Slashdot Mirror
Spyware Maker Sues Detection Firm
Luigi30 writes "ZDnet reports that RetroCoder, makers of the SpyMon remote monitoring program, are suing Sunbelt Software, makers of ConterSpy, a spyware detector program, for detecting the SpyMon as spyware. According to the EULA, SpyMon can not be used in 'anti-spyware research,' and detecting it is therefore a violation of it. 'In order to add our product to their list, they must have downloaded it and then examined it. These actions are forbidden by the notice,' a RetroCoder spokesperson said."
What is the world coming to.
Task Mangler
The fact that someone actually is trying this, or the fact that I'm half-afraid it might work.
Let's all hope not.
To fight the war on terror, stop being afraid.
No, it isn't genious. It's only the crap you'd expect from an asshole...
Anyone remember those MOTD's on pirate-software FTP sites giving us a pseudo-legal-brief about President Clinton signing some law, and then "FBI AGENTS YOU CANNOT ENTER THIS SITE"?
Please help metamoderate.
It doesn't have to be genius. My first idea of defense would be, maybe they were scanning someone else's computer, someone who had previously installed it and had no idea that another person would be using anti-spyware research on that machine. They might then go and sue the installer of the system for negligance or something. Who knows.
This kind of thing is not likely to stand up in court. Spyware has been proven to be a malicious type of software that voilates one's privacy, therefore I would be shocked if the courts find in favor of the spyware maker. The spyware maker might have thought it was clever adding that clause in their EULA, but essentially what they've stipulated was people cannot investigate how their software works in order to prevent it's unwanted installation on to one's system. Not likely to stand up in court.
First: they almost admit in the EULA that is a spyware product. Who the fuck else would put such an idiot line in the EULA. Second: the antispyware company might have used some sort of heuristics. No install required. I would really like to see this go in court: isn't there a limit on the kind of shit people put in that EULA ?
Em. I don't get it. Who says the the company has to agree to the eula to look at it? If the spyware company declines the eula agreement they are not bound to it and as a result the proggy is not installed. How does that restrict they spyware company from analyzing the binaries present in the setup program? Decompress the archive and create a fingerprint done!
They don't need to be able to win. All they need is to have enough of a case to threaten them with long, costly litigation - and once the expected cost of defending themselves is greater than the cost of caving in, most businesses will cheerfully cave. In fact, for publicly traded companies you can make a decent case that it's their duty to do so.
Trust the Computer. The Computer is your friend.
Have they no shame!??
The spyware people should be treated like programming commands and scripts: "Carried out and executed".
In general, I think the USA should change its name to "SueSA". When are people going to take responsibility for their own actions? If someone walks on my sidewalks and trips in a hole in it, it's their own g*dd*mn f**ing fault for not watching where they are going, not mine.
This message has been ROT-13 encrypted twice for higher security.
By putting statements such as "SpyMon can not be used in 'anti-spyware research'", isn't the spyware firm basically admitting that they are distributing spyware? Why would a legal, non-dodgy software company put such a clause in their EULA? I think if the judge rules in favour of the spyware company (unlikely), this will basically give green light to all other spyware and scumware vendors.
Legal documents are written with the intention of covering all possible situations, and often worded such that each clause is as broad as possible this is to avoid said lattice fence gaps. This is because once a gap appears it is exploited by lawyers to make the entire document sound ridiculous. (Which is often the case anyway.)
For example a lawyer will jump right onto this clause, and talk about all the other methods of research, they'll attempt to broadly classify what research is (including using the software at all.) His final point will be that it's impossible to satisfy the terms of the agreement in any way, making it an invalid document. For example the phrase "by reading this line you agree to not read this line", is obviously ridiculous, but essentially any lawyer will be able to make this EULA analogous to this.
Just go to
http://www.spymon.com/downloads/install.exe
Then you can extract the files from the installer exe without agreeing to anything.
