Slashdot Mirror
Spyware Maker Sues Detection Firm
Luigi30 writes "ZDnet reports that RetroCoder, makers of the SpyMon remote monitoring program, are suing Sunbelt Software, makers of ConterSpy, a spyware detector program, for detecting the SpyMon as spyware. According to the EULA, SpyMon can not be used in 'anti-spyware research,' and detecting it is therefore a violation of it. 'In order to add our product to their list, they must have downloaded it and then examined it. These actions are forbidden by the notice,' a RetroCoder spokesperson said."
If it looks like a duck, and sounds like a duck, then it must be a duck. :P
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
If you do produce a program that will affect this software's ability to perform its function, then you may have to prove in criminal court that you have not infringed this warning.
Is it legal for contracts to include conditions that are physically impossible to do? If so, my next bit of software is coming with a "If you can't prove you didn't make copies of the software, you owe us for as many copies as could possibly have been made between the time you first run the program and the time we sue you." Since nobody reads those things anyway.
On a mostly unrelated note, I wrote a program that shows funny pictures. It's awesome, and it's only 1 cent, for... processing purposes, if anyone's interested in a download.
Anyone remember those MOTD's on pirate-software FTP sites giving us a pseudo-legal-brief about President Clinton signing some law, and then "FBI AGENTS YOU CANNOT ENTER THIS SITE"?
They never stopped, FTP simply lost importance. IRC fserves used to have them too. Websites, DC++ hubs, eMule hubs, WinMX shares as well. It's funny, I've had people present me that and then ask me if I'm a cop as well. Even after sending them this and this they still think it is for real. I guess it's some kind of mental self-defense, denial or whatever that makes them go LALALALALA I can't hear you.
Kjella
Live today, because you never know what tomorrow brings
1. EULAs are BS. The spyware company happily uploaded a copy of their software to the anti-spyware company on request. Clicking the install button below a 3000 word pile of legalese after you've been given the software isn't a valid contract, for reasons well explained many times before on this site. Heck, the spyware company doesn't even know what individual supposedly "agreed" to the EULA. The janitor? A 12-year-old child? Could have been anyone.
2. Why is the industry so lawsuit crazy? Lawsuits are supposed to reimburse you for actual unlawful damages done. What damage was done by the anti-spyware company downloading the software? A few cents' worth of bandwidth at the most. What damage was done by installing it? None at all. This is surely the most baseless lawsuit ever.
(I know that including the spyware definitions in anti-spyware software will [one hopes] hurt the spyware company, but that's not what the suit is about.)
He who lights his taper at mine, receives light without darkening me.
At least here at Brazil.
To a contrat be valid, it must be an agreement between two parts. In the case of an EULA the consumer doesnt have any power of negociation, and in pratice cant change anything on the EULA.
The brazilian legislation also states that you cant be forced to agree with a contract that prejudice, or denies, any of your rights. This way no EULA can really be enforced here.
Just my 2c.
---- You know how some doctors have the Messiah complex - they need to save the world? You've got the "Rubik's" complex
Perhaps there should be a system where any software installed has to agree to a license on that computer. So I can add my own EULA to my computer and any software vendor that has their software on my computer has to agree to it. There can be a nice API that can be used to get at the license and everything. If I have to agree to an EULA when installing their products on my machine, they should have to agree to my EULA to run their software on my machine. If they break it then I can sue them.
This is fair too, because as much as I don't understand their EULAs, they wont be able to understand mine. Vive la revolution in software consumer rights!
Oh, don't worry... they can't possibly win this case.
The EULA only enforces certain rules if you want to use the program. If you do not use the program - which would mean running the binaries, if I'm any judge - you may not use the program.
It would be most interested to see whether their EULA contains something along the lines 'this software is provided as-is, and is not fit for any express purpouse' - something similar can IIRC be found in MS Office. That clause would counter and dispel the clause that claims it can not be used in spyware research - regardless of the fact that the program does not have to be running for it to be examined. It doesn't even have to be installed, and the EULA doesn't even have to be read, let alone agreed to.
