Spyware Maker Sues Detection Firm 503
Luigi30 writes "ZDnet reports that RetroCoder, makers of the SpyMon remote monitoring program, are suing Sunbelt Software, makers of ConterSpy, a spyware detector program, for detecting the SpyMon as spyware. According to the EULA, SpyMon can not be used in 'anti-spyware research,' and detecting it is therefore a violation of it. 'In order to add our product to their list, they must have downloaded it and then examined it. These actions are forbidden by the notice,' a RetroCoder spokesperson said."
If it looks like a duck and sounds like a duck... (Score:5, Interesting)
If it looks like a duck, and sounds like a duck, then it must be a duck. :P
Detection w/o "Research" on the product (Score:2, Interesting)
Prove my invisible friend ISN'T Jesus. (Score:5, Interesting)
Is it legal for contracts to include conditions that are physically impossible to do? If so, my next bit of software is coming with a "If you can't prove you didn't make copies of the software, you owe us for as many copies as could possibly have been made between the time you first run the program and the time we sue you." Since nobody reads those things anyway.
On a mostly unrelated note, I wrote a program that shows funny pictures. It's awesome, and it's only 1 cent, for... processing purposes, if anyone's interested in a download.
Re:Does it work against FBI agents too? (Score:5, Interesting)
They never stopped, FTP simply lost importance. IRC fserves used to have them too. Websites, DC++ hubs, eMule hubs, WinMX shares as well. It's funny, I've had people present me that and then ask me if I'm a cop as well. Even after sending them this [snopes.com] and this [snopes.com] they still think it is for real. I guess it's some kind of mental self-defense, denial or whatever that makes them go LALALALALA I can't hear you.
Kjella
Re:i hate spyware....but.. (Score:5, Interesting)
2. Why is the industry so lawsuit crazy? Lawsuits are supposed to reimburse you for actual unlawful damages done. What damage was done by the anti-spyware company downloading the software? A few cents' worth of bandwidth at the most. What damage was done by installing it? None at all. This is surely the most baseless lawsuit ever.
(I know that including the spyware definitions in anti-spyware software will [one hopes] hurt the spyware company, but that's not what the suit is about.)
yes and no (Score:3, Interesting)
BUT
no, because their delisting was contingent on the company modifying the way their software installs/removes/whatever
some spyware companies changed a few of their nasty ways and were rewarded by being delisted. The anti-spyware companies (of course) have reserved the right to relist lapsed spyware makers.
Re:i hate spyware....but.. (Score:2, Interesting)
If RetroCoder indeed is going to attempt to sue for violating the EULA and they go all the way through court and lose I'm curious if this will have any implications on future EULA related cases. Others have been saying that EULA's are hard to prove in court but every time an EULA cannot successfully be defended it means that it will be all the more difficult to show in future. If enough attempts are made and failed maybe companies will stop trying to claim all these crazy protections in EULA's and decided to simply save the costs of hiring lawyers to write them.
I would tend to agree with some others that there should be legal mechanisms in place to properly protect software. Neither copyright nor patent properly fit this bill and no one seems to be interested in trying to come up with the appropriate thing.
Simple solution (Score:3, Interesting)
First prove that Sunbelt accepted the EULA (Score:2, Interesting)
This is spyware, so it's main purpose is to install it without the user noticing, right?
A user that doesn't notice the install obviously doesn't read and accect a f*cking EULA, so it doesn't matter what the EULA says.
Sunbelt might just as well have examined a contamined PC.
EULAs are not valid contracts... (Score:4, Interesting)
To a contrat be valid, it must be an agreement between two parts. In the case of an EULA the consumer doesnt have any power of negociation, and in pratice cant change anything on the EULA.
The brazilian legislation also states that you cant be forced to agree with a contract that prejudice, or denies, any of your rights. This way no EULA can really be enforced here.
Just my 2c.
EULA's on individual computers (Score:5, Interesting)
This is fair too, because as much as I don't understand their EULAs, they wont be able to understand mine. Vive la revolution in software consumer rights!
Easily to counter by applying Isaac Asimov (Score:1, Interesting)
Person two installs the software on a computer, and leaves.
Person three has got no knowledge of the first two, and is therefore not encumbered by any EULA.
Problem solved.
(freely taken from one of Isaac Asimovs stories, in which a series of robots, all of them incapable of hurting a human, are coerced in taking part in a series of actions that results in the death of a human)
Copyright is powerfull... (Score:3, Interesting)
Copyright law plainly wasn't designed for what RetroCoder is using it for, said Christopher Brody, a partner at Clark & Brody in Washington, D.C. "Copyright laws prevent copying, not examination, and I question the enforceability of such a clause based on copyright ownership," he said.
