Slashdot Mirror
Spyware Maker Sues Detection Firm
Luigi30 writes "ZDnet reports that RetroCoder, makers of the SpyMon remote monitoring program, are suing Sunbelt Software, makers of ConterSpy, a spyware detector program, for detecting the SpyMon as spyware. According to the EULA, SpyMon can not be used in 'anti-spyware research,' and detecting it is therefore a violation of it. 'In order to add our product to their list, they must have downloaded it and then examined it. These actions are forbidden by the notice,' a RetroCoder spokesperson said."
What is the world coming to.
Task Mangler
their EULA is GENIUS>.... evil evil genius.
actually I am happy to see you, however that is in fact a banana in my pocket.
If it looks like a duck, and sounds like a duck, then it must be a duck. :P
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
If you don't agree to the EULA, you can't use the software. Isn't that the way it works? So good riddance.
Jesus saved me from my past. He can save you as well.
...is for the detection firm to add a section to their EULA that forbids anti-anti-spyware research!
The fact that someone actually is trying this, or the fact that I'm half-afraid it might work.
Let's all hope not.
To fight the war on terror, stop being afraid.
Anyone remember those MOTD's on pirate-software FTP sites giving us a pseudo-legal-brief about President Clinton signing some law, and then "FBI AGENTS YOU CANNOT ENTER THIS SITE"?
Please help metamoderate.
Damn, thats a really good idea on their part. Hopefully the judge just says that its malicious software and throws out the case or something.
This kind of thing is not likely to stand up in court. Spyware has been proven to be a malicious type of software that voilates one's privacy, therefore I would be shocked if the courts find in favor of the spyware maker. The spyware maker might have thought it was clever adding that clause in their EULA, but essentially what they've stipulated was people cannot investigate how their software works in order to prevent it's unwanted installation on to one's system. Not likely to stand up in court.
So, the next virus I get on my computer will have embedded in it's source code: "By reading this source code, you agree that W32.SonyRootKit.C will not be added to any antivirus definition lists or be recognized by any heuristics."
I can just see the coder in his dimly lit basement cackling while rubbing his hands in glee: "I have you now Norton!"
---- El diablo esta en mis pantalones! Mire, mire!
Or in this case:
If it looks like dick, and sounds like a dick, then it must be a dick.
Although the EULA does state the defendant must prove in court they didn't use the accused spyware program in research, isn't it possible that the spyware detecting application made (exclusive?) use of heuristic profiling to detect the actual spyware app?
If you do produce a program that will affect this software's ability to perform its function, then you may have to prove in criminal court that you have not infringed this warning.
Is it legal for contracts to include conditions that are physically impossible to do? If so, my next bit of software is coming with a "If you can't prove you didn't make copies of the software, you owe us for as many copies as could possibly have been made between the time you first run the program and the time we sue you." Since nobody reads those things anyway.
On a mostly unrelated note, I wrote a program that shows funny pictures. It's awesome, and it's only 1 cent, for... processing purposes, if anyone's interested in a download.
In CounterSpy's EULA: "This CounterSpy software cannot be used for anti-anti-spyware research or litigation."
last time i checked the legality of eulas was rather questionable, and unless the spyware company makes it clear that there is a eula you have to agree to, then its about as legal as strapping on an extra page to a contract to change it how you want it to.
Anyone up for putting an EULA on their computers saying that anyone/thing using their computer in a destructive, invasive or annoying means isnt allowed to?
First: they almost admit in the EULA that is a spyware product. Who the fuck else would put such an idiot line in the EULA. Second: the antispyware company might have used some sort of heuristics. No install required. I would really like to see this go in court: isn't there a limit on the kind of shit people put in that EULA ?
This seems ridiculous to me... shouldn't there be a limit on how far EULAs can go? Or is there one that I'm not aware of?
Can I make a EULA that says you must pay me $1 million within a week or I can take everything you own? It seems very exploitable...
Just a thought... what if Microsoft started suing the anti-virus firms over calling malware names? What will we call the viruses, worms, spiders and ticks? AIDS? SARS? STD? I think 'non-user-non-MS-unintentionally-installed-softwar e' is too long...
If you keep throwing chairs, one day you'll break windows....
This would be a good case to find out about the enforcabilities of an EULA .
have any others been tested in courts ?
CYA Notice to federal agents and other interested parties:
The subject line of this post is intended to be humorous. It is not an endorsement of terrorism nor is it intended to encourage anyone to commit any illegal act.... except of course for jaywalking, sodomy, and mopery with intent to loiter.
The llamas responsible have all been sacked.
Lee
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
Em. I don't get it. Who says the the company has to agree to the eula to look at it? If the spyware company declines the eula agreement they are not bound to it and as a result the proggy is not installed. How does that restrict they spyware company from analyzing the binaries present in the setup program? Decompress the archive and create a fingerprint done!
Section 6783.
You agree that in using this Software, You give Us the right to your first born child.
Section 6784.
You agree that in using this Software, you will never hit the "g" key on your keyboard between 4:50AM and 3:15PM. This clause will survive termination of the Agreement.
Section 6785.
You will never call the Software a Piece Of Shit in public or in private.
It's used for target practice in spyware-asskicking.
Right, because nothing convinces people to get on yourside like blowing them up.
No kidding!!! What do you say at this point?
What's next? Passing a note to a bank teller "By reading this note you have agreed to let me rob your bank and not press the alarm button"?
EULAs are becoming increasingly cluttered with unenforceable and in cases downright silly things. With any luck a few frivolous lawsuits might see some of them struck down.
Ame
They don't need to be able to win. All they need is to have enough of a case to threaten them with long, costly litigation - and once the expected cost of defending themselves is greater than the cost of caving in, most businesses will cheerfully cave. In fact, for publicly traded companies you can make a decent case that it's their duty to do so.
Trust the Computer. The Computer is your friend.
Have they no shame!??
The spyware people should be treated like programming commands and scripts: "Carried out and executed".
In general, I think the USA should change its name to "SueSA". When are people going to take responsibility for their own actions? If someone walks on my sidewalks and trips in a hole in it, it's their own g*dd*mn f**ing fault for not watching where they are going, not mine.
This message has been ROT-13 encrypted twice for higher security.
