Spyware Maker Sues Detection Firm

Luigi30 writes "ZDnet reports that RetroCoder, makers of the SpyMon remote monitoring program, are suing Sunbelt Software, makers of ConterSpy, a spyware detector program, for detecting the SpyMon as spyware. According to the EULA, SpyMon can not be used in 'anti-spyware research,' and detecting it is therefore a violation of it. 'In order to add our product to their list, they must have downloaded it and then examined it. These actions are forbidden by the notice,' a RetroCoder spokesperson said."

Re:Prove my invisible friend ISN'T Jesus.

[dorkygeek]

Depends on who has the burden of proof in such cases. If an EULA is handled like a regular contract, at least in my country, the party which makes the claim also carries the burden of proof.

Re:Does it work against FBI agents too?

[welshsocialist]

I remember this too. According to Snopes and this blog post, these warnings - boiled down to the simplest level - told law enforcement and other groups that going after them was a violation of non-existing 1995 Internet privacy law signed by former President Clinton.

It isn't true.

Re:I dont think they'll win

[shawb]

Maybe, if this was actually spyware. Okay, it does "spy" on the user, but it is monitoring software. It gets installed on the computer for the express purpose of monitoring another user's activities, such as a boss monitoring their employees or a parent monitoring what their children are doing. This software has to be purchased and intentionally installed, it doesn't just get surreptiously installed along with some screen saver, video game or internet cursors.

I personally think this is generally morally reprehensive if the user is not notified of the logging software, but the owner of the computer is probably within their rights to install this on their own property.

Re:Heuristics ? Or the admit in the EULA

[DrEldarion]

First: they almost admit in the EULA that is a spyware product. Who the fuck else would put such an idiot line in the EULA.

Did you even look at what the program is, or did you just post a kneejerk reaction without even looking into the matter?

The person installing the software KNOWS that it's used to spy. It's computer monitoring software - you know, the kind that bosses have installed on their workers' computers to see if they're actually working instead of screwing around on company time and property. That's the entire POINT of the software, it would be silly for anyone to claim otherwise.

Even simpler solution

1. Hover mouse over Okay.
2. Type http://www.spymon.com/downloads/install.exe into URL bar.
3. Download crap without agreeing to EULA.

Re:My god

[RevMike]

The general gist is correct, but "innocent until proven guilty" is a principle that applies to criminal matters, not civil matters.

It won't fly...

[TheZorch]

A previous court case a few years ago declared that reverse engineering is legal. Few, very few, judges will go against a precident that's lasted that long.

Also, legal documents like EULAs and Contracts cannot by their wording violate the US Constitution, the constitute of the State in which it is written, nor current Federal, current State, County, and City laws. EULAs and Contracts do not give companies and individuals the ability to bypass the Word of Law.

A few examples of companies trying to get away with this are:

* Company rules restricting employee fraternization - They may have the right do to this in company premises, but I'd like to see them try to enforce such a rule in an employee's private residence. I can smell Civil Rights Violation a mile away. The ACLU would drool at the chance to handle a case like this.

* At Will causes in company contracts - In my state some business I worked for have "AT WILL" clauses saying they can let you go for any reason or no reason at all. Technically this is an attempt to circumvent Labor Laws and Equal Opportunity Labor Laws and likely wouldn't hold up in court.

There are just some examples of what companies are trying to get away with. No one person is above the law and no company should be allowed to be above it either.

Nothing to do with copyright

[Kaseijin]

Well since copyright is alos used to prevent the unauthorized copying of banknotes, copyright is actually quite powerful. But copyright will not prevent you from studyding bank notes, it might prevent you from creating machines that can help you to duplicate bank-notes (try scanning in a bank note into photoshop and you get the point.)

The designs of US currency, like other works of the US government, are public domain. Depiction of currency is restricted by the Counterfeit Detection Act. Adobe have, at the request of the Secret Service, restricted certain legal uses of their software.

Hasn't a crime been commited by Sunbelt?

