Slashdot Mirror
Spyware Maker Sues Detection Firm
Luigi30 writes "ZDnet reports that RetroCoder, makers of the SpyMon remote monitoring program, are suing Sunbelt Software, makers of ConterSpy, a spyware detector program, for detecting the SpyMon as spyware. According to the EULA, SpyMon can not be used in 'anti-spyware research,' and detecting it is therefore a violation of it. 'In order to add our product to their list, they must have downloaded it and then examined it. These actions are forbidden by the notice,' a RetroCoder spokesperson said."
their EULA is GENIUS>.... evil evil genius.
actually I am happy to see you, however that is in fact a banana in my pocket.
If it looks like a duck, and sounds like a duck, then it must be a duck. :P
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
...is for the detection firm to add a section to their EULA that forbids anti-anti-spyware research!
The fact that someone actually is trying this, or the fact that I'm half-afraid it might work.
Let's all hope not.
To fight the war on terror, stop being afraid.
Anyone remember those MOTD's on pirate-software FTP sites giving us a pseudo-legal-brief about President Clinton signing some law, and then "FBI AGENTS YOU CANNOT ENTER THIS SITE"?
Please help metamoderate.
This kind of thing is not likely to stand up in court. Spyware has been proven to be a malicious type of software that voilates one's privacy, therefore I would be shocked if the courts find in favor of the spyware maker. The spyware maker might have thought it was clever adding that clause in their EULA, but essentially what they've stipulated was people cannot investigate how their software works in order to prevent it's unwanted installation on to one's system. Not likely to stand up in court.
So, the next virus I get on my computer will have embedded in it's source code: "By reading this source code, you agree that W32.SonyRootKit.C will not be added to any antivirus definition lists or be recognized by any heuristics."
I can just see the coder in his dimly lit basement cackling while rubbing his hands in glee: "I have you now Norton!"
---- El diablo esta en mis pantalones! Mire, mire!
Although the EULA does state the defendant must prove in court they didn't use the accused spyware program in research, isn't it possible that the spyware detecting application made (exclusive?) use of heuristic profiling to detect the actual spyware app?
If you do produce a program that will affect this software's ability to perform its function, then you may have to prove in criminal court that you have not infringed this warning.
Is it legal for contracts to include conditions that are physically impossible to do? If so, my next bit of software is coming with a "If you can't prove you didn't make copies of the software, you owe us for as many copies as could possibly have been made between the time you first run the program and the time we sue you." Since nobody reads those things anyway.
On a mostly unrelated note, I wrote a program that shows funny pictures. It's awesome, and it's only 1 cent, for... processing purposes, if anyone's interested in a download.
First: they almost admit in the EULA that is a spyware product. Who the fuck else would put such an idiot line in the EULA. Second: the antispyware company might have used some sort of heuristics. No install required. I would really like to see this go in court: isn't there a limit on the kind of shit people put in that EULA ?
Em. I don't get it. Who says the the company has to agree to the eula to look at it? If the spyware company declines the eula agreement they are not bound to it and as a result the proggy is not installed. How does that restrict they spyware company from analyzing the binaries present in the setup program? Decompress the archive and create a fingerprint done!
Section 6783.
You agree that in using this Software, You give Us the right to your first born child.
Section 6784.
You agree that in using this Software, you will never hit the "g" key on your keyboard between 4:50AM and 3:15PM. This clause will survive termination of the Agreement.
Section 6785.
You will never call the Software a Piece Of Shit in public or in private.
What's next? Passing a note to a bank teller "By reading this note you have agreed to let me rob your bank and not press the alarm button"?
EULAs are becoming increasingly cluttered with unenforceable and in cases downright silly things. With any luck a few frivolous lawsuits might see some of them struck down.
Ame
They don't need to be able to win. All they need is to have enough of a case to threaten them with long, costly litigation - and once the expected cost of defending themselves is greater than the cost of caving in, most businesses will cheerfully cave. In fact, for publicly traded companies you can make a decent case that it's their duty to do so.
Trust the Computer. The Computer is your friend.
Have they no shame!??
The spyware people should be treated like programming commands and scripts: "Carried out and executed".
In general, I think the USA should change its name to "SueSA". When are people going to take responsibility for their own actions? If someone walks on my sidewalks and trips in a hole in it, it's their own g*dd*mn f**ing fault for not watching where they are going, not mine.