++++ fake ticker ++++ Johnny Bash, famous for writing applications like WORM32 and Trojan.Hoax, has today filed a lawsuit against McAffee. His complaint is that the EULA for this applications specifically forbids the reverse engineering or analyzing of the code for anti-virus companies. He says that by downloading and installing his latestes achievment, McAffee implicitly agreed to the conditions and thus violated the EULA by including the anti-virus measures in their latest software.
If i do not agree to the EULA i am forbidden to use the program.
The question is if examining the application with disassemblers etc is "use".
Look at it logically. The makers of one software are claiming that no one can look at what their software does on a computer or you violate the EULA. This will never hold up and these projects are independent and not using code just referencing the files in a database. They cant prove that an anonymous web page wasnt their source of file/registry information anyway as much of that information is available these days.
Am I the only one who views the use of law in this sort of a case as an admission of technical ineptitude?
The last scintilla of doubt just rode out of town
By putting statements such as "SpyMon can not be used in 'anti-spyware research'", isn't the spyware firm basically admitting that they are distributing spyware? Why would a legal, non-dodgy software company put such a clause in their EULA? I think if the judge rules in favour of the spyware company (unlikely), this will basically give green light to all other spyware and scumware vendors.
From what I seem to reacall EULAs are not particularly easy to defend in court, and mostly court software piracy cases rely on copyright. What about adding a term in the EULA saying "this software cannot be used for research on legal cases" EULAs are just ridiculous. From my grasp of them they are a bit like a contract which means that if only one of the terms is not strictly legal (like this one) the entire EULA is void. Why can companies not just rely on copyright?
I'm not much for killing sprees.
1) They leave such a terrible mess.
2) The cleaning bill is absolute atrocious.
3) The authorities take such an annoyingly dim view on it.
And In the case of these characters
4) They are not worth the price of the bullets.
I'm much more interested in trying out some of those EMP devices...
By the same token the US [c|sh]ould be bombed too. There are enough evil companies in their mids to justify obliteration, if you use the same reasoning as you do.
Maybe, just maybe, collective punishment is no justice at all. At least it will be self-eradicating: the relatives of the people that perished in your collective punishment are allowed to retaliate against proponents of that law and anybody that allowed it to come into force.
Until you have become a tryrant, i suggest you shelve those little plans of yours.
This space is intentionally staring blankly at you
no text
Well I think the beast way around this is: "Any software that forbids us from evaluating it will automaticly be flagged as spyway by our system"
Ant that was supposed to be a bad joke.
I don't kill people. I don't want to either.
Teaching someone a lesson by killing them makes very little - if any - sense.
I'd rather see someone turn the tables on the bastards, and sue them into oblivion.
I would add Spymon to a list of spyware after viewing their main page http://www.spymon.com/
"Ever wanted to be a hacker like in the movies?"
Hey, dumb fuck! The company is British. They are filing suit in the US only because the "perpetrators" are based there. So if we were going to draw dumb-ass generalizations, we'd call the British sue-happy and the US spyware-hostile.
On the other hand if I'm never presented with the EULA, or if it installs even if the EULA is rejected by the user, or even if the produkt does shit that I'm not properly informed of in advance, the EULA's not legally binding anyways. So what's the issue here?
I seem to recall that McDonald's had to explicitly inform their customers that hot coffee can burn your nuts if spilled. So it seems rather odd if RetroCoder can install compromising shit on your machine without properly informing you in advance?
As a side note, "spy" in norwegian means "puke"...
By reading this comment, you agree to mod it up, should you have available points.
nuff said
Never play chicken with a passive aggressive.
Yes, spyware companies leaned on the likes of ad-aware, spybot, etc
BUT
no, because their delisting was contingent on the company modifying the way their software installs/removes/whatever
some spyware companies changed a few of their nasty ways and were rewarded by being delisted. The anti-spyware companies (of course) have reserved the right to relist lapsed spyware makers.
[Fuck Beta]
o0t!
The anti-spyware company never agreed to abide by the spyware's EULA, right? Wasn't the user the one who clicked the OK box? Shouldn't they be suing the uesrs of their program?
upon purchasing this product, you agree to send all your future earnings to the following address until both of these conditions apply: You are dead, you are broke.
EULA Requirement
3106 Equinox Rd.
Dover, PA 17315
If you fail to meet the requirements of this EULA your life will be revoked.
see, I am a genious too!
U.S. lawsuits are merrier and merrier all the time! Very few surrealist artists had as much imagination as some lawyers do!
... from the forgotten corner in europe
Just wondering: if your native language isn't English, does the EULA still stand in your country? Otherwise it would be VERY easy to dismiss such nonsense.
But if it weighs the same as a duck, it must be a witch.
* Spyware that forbids detection by third party software
* Spyware that forbids removal by third party software
--- perl -e 'printf("%s\n", pack "H*", "7369670a676f6c677940676f6c67792e6e65740a2f736967")'
This is a commercial product, so it's clearly beyond the "research" phase. Sounds more like "analysis" to me. I bet it wouldn't be hard to convince twelve jurors of that.
There's no failure quite as dissatisfying as a complete and total solution to the wrong problem.
Sony defending DRM trojan with EULA getting sued in the US but introducing the same DRM trojan in Europe like it is a feature.
"People" admitting (like it is written in buzzword bochures) that it is wrong to play music on more than one device.
Microsoft being asked if it is right to sell their products as being used.
SCO, Scuttlemonkey and all the likes with their never ending FUD, BS and threats.
Video Game Fanboys in games.slashdot.org justifying their purchases with stock quotes.
I should really stop visiting this site and spend more time on the gun range or getting a pilot license. Wait. I'll check with geotrace where slashdot is located.
See ya!
HAHAHAHAHAHAHA... ahem. HAHAHAHAHAHAHA. ahem.
firstly, how does a company prove that the EULA was agreed to? i'm sure you could demonstrate ways of detecting this filthy program without having to install it... therfore you can't assume the EULA was even agreed to, and thats IF the EULA can even be considered legal tender in this case, im sure you can make an argument that it goes beyond legal limitations by attempting to control the way other programs function...
>non-user-non-MS-unintentionally-installed-softwar e
Why should MS be excluded?