[doubledutchdesigns]

Retrocoder Limited has NOT threatened to sue Sunbelt - we are currently looking at what legal options we have to defend our product.

This is a copy of the text sent to Sunbelt:

"If you read the copyright agreement when you downloaded or ran our
program you will see that Anti-spyware publishers/software houses
are NOT allowed to download, run or examine the software in any
way. By doing so you are breaking EU copyright law, this is a criminal
offence. Please remove our program from your detection list or we will
be forced to take action against you."

The action will be that we may be (in our opinion) forced to get the UK police authorities involved with Sunbelt over copyright theft. This is a criminal offence, not a civil one I believe.

Retrocoder Limited as the copyright holder, has the right to say who may or may not have its program. If someone has its program without permission, are they not guilty of a criminal offence?

For example, if you have a copy of Windows without MicroSofts permission, is this not a crime?

Below is a copy of the text sent to Joris Evers (who wrote the original article from it):

"As you can see, at the moment it is just a warning to them to stop
blacklisting the program. Our program is not a "trojan" or "virus",
it is used to keep a remote "eye" on your kids or employees. The user
must have access to the users machine in order to install the client.
Only the installer of the program can view the client machine. Our
program does not attempt to bypass firewalls or other such protection.

This is very different from "trojans" and "viruses" - they replicate
themselves and spread uncontrollably, you do not usually need direct
access to the users machine. They often try to bypass firewalls in
order to "reach" the internet.

Our problem is that companies like Sunbelt do not properly look at
software before they blacklist it. They clearly ignored legally
enforceable warnings that what they would be doing is not allowed by
the copyright holder. This shows that either they do not examine
programs properly or that they ignore copyright law. In order to add
our product to their trojan/virus list they must have downloaded it
and then examined it. Both of these actions are forbidden by the
copyright notice.

A similar situation arose with Grisoft with the AVG product. We sent
a similar warning letter out to them and they responded by removing
our programs from their blacklist. This resolved the situation and no
further action has been taken.

I will be consulting with our solicitor in the next few weeks about
companies like Sunbelt, what civil/criminal laws have been broken, and
how best to involve the UK Police authorities in action against them."

Re:Hasn't a crime been commited by Sunbelt?

[Lochin+Rabbar]

You should have consulted a solicitor before you embarked on this course of action, as you clearly have no understanding of copyright law. If you had consulted one they would of explained the "doctrine of first sale", (aka exhaustion) to you, and you would understand that you have no case.

For example, if you have a copy of Windows without MicroSofts permission, is this not a crime?

It is not a crime.

The action will be that we may be (in our opinion) forced to get the UK police authorities involved with Sunbelt over copyright theft. This is a criminal offence, not a civil one I believe.

Wrong, they have committed neither civil nor criminal offence, however you have just opened yourself up to an action for defamation. You really shouldn't go around accusing inoccent parties of theft.

Re:Hasn't a crime been commited by Sunbelt?

[Frenchy_2001]

Retrocoder Limited as the copyright holder, has the right to say who may or may not have its program. If someone has its program without permission, are they not guilty of a criminal offence?

For example, if you have a copy of Windows without MicroSofts permission, is this not a crime?

Actually, the answers are NO and NO.
When you buy a copy of Microsoft windows in a store, you enter a tacit sellin contract with that store. Then, on TOP of that, Microsoft tries to limit your possible use of that good, which may or may not be legal. But the only restriction that Microsoft places legally and in an unchallenged way is that you have to BUY their product.

In the same way, once you have allowed people to download the software, you cannot restrict who can use it or not. It would be discrimination.

Microsoft does not prevent researchers or black people or foreigners to use their software, they just prevent people WITHOUT a LICENSE. Then, on top of that, they want to restrict your rights to only USE the software. Here, you grant a license to all (free download) and then say that some kinds of people (anti spyware researchers) are not allowed to use it. It is like saying that french people could not use it. Or any group of people. It is discrimination, pure and simple.

