquired by Thoma Bravo in 2020 for $3.9 billion, and Kaspersky had 2020 revenues of $704m.
Webroot's lawsuit itself also makes broad claims about its patents, suggesting they are instrumental in the functioning of modern anti-malware systems. Two of the patents dating from 2005 were filed by Prevx, which Webroot acquired in 2010, while the other four in the Trend Micro lawsuit date from 2013 to 2015 and were filed by Webroot itself.
“Plaintiffs’ patented technology helped transform the way malware detection and network security is conducted, reducing and often even eliminating the shortcomings that plagued signature-based security products that relied on human analysts,” said the company in its lawsuit. “[Our] technology represents such a vast improvement on the traditional malware detection and network security systems that it has become a widely adopted and accepted approach to providing endpoint security in real-time,” it added.
See also: JPMorgan, Micro Focus donate IP to Low Carbon Patent Pledge
Webroot and OpenText are asking the court for a trial by jury, and ultimately to award damages and costs, and order the destruction of any products using the patented technology, and specifically CrowdStrike’s Falcon Platform and Falcon Endpoint Protection, Kaspersky Total Security and Endpoint Detection and Response, Sophos Intercept X Advanced with EDR and XDR, and Trend Micro Apex One and Smart Protection Network.
Patents, and whether they are overly broad in definition are an ongoing challenge for the technology sector. Patent financing firm BlueIron noted: “The overly broad patent is *designed for litigation* because it is so nebulous and noncommittal that it *must* be litigated to determine what it means. This is the heart of the derisive ‘patent troll’ moniker that is thrown about. Fast forward to today, and this type of patent is much, much harder to assert. In fact, rather than becoming the weapon of choice, they are basically useless.”
Follow The Stack on LinkedIn
PIPLI's Moss said the number of patent-trolling or patent-bullying lawsuits filed in Waco, Texas - where judge Alan Albright is "notoriously friendly to patent owners" - fell after two significant 2014 decisions. But following the appointment by former-president Trump of a new more patent-holder-friendly head of the US Patent and Trademark Office (PTO), Andrei Iancu, in 2018, numbers started going back up.
Under the Biden administration it is now easier for defendants to challenge cases with the PTO instead of going to court, but their non-litigious options for defending patent cases are still limited.
"Sadly there’s not a lot companies can do to fight back once they are sued except by fighting back in court. Which is a big part of why our organisation wants to help people fight back whenever and however we can (as well as improve access to PTO challenges)," Moss told The Stack.