I guess you can now hand the cashier at the bank a note that reads 'By reading this note, you agree to hand over all the money in the vault, and you will not call the police.'
Ha! They have big ones for trying that.
Wonder if they can look ya in the eye and say that.
need a ring of ELUA imunity +10...
awesome! can't wait until the virus writers out there cotton on to this!
*note: by installing this virus you have agreed not to take part in virus scanning practices, you may not use the bytecode or any means of detection to scan for and/or remove this program.... MWAHAHAHAHAHAHAHAHAHA!
"By running Linux, BSD or any other operating system lacking either a Win32 or NT API, you are preventing the installation of the Software and in violation of this agreement, for which you may be liable for damages..."
fuck you I will disassemble, modify, and otherwise examine anything I want dispite your EULA.
Legal documents are written with the intention of covering all possible situations, and often worded such that each clause is as broad as possible this is to avoid said lattice fence gaps. This is because once a gap appears it is exploited by lawyers to make the entire document sound ridiculous. (Which is often the case anyway.)
For example a lawyer will jump right onto this clause, and talk about all the other methods of research, they'll attempt to broadly classify what research is (including using the software at all.) His final point will be that it's impossible to satisfy the terms of the agreement in any way, making it an invalid document. For example the phrase "by reading this line you agree to not read this line", is obviously ridiculous, but essentially any lawyer will be able to make this EULA analogous to this.
Putting anything into the EULA means nothing if you cannot prove that the other guy ever accepted it.
This is spyware, so it's main purpose is to install it without the user noticing, right?
A user that doesn't notice the install obviously doesn't read and accect a f*cking EULA, so it doesn't matter what the EULA says.
Sunbelt might just as well have examined a contamined PC.
At least here at Brazil.
To a contrat be valid, it must be an agreement between two parts. In the case of an EULA the consumer doesnt have any power of negociation, and in pratice cant change anything on the EULA.
The brazilian legislation also states that you cant be forced to agree with a contract that prejudice, or denies, any of your rights. This way no EULA can really be enforced here.
Just my 2c.
---- You know how some doctors have the Messiah complex - they need to save the world? You've got the "Rubik's" complex
Perhaps there should be a system where any software installed has to agree to a license on that computer. So I can add my own EULA to my computer and any software vendor that has their software on my computer has to agree to it. There can be a nice API that can be used to get at the license and everything. If I have to agree to an EULA when installing their products on my machine, they should have to agree to my EULA to run their software on my machine. If they break it then I can sue them.
This is fair too, because as much as I don't understand their EULAs, they wont be able to understand mine. Vive la revolution in software consumer rights!
Person one opens the package, puts the contents on the table and leaves.
Person two installs the software on a computer, and leaves.
Person three has got no knowledge of the first two, and is therefore not encumbered by any EULA.
Problem solved.
(freely taken from one of Isaac Asimovs stories, in which a series of robots, all of them incapable of hurting a human, are coerced in taking part in a series of actions that results in the death of a human)
The next time some "Microsoft is 100% evil" or "IBM is 100% benign" topic shows up, can we all remember this?
Companies are staffed by people, some of whom are bright, some of whom are stupid, and some of whom either get or don't get the way the world works.
In short: a lot of people running companies, or purporting to run companies, are no more mature or adult than your average 3am slashdot reader (hey, wait, that's me!). Look at what they've done here: picked a fight they can't win, gotten more press for their company's nature as a spyware "vendor", and turned a lot of very knowledgeable, sometimes-irrational geeks (that's you, slashdot) against themselves.
Duh.
-b
If I wanted a sig I would have filled in that stupid box.
Just go to
http://www.spymon.com/downloads/install.exe
Then you can extract the files from the installer exe without agreeing to anything.
Who reads these? If you don't agree do you actually not install and/or use this program? Someone could add a "This will blow up" warning, a la Inspector Gadget and I would have no idea what hit me. I'm probably the only one..
Sex - The formula in which one and one makes three.
...Which brings me to the second thing. THIS IS NOT A HOBBY. If you want to be an anti-spam advocate, if you want to write software or maintain a list or provide a service that identifies spam or blocks spam or targets spam in any way, you will be attacked...
s pam
http://diveintomark.org/archives/2003/11/15/more-
from the article (page 2):
Copyright law plainly wasn't designed for what RetroCoder is using it for, said Christopher Brody, a partner at Clark & Brody in Washington, D.C. "Copyright laws prevent copying, not examination, and I question the enforceability of such a clause based on copyright ownership," he said.
Well since copyright is alos used to prevent the unauthorized copying of banknotes, copyright is actually quite powerful. But copyright will not prevent you from studyding bank notes, it might prevent you from creating machines that can help you to duplicate bank-notes (try scanning in a bank note into photoshop and you get the point.)
By reading this post, you agree to pay me $1,000,000.
Rediculous is ridiculous!
'In order to add our product to their list, they must have downloaded it and then examined it. These actions are forbidden by the notice,' a RetroCoder spokesperson said." I don't know about Kangaroo Cout but over here THEY would have to prove that's what happened.
I wonder that EULAs can hold up anywhere in court, even in US. After all, it would be easy to write a program that shows the EULA for a splitsecond and inserts a button or keypress into the messagequeue. In fact smiilar techniques have been used by dialers in germany. After the regulation authorities decided that the fees, created by a dialer, can be challenged, when the user creates a backup of the binaries and sends it in for examination. The dialer would be installed by the authorities, so that they can see wether it really asked the user and told him about the fees, which would be the requirement. What happend then was that the dialers started to erase themselve after they created the connection, which left the user with nothing there to prove that he really was the victim. A company that uses an EULA for actual legal bindings would have to proove that the user really pressed the acceptance himself. I doubt that it is enough to find the software installed on my machine. Here I could always claim that I was not even aware of the installation because my kids did it and it would have to be proven in a court case that it indeed was me.
1. Hover mouse over Okay.
2. Type http://www.spymon.com/downloads/install.exe into URL bar.
3. Download crap without agreeing to EULA.
For sale: one sig space, gently used. Inquire for details.
What if it is a spyware duck that only looks like a duck and sounds like a duck, but has hidden cameras connected to a central server where people monitor your activity?