The package can be extracted, binaries examined... And, if the sued company wants to be evil, they can just claim that any software that forbids the end-user to include it in spyware research (and how in the world would you enforce that rule against NOD32's heuristics and automatic mailing suspicious binaries to their lab really escapes me) deserves to be added to their spyware list. They never had to get past reading the EULA to add the program to their list, so they never would have installed it and, of course, never agreed to the EULA in the first place. If they never installed the program, the EULA is unenforceable.
Finally, proving a negative is not what the US court system is based on, at least from what I've heard about it - innocent until proven guilty (unless it's a terrorism accusation, but I don't really want to troll right now). So the spyware maker has to prove that there was no possible way for the sued company to examine their binaries without agreeing to their EULA. If the sued company can prove that there is at least one way for them to do that, the spyware maker cannot prove that they didn't do it. Innocent until proven guilty.
Hell, I could successfully defend them against this, and IANAL.
Ignore this signature. By order.
Ah, but Sunbelt *never downloaded* it. They obtained their copy otherwise, thus the *PDA* is unenforceable in their case. SpyMon was already on a client's computer, and was giving the client grief. It was from an examination of this computer at their client's request that SpyMon was detected, and further dealt with.
Sunbelt never *ran* SpyMon, nor did they ever download it, therefore no EULA[1], nor PDA was violated.
[1] Other post deal satisfactorily with the *run* issue.
"Oh drat these computers, they're so naughty and so complex, I could pinch them." --Marvin the Martian
Everything about these idiots screams "asshole". Look at their web site advertising their product:
;)
Don't know what your kids are doing on the net?
Worried that your partner is cheating on you?
Want to see what your employees are really doing instead of working?
Ever wanted to be a hacker like in the movies?
Great product niche - allowing paranoid idiots to spy on everyone in their life. Then there's a fantastically smug notice at the bottom of the web site that says:
Please note that the "crack" by "team tbe" doesn't work anymore.
Like I said - everything these guys do and say has asshole written all over it.
I'm a big tall mofo.
It isn't true that both parties have to have the ability to modify the contract to their satisfaction (I'm in law school and I've taken contracts... ). EULAs are adhesion contracts, which force the accepting party to the terms of the offering party. From Obstetrics & Gynecologists Ltd. v. Pepper (693 P.2d 1259) 'An adhesion contract need not be unenforceable if it falls within reasonable expectations of the weaker or "adhering" party and is not unduly oppressive. However, courts will not enforce against an adhering party a provision limiting the duties or abilities of the stronger party absent plain and clear notification of the terms and an understanding consent.' So, in the end, you are right that this won't be enforced, but for the wrong reason.
Sounds like the action of someone who understands spyware/trojans and is fully aware that their software could be used in such a capacity. And is seeking to protect their revenue stream in effect by tying the hands of spyware/trojan etc detection publishers.
It may not be a virus as you say - so GRI would be right to remove it as such - but it could be used as a trojan as you are very well aware.
If someone had installed this on my system, I would want to know it was there. Would you?
If it's my system and I have installed it to keep an eye on the kids, and XXX product spots it's there, then I simply whitelist it. Simple, no?
No need for the "I'm a burglar - and if you are a policeman then you are forbidden from speaking to me" clause.
It's an admission of guilt I think.
That's one thing I never really understood. Historically, its never been the case (legally at least) where just because you write it down and make someone agree to it, it becomes legally binding. If I put in the EULA for software that I wrote, that if you click OK and install this software, you immediately forfeit all rights to your house, all cars, and all cash assets to me, you know someone would just click through that without reading, but of course they wouldn't be legally bound to give me their assets. Any court in the country would overturn that, which just goes to show, just because you write something down doesn't make it legally binding.
If I got you to sign a paper saying I could beat the snot out of you, and a police officer walks by during the act, what do you think said cop would say if I said "Its OK officer, he signed a waiver saying I could do this to him." Its just ridiculous.
Congress should outlaw EULA agreements altogether, even the part that says 'If this breaks we aren't responsible.' They wrote the software saying that it works, and if it breaks, they SHOULD be responsible.
And they said zombies weren't real!