This message has been ROT-13 encrypted twice for higher security.
++++ fake ticker ++++ Johnny Bash, famous for writing applications like WORM32 and Trojan.Hoax, has today filed a lawsuit against McAffee. His complaint is that the EULA for this applications specifically forbids the reverse engineering or analyzing of the code for anti-virus companies. He says that by downloading and installing his latestes achievment, McAffee implicitly agreed to the conditions and thus violated the EULA by including the anti-virus measures in their latest software.
By putting statements such as "SpyMon can not be used in 'anti-spyware research'", isn't the spyware firm basically admitting that they are distributing spyware? Why would a legal, non-dodgy software company put such a clause in their EULA? I think if the judge rules in favour of the spyware company (unlikely), this will basically give green light to all other spyware and scumware vendors.
"We are allowed to seal your credit card numbers, tap your bank account, divert funds and use your idenity. You are prohibited from do anything about it because you clicked "I Accept" to our EULA, says a spokesman for SpyMon..."
Well, it didn't say that in TFA exactly, but it's a close approximation.
Ah. the popular "Bend Over" EULA.
“Common sense is not so common.” — Voltaire
Yes, spyware companies leaned on the likes of ad-aware, spybot, etc
BUT
no, because their delisting was contingent on the company modifying the way their software installs/removes/whatever
some spyware companies changed a few of their nasty ways and were rewarded by being delisted. The anti-spyware companies (of course) have reserved the right to relist lapsed spyware makers.
[Fuck Beta]
o0t!
U.S. lawsuits are merrier and merrier all the time! Very few surrealist artists had as much imagination as some lawyers do!
... from the forgotten corner in europe
But if it weighs the same as a duck, it must be a witch.
Legal documents are written with the intention of covering all possible situations, and often worded such that each clause is as broad as possible this is to avoid said lattice fence gaps. This is because once a gap appears it is exploited by lawyers to make the entire document sound ridiculous. (Which is often the case anyway.)
For example a lawyer will jump right onto this clause, and talk about all the other methods of research, they'll attempt to broadly classify what research is (including using the software at all.) His final point will be that it's impossible to satisfy the terms of the agreement in any way, making it an invalid document. For example the phrase "by reading this line you agree to not read this line", is obviously ridiculous, but essentially any lawyer will be able to make this EULA analogous to this.
Putting anything into the EULA means nothing if you cannot prove that the other guy ever accepted it.
This is spyware, so it's main purpose is to install it without the user noticing, right?
A user that doesn't notice the install obviously doesn't read and accect a f*cking EULA, so it doesn't matter what the EULA says.
Sunbelt might just as well have examined a contamined PC.
At least here at Brazil.
To a contrat be valid, it must be an agreement between two parts. In the case of an EULA the consumer doesnt have any power of negociation, and in pratice cant change anything on the EULA.
The brazilian legislation also states that you cant be forced to agree with a contract that prejudice, or denies, any of your rights. This way no EULA can really be enforced here.
Just my 2c.
---- You know how some doctors have the Messiah complex - they need to save the world? You've got the "Rubik's" complex
Perhaps there should be a system where any software installed has to agree to a license on that computer. So I can add my own EULA to my computer and any software vendor that has their software on my computer has to agree to it. There can be a nice API that can be used to get at the license and everything. If I have to agree to an EULA when installing their products on my machine, they should have to agree to my EULA to run their software on my machine. If they break it then I can sue them.
This is fair too, because as much as I don't understand their EULAs, they wont be able to understand mine. Vive la revolution in software consumer rights!
Ah.. the popular soviet russia joke...
...
spywares sue YOU now becomes reality
Next, write this on your T-shirt
"By looking at me, you agree to
The modern world is completely founded on contracts of one form or another - an EULA being an example of such a contract. Now this case is clearly ridiculous, and as such I fully expect the challenge to fail (and further could set interesting precedents regarding the reach of EULAs). BUT the company should have the right to bring the challenge, and should be heard by a judge.
You cannot just wave your hands at something that sounds ridiculous and then refuse to hear it, because you certainly will end up ignoring meritous cases.
Just go to
http://www.spymon.com/downloads/install.exe
Then you can extract the files from the installer exe without agreeing to anything.