Remember, back in the beginning, Darl proclaimed that Linux must have his precious Unix code in it because otherwise it wouldn't be so powerful. To prove that someone violated your EULA, you have to prove that he is bound by it. To do that, you need to prove a lot of things. Good luck suckers. Maybe these guys should have a talk with Darl.
But, if they are acting as appendages of a single corporate entity, it is in the eyes of a the law a single person doing this.
Alice, Bob, and Charlie may be off the hook (especially if they don't have the big picture), but the XYZ Corp that employs them definitely is not.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
virii with EULAs stating that anti-virus companies are not allowed to dissect them.
Time. Time seems... strange.
If they effectively admit in the EULA that this is spyware, it can go straight on the list without anybody looking at the program! Problem solved!
Timo's Audio Software http://www.esseraudio.com
Runs on Linux.
...and he grinned, like a fox eating shit out of a wire brush.
Ah, I see you've met the newest CIA pets.
I'm drunk and haven't RTFA and it still pisses me off. don't drink and /;.
I want this account deleted.
Many years ago at Defcon one of the highlights was a program called Back Orifice (project lives on at http://bo2k.sourceforge.net/featurelist.html ) This looks like the same program with a reworked interface...
In the context of the EULA, it doesn't matter whether or not they used heuristics.
If they did any testing or validation against that particular software, they violated the EULA (FWIW).
They are in the clear, only if their heuristics are so good that their product picked it up on its first inadvertant encounter with the software on a machine that was not intentionally infected.
A previous court case a few years ago declared that reverse engineering is legal. Few, very few, judges will go against a precident that's lasted that long.
Also, legal documents like EULAs and Contracts cannot by their wording violate the US Constitution, the constitute of the State in which it is written, nor current Federal, current State, County, and City laws. EULAs and Contracts do not give companies and individuals the ability to bypass the Word of Law.
A few examples of companies trying to get away with this are:
* Company rules restricting employee fraternization - They may have the right do to this in company premises, but I'd like to see them try to enforce such a rule in an employee's private residence. I can smell Civil Rights Violation a mile away. The ACLU would drool at the chance to handle a case like this.
* At Will causes in company contracts - In my state some business I worked for have "AT WILL" clauses saying they can let you go for any reason or no reason at all. Technically this is an attempt to circumvent Labor Laws and Equal Opportunity Labor Laws and likely wouldn't hold up in court.
There are just some examples of what companies are trying to get away with. No one person is above the law and no company should be allowed to be above it either.
Michael "TheZorch" Haney
thezorch@gmail.com
http://thezorch.googlepages.com/home
Sony could learn from these guys! :P
Software Company Agreement for Installation?
By giving me this software to install in any way, you the software company agree that your EULA doesn't work, and to let me use it in any way, and that i can call it a piece of sh*t.
Put that in your computer and all ready...
a. Anti-spyware vendor should join the industry organization http://www.antispywarecoalition.org/index.htm/ for classifying and unifying spyware categorization
b. Offended/accused spyware vendors could use the Vendor Dispute process http://www.antispywarecoalition.org/documents/vend ordispute.htm/
And I'm 90% sure this part of the EULA wasn't written by a lawyer. Defendant can basically say "This isn't research" and tapdance all the way to the bank.
Honestly, next thing they'll be saying is that strapping these dummies to a table and yanking their entrails out with an iron hook is "anatomical research." It'll be fun to win that case by telling the jury I wasn't doing research---I was drawing and quartering a spyware manufacturer. The best part will be hearing the foreman say "not guilty on account of he was drawing and quartering a spyware manufacturer. And here's the addresses of a few spammers I know about."
This is not my sandwich.
That's the only response I could come up with. When the whole world's gone crazy, how does one respond rationally?
Seriously, purveyors of spyware should be brought up on charges in criminal court. We do the same for virus writers, how is malware any different? Can you imagine the courts allowing a virus writer to sue AV firms? :)
Sticking feathers up your butt does not make you a chicken - Tyler Durden
Why RetroCoder thinks Sunbelt is an End User of theirs? By the way, if You could develop anti spyware, You should definitly perform a spyware research, and knowing nothing about (or researching) existing anti-spyware solutions. (Though perheps it's not the most effective way to do so. :) )
It doesn't matter which company wins, either spyware or EULA is going to lose.
Just wait! ex-spammer and OT Stu Sjouwerman will summon the forces of John Travolta and the Church of Scientology via South Park blast them! (Download, play seems to be broke.)
One line blog. I hear that they're called Twitters now.
ALREADY DONE 11 years ago!
A program was written AGES ago that ONLY hit "Yes" on legal EULAs on the macintosh to allow users to deny culpability.
The application was called "No More Lawyers" and looked for the "Yes" button in apples installer tool used with many 3rd party installation products.
This program was shown to a large cheering crowd at Mac Hack computer conference in Michigan 11 or more years ago.
It is only now that i see the true wisdom of installing the program.
I remember seeing such notices on BBSs circa 1986.
I'm a big tall mofo.
Retrocoder Limited has NOT threatened to sue Sunbelt - we are currently looking at what legal options we have to defend our product.
This is a copy of the text sent to Sunbelt:
"If you read the copyright agreement when you downloaded or ran our
program you will see that Anti-spyware publishers/software houses
are NOT allowed to download, run or examine the software in any
way. By doing so you are breaking EU copyright law, this is a criminal
offence. Please remove our program from your detection list or we will
be forced to take action against you."
The action will be that we may be (in our opinion) forced to get the UK police authorities involved with Sunbelt over copyright theft. This is a criminal offence, not a civil one I believe.
Retrocoder Limited as the copyright holder, has the right to say who may or may not have its program. If someone has its program without permission, are they not guilty of a criminal offence?
For example, if you have a copy of Windows without MicroSofts permission, is this not a crime?
Below is a copy of the text sent to Joris Evers (who wrote the original article from it):
"As you can see, at the moment it is just a warning to them to stop
blacklisting the program. Our program is not a "trojan" or "virus",
it is used to keep a remote "eye" on your kids or employees. The user
must have access to the users machine in order to install the client.
Only the installer of the program can view the client machine. Our
program does not attempt to bypass firewalls or other such protection.
