Court Rules That Anti-Spyware Companies Can Call Spyware Spyware

from the what's-in-a-name dept

All too often, we've seen cases where security software firms were sued for calling some piece of software "spyware" or "adware." In fact, Microsoft even wanted to make sure that new anti-spyware legislation would make it clear that there's nothing wrong with calling spyware "spyware." However, in the latest ruling on one of these cases (in which Zango sued Kaspersky), the ruling makes it clear we already have such a law on the books. The judge dismissed the lawsuit, noting that security firms have every right to label software as they see fit, citing part of section 230 of the Communications Decency Act.

We often point to section 230, because it protects service providers from liability for the actions of the service providers' users. However, this is referring to a different part of section 230, which says that no service provider is liable for a good faith attempt to restrict access to something it deems objectionable. The court felt that the security company was a service provider, and that since it believed Zango was objectionable, then it has every right to try to restrict it. The court makes a second very important point. Zango complains that its software is not objectionable, and therefore the security providers cannot block it as objectionable. However, the court points out that the statute clearly says that it's for what the service provider finds objectionable. In other words, the content in question need not be "objectionable" at all -- it only matters what the service provider feels about it. This is a pretty strong endorsement for the idea that security companies absolutely can call software whatever they feel is appropriate.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    A. L. Flanagan, Aug 30th, 2007 @ 3:14am

    The law

    Funny they had to cite the CDA instead of common damn sense. But that's the law for you.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Phil, Aug 30th, 2007 @ 3:33am

    The flip side (there is one - I'm it)

    I make an accessiblity/assistive tool which enables those with barriers to literacy (such as blind users) to access web content anywhere. One of our methods of implimentation is a small footprint toolbar. This toolbar was flagged as 'spyware' by AVAST. I flagged their false positive. No response. Again, no response. Went to their forum and got advice on how to remove the issue, no joy... What am I supposed to do at this point other than sue? While data is pasted to us, we don't hide this (spies don't announce their intentions), and the data passed is passed so as to enable better, free acess to those users.

    So... what should we do?

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    hilary Mountjoy, Aug 30th, 2007 @ 4:16am

    Competitors

    Just wait until some unscrupulous Adware provider starts labelling its competitors as spyware.... that'll be interesting!

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    DarkMantle, Aug 30th, 2007 @ 4:21am

    Re: The flip side (there is one - I'm it)

    Tell your users that the program is not compatible with AVAST Antivirus. Recommend other ones for them to use. If need be make the installer check for AVAST before installing to tell people the two programs are not compatible.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Smartypants, Aug 30th, 2007 @ 5:31am

    Re: The flip side (there is one - I'm it)

    Most defensive apps I've seen give one the option to specifically exclude elements. Granted, it would only work on computers under the user's control, but no need to pitch Avast - just tell it to exclude this product from its detection.

    I've been around that block with both Kaspersky and Spybot Search & Destroy - excellent products, but both have occasionally turned up a false positive. It's just one of the costs of running defensive software.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Aug 30th, 2007 @ 5:59am

    Re: The flip side (there is one - I'm it)

    You could try writing better software.

    If your toolbar is being flagged as adware, it's because it's triggering "adware-like" qualities in AVAST. Rather than blaming AVAST for calling your software spyware, spend more time making your software not like spyware. There are plenty off applications that utilize toolbars and plugins that don't get flagged as spyware.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Bill Pytlovany, Aug 30th, 2007 @ 6:02am

    Re: Competitors

    You don't have to wait...
    Norton already claims program like WinPatrol, Spybot and others need to be removed.

    http://billpstudios.blogspot.com/2006/10/nav-2007-application-detection-error.html

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Killer_Tofu (profile), Aug 30th, 2007 @ 6:06am

    A Thought

    Doesn't this mean that everybody's ISPs could just start blocking sites they don't like (like YouTube because it eats up their bandwidth, and I know that'd be stupid of them, but it is just an example) and they can just say that they find it objectionable?
    Anyone care to delve into this further over whether the fear is well based or not?

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Aug 30th, 2007 @ 6:15am

    Re: Re: The flip side (there is one - I'm it)

    "You could try writing better software.

    If your toolbar is being flagged as adware, it's because it's triggering "adware-like" qualities in AVAST. Rather than blaming AVAST for calling your software spyware, spend more time making your software not like spyware. There are plenty off applications that utilize toolbars and plugins that don't get flagged as spyware."

    What he was saying, and correct me if I'm wrong Phil, is that he did try to contact them to have the flags removed, and to find out what his software was doing to warrant a red flag so that he could correct the behavior.

    Unfortunately I have had the same issues with Norton and F-Prot years ago when I was developing software and they thought it was a virus. It was a screen capture application for monitoring telemarketing agents. Unfortunately the methods I used were tied to methods used by apps like VNC and back orafice. These apps are considered to be virii and are removed by most AV products. So I had to redevelope my apps because none of the AV vendors would talk to me unless I hired the highest priced lawyer in town to flex my legal muscle. And that was not going to happen. I didn't need the negative publicity.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Aug 30th, 2007 @ 6:17am

    Surely Microsoft would find the term "Linux" objectionable wouldn't it?