Even restricting a type of use for a product you have the right to use may or may not be legal. A court maintained the right of a company to disassemble a program they had bought to keep it working and improve it.

Microsoft provide SunBelt with their spyware defs

[damieng]

Check out http://www.sunbelt-software.com/CounterSpyEnterpri se.cfm

"Microsoft shares their spyware definitions with Sunbelt, but SunBelt uses the threat information differently."

That would mean SunBelt haven't violated any EULA's and that the lawsuit should be aimed at Microsoft...

Re:My god

[ezberry]

"The general gist is correct, but "innocent until proven guilty" is a principle that applies to criminal matters, not civil matters."

That's patently false. Sometimes, the burden of proof is with the defendant because of the nature of the case. For example, in cases of joint liability (for example, where 2 people are shooting wildly in the woods and a third person is shot, and neither of the 2 people actually know which one killed the 3rd person), then the 2 people must prove that they didn't kill the 3rd person in order to not be held personally liable. This only arises after it has been shown that they were jointly liable, though.
Another example is res ipsa loquitor. This means that the thing that happened is evidence of negligence unto itself. Usually, the plaintiff is not in a position to be able to prove what exactly happened to him, but the certain thing that happened to him could only have happened through negligence of the defendant.
In all of these cases, you still need to hale someone into court and show that they are negligent and then they may have to prove otherwise, but that's not assuming that they aren't innocent until proven guilty.

Re:So much fun

[psyon1]

Yeah, even funnier is that its a Brittish company doing the suing NOT an american one. Check the whois on the domain.

Registrant:
Double Dutch Designs Limited
329 Preston Road
Grimsargh
Preston, Lancashire PR2 5JT
GB

Domain name: SPYMON.COM

Administrative Contact:
Ball, Anthony anthony@doubledutchdesigns.co.uk
329 Preston Road
Grimsargh
Preston, Lancashire PR2 5JT
GB
+44.8701217399
Technical Contact:
Ball, Anthony anthony@doubledutchdesigns.co.uk
329 Preston Road
Grimsargh
Preston, Lancashire PR2 5JT
GB
+44.8701217399

Registration Service Provider:
UK Reg, domains@fasthosts.co.uk
+44 1452 541252
+44 1452 538485 (fax)
http://www.ukreg.com/

Re:My god

[RevMike]

I beg your pardon, but isn't it more correct to say that "innocent until proven guilty" does apply to civil matters, only the burden of proof is less?

No, it isn't. For one thing, a civil trial will never result in a verdict of guilty or not guilty, but in a verdict of liable or not liable. Second, there may or may not be a presumption of liabilty for any particular matter. While a prosecutor always must establish the guilt of criminal defendant, a civil defendant in some cases may be presumed liable unless the defendant establishes that he should not be liable.

While the lawyers are busy on this ...

[DoraLives]

what say we all go over to Spymon's forum and tell them what we think? The thing is woefully underposted and I'm sure they would appreciate our interest in their fine product.

And while you're over there, be sure to check out Anthony's post of Oct 13 in the "DETECTABLE by virusscanners/antispy-software" sub board. I just know that Anthony is looking forward to hearing from everyone and is seeking friendly folks to keep him company.

Re:My god

[MemeRot]

The whole point of this software is to secretly install it on someone else's computer - it's a keylogger and screen grabber. The person whose computer this gets installed on never agreed to any eula. So if an anti-spyware company found an infected box, neither they nor the person whose computer it is are in violation of the eula. Nor the jerk who installed it, since I doubt they expected to get caught.

From the forums you see people are using this to try to spy on spouses they think are unfaithful, etc. Give it up people, if you're installing spyware to monitor your spouse for infidelity your relationship is already over.

Clarification from Sunbelt

[Alexeck]

Just to clarify -- we are not being sued. We received a demand to remove their product from our database. I've blogged about it here http://sunbeltblog.blogspot.com/2005/11/retrocoder .html Alex Eckelberry Sunbelt