This is very different from "trojans" and "viruses" - they replicate
themselves and spread uncontrollably, you do not usually need direct
access to the users machine. They often try to bypass firewalls in
order to "reach" the internet.
Our problem is that companies like Sunbelt do not properly look at
software before they blacklist it. They clearly ignored legally
enforceable warnings that what they would be doing is not allowed by
the copyright holder. This shows that either they do not examine
programs properly or that they ignore copyright law. In order to add
our product to their trojan/virus list they must have downloaded it
and then examined it. Both of these actions are forbidden by the
copyright notice.
A similar situation arose with Grisoft with the AVG product. We sent
a similar warning letter out to them and they responded by removing
our programs from their blacklist. This resolved the situation and no
further action has been taken.
I will be consulting with our solicitor in the next few weeks about
companies like Sunbelt, what civil/criminal laws have been broken, and
how best to involve the UK Police authorities in action against them."
...So they are sueing them because they "must" of done something that is totally legal, or :should: be totally legal? Judges should be allowed to fine people for being stupid. Are they? IANAL.
It's like a bank robber suing the bank after the robbery because he slipped on the floor during his getaway and sprained his ankle.
RebateFX.com - Spread rebates for Forex traders
Everything about these idiots screams "asshole". Look at their web site advertising their product:
;)
Don't know what your kids are doing on the net?
Worried that your partner is cheating on you?
Want to see what your employees are really doing instead of working?
Ever wanted to be a hacker like in the movies?
Great product niche - allowing paranoid idiots to spy on everyone in their life. Then there's a fantastically smug notice at the bottom of the web site that says:
Please note that the "crack" by "team tbe" doesn't work anymore.
Like I said - everything these guys do and say has asshole written all over it.
I'm a big tall mofo.
Nope. Sorry. Your attempt at classification of this duck is in violation of the Duck EULA for passive observers.
But if you float like a duck, YOU'RE A WITCH!!!!!!!!!!!!
Cliff Claven
K.E.G. Party Chairman
Founding Leader of: Koncerned for Egalitarin Governance
Unfortunately for anti-spyware companies in this case, there was a specific clause that said essentially "you can't analyze our shit".
I'm no lawyer, but it sounds like the good guys are gonna get the short end of the deal in this situation because of a "technicality".
Perhaps bartenders should go this route and have their patrons sign a legal disclaimer everytime they get a drink. That way, just incase he/she get drunk, they are unable to sue the bar(tender) for damages when they drive their car into a field full of cows. Hey technically that would cover the farmer for suing for the cows too right?
Justice is Served once again!
I would think that one "buys" software the way one "buys" a book. The buyer owns the physical media, but the ideas and thier expressions are and remain the intellectual property of the author of his/her assignees. And the author/publisher obviously have the right to sell other copies of that same book to more people.
Check out http://www.sunbelt-software.com/CounterSpyEnterpri se.cfm
"Microsoft shares their spyware definitions with Sunbelt, but SunBelt uses the threat information differently."
That would mean SunBelt haven't violated any EULA's and that the lawsuit should be aimed at Microsoft...
[)amien
Yeah and it turned me into a newt. I got better.
Judges have ruled repeatedly that EULA's are not legally binding since virtually no one reads them. Besides, trying to write in a clause saying that you can't be stopped from doing something illegal won't hold up in court.
Would the EULA really fall into affect here if the anit-spyware maker is not an end user? Wouldn't it be easier to go after someone that is using the anti-spyware software to get rid of their product? But really what company wants to take a leak on the hand that they eat with?
"Do you know how dumb average is?" - Peggy Hill
Their website is linked in the article brief.. They state right on the website that the purpose of the software is for spying on other people who use the computer.
This isn't your normal spyware (think adware). From what I gather reading their website, the software doesn't communicate back to the internet to store private information in some database. It also doesn't try to sneak itself into your computer. You have to pay to download it even.
Essentially it's a keylogger, and the antispyware company could easily have added its signature without actually installing the program. Read the website and you know how to classify it, extract the binaries from the installer, get a signature and add it to your database and you've never been presented with the EULA. Should be open and shut...
One or the other. It's bad enough the company has this in their EULA, but the fact they are trying to enforce it through the courts proves one of two things. They either have a legal department/management team with serious balls or their legal department/management team is out of their mind. One or the other. I personally would believe the latter. I can't wait until it gets laughed out of court or, even better, the judge takes the evidence and does whatever he has to do to get the company prosecuted.
Since I'm not logged in yet when posting this message, I have to type in a captcha. This one is "agree". By typing this, what am I agreeing to? Crap, time to get my lawyer to read this page before pressing preview.
But why is the rum gone?
From where does a EULA derive its power?
As far as my country's laws (Israel) go, agreeing to a contract consists of a written signature, or verbal agreement. Clicking "I agree" buttons (or autoscripting such clicking) does not constitute a legally binding contract.
So how come EULAs get enforced at all?
To me, it seems as though the EULA never had any legal power, but by repeating it enough times as a "big lie", slowly people start accepting it as more than a legally void question when they start their programs.
Who will spy on the spies spying on the spyware?
1) Your analysis is based on bad assumptions so your result is way off. 2) You're a sick bastard for fucking a horse.
Let's get some fire and some pitchforks...
-M
when you see the word 'Linux', drink!
Where is the power of the EULA derived from?
In my country (Israel), only a written signature or a verbal agreement constitutes a contract. Clicking "I Agree" buttons bears no legal meaning.
So is the EULA legally valid, or is it based on the repetition like a "big lie" until people learn to believe that it is true?
From Companies House:
RetroCoder Ltd
IANAL, but in the scenario you outline, Sunbelt is acting as an agent for the client. Therefore, the client would be accountable for actions taken against the EULA by Sunbelt. Presumably, Sunbelt will indemnify their client as sending their client's name to SpyMon would be bad for business. Hence it is Sunbelt's problem.
...Or a very small rock ...
Is this the kind of "Insight" I can expect on Slashdot from now on?
Speaking of "runs on Linux"... there aren't any spyware programs that run on linux yet, are there? Not that I'm, um, worried about my wife, um, seeing what I download when she's out of the house... just curious...