I wonder that EULAs can hold up anywhere in court, even in US. After all, it would be easy to write a program that shows the EULA for a splitsecond and inserts a button or keypress into the messagequeue. In fact smiilar techniques have been used by dialers in germany. After the regulation authorities decided that the fees, created by a dialer, can be challenged, when the user creates a backup of the binaries and sends it in for examination. The dialer would be installed by the authorities, so that they can see wether it really asked the user and told him about the fees, which would be the requirement. What happend then was that the dialers started to erase themselve after they created the connection, which left the user with nothing there to prove that he really was the victim. A company that uses an EULA for actual legal bindings would have to proove that the user really pressed the acceptance himself. I doubt that it is enough to find the software installed on my machine. Here I could always claim that I was not even aware of the installation because my kids did it and it would have to be proven in a court case that it indeed was me.
Remember, back in the beginning, Darl proclaimed that Linux must have his precious Unix code in it because otherwise it wouldn't be so powerful. To prove that someone violated your EULA, you have to prove that he is bound by it. To do that, you need to prove a lot of things. Good luck suckers. Maybe these guys should have a talk with Darl.
But, if they are acting as appendages of a single corporate entity, it is in the eyes of a the law a single person doing this.
Alice, Bob, and Charlie may be off the hook (especially if they don't have the big picture), but the XYZ Corp that employs them definitely is not.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
If they effectively admit in the EULA that this is spyware, it can go straight on the list without anybody looking at the program! Problem solved!
Timo's Audio Software http://www.esseraudio.com
You moderators might think that's Funny, but it's actually a very interesting point. If I can, basically, say "you're not allowed to come anywhere near my software" in the EULA as a spyware maker, why can't I say the same thing as an anti-spyware maker?
What's nice about this is that it works out no matter whether such a clause would be accepted: if it is accepted, then the spyware maker would have violated the anti-spyware product's EULA by looking at how it classifies the spyware. If it's not accepted, on the other hand, then the corresponding clause in the spyware's EULA would also not be accepted.
Myself, I think that such clauses aren't valid, but I also think that even if a court thinks they are, it'd be pretty impossible to actually get a case, as they could trivially be circumvented. For example, if I visit a friend and use their computer to do something in Photoshop, am I then bound by Photoshop's EULA? Of course not; I didn't buy the program, I didn't install it, I didn't agree to anything. My friend might be (or not), but I certainly am not. A spyware maker could do the same thing: just don't install the spyware yourself, but rather classify it after it infected someone else's computer. (On a side note, I doubt that most spyware actually presents a EULA to the user where he can clearly see what is going to happen, where he's given the opportunity to say "no, thanks" and where, if he does, the spyware will not be installed, anyway).
quidquid latine dictum sit altum videtur.
This is not my sandwich.
Judges have ruled repeatedly that EULA's are not legally binding since virtually no one reads them. Besides, trying to write in a clause saying that you can't be stopped from doing something illegal won't hold up in court.
What damage was done by the anti-spyware company downloading the software? A few cents' worth of bandwidth at the most. What damage was done by installing it? None at all. This is surely the most baseless lawsuit ever.
Though I am by NO means defending a spyware company, damage you overlook can most certainly be alleged to have been done. For example, having your program classified as spyware and blocking it from being installed costs said spyware company "customers" and hence, potentially at least, revenue. For example, if the anti-spyware program labeled your innocent shareware game as spyware and blocked it from being installed, I bet you'd be pretty pissed. Also, it could be alleged that blocking a program as spyware is an anticompetitive act.
Before you flame, you should know that I hate the heinous spyware people and am merely pointing out some legalities that could give the case a dollop of merit.
Oh, advertising your product as a tool for criminals is just begging for legal action.
Retrocoder Limited as the copyright holder, has the right to say who may or may not have its program. If someone has its program without permission, are they not guilty of a criminal offence?
