Court Rules That Anti-Spyware Companies Can Call Spyware Spyware

from the what's-in-a-name dept

All too often, we’ve seen cases where security software firms were sued for calling some piece of software “spyware” or “adware.” In fact, Microsoft even wanted to make sure that new anti-spyware legislation would make it clear that there’s nothing wrong with calling spyware “spyware.” However, in the latest ruling on one of these cases (in which Zango sued Kaspersky), the ruling makes it clear we already have such a law on the books. The judge dismissed the lawsuit, noting that security firms have every right to label software as they see fit, citing part of section 230 of the Communications Decency Act.

We often point to section 230, because it protects service providers from liability for the actions of the service providers’ users. However, this is referring to a different part of section 230, which says that no service provider is liable for a good faith attempt to restrict access to something it deems objectionable. The court felt that the security company was a service provider, and that since it believed Zango was objectionable, then it has every right to try to restrict it. The court makes a second very important point. Zango complains that its software is not objectionable, and therefore the security providers cannot block it as objectionable. However, the court points out that the statute clearly says that it’s for what the service provider finds objectionable. In other words, the content in question need not be “objectionable” at all — it only matters what the service provider feels about it. This is a pretty strong endorsement for the idea that security companies absolutely can call software whatever they feel is appropriate.

Filed Under: , , ,
Companies: kaspersky, zango

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Court Rules That Anti-Spyware Companies Can Call Spyware Spyware”

Subscribe: RSS Leave a comment
25 Comments
Phil (user link) says:

The flip side (there is one - I'm it)

I make an accessiblity/assistive tool which enables those with barriers to literacy (such as blind users) to access web content anywhere. One of our methods of implimentation is a small footprint toolbar. This toolbar was flagged as ‘spyware’ by AVAST. I flagged their false positive. No response. Again, no response. Went to their forum and got advice on how to remove the issue, no joy… What am I supposed to do at this point other than sue? While data is pasted to us, we don’t hide this (spies don’t announce their intentions), and the data passed is passed so as to enable better, free acess to those users.

So… what should we do?

Smartypants says:

Re: Re: The flip side (there is one - I'm it)

Most defensive apps I’ve seen give one the option to specifically exclude elements. Granted, it would only work on computers under the user’s control, but no need to pitch Avast – just tell it to exclude this product from its detection.

I’ve been around that block with both Kaspersky and Spybot Search & Destroy – excellent products, but both have occasionally turned up a false positive. It’s just one of the costs of running defensive software.

Anonymous Coward says:

Re: The flip side (there is one - I'm it)

You could try writing better software.

If your toolbar is being flagged as adware, it’s because it’s triggering “adware-like” qualities in AVAST. Rather than blaming AVAST for calling your software spyware, spend more time making your software not like spyware. There are plenty off applications that utilize toolbars and plugins that don’t get flagged as spyware.

Anonymous Coward says:

Re: Re: The flip side (there is one - I'm it)

“You could try writing better software.

If your toolbar is being flagged as adware, it’s because it’s triggering “adware-like” qualities in AVAST. Rather than blaming AVAST for calling your software spyware, spend more time making your software not like spyware. There are plenty off applications that utilize toolbars and plugins that don’t get flagged as spyware.”

What he was saying, and correct me if I’m wrong Phil, is that he did try to contact them to have the flags removed, and to find out what his software was doing to warrant a red flag so that he could correct the behavior.

Unfortunately I have had the same issues with Norton and F-Prot years ago when I was developing software and they thought it was a virus. It was a screen capture application for monitoring telemarketing agents. Unfortunately the methods I used were tied to methods used by apps like VNC and back orafice. These apps are considered to be virii and are removed by most AV products. So I had to redevelope my apps because none of the AV vendors would talk to me unless I hired the highest priced lawyer in town to flex my legal muscle. And that was not going to happen. I didn’t need the negative publicity.