Who reads these? If you don't agree do you actually not install and/or use this program? Someone could add a "This will blow up" warning, a la Inspector Gadget and I would have no idea what hit me. I'm probably the only one..
Sex - The formula in which one and one makes three.
from the article (page 2):
Copyright law plainly wasn't designed for what RetroCoder is using it for, said Christopher Brody, a partner at Clark & Brody in Washington, D.C. "Copyright laws prevent copying, not examination, and I question the enforceability of such a clause based on copyright ownership," he said.
Well since copyright is alos used to prevent the unauthorized copying of banknotes, copyright is actually quite powerful. But copyright will not prevent you from studyding bank notes, it might prevent you from creating machines that can help you to duplicate bank-notes (try scanning in a bank note into photoshop and you get the point.)
By reading this post, you agree to pay me $1,000,000.
Rediculous is ridiculous!
Oh, don't worry... they can't possibly win this case.
The EULA only enforces certain rules if you want to use the program. If you do not use the program - which would mean running the binaries, if I'm any judge - you may not use the program.
It would be most interested to see whether their EULA contains something along the lines 'this software is provided as-is, and is not fit for any express purpouse' - something similar can IIRC be found in MS Office. That clause would counter and dispel the clause that claims it can not be used in spyware research - regardless of the fact that the program does not have to be running for it to be examined. It doesn't even have to be installed, and the EULA doesn't even have to be read, let alone agreed to.
The package can be extracted, binaries examined... And, if the sued company wants to be evil, they can just claim that any software that forbids the end-user to include it in spyware research (and how in the world would you enforce that rule against NOD32's heuristics and automatic mailing suspicious binaries to their lab really escapes me) deserves to be added to their spyware list. They never had to get past reading the EULA to add the program to their list, so they never would have installed it and, of course, never agreed to the EULA in the first place. If they never installed the program, the EULA is unenforceable.
Finally, proving a negative is not what the US court system is based on, at least from what I've heard about it - innocent until proven guilty (unless it's a terrorism accusation, but I don't really want to troll right now). So the spyware maker has to prove that there was no possible way for the sued company to examine their binaries without agreeing to their EULA. If the sued company can prove that there is at least one way for them to do that, the spyware maker cannot prove that they didn't do it. Innocent until proven guilty.
Hell, I could successfully defend them against this, and IANAL.
Ignore this signature. By order.
I wonder that EULAs can hold up anywhere in court, even in US. After all, it would be easy to write a program that shows the EULA for a splitsecond and inserts a button or keypress into the messagequeue. In fact smiilar techniques have been used by dialers in germany. After the regulation authorities decided that the fees, created by a dialer, can be challenged, when the user creates a backup of the binaries and sends it in for examination. The dialer would be installed by the authorities, so that they can see wether it really asked the user and told him about the fees, which would be the requirement. What happend then was that the dialers started to erase themselve after they created the connection, which left the user with nothing there to prove that he really was the victim. A company that uses an EULA for actual legal bindings would have to proove that the user really pressed the acceptance himself. I doubt that it is enough to find the software installed on my machine. Here I could always claim that I was not even aware of the installation because my kids did it and it would have to be proven in a court case that it indeed was me.
I don't really know, but I think the threat of a lawsuit kills most lawsuits. I mean has anyone challenged this in court?
x )
"1.3 Device Connections. You may permit a maximum of five (5) computers or other electronic devices (each a "Device") to connect to the Workstation Computer to utilize one or more of the following services of the Software: File Services, Print Services, Internet Information Services, and remote access (including connection sharing and telephony services). The five connection maximum includes any indirect connections made through "multiplexing" or other software or hardware which pools or aggregates connections. This five connection maximum does not apply to any other uses of the Software."
I know what they mean, but couldn't that be turned around to mean I can only connect to five computers on the internet? Worst of all, doesn't it make file sharing illegal to run on a XP Home computer as you are providing an information service?
And thats from the XP Home EULA (http://www.microsoft.com/windowsxp/home/eula.msp
/. bug #926803 - Why I can post.
But, if they are acting as appendages of a single corporate entity, it is in the eyes of a the law a single person doing this.
Alice, Bob, and Charlie may be off the hook (especially if they don't have the big picture), but the XYZ Corp that employs them definitely is not.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
virii with EULAs stating that anti-virus companies are not allowed to dissect them.
Time. Time seems... strange.
