Spyware Fights Back 680
sparcv9 writes "According to the latest issue of Spyware Weekly, the Radlight media player not only searches your hard drive for Adaware, but will uninstall it if found. How do they attempt to legitimize this? By including a clause in their EULA that reads: 'You are not allowed to use any third party program (e.g Ad-aware) to uninstall application bundled with RadLight. Such programs will be removed. If you want to uninstall them, you may do so via Add/Remove in Windows' Control Panel.' Yes, that's right. Not only do they say you are not allowed to use Adaware to remove their bundled apps, but they will forcibly remove Adaware for you to make sure you don't!" There's also a Newsbytes story.
this is not legal (Score:5, Insightful)
Does this surprise anyone?? (Score:3, Insightful)
Growing Trend (Score:5, Insightful)
Virus-like? (Score:5, Insightful)
And why can't you uninstall parts of their program? What happened to custom installation?
This seems illegal to me.
Foolish move (Score:5, Insightful)
Basically these guys wasted a lot of effort for naught and just end up looking like scum to boot.
Re:this is not legal (Score:3, Insightful)
This means war. (Score:3, Insightful)
Anyone besides me smell an arms race between ad-aware and these other guys?
Oh. And what if the ad-aware license text changes to say that other applications can't uninstall _it_? Will we have dueling license agreements?
- I traded my sig for a glock.
Re:this is not legal (Score:2, Insightful)
Hmm... I definitely agree that this practice is underhanded, unethical, and plain rude, but why do you say it is illegal?
Is there anything on the books that infers that existing software can not be deleted by new software? If so, how does that work when a new piece of software needs to replace a common shared library, and that new shared library makes existing software unworkable?
If the user was warned (and a EULA is at minimum a warning), does he really have any legal recourse?
DMCA anyone? (Score:5, Insightful)
Software companies think they can do anything... (Score:3, Insightful)
Would it be legal to write in an EULA that my software X cannot be used on the same computer than software Y, and uninstall it without warning if it finds it?
Have Netscape, for instance, remove without warning Internet Explorer from your computer? (But have it written in small characters somewhere that you can't use another third party software to surf the web)
How about having a software running in background to ensure that you dont download a competing package?
People should make it clear that we, computer users, will not tolerate such things.
Re:Growing Trend (Score:3, Insightful)
Users respond very negatively to screwing with things. I doubt even in the quasi-legal MS audits that they will seek out GPL software and fine you. How can they legally hold you accountable for having other software?
God, that's more monopolly garbage. Somebody needs to ask BG on the stand about this. If the prosecutors knew about this, it'd be a crushign blow.
Voluntary information (Score:3, Insightful)
I think that many companies feel such approaches are necessary in order to collect information without too much user hassle. The focus should instead be on improved interfaces which allow people to easily submit information as they desire. This way the benefits of personalization can be had, yet people know exactly how much information about themselves they have revealed...
Re:this is not legal (Score:2, Insightful)
What if your boss had you sign a contract where you disclaim any right to social insurance?
EVAA Agreement (Score:4, Insightful)
E(nd)V(endor)A(ccess)A(greement)
For my computer that superceeds any EULA and the vendors acceptance will be gained prior (on a click through link at in the signature of the email I order software through.
Order X program from the author
At the bottom of the email is a link stating
something like (and of course be just as obstuficating) as the EULA's are that any software being installed on the computer this mail is originating from must accept the terms in the EVAA (access to MY , get it MY f***ing computer) and that sale or distribution of any software to this computer(the same one you are purchasing the software from) is an acceptance of the EVAA (and a link to the same)
Wrap up and invert a EULA , one of the nasties most un-understandable ones you can find, and post it at that link, keep copies of the email correspondence and buy it.
At this point your EVAA WILL in fact superceed the EULA, is this legal, yep !
Will it hold up in court ? Let me just say just as much as a click through EULA will..
If a EULA says I have to let them suck my toes, do I have to allow it ? No ! Why not ? Same reasons as "not responsible for lost stolen article" signs arent worth the plastic theyre printed on. You can say whatever the hell you want holding it up in court is another story.
Next time your rearview mirror or antenna gets ripped off in an automatic car wash and the manager say but the sign is right there say, ok fine, write it down. I took this to court once, on a new car I was dammed if I'd pay 250$ deductible on
Re:this is not legal (Score:2, Insightful)
Perhaps, but then where do you draw the line (legally)? Would Microsoft (or anyone else for that matter) be able to put this in their EULA?
"By accepting this agreement, you give Microsoft the right to uninstall any competing products previously installed on your computer."
(IANAL blah blah) but it seems to me that this would cross that line (restraint of trade or something).