Because you can't spell "slaughter" without "laughter"
Sorry, I am all out of mod points myself :(
Can a spyware company assert that DCMA laws have been violated by terminating the spyware applications running on a machine ? Could the DCMA regulations be abused for such end ?
That is such a perversion of the original intent of copyright law, it makes me sick.
It doesn't take too many functional brain cells to conclude that a program named "SpyMon" that apparently describes itself or is described by others as "remote control software" is, in all probability, spyware. In fact, I think it would take a serious shortage of neurons to NOT draw that conclusion.
Next up: An EULA clause stating "The use of normal caution and/or logical thought proicesses is expressly prohibited in regard to the subject Software."
"My strength is as the strength of ten men, for I am wired to the eyeballs on espresso."
Remember in the days before spyware existed, where those who used your computer was YOU? It seems we now have hundreds of seedy companies trying to eat up our precious processor time and trying to sell you stuff.
And now this company has the balls to come up with this in a EULA?
I say unleash the white hat hackers. The joy of computing must not be ruined by sony's rootkit, or spyware or stupid legal hassles.
This is the email I got back from them after writing them an email. It was replied to within 5 minutes.
Hello REMOVED
Friday, November 11, 2005, 2:10:43 PM, you wrote:
>I have removed your spyware from several machines this year.
>I am going to create a script that removes your software, then open
>source it, then create a website about it. You can't stop freedom of speech with a
>EULA.
Whoever put the program on the machines must have had direct contact
with them. It cannot be installed remotely and does not try to get past
firewalls.
Best regards,
Anthony anthony@spymon.com
....End USER License Agreement. As I understand it, they don't want to use the spyware. Quite the opposite in fact.
Whoa, great idea. I'm gonna genetically engineer a disease, write a EULA for it, and spread it. Then, I'll sue any scientist who attempts to find a cure, or any doctor who attempt to treat it! BRILLIANT!
"You will pay for your lack of vision..." - Emperor Palpatine to Ray Charles
If you work for the FBI, disconnect now!
What, you can't arrest me, you weren't allowed to connect to the server!
Person A installs this garbage on person's B computer. Person A agrees to the EULA, person B does not. Person B is a programmer, detects this garbage on the computer and analyzes it, figures out what it is and classifies it as SPYWARE.
You can't handle the truth.
And while you're over there, be sure to check out Anthony's post of Oct 13 in the "DETECTABLE by virusscanners/antispy-software" sub board. I just know that Anthony is looking forward to hearing from everyone and is seeking friendly folks to keep him company.
Is it fascism yet?
So, what these people are saying is that consumers are not allowed to be protected from bad products. Companies could make cars without brakes or seatbelts and post a notice that the government may not inspect their vehicles. Food companies could package rotten corpses as "Yummy-time barbeque" and simply write on the container that the contents can not be used in disease research.
I'm more than willing to contribute to a legal-defense fund to squash this lawsuit.
Obviously this companies lawyers think they have a case. However, I believe most judges would turn the table on the plantiff and have them demonstrate exactly what it is that their software does. Judge: So...this boils down to your company is seeking damages because the defendant is helping people remove your software, um, software that reports to you things that the defendants clients may not want you to know? Plantiff: Yes sir. Yeah, that's gonna win the heart and mind of the judge. NO WAY will this be a winner.
they probably did it just to hurry this whole issue along. see also: giving someone enough rope to hang themselves.
maybe we'll find out just how legal EULAs are after all.
eudas
Blessed is he who expects the worst, for he shall not be disappointed.
Oh, advertising your product as a tool for criminals is just begging for legal action.
I think ConterSpy should be CounterSpy.
If anyone wants to conter this post, feel free.
By viewing this text you agree to break and no longer be bound by an EULA that you have clicked through just to test software to see if it was worth buying. You are freed from any EULA that you might accept in the future as you can "lie" and claim you read and accept the EULA. I also recommend in the future that you use your dog or cats paw to click accept on any and all EULAs so they are the only ones bound by such an agreement.
Why exactly do these companies state that this software is spyware?
its not spyware. If its taken as spyware, VNC should be as well..! And remote controlling built in in windows!
And the retrocoder spokesperson has all the rights to sue them even.
He stated they should not download the software, wich they must have done!
My regards, Thefool
What about emacs?
XML causes global warming.
Bottom Line: STOP DEFACING MY PERSONAL PROPERTY!
These companies are getting away with doing stuff nobody else can do, and why? I don't know, but I wish I was a lawyer.
If carrots got you drunk, rabbits would be fucked up. - Comedian Mitch Hedberg R.I.P. 03/30/68-2/24/05
...Expect Useless Lawsuit Anytime...
Sue everybody. I wanna sue the clients you have too.
when they ban enctryption only criminals wi$21*J *#JF$%!@#$':
Was I the only one who saw this subject line and though goatse.... ?? I must admit, it made me flinch.
Alex, I'll take keybindings not used by Emacs for $400....
They arn't aruging against the classification, they simply state that the anti-spyware company is forbidden from ever installing their software. The rest of the arguement goes, if you classified us, you must have installed us at some point in time.
That's the FRENCH for you. Wacky, wacky, wacky.
Is the EULA considered a legal contract? If so, wouldn't the work around be to simply have someone under the age of 18 (usually the legal age for entering into a contract) agree to the EULA then pass a copy of the spyware over for research? Since the minor cannot legally enter into the contract, they are not bound by the contract and the person/company receiving the spyware never agreed to the EULA, so they aren't bound by it either.
IANAL, but just wondering if this would work?
This is like a bank robber forcing a bank teller to sign a note at gunpoint saying "...by signing this note the bank agrees not to prosecute me."
been using lawyers since I was 9, I like lawyers. Lawyers make my life easy.
If you have needed lawyers since age 9, I would be fascinated to learn your definition of "easy".
Will malicious virus and worm scrip now contain a EULA denouncing that anti-virus products are breaking their intellectual property? Give me a break!
Man, Slashdot it getting sloppy. I mean, when your only job is to appove posts, you'd think you could spend a few minutes checking them out first.
You're not teaching the target anything by killing them. But that's not the point; you're teaching those around the target. :)
Don't just stand there, get that other dog!
It is my understanding that spyware is software that is installed without the user's permission or knowledge. It sounds like this application is intentionally installed by one user to spy on another. So does this actually count as spyware even though it is used to spy?