The problem is that you are specifically denying access to people who will keep you accountable. This monitoring software can clearly be used for malicious purposes. Imagine if your computer repair guy installed it on your computer, then started keeping track of what you do. Under this clause, you'd never have a tool to know that it was there.
I write songs. As a copyright holder, I do have the right to say, "nobody can record my songs and make money off them without permission." I do NOT have the right to say, "parents are not allowed to listen to my songs to see whether they are appropriate for their children to hear. By buying this album, you agree that you are a teenager and won't allow your parents to hear it, or I'll sue you."
If people want to monitor what their employees, spouses, or children are doing on the computer, fine. But I think the person being monitored should know about it. And in some cases, it might be dangerous if they don't. Do you want to be responsible for enabling stalkers? What kind of world are you helping to create?
Another thing - whatever your software does, the law has to consider what precedent this kind of thing sets. What might other companies try if you succeed? The more I think about this, the more it upsets me.
Can a housecleaning service write a contract clause that says you agree not to check whether your maid is stealing from you? Can a building contractor put in a clause that says you agree not to have your electrical wiring inspected? Or, weirder but more parallel, not to look behind the walls for the hidden cameras they installed? Can a chainsaw maker write a clause that, by opening the saw's packaging, you agree that if it malfunctions and maims you, you won't sue?
It's amazing the ridiculous things that software companies think they can get away with. We would never put up with this in the real world. But EULAs are so common now, and so frequently ridiculous, that we just accept them as the price of using a computer.
I believe that deciding what is fair in law is a key part of the role of the judicial system. Maybe this is not really the jurisdiction of the lowest level of judges but that is what the supreme court is there for.
I couldn't disagree more. It has nothing to do with fairness. In the case of the supreme court it has everything to do with whether nor not the law in question conflicts with the letter of the constitution. It has nothing to do with laws or court cases in foreign lands, nothing to do with international law, nothing to do with what a particular judge things the constitution should have said.
courts either tell the politicians to rework the law
ONLY if the law conflicts with some clause in the constitution.
or they simply change it themselves
Never ever ever ever ever. Judges are not elected at the federal level. In some states they are, but not federal judges. Their job is to filter things thru the exact wording and original intent of the law. In the case of the supreme court, the final arbiter is the constitution. If someone doesn't like a law that doesn't conflict with the constitution, lobby the legislature to change it, vote out those who don't vote to change it, or get a constitutional amendment passed. If you want some right that isn't spelled out in the constitution, pass an amendment. Don't have some panty waste judge decide that if the founders had realized that some folks wanted to be able to do, whatever, they'd have included it in the bill of rights, so it must be OK.
"Just because you do not take an interest in politics doesn't mean politics won't take an interest in you." --Pericles
Sometimes large corporations with expensive legal teams can sway courts into making wrong decisions. That was such a case in California, which wil give you no precedence in an English court. Even in California if I wanted to get that precedent overturned I would choose to take you on. Adobe has an aura of respectability that Retrocoder does not, though that is unfair, they are in actuality just as sleazy as you.
Telling them they are not allowed to even look at it is childish and asking for trouble. Besides which, are you saying that there should be no anti-spyware software at all ? Don't you think that the end users might deserve some respect in all this ?
Or are you simply interested in aiding petty sneaks in their privacy invasions.
If you were providing an "upfront" service you would not need to beg other companies to be nice to you. I guess I hope that Sunbelt agrees to declassify your software, at a per installation price, say $1 per machine. How much do you charge again ? Oooh bargain, only £15 for 5 machines.
I guess you pretty much lost your case when you wrote SpyMon will allow you to watch other people's computers as they use them.
Maybe they never downloaded it in the first place. Maybe they are acting on the basis of experience that is typically gathered by a practitioner of the field who also works to diagnose malfunctions in client computers where previous detection efforts have failed. This would not necessarily mean your software caused any such problems, but rather, your software may have co-existed on a machine with previously undetected malware which was also performing similar spying actitivies, although for malicious intentions. On the basis of these activities, they would never have agreed to your EULA in the first place as they would never have downloaded a copy of the software.