Re:In similar news... (Score:1, Insightful)
How to Remove Linux and Install Windows on Your Computer (Q247804)
Re:Foolish move (Score:2, Insightful)
Download.com also started clearly warning people about spyware, and had even removed certain programs (see their software submission policy) so as not to scar their reputation by allowing programs such as this to be downloaded from their site.
This isn't spyware anymore... (Score:5, Insightful)
Just because it's stated in their EULA that they can do that, doesn't allow them to circumvent the law. Of course IANAL, but it sounds like this struggle has gotten to the point where it is legally challengeable.
Re:This isn't spyware anymore... (Score:2, Insightful)
This is a load of bs in the worst way. What gives them the right to simply remove a program(any program) without your knowledge. If this sort of thing isn't illegal it should be.
What's to stop me from writing a program that forcibly uninstalls any virus scanning software before I execute my virus(whoops meant program) on the machine.
C'mon!
I mean spyware is one thing but this is getting ridiculous. Next thing on the market, spyware that can't be uninstalled without formatting your hd....
Re:this is not legal (Score:3, Insightful)
When you run Adaware, you (probably) know what you're doing and what the program will do.
When someone installs Radlight there is a good chance they will not read the EULA closely. (Yes, people should read the EULA, but that is another matter...) This is what Radlight is banking on - that people will not know what the installer is doing.
I think that's more sneaky and underhanded than what Adaware does, but that's just me.
-r
Re:I cant wait..... (Score:4, Insightful)
So by that logic, this spyware at least could be considered to BE a virus.
The Point (Score:2, Insightful)
Re:A message from the RadLight Admin (Score:4, Insightful)
And never, under any circumstances, remove anything that you did not put their in the first place. I do not want you to HELP me get rid of software I paid for.
Vague licensing agreements and shady installation procedures are not helpful. They are deceitful and they harm the consumer. How about DECEITWARE, or HARMWARE? Until you come clean, this bundled software will always be looked upon with scorn.
In that case (Score:5, Insightful)
Re:This is what the Radlight guy says... (Score:5, Insightful)
You're missing one simple fact: I downloaded and installed ad-aware because I wanted to remove unwanted software from my computer. Property, check. Consent, check. Adaware makes no bones about what their software does.
Radlight, on the other hand, tampers with my property without my consent. What, you say? Consent has an ethical (and legal) requirement that the consenting party posess all relevant information. Burying the ad-aware clause deep in a clickthrough agreement. This may meet the legal requirement, but certainly not the ethical one.
In short, your argument would only be valid if you had a "click here to remove ad-aware" button in your installer, or some similar informational device. The absence of such marks this as either a temper tantrum or underhanded scheme.
Re:this is not legal (Score:5, Insightful)
Legally is a different matter; there are plenty of things that are legal but unethical (heck, lawyers in general... nevermind) but I think the legality of this is questionable at the very least. 'Click to agree' EULAs are questionable in the first place, even before you add language to them that arguably has nothing to do with the nature of the product being installed. I could include language in an EULA to require people to wear a pink tuxedo every time they chose to use my product, or agree to sign over half their life savings to me, or whatever--but I doubt it would hold up in court. I doubt this would, either, but until someone challenges it, I guess you can continue to labor under the assumption that you have complete control of your product in all circumstances.
Re:This is what the Radlight guy says... (Score:2, Insightful)
Re:this is not legal (Score:5, Insightful)
>underhanded, unethical, and plain rude, but why do
>you say it is illegal?
He doesn't. He says that writing it in a EULA doesn't automatically make it legal. They can write whatever they want but it still has to be upheld in court.
Re:this is not legal (Score:2, Insightful)
This post does not constitute legal advice. If you need such advice, see a lawyer, not slashdot.
Re:this is not legal (Score:2, Insightful)
True, but misleading. If the contract was invalid, then uninstalling Adaware would be unauthorized. You might have a tort claim (trespass, trespass to chattels, etc. etc.) against Redlight.
This post does not constitute legal advice. If you need legal advice, see a lawyer, not slashdot.
Re:Software companies think they can do anything.. (Score:3, Insightful)
In any case, abuse of EULAs has become so widespread that I suspect they're going to end up getting regulated, anyway.
Well you don't need regulation to give you your rights under the law. As far as I know, except for UCITA (blech), no law says that licenses are binding in any way. They are just pieces of paper included in the box for your amusement, or to wipe your ass with, or whatever. Feel free to do whatever you like with what came in that box, as long as it doesn't violate copyright or trademark or any other law (ie, don't use the CD to slit someone's throat).
Of course, that doesn't mean company XYZ won't sue you over the EULA, but that doesn't mean they are in the right, just richer than you.