Well since copyright is alos used to prevent the unauthorized copying of banknotes, copyright is actually quite powerful. But copyright will not prevent you from studyding bank notes, it might prevent you from creating machines that can help you to duplicate bank-notes (try scanning in a bank note into photoshop and you get the point.)
Re:My god (Score:5, Interesting)
Oh, don't worry... they can't possibly win this case.
The EULA only enforces certain rules if you want to use the program. If you do not use the program - which would mean running the binaries, if I'm any judge - you may not use the program.
It would be most interested to see whether their EULA contains something along the lines 'this software is provided as-is, and is not fit for any express purpouse' - something similar can IIRC be found in MS Office. That clause would counter and dispel the clause that claims it can not be used in spyware research - regardless of the fact that the program does not have to be running for it to be examined. It doesn't even have to be installed, and the EULA doesn't even have to be read, let alone agreed to.
The package can be extracted, binaries examined... And, if the sued company wants to be evil, they can just claim that any software that forbids the end-user to include it in spyware research (and how in the world would you enforce that rule against NOD32's heuristics and automatic mailing suspicious binaries to their lab really escapes me) deserves to be added to their spyware list. They never had to get past reading the EULA to add the program to their list, so they never would have installed it and, of course, never agreed to the EULA in the first place. If they never installed the program, the EULA is unenforceable.
Finally, proving a negative is not what the US court system is based on, at least from what I've heard about it - innocent until proven guilty (unless it's a terrorism accusation, but I don't really want to troll right now). So the spyware maker has to prove that there was no possible way for the sued company to examine their binaries without agreeing to their EULA. If the sued company can prove that there is at least one way for them to do that, the spyware maker cannot prove that they didn't do it. Innocent until proven guilty.
Hell, I could successfully defend them against this, and IANAL.
Re:enforcability ? (Score:2, Interesting)
"1.3 Device Connections. You may permit a maximum of five (5) computers or other electronic devices (each a "Device") to connect to the Workstation Computer to utilize one or more of the following services of the Software: File Services, Print Services, Internet Information Services, and remote access (including connection sharing and telephony services). The five connection maximum includes any indirect connections made through "multiplexing" or other software or hardware which pools or aggregates connections. This five connection maximum does not apply to any other uses of the Software."
I know what they mean, but couldn't that be turned around to mean I can only connect to five computers on the internet? Worst of all, doesn't it make file sharing illegal to run on a XP Home computer as you are providing an information service?
And thats from the XP Home EULA (http://www.microsoft.com/windowsxp/home/eula.msp
Re:My god (Score:2, Interesting)
Re:My god (Score:5, Interesting)
Sunbelt never *ran* SpyMon, nor did they ever download it, therefore no EULA[1], nor PDA was violated.
[1] Other post deal satisfactorily with the *run* issue.
Downloading vs. Installing (Score:3, Interesting)
And I'm 90% sure this part of the EULA wasn't written by a lawyer. Defendant can basically say "This isn't research" and tapdance all the way to the bank.
Honestly, next thing they'll be saying is that strapping these dummies to a table and yanking their entrails out with an iron hook is "anatomical research." It'll be fun to win that case by telling the jury I wasn't doing research---I was drawing and quartering a spyware manufacturer. The best part will be hearing the foreman say "not guilty on account of he was drawing and quartering a spyware manufacturer. And here's the addresses of a few spammers I know about."
how does one respond to this rationally? (Score:3, Interesting)
That's the only response I could come up with. When the whole world's gone crazy, how does one respond rationally?
Seriously, purveyors of spyware should be brought up on charges in criminal court. We do the same for virus writers, how is malware any different? Can you imagine the courts allowing a virus writer to sue AV firms? :)
Re:My god (Score:3, Interesting)
Re:My god (Score:2, Interesting)
Asshole is right. Look at this... (Score:5, Interesting)
Don't know what your kids are doing on the net?
Worried that your partner is cheating on you?
Want to see what your employees are really doing instead of working?
Ever wanted to be a hacker like in the movies?
Great product niche - allowing paranoid idiots to spy on everyone in their life. Then there's a fantastically smug notice at the bottom of the web site that says:
Please note that the "crack" by "team tbe" doesn't work anymore.
Like I said - everything these guys do and say has asshole written all over it.
Re:My god (Score:5, Interesting)
Either Possess Guts or Does Not Possess Mind (Score:3, Interesting)
One or the other. It's bad enough the company has this in their EULA, but the fact they are trying to enforce it through the courts proves one of two things. They either have a legal department/management team with serious balls or their legal department/management team is out of their mind. One or the other. I personally would believe the latter. I can't wait until it gets laughed out of court or, even better, the judge takes the evidence and does whatever he has to do to get the company prosecuted.