The following scenario may be more defendable in court. I am not a lawyer, nor do I have a briefcase or fins, so I cannot advise whether this could actually work. The scenario goes like this:
Someone who did download the spyware software is having problems with their computer. That spyware software may, or may not, have anything to do with the problem. They bring their computer to you to diagnose. You do the diagnosis and discover numerous programs present that are performing unexpected activities that appear to be spying. You notice specific signatures about these programs in order to detect if they are present. You implement spyware detection software that can recognize each of these programs. You have never agreed to any EULA from any of these spyware companies.
The legal issues that can still be present include that you may still be attached to the obligations of the owner of the computer, since they cannot pass on to you any rights to do beyond what the EULA specifies is not passed on to them in the first place, and include that the very signature may somehow be considered a copyright violation, even if it is a cryptographically strong checksum.
now we need to go OSS in diesel cars
Unless it is a duck.
Or does that mean all ducks are witches? *Looks suspiciously at ducks on nearby pond.*
Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
I'm so glad you didn't add taste to that list.
I've hit Karma 50 and gotten a Score:5, Troll... I win!
Just to clarify -- we are not being sued. We received a demand to remove their product from our database. I've blogged about it here http://sunbeltblog.blogspot.com/2005/11/retrocoder .html
Alex Eckelberry
Sunbelt
Maybe they never downloaded it in the first place. Maybe they are acting on the basis of experience that is typically gathered by a practitioner of the field who also works to diagnose malfunctions in client computers where previous detection efforts have failed. This would not necessarily mean your software caused any such problems, but rather, your software may have co-existed on a machine with previously undetected malware which was also performing similar spying actitivies, although for malicious intentions. On the basis of these activities, they would never have agreed to your EULA in the first place as they would never have downloaded a copy of the software.
The ability to detect software like yours, which presumably has no ill-intent, is still necessary, IMHO, because of the existant possibility of ill-intended installation by other parties, such as kids spying on their parents first (it happens), or one spouse spying on the other in domestic issue civil cases (it happens a lot). Unless you can prove that your software has unbreakable facilities that prevent anyone from installing the software except in cases where it would involve only legal spying (e.g. parents spying on kids), I don't think you have a valid basis for demanding that your software be exempted. And I do not see how the software is capable of evaluating the domestic role of the person doing the installation.
My real concern has nothing to do with your software. It has everything to do with all spyware in general, and the establishment of legal defenses that they all may use if you take this matter to court and prevail. Such a ruling would be universally harmful to everyone.
In an unrelated issue, how is your software going to spy on kids that are skipping Windows and booting up a Knoppix CD instead to get to the internet to surf for 7un3z, w4r3z, and pr0n? You know kids are doing it, and not just the smart ones. Do you warn parents that your software cannot detect all these cases?
now we need to go OSS in diesel cars
Retrocoder just needs to stick a clause in their eula: you aren't allowed to use this program to check if your program is detected.
If it looks like a duck, and sounds like a duck, then it probably tastes good with orange sauce.
he then strangled a puppy, punched a baby in the face, and went back to sexually harrassing his co-workers.
...but I can't find a suitable rhyme for "douche turd."
"Made up/misattributed quote that makes me look smart. I am on
'In order to add our product to their list, they must have downloaded it and then examined it. These actions are forbidden by the notice,' a RetroCoder spokesperson said.
A notice is not a contract. It is not any form of agreement. Heck, it barely qualifies as a legal mechanism. Why this company thinks a notice contractually binding is unknown. Maybe their lawyers flunked out of lawschool? Maybe they had to go all the way to Elbonia to pass the bar exam?
This goes beyond the unilateral "click-thru" licensing of other companies. I'm going to name this one "we-said-so" licensing.
A Government Is a Body of People, Usually Notably Ungoverned
Well I just tried to download the installer and McAfee detected BackDoor-CTQ.dr so does that mean McAfee should be in trouble as well?
Yes they can win. They can win by harassing, intimidating, and causing the anti-spyware companies to spend so much money defending themselves that they either go out of business, or leave companies like this one's products off their list.
The only way they can't win is if they are heavly fined for filing frivilous lawsuits, and the money given to the defendants.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Not a funny question at all when you consider the ramifications of one person installing software on a computer and agreeing to an EULA that a second person then uses. How do you sort this out?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
You're using the "Jersey Girl" defense. Genius, really.
"Made up/misattributed quote that makes me look smart. I am on
You couldn't have chosen a better subject line. :)
The fool who started the law suit said: In order to add our product to their list, they must have downloaded it and then examined it. These actions are forbidden by the notice,
Not exactly so. Most virus scanners are smart enough to notice viruses even though they are not in listed in the virus databases. They do it by analyzing the executable.
So, if the program looks like spyware and acts like spyware, a smart virus scanner would detect it as spyware even though the programmers have never seen that particular spyware. The makers of F-Secure claim that their product can do this to some extent.
Antti S. Brax - Old school - http://www.iki.fi/asb/
You sure it's not a penguin?
Or they might just have read their webpage.
"SpyMon will allow you to watch other people's computers as they use them. You see all keys pressed as they are pressed and you can even view windows and webcams!"
It doesn't take a genius to classify this application as a spyware when the people doing it call it a software for spying.
Battle of the eula's?
The whole concept that usage can be dictated in such a fasion is frightening and probably destructive overall.
"I see your eula is as big as mine. But do you know how to use it?"
I think you underestimate just how much I just dont care.
But you still presumably need to get the program and look at it to know how to detect it, which is what their argument is with. Sure, there's also heuristic detection, but suppose that this kind of EULA crap stands up, and then all the spyware authors add it. Then you might not even have enough data to form a good heuristic base. With their EULAs validated, and the "opposition" made impotent, they'd basically have free reign to hijack computers.
With any luck, it won't go that far, and instead we'll see a significant blow to the (perceived) power of EULAs. But in seeing as how I live in the US, I don't know whether to expect that much sense.
My guess is that in this case the client would have infringed the EULA by hiring the company to do something that the client "agreed" not to do. The deep pockets principle (as well as visibility) still gets the company sued, until they are able to deflect it to the "client".