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    chris (profile), Aug 30th, 2007 @ 6:21am

    devil's advocate

    i think the spyware decision was a good one, but what about potential abuses of "good faith"?

    so, if google, as a service provider, decides that companies that have not paid for placement are deemed "questionable" then they can restrict access to sites that have not paid?

    what sort of restrictions are considered legal and what sort is not? is a warning window ("google has deemed this site questionable, click ok to continue") considered "good faith"? what about redirecting a surfer to the site of a paid competitor? can google start redirecting searches for gateway computers to dell's website? at what point is that not considered to be "good faith"?

    i don't think google would do something that stupid, but that doesn't mean that someone else won't.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    MTK, Aug 30th, 2007 @ 6:57am

    Not good

    "However, the court points out that the statute clearly says that it's for what the service provider finds objectionable. In other words, the content in question need not be "objectionable" at all -- it only matters what the service provider feels about it. This is a pretty strong endorsement for the idea that security companies absolutely can call software whatever they feel is appropriate." Doesn't this give the Security companies carte-blanche to call any software anything they want, irrespective of its function? Hell, Security software companies could even tell others, "pay up or get blocked". Far out I know, but could happen in some form. Anyway, just my two cents.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Kevin Laing, Aug 30th, 2007 @ 6:58am

    That's Rediculous

    "no service provider is liable for a good faith attempt to restrict access to something it deems objectionable."

    In this case, the anti-spyware company is using software, to restrict access to another piece of software citing objectionability as the cause.

    Is this not parallel to certain software companies restricting access to software,say on an iphone, that locks a mobile device specific carrier? Perhaps theres a loophole here that makes it okay to pirate DVD's, unlock hardware or circumvent any control mechanism imposed by a company that is deemed objectionable?

    Thoughts?

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    D, Aug 30th, 2007 @ 7:02am

    Turns out

    If you're not a moron, you don't need 10 programs to remove spyware/viruses/etc. I run only behind my firewall (router and windows built in), don't leave sensitive information on my computer just in case, and reformat every 6 months for optimal performance. Relying on others due to self-incompetence isn't something I'm a fan of.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    David B, Aug 30th, 2007 @ 9:13am

    Re: The flip side (there is one - I'm it)

    If AVAST has many false positives people won't use it and it will fail to survive. People can elect to use AVAST and/or your software or neither. In addition, it is your job to inform users of your software that that AV programs (especially AVAST) maybe list your program as spyware because of the way your program works. I have seen many vendors do, as well as telling users to turn off AV before installing your app.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Smartypants, Aug 30th, 2007 @ 9:15am

    Re: Turns out

    D,
    You shouldn't have to have a degree in IT or center your life around your computer in order to use one. Yes, your setup works with careful attention, education and no risk-taking. It's not what I'd recommend for the average user.

    And no, I don't think the average user is a "moron". Many are ignorant; most aren't stupid.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Aaron, Aug 30th, 2007 @ 10:33am

    Re: The flip side (there is one - I'm it)

    Oh yes- you MUST sue!!! There can't be any other avenue. Sue and sue well. Sue and sue hard. Don't forget to claim emotional suffering and punitive damages.

    If anyone has a problem, or they don't like an answer, they sue.

    We are not children..STFU and stop complaining!

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Aug 30th, 2007 @ 11:50am

    Re: Re: Competitors

    Norton is a crapy bloated program that must be removed at first chance and replaced with some thing like AVG

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    D, Aug 30th, 2007 @ 11:56am

    Re: Re: Turns out

    I don't have an IT degree nor do I center my life around my comp. What careful attention do I have to pay? Don't open something if you don't know what it is or trust who it's from. That's the only precaution I take. You also have to recall that the average person is an idiot.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Jamie M., Aug 30th, 2007 @ 12:29pm

    I can't wait until you are infected by a vulerability in your "Windows" Internet Explorer that allows your system to get infected automatically by just mis-spelling a URL. No need to click or open anything from anyone you don't know. Your faith in "just a firewall" approach will be shattered.

    -Jamie M.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    D, Aug 30th, 2007 @ 2:16pm

    Re: Jamie

    Firefox.
    Webmail.
    Name a misspelled URL that will find an unpatched vulnerability in IE anyway.

    Considering all the friend's computers I've seen virus and spyware riddled but "I don't know how I have antispyware and AVG/Norton/McAfee", I prefer my approach.

    PS. It's not that I believe in "just a firewall", I believe in not being a moron.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    David, Aug 30th, 2007 @ 3:47pm

    Re: The law

    Yea but there's the thing, This sets a precedent now, so now any of the other spyware, spam and just plain pop-up-ad providers just got a swift kick in the pants per the CDA.

    Good job for the law for a chance.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    anon, Aug 30th, 2007 @ 6:27pm

    permission for non network neutral actions?

    As Killer_Tofu mentioned above, this seems to provide a get out of jail free card for an ISP to engage in just about any form of non network neutral actions. It's the first thought that popped into my head when reading the article. Yet no one responded to Killer_Tofu's comment. Are he and I both misunderstanding? Or was the network neutrality issue blocked before it ever was raised?

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    Killer_Tofu (profile), Aug 31st, 2007 @ 6:08am

    Heh

    So at least somebody else read the post.
    I feel it is an issue that does deserve a bit of discussion but I guess 'anon' was the only other person who recognized what I was saying?
    Are we misunderstanding?
    I do not know as nobody else has talked about it.
    Just for reference if anybody just jumps to the end here, my original post is post #8.
    Covers the topic of, doesn't this just allow ISP's to block any sites they don't want to let users deal with, and that's just a-okay now because "they find it objectionable"?

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Sep 3rd, 2007 @ 11:42am

    HHHHH
    JHNN

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This