Since I'm not logged in yet when posting this message, I have to type in a captcha. This one is "agree". By typing this, what am I agreeing to? Crap, time to get my lawyer to read this page before pressing preview.
Re:Hasn't a crime been commited by Sunbelt? (Score:3, Interesting)
It may not be a virus as you say - so GRI would be right to remove it as such - but it could be used as a trojan as you are very well aware.
If someone had installed this on my system, I would want to know it was there. Would you?
If it's my system and I have installed it to keep an eye on the kids, and XXX product spots it's there, then I simply whitelist it. Simple, no?
No need for the "I'm a burglar - and if you are a policeman then you are forbidden from speaking to me" clause.
It's an admission of guilt I think.
Re:I'm not sure which is scarier... (Score:4, Interesting)
If I got you to sign a paper saying I could beat the snot out of you, and a police officer walks by during the act, what do you think said cop would say if I said "Its OK officer, he signed a waiver saying I could do this to him." Its just ridiculous.
Congress should outlaw EULA agreements altogether, even the part that says 'If this breaks we aren't responsible.' They wrote the software saying that it works, and if it breaks, they SHOULD be responsible.
Re:Does it work against FBI agents too? (Score:2, Interesting)
Ergo, it is perfectly sane to put up a message banning whoever you want, and yes, that does have legal enforcablity. I don't know what this has to do with an Federal privacy bill, it's state laws that ban 'unauthorized access'.
Think of it this way: Bars are normally open to the public. People go in and out at will, and so can police.
Private clubs, with a bouncer? They have to ask to come in, and they can be told no, and then they don't get to wander in and look around.
This, of course, doesn't stop them from entering if they have a search warrant.
I don't know why people would think the police have some sort of special right to poke around online on a system they are explicitly unauthorized to use.
Re:My god (Score:2, Interesting)
The warnings on the download page [spymon.com] talk about criminal court. Whatever they're paying the attorney that wrote it for them is too much.
Re:My god (Score:2, Interesting)
a) both firms are software houses, this would negate the stronger/weaker side of the argument. make both sides equal to the judge.
b) both firms are familiar with Eula's, this would slow down or stop spy-ware detectors line of thinking. judge would only have to say " you have one in your software ", spy-ware detection company says "yes sir", Judge says " well you would expect people to agree to yours, so you now have to agree to their " ( or at least place them in a bad light )
c) because both parties are equals, the courts might lean towards the spy-ware company.
I am not a lawyer, been using lawyers since I was 9, I like lawyers. Lawyers make my life easy.
Re:Hasn't a crime been commited by Sunbelt? (Score:2, Interesting)
Fine. good luck with that product.
2. Some anti-virus software blacklisted our software.
Oh, that's unfortunate. Simply explain the situation to them and hopefully they'll change their minds. If not, well TOO BAD. Its THEIR software, they can do what they want with it.
3. We state that they are not allowed to download our software in an attempt to stop them blacklisting us
Well, a sure fire way to get someone to blacklist you is to prevent them from actually examining your product and engaging in a dialogue about its application. In the world of anti-spayware/virus I would assume that if you can't get information, then you must blacklist it rather than expose yourself.
4. They carry on doing so, ignoring our warning they they are expressly forbidden from downloading our software - it is our copyright.
See, this is where you set down the wrong path. You should have pro-actively engaged the anti-spyware industry along the lines of "Hey, you guys call us spyware, but we're not and here's why..., can we come to some agreement about this?" Unless of course, it is just crappy spyware, in which case they'll throw you out. Further, as has been written several times already, they don't have to download it. All they have to do is go to a client's computer that already has it installed. Or perhaps someone handed them a copy of the binary and asked them to figure out what it was? The point is your attempt to forbid download has no effect at all on whether they can examine your software. It is merely inflammatory.
5. They ignore our attempts to contact them
Why should they communicate with you now? You've already tried to cut them out of the process with useless but inflammatory things like your anti-anti-spyware EULA?
6. So we consider going to the police to stop them downloading our program without permission.
Well, you certainly can consider it, but first you'll have to establish that they downloaded the program, and that your EULA clause is applicable at the time of download and not time of installation. And then you'll have to find a cop who actually has time to deal with this crap instead of his backlog of robberies and car-jackings.
7. We get flamed by a load of people who don't seem to understand the situation!
What we don't understand is how you think you can pull this off. You've taken the wrong tack and need to re-examine your process. A pro-active engagement of the anti-spyware/virus industry from the start would have done a lot to remediate this situation before it arose.
Why are we sleazy?
Because you make software that spies on people. jeez, it's not complicated.