Standard Disclaimer applies: IANaL
McFly777
- - -
"What do people mean when they say the computer went down on them?" -Marilyn Pittman
Read your own words.
They are filing suit in the US
I think it's because they'd be laughed out of the court in the UK, but yet it could actually be a serious case here. It has gotten to the point of being utterly ridiculous.
-Brandon
In an unrelated issue, how is your software going to spy on kids that are skipping Windows and booting up a Knoppix CD instead to get to the internet to surf for 7un3z, w4r3z, and pr0n? You know kids are doing it, and not just the smart ones. Do you warn parents that your software cannot detect all these cases?
Disable boot from CD, password protect the BIOS. Would that do the trick?
I agree, their manual should say that. (I haven't RTFMed, so not sure if it does).
http://news.umailcampaign.com/message/102099.aspx
http://it.slashdot.org/comments.pl?sid=158250&cid
http://home.snafu.de/tilman/prolinks/
Remember guys, this is Amerika. Just because you have the most votes, doesn't mean you get to win.--Fox Mulder
How about some crackers make some heuristic algorithms to detect the EULA screen and just skip it. Then we don't have to agree to anything and can reverse engineer at will.
From Vigor's EULA, in a scrollbox that wouldn't let you scroll:
The first paragraph refers to "Fare", who had made a minor splash the week before Vigor came out by claiming he'd found a loophole in the GPL. The Bill's towel boy crack is from Dilbert. The "not fault tolerant" bit is right out of the Java license; I couldn't think of any way to make that bit funnier.
Hear, hear. Very well stated.
Our problem is that companies like Sunbelt do not properly look at software before they blacklist it..........This shows that either they do not examine programs properly or that they ignore copyright law.
I have several points.
1. If you hadn't BLOCKED them from "inspecting" your software in the first place (per your EULA), then they might have actually "properly looked at your software"!! If you block them then they can't examine it now can they?
2. Since you mention that "anti-spyware companies can't look at your software", then that probably threw up a red flag to them. Where there's smoke, there's fire. And by coming out and flat out saying "anti-spyware companies can't look", you're making them blacklist you by default.
3. If they got a computer that had some files they didn't recognize on it, and looked up their origin via the internet, then they aren't tampering with your software. They may very well not have seen any EULA anyway. All they needed to see was it was a "spying" program and that "anti-spyware companies aren't allowed to examine it". So whenever a computer has those files, mark them as spyware.
To me, you guys set yourself up for this. If someone doesn't want me to look at something they are trying to sell, then I'm going to tell everyone else it's probably bad news.
you make spyware. A program that allows someone to spy on others is called spyware. (dumbass)
I'll be posting a notice, as I did when Claria/Gator tried the same bullshit, on most of my sites: "Spymon is spyware. Stay far away from it and check your computer for it."
In this case, I may even be interested enough to post instructions on how to add your software to the 'evil' list in virus/spyware removing programs.
Seriously, you've gone about this all wrong.
Copyright laws give you certain rights in relation to your software -- in particular the right to prevent someone from copying or retransmitting your software to a third person or group of people without your permission. THEY DO NOT give you the right to either a) prevent people from inspecting your software with a particular intent in view, or b) a prevent a certain general class of people from accessing your software. -- If you could do that, then Lauren Hill could put copyright agreements on all her albulms that say that white people can't listen to them!
EULAScan is a new site for using distributed human judgement in a collective project for watchdogging these kinds of companies.
The courts need to impose the same restriction on these so-called legal Spyware/logging apps that they do on voice recording: the app has to generate a "beep" every 60 seconds to let you know it is monitor and recording your actions.
Tombs with piped-in music. How classy! -- Garrret, Thief: The Dark Project
If it was a penguin it would have 'Property of the Zoo' stamped on it! .. ...
.
OH, INTERCOURSE THE PENGUIN!!
I'm surprised everyone seems to be talking about EULA as valid contract. Regardless of that, the idea that copyright ownership could prohibit the behavior specified in the EULA is questionable. Two parties could certainly create a contract with terms that prevent this behavior - and a EULA might be considered such a valid contract, or it might not.
But, two parties could/would not use copyright law as the basis for this contract - there are better lines of legal reasoning. Seems like these guys (among many others) have overloaded copyright provisions. Hopefully this will go to court, and fix this EULA mess, at least insofar as it's based on copyright ownership.
FTFA:
'Copyright law plainly wasn't designed for what RetroCoder is using it for, said Christopher Brody, a partner at Clark & Brody in Washington, D.C. "Copyright laws prevent copying, not examination, and I question the enforceability of such a clause based on copyright ownership," he said.'
This was so rediclious that i decided to email them, everyone here should too. :)
6 8222
Subject: wow you guys are assholes
Body: good luck with your baseless lawsuit, rot in hell
http://yro.slashdot.org/article.pl?sid=05/11/11/0
Is the company for real, they accept payment by PayPal, serious companies take credit cards. Looks like a one man and his dog operation trying to make more money from a law suit than they make from their software.
That's not much of an issue unless the client agreed to the EULA when the spyware was planted on his/her machine. From what I understand, spyware doesn't like to make itself so obvious.
"The use-mention distinction" is not "enforced here."
What an idiot.
Unlimited growth == Cancer.
What is wrong with PayPal, with paypal customers know that we are not scamming them for credit card details.
btw - did you actually read the original article - we are not suing them - slashdot got it wrong!!!
However, when I buy a book, I make a transaction with the store, not the author or publisher. If the publisher or author ever show up on my doorstep, I have every right to slam the door shut in front of their noses. They have no 'rights' to see what I have done with that book (if maybe I put it in a non authorized bookcase, or maybe I bought it in Japan and am now 'violating' their region-code ). All I have to do is obey the laws of the country I live in (and its copyright laws) and the properties of the transaction I made with the store.
The Dutch will inherit the earth. If not, we'll settle for a bit of ocean. Beta delenda est!
But if it weighs the same as a duck, it must be a witch.
Burn Her!!!!
dammit, I hope this goes to court and the spy-guy wins ... then we can finally start moving to add more useful clauses to EULAs, and us poor software writers can finally scratch out a proper living...
If you think imaginary property and real property are the same, when does your house become public domain?