If they effectively admit in the EULA that this is spyware, it can go straight on the list without anybody looking at the program! Problem solved!
Timo's Audio Software http://www.esseraudio.com
The general gist is correct, but "innocent until proven guilty" is a principle that applies to criminal matters, not civil matters.
But it's not about the EULA - it's about restrictions downloading the program in the first place. From the article (in fact, the first paragraph):
A maker of surveillance software is using a product download agreement to attempt to bar detection by anti-spyware tools, raising questions about the legal scope of such agreements.
So, according to the article, the anti-spyware people shouldn't have even been able to get a copy of the program to classify it as spyware. Is it possible to classify a program as spyware without even looking at the program?
A previous court case a few years ago declared that reverse engineering is legal. Few, very few, judges will go against a precident that's lasted that long.
Also, legal documents like EULAs and Contracts cannot by their wording violate the US Constitution, the constitute of the State in which it is written, nor current Federal, current State, County, and City laws. EULAs and Contracts do not give companies and individuals the ability to bypass the Word of Law.
A few examples of companies trying to get away with this are:
* Company rules restricting employee fraternization - They may have the right do to this in company premises, but I'd like to see them try to enforce such a rule in an employee's private residence. I can smell Civil Rights Violation a mile away. The ACLU would drool at the chance to handle a case like this.
* At Will causes in company contracts - In my state some business I worked for have "AT WILL" clauses saying they can let you go for any reason or no reason at all. Technically this is an attempt to circumvent Labor Laws and Equal Opportunity Labor Laws and likely wouldn't hold up in court.
There are just some examples of what companies are trying to get away with. No one person is above the law and no company should be allowed to be above it either.
Michael "TheZorch" Haney
thezorch@gmail.com
http://thezorch.googlepages.com/home
The world is coming to companies being legally able to install spyware and adware on your computer without your knowing and then you cannot remove it because it's a violation of the EULA. I bet even if you reformatted, it would somehow violate the stupid EULA. There are days I hate private enterprises.
Give me a productive error over a boring, mundane and unproductive fact any day. ~Anon
Ah, but Sunbelt *never downloaded* it. They obtained their copy otherwise, thus the *PDA* is unenforceable in their case. SpyMon was already on a client's computer, and was giving the client grief. It was from an examination of this computer at their client's request that SpyMon was detected, and further dealt with.
Sunbelt never *ran* SpyMon, nor did they ever download it, therefore no EULA[1], nor PDA was violated.
[1] Other post deal satisfactorily with the *run* issue.
"Oh drat these computers, they're so naughty and so complex, I could pinch them." --Marvin the Martian
And I'm 90% sure this part of the EULA wasn't written by a lawyer. Defendant can basically say "This isn't research" and tapdance all the way to the bank.
Honestly, next thing they'll be saying is that strapping these dummies to a table and yanking their entrails out with an iron hook is "anatomical research." It'll be fun to win that case by telling the jury I wasn't doing research---I was drawing and quartering a spyware manufacturer. The best part will be hearing the foreman say "not guilty on account of he was drawing and quartering a spyware manufacturer. And here's the addresses of a few spammers I know about."
This is not my sandwich.
That's the only response I could come up with. When the whole world's gone crazy, how does one respond rationally?
Seriously, purveyors of spyware should be brought up on charges in criminal court. We do the same for virus writers, how is malware any different? Can you imagine the courts allowing a virus writer to sue AV firms? :)
Sticking feathers up your butt does not make you a chicken - Tyler Durden
The person who installed and agreed to to the EULA could then be sued for allowing their installed copy to be used in research.
-- Using the preview button since 2005
Heh. Sunbelt is heavily involved in a group that has a EULA that makes "bend over" look tame. Google for the "Lisa Clause".
One line blog. I hear that they're called Twitters now.
I remember seeing such notices on BBSs circa 1986.
I'm a big tall mofo.
Retrocoder Limited has NOT threatened to sue Sunbelt - we are currently looking at what legal options we have to defend our product.
This is a copy of the text sent to Sunbelt:
"If you read the copyright agreement when you downloaded or ran our
program you will see that Anti-spyware publishers/software houses
are NOT allowed to download, run or examine the software in any
way. By doing so you are breaking EU copyright law, this is a criminal
offence. Please remove our program from your detection list or we will
be forced to take action against you."