David B says:

Re: The flip side (there is one - I'm it)

If AVAST has many false positives people won’t use it and it will fail to survive. People can elect to use AVAST and/or your software or neither. In addition, it is your job to inform users of your software that that AV programs (especially AVAST) maybe list your program as spyware because of the way your program works. I have seen many vendors do, as well as telling users to turn off AV before installing your app.

Killer_Tofu (profile) says:

A Thought

Doesn’t this mean that everybody’s ISPs could just start blocking sites they don’t like (like YouTube because it eats up their bandwidth, and I know that’d be stupid of them, but it is just an example) and they can just say that they find it objectionable?
Anyone care to delve into this further over whether the fear is well based or not?

chris (profile) says:

devil's advocate

i think the spyware decision was a good one, but what about potential abuses of “good faith”?

so, if google, as a service provider, decides that companies that have not paid for placement are deemed “questionable” then they can restrict access to sites that have not paid?

what sort of restrictions are considered legal and what sort is not? is a warning window (“google has deemed this site questionable, click ok to continue”) considered “good faith”? what about redirecting a surfer to the site of a paid competitor? can google start redirecting searches for gateway computers to dell’s website? at what point is that not considered to be “good faith”?

i don’t think google would do something that stupid, but that doesn’t mean that someone else won’t.

MTK says:

Not good

“However, the court points out that the statute clearly says that it’s for what the service provider finds objectionable. In other words, the content in question need not be “objectionable” at all — it only matters what the service provider feels about it. This is a pretty strong endorsement for the idea that security companies absolutely can call software whatever they feel is appropriate.”

Doesn’t this give the Security companies carte-blanche to call any software anything they want, irrespective of its function? Hell, Security software companies could even tell others, “pay up or get blocked”. Far out I know, but could happen in some form.

Anyway, just my two cents.

Kevin Laing says:

That's Rediculous

“no service provider is liable for a good faith attempt to restrict access to something it deems objectionable.”

In this case, the anti-spyware company is using software, to restrict access to another piece of software citing objectionability as the cause.

Is this not parallel to certain software companies restricting access to software,say on an iphone, that locks a mobile device specific carrier? Perhaps theres a loophole here that makes it okay to pirate DVD’s, unlock hardware or circumvent any control mechanism imposed by a company that is deemed objectionable?

Thoughts?

D says:

Turns out

If you’re not a moron, you don’t need 10 programs to remove spyware/viruses/etc. I run only behind my firewall (router and windows built in), don’t leave sensitive information on my computer just in case, and reformat every 6 months for optimal performance. Relying on others due to self-incompetence isn’t something I’m a fan of.

Smartypants says:

Re: Turns out

D,
You shouldn’t have to have a degree in IT or center your life around your computer in order to use one. Yes, your setup works with careful attention, education and no risk-taking. It’s not what I’d recommend for the average user.

And no, I don’t think the average user is a “moron”. Many are ignorant; most aren’t stupid.

D says:

Re: Jamie

Firefox.
Webmail.
Name a misspelled URL that will find an unpatched vulnerability in IE anyway.

Considering all the friend’s computers I’ve seen virus and spyware riddled but “I don’t know how I have antispyware and AVG/Norton/McAfee”, I prefer my approach.

PS. It’s not that I believe in “just a firewall”, I believe in not being a moron.

anon says:

permission for non network neutral actions?

As Killer_Tofu mentioned above, this seems to provide a get out of jail free card for an ISP to engage in just about any form of non network neutral actions. It’s the first thought that popped into my head when reading the article. Yet no one responded to Killer_Tofu’s comment. Are he and I both misunderstanding? Or was the network neutrality issue blocked before it ever was raised?

Killer_Tofu (profile) says:

Heh

So at least somebody else read the post.
I feel it is an issue that does deserve a bit of discussion but I guess ‘anon’ was the only other person who recognized what I was saying?
Are we misunderstanding?
I do not know as nobody else has talked about it.
Just for reference if anybody just jumps to the end here, my original post is post #8.
Covers the topic of, doesn’t this just allow ISP’s to block any sites they don’t want to let users deal with, and that’s just a-okay now because “they find it objectionable”?

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...