The ability to detect software like yours, which presumably has no ill-intent, is still necessary, IMHO, because of the existant possibility of ill-intended installation by other parties, such as kids spying on their parents first (it happens), or one spouse spying on the other in domestic issue civil cases (it happens a lot). Unless you can prove that your software has unbreakable facilities that prevent anyone from installing the software except in cases where it would involve only legal spying (e.g. parents spying on kids), I don't think you have a valid basis for demanding that your software be exempted. And I do not see how the software is capable of evaluating the domestic role of the person doing the installation.
My real concern has nothing to do with your software. It has everything to do with all spyware in general, and the establishment of legal defenses that they all may use if you take this matter to court and prevail. Such a ruling would be universally harmful to everyone.
In an unrelated issue, how is your software going to spy on kids that are skipping Windows and booting up a Knoppix CD instead to get to the internet to surf for 7un3z, w4r3z, and pr0n? You know kids are doing it, and not just the smart ones. Do you warn parents that your software cannot detect all these cases?
now we need to go OSS in diesel cars
If you read the copyright agreement when you downloaded or ran our program you will see that Anti-spyware publishers/software houses are NOT allowed to download, run or examine the software in any way.
I am not a lawyer, I just read about law on Slashdot.
As far as I know, copyright law gives you the right to control transfer (copying) of the program. It doesn't give you the right to control how someone who is in possession of your program uses it.
Furthermore, since you as the copyright holder perfectly freely distribute the program from the URL http://www.spymon.com/downloads/install.exe, your company is the only one doing any distributing. You can hardly be infringing on your own copyrights. I'd like to see you try to get a criminal court to convict someone for downloading a file from your website using a public URL.
I believe posters are recognized by their sig. So I made one.
Not a funny question at all when you consider the ramifications of one person installing software on a computer and agreeing to an EULA that a second person then uses. How do you sort this out?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Although you spoke with rhetorical flourish, your entire post shows your ignorance of the issues at stake and is quite illogical. You know for a fact that when someone discovers that your software is running on their system (installed by someone else), there is no way they can have read your EULA and it's obvious that the anti-spyware researchers who may be examining their system are not aware of the EULA either. So, the burden of proof lies upon you to prove that they were pirating a version of your software and bypassing the EULA explicitly (if the EULA is in fact legally binding, which is another discussion). In fact, you have no evidence that they downloaded OR installed your program rather than witnessing it's effects on a system of someone who your software was spying upon. Hence, your whole argument based upon the EULA is bogus due to the very nature of the software you sell.
You furthermore have no control over whose system it is installed on. I could maliciously install YOUR SOFTWARE on a neighbor's computer and steal their personal information and credit card number, etc., because I have been on their computer for 5 minutes. Now, if that person discovers an identity theft and it is linked to your spying program, how would that be Sunbelt's fault? In fact, you even happen to encourage invasion of privacy (or even illegal activity) by suggesting, "Do you want to be a hacker like in the movies?" That, I'm afraid, has invasion of privacy and/or identity theft written all over it!
So, no, I'm afraid this isn't a case of a pirated version of Microsoft Windows. Furthermore, this program can be illegally bundled on someone's system without your knowledge with known spyware in order to do keylogging and other "innocent" things. I'm not necessarily saying you should be blamed for this necessarily, but you evidently don't see how black hat hackers love programs like yours for their own purposes and that could be where Sunbelt got involved. And the lack of professionalism of your website adds to their suspicion, rather than alleviates it.
The fact that you stonewalled Grisoft about it is neither here nor there. People threaten legal action over very silly things these days and often can bully their way into anything they desire, but that doesn't mean you have any further legal grounds for your argument.
Oh, and apparently you weren't aware when you registered as a Slashdot user - that by posting to this blog, you abdicate all legal rights to sue anti-spyware companies. Oh, you weren't aware of that? I'm really sorry...