The action will be that we may be (in our opinion) forced to get the UK police authorities involved with Sunbelt over copyright theft. This is a criminal offence, not a civil one I believe.
Retrocoder Limited as the copyright holder, has the right to say who may or may not have its program. If someone has its program without permission, are they not guilty of a criminal offence?
For example, if you have a copy of Windows without MicroSofts permission, is this not a crime?
Below is a copy of the text sent to Joris Evers (who wrote the original article from it):
"As you can see, at the moment it is just a warning to them to stop
blacklisting the program. Our program is not a "trojan" or "virus",
it is used to keep a remote "eye" on your kids or employees. The user
must have access to the users machine in order to install the client.
Only the installer of the program can view the client machine. Our
program does not attempt to bypass firewalls or other such protection.
This is very different from "trojans" and "viruses" - they replicate
themselves and spread uncontrollably, you do not usually need direct
access to the users machine. They often try to bypass firewalls in
order to "reach" the internet.
Our problem is that companies like Sunbelt do not properly look at
software before they blacklist it. They clearly ignored legally
enforceable warnings that what they would be doing is not allowed by
the copyright holder. This shows that either they do not examine
programs properly or that they ignore copyright law. In order to add
our product to their trojan/virus list they must have downloaded it
and then examined it. Both of these actions are forbidden by the
copyright notice.
A similar situation arose with Grisoft with the AVG product. We sent
a similar warning letter out to them and they responded by removing
our programs from their blacklist. This resolved the situation and no
further action has been taken.
I will be consulting with our solicitor in the next few weeks about
companies like Sunbelt, what civil/criminal laws have been broken, and
how best to involve the UK Police authorities in action against them."
Since when did EULAs become meritorious in any way, shape, or form?
They've been stuck down as non-binding as many times as they've been upheld;
they often have clauses in them which are not only onerous, but downright illegal;
they do not have any form of traditional contractual agreement methods, wherein both parties have the ability (allowed by contract law) to modify the contract to their satisfaction;
and they represent the interests of one party to the exclusion of the rights of the other.
Tell me again why this sort of dispute should be allowed past the doors of any courtroom?
Everything about these idiots screams "asshole". Look at their web site advertising their product:
;)
Don't know what your kids are doing on the net?
Worried that your partner is cheating on you?
Want to see what your employees are really doing instead of working?
Ever wanted to be a hacker like in the movies?
Great product niche - allowing paranoid idiots to spy on everyone in their life. Then there's a fantastically smug notice at the bottom of the web site that says:
Please note that the "crack" by "team tbe" doesn't work anymore.
Like I said - everything these guys do and say has asshole written all over it.
I'm a big tall mofo.
Nope. Sorry. Your attempt at classification of this duck is in violation of the Duck EULA for passive observers.
Scott Adams did it better. Dilbert didn't read the EULA which stated that by installing pkg X, he was agreeing to become Bill Gates' towel-boy.
Censorship is telling a man he can't have a steak just because a baby can't chew it. --Mark Twain
It isn't true that both parties have to have the ability to modify the contract to their satisfaction (I'm in law school and I've taken contracts... ). EULAs are adhesion contracts, which force the accepting party to the terms of the offering party. From Obstetrics & Gynecologists Ltd. v. Pepper (693 P.2d 1259) 'An adhesion contract need not be unenforceable if it falls within reasonable expectations of the weaker or "adhering" party and is not unduly oppressive. However, courts will not enforce against an adhering party a provision limiting the duties or abilities of the stronger party absent plain and clear notification of the terms and an understanding consent.' So, in the end, you are right that this won't be enforced, but for the wrong reason.
Check out http://www.sunbelt-software.com/CounterSpyEnterpri se.cfm
"Microsoft shares their spyware definitions with Sunbelt, but SunBelt uses the threat information differently."
That would mean SunBelt haven't violated any EULA's and that the lawsuit should be aimed at Microsoft...
[)amien
Judges have ruled repeatedly that EULA's are not legally binding since virtually no one reads them. Besides, trying to write in a clause saying that you can't be stopped from doing something illegal won't hold up in court.
"The general gist is correct, but "innocent until proven guilty" is a principle that applies to criminal matters, not civil matters."
That's patently false. Sometimes, the burden of proof is with the defendant because of the nature of the case. For example, in cases of joint liability (