This virus/media player/whatever that deletes files isn't magically justified in its behavior by the EULA (just consider the EULA as a verbose warning label: Warning, this product may delete files on your hard drive).
And don't tell me that loading a copy into RAM is forbidden unless the EULA says I can, that's crap. Software has no other purpose but to be loaded into a computer's RAM (and HD), they can't be selling their software in good faith unless they know it will be put on computers.
So let's hope the result of these abuses is that the legal system simply says: "if you want your customers to act any differently than the law allows them to, they must SIGN a CONTRACT, now get out of my courtroom."
Or at least they should say a license can be like the GPL and GIVE you permission to do something that's otherwise not allowed, bu a license can't FORBID you from doing anything.
That will save everybody a lot of trouble.
The problem is of course that Microsoft, et al, will simply encode their favorite license terms directly into the law by greasing a few palms in Congress (this is how the entertainment industry was doing it for years), but at least in that case the results are a little more public (I don't know what half these EULA's say unless I read it in Infoworld, or /., but I certainly know the DMCA pretty well by now).
In summary: this magical fiction of "software licenses" has to be put to an end, and quick. Software companies don't deserve a power over customers that no other industry has (where's the EULA on your screwdriver that says it can't be used to build computers unless you pay the computer fee? Where's the EULA on your ball-point pen that says all papers you write are the property of Sanford Pen Company?)
Full Identity? (Score:3, Insightful)
Anyone have this guy's full name? I want to add him to our company's hiring blacklist. I encourage others to do likewise. Banishment/ostracization is the only effective tool we have right now for ethically reprehensible hominids such as this; might as well use it.
Schwab
Re:Virus-like? (Score:3, Insightful)
You can't remove parts because you agreed to a EULA saying you wouldn't. You also agreed to let them remove programs such as Ad-Aware. The solution is to not use programs that put such onerous restrictions on you.
Re:this is not legal (Score:5, Insightful)
Interesting thought. However, AdAware does not do this automatically. I install AdAware and run it, it tells me what it found and I tell it to remove the crap it found.
However, your software starts installing, and then promptly uninstalled software I want on my machine without even asking me to (I don't count the EULA, since it's legal standing is questionable).
Tell me, how would you like it if MS decided to remove your software when Media Player 9 is installing?
Re:A message from the RadLight Admin (Score:3, Insightful)
Answer: This was yet another excuse.
Re:this is not legal (Score:1, Insightful)
How's this for a plan? (Score:2, Insightful)
Put some valuable piece of software in the AdAware default install directory.
Install RadLight.
Sue them for destroying your valuable property.
Re:this is not legal (Score:2, Insightful)
another issue would simply be this: if they want their software to only be removed via the add/remove programs, then they should prompt you to use *that* method to remove ad-aware, not to do the hypocritical thing and remove ad-aware without your knowledge/explicit permission/desire/request.
Re:this is not legal (Score:3, Insightful)
I can understand you're feeling a little emotional at the moment, but unfortunately it seems to have gotten the better of you and you're reacting to what you thought I said instead of what I actually said. I never said the app performed illegally--I said the legality of the click-to-agree EULA was questionable. When you say "Check the law!" it makes it very clear that you have not done so--there is good reason to doubt this sort of EULA will hold up in court. It's not illegal, it just may not be legally binding. See Softman vs. Adobe--different circumstances, but it has some implications for your naive assertions that anything stuffed in an EULA is binding.
My suggestion would be that if the pristine state of the box your code runs on is so important to you, that you simply not release it. The fact that you have authored something just plain doesn't give you unlimited authority to dictate when and how and where and with what people use it. It's a common misconception, from corporate America on down, but it's just not true--consumers have rights, and you can't simply disregard them because they don't suit you. Unless, of course, you have Congress in your pocket.
The thumb... (Score:2, Insightful)
BetterSpyware, BetterSpywareRemover...
...
Spyware(n), SpywareRemover(n)...
Everytime I see anything about spyware and their respective remover apps I'm reminded of DA's 'Thumb' Device...
Re:this is not legal (Score:5, Insightful)
I am not a lawyer, this is not legal advice. I doubt that the clause is 'illegal', but it looks to be very unlikely to be enforceable and certainly not very likely to provide protection against claims for damages.
I doubt that any laws are being broken by inserting the clause into the alleged contract. However intentional damage to a computer system is criminal in many jurisdictions and I for one doubt that the EULA is going to impress the court.
The weenie Randite 'you signed a contract' brigade who yatter on interminably in much of this thread are fortunately wrong, contract law has never operated on the bizare principles they advocate.