This sig donated to Pater. Long live
And allows stalkers to spy on unsuspecting prey. And allows abusive spouses to spy on their spouse. And allows nosy neighbors to spy on others in the neighborhood. Your product is reprehensible, and a violation of all of the basic tenets of a free society.
2. Some anti-virus software blacklisted our software.
Which is their right. Bravo for them.
3. We state that they are not allowed to download our software in an attempt to stop them blacklisting us
There is no legal precedent for you to be able to "state" how someone, who obtained your product legally, may use it. The RIAA cannot prevent me from using a Brittany Spears CD as a coaster, as long as I purchased it legally.
This instance is where you're wrong. You can "state that they are not allowed" all you want, but you don't have a legal foot to stand on. Once they obtain it legally, they can do whatever they want with it - as long as they don't sell it or violate your patent.
4. They carry on doing so, ignoring our warning they they are expressly forbidden from downloading our software - it is our copyright.
Your warning has no basis or ability to be enforced by law. You're simply wrong. If you make it available for download, you cannot restrict who may download it without being guilty of discrimination.
5. They ignore our attempts to contact them
They have no legal obligation to talk to you.
6. So we consider going to the police to stop them downloading our program without permission.
If you make your product publically available for download to some people "without permission", then you cannot restrict the download from other people without being guilty of discrimination. In any case, you can't even prove that they downloaded it. It might have been given to them by a 3rd party. In which case, the 3rd party didn't "violate" you agreement since they didn't blacklist you, and the anti-spyware didn't violate it since they didn't actually download it. You're screwed.
7. We get flamed by a load of people who don't seem to understand the situation!
We understand the situation perfectly. You created a product that allows people to spy on other people without their knowledge (probably in violation of several other laws). You make this product publically available to anyone with an internet connection. You attempt to restrict the usage of the product AFTER it was obtained legally from your publically available web site. You only restrict the usage to those who download it for one particular purpose, but not others... engaging discrimination in the process.
Why are we sleazy?
Because you make a reprehensible product, make it publically available, and then get upset when people who obtained it decide to give other people the ability to render your reprehensible product useless.
Fuck you.
"I have as much authority as the pope, I just
don't have as many people who believe it" - George Carlin
But, as other people have pointed out already, if you (as the spyware detector programmer) sell your program to someone who has spyware already present on their computer, you're completely off the hook. Just because your program can detect SpyMon and correctly identify it as spyware, it doesn't necessarily follow that you *must* have downloaded, installed and executed a copy of SpyMon yourself. It's very likely that you independantly thought up ways that spyware might hide, and put in detection methods to locate such junk. It's also very possible that SpyMon is using a "well-known" method of hiding, such as the "$sys$" method that Sony tried recently.
Our problem is that companies like Sunbelt do not properly look at software before they blacklist it..........This shows that either they do not examine programs properly or that they ignore copyright law.
I have several points.
1. If you hadn't BLOCKED them from "inspecting" your software in the first place (per your EULA), then they might have actually "properly looked at your software"!! If you block them then they can't examine it now can they?
2. Since you mention that "anti-spyware companies can't look at your software", then that probably threw up a red flag to them. Where there's smoke, there's fire. And by coming out and flat out saying "anti-spyware companies can't look", you're making them blacklist you by default.
3. If they got a computer that had some files they didn't recognize on it, and looked up their origin via the internet, then they aren't tampering with your software. They may very well not have seen any EULA anyway. All they needed to see was it was a "spying" program and that "anti-spyware companies aren't allowed to examine it". So whenever a computer has those files, mark them as spyware.
To me, you guys set yourself up for this. If someone doesn't want me to look at something they are trying to sell, then I'm going to tell everyone else it's probably bad news.
There.
Now why didn't you do that before you launched into a cartoony legal tirade? A few well chosen civil words between people would have sorted this fiasco out.