The enforceability of the term would depend on the prominence of the notice given. Since I have no intention of loading the program I am not going to find out for myself. If the notice is exceptionally prominent then the guy may get away with it, but only because it would be unlikely that someone would uninstall AdAware without giving consent. Unless the guy really is just making a point (a pretty stupid one) I kinda doubt that this is the case.
What this comes down to is the sort of smart alex amateur lawyer stuff that is more likely to piss a court off than win a case. I suspect that a judge reading the EULA would take it as evidence that the defendant knew they were doing something illegitimate. If the judge decided that the plaintif did not receive actual or constructive notice of the term the EULA would actually hurt Radware. I suspect that Radware did not intend to give notice of the term and suspect that the judge would be likely to agree.
Obviously someone who installed AdAware did so as a deliberate decision. The person who installs radware may not be the owner of the machine and so the fact that the installer agrees to the EULA may not be enough to fend off a lawsuit from the actual owner.
Ultimately this is not a sustainable business model, but then neither is scumware in general. The market for Internet ads is pretty thin to start with. What sort of company advertises through scumware?
Sensible businesses don't just consider the question 'would we win a suit'. If someone files any sort of lawsuit against you the costs are going to be large. I can't imagine a judge saying to a consumer irate with radware that the suit is so baseless that she is going to award costs.
Re:this is not legal (Score:3, Insightful)
At any rate, the enforcability of contracts is a matter of public policy. It is undesirable to permit people to create a contract that would be legally binding that required someone to kill someone else. Both parties might be completely happy with it -- but that doesn't matter. SOCIETY, not any private individuals, determines what can be agreed upon and what cannot, via the courts. Private corporations do NOT decide the law, and do NOT decide what parts of their contracts are valid.
Frankly, had I the option, I would declare ALL EULAs invalid, with two exceptions. One, where the license provided rights not normally afforded by an ordinary sale transaction, e.g. with site licenses. (note that copying software into RAM and HD in order to use it, and making backups are both provided for by law, and have no place in contracts) Two, where the contract was presented as a PRECONDITION of sale. e.g. where you could not purchase anything without having already agreed to the contract, or where you could not download without having already agreed to the contract.
If something is downloaded to me, in most situations, it has been given to me for free. What is to stop me from opening up the installer archive and extracting the software myself, bypassing the license altogether? (aside from crappily written software that makes that more difficult than necessary)
You give too much credit to software publishers -- software should be like books, or CDs or videotapes. Sold, and virtually never licensed. It makes things easier for everyone, and it avoids having to bother waiting for the mere possibility of private parties doing the same thing. (GPL software is also sold or freely given away, and NOT licensed for normal use)
Re:this is not legal (Score:3, Insightful)
First, I need to know that Morpheus was responsible for installing BDE, so I can eradicate Morpheus. I need to find a non-spyware replacement for Morpheus (gnucleus). [sourceforge.net] I have to remember which of my friends have Morpheus so I can help them get rid of it. I need to know who published Morpheus [musiccity.com] so that I can never install anything by them ever again.
Next, I'm also saying that anti-virus software tells you what the viruses are before it removes them, and I'm equating that with some measure of responsibility. When they detect a virus, they pop up a message box that says "Foo.dll has the Bar/W32 virus. Click [OK] to fix foo.dll, click [here] for details on the Bar/W32 virus."
I'm the guy who clicks there for details.
I need to know what the virus is, what it does, how it works, and everything about it so I can figure out how I got it, and how I can get rid of it. I do indeed search the net for other commentary on the virus. I find what other people have done, check for other clean-up utilities, etc. We found a dormant virus that had only recently been added to the A/V detection list, but in the mean time had been burned on a software distribution CD and installed in 67 locations. (It had unfortunately infected a UPS utility, and was triggered only when there was a power failure that launched this utility. Talk about a perfect distribution mode for a sleeper!) It was vitally important to take it seriously, and we did nothing but focus on that damn virus until it had been eradicated from our side of the network. That cost me and about ten other people a week's worth of work and sleep.
As to how this might apply to LavaSoft, consider this example: the Nertin Company, authors of the Nertin Utilities, decided to have their flagship Nertin AntiVirus remove the competing Berland Utilities in order to foster sales. So Nertin hands out virus signatures that just happen to trip on the Berland Utilities. As an end user, I would see "berDiddly has a virus, click [OK] to remove it or click [here] for details."
Who's to say LavaSoft isn't doing the same thing?
It's all based on trust. I am "trusting" LavaSoft's opinion that BDE is spyware, and that they're going to delete only spyware. I would be much more comfortable if I knew WHY it was deleting BDE\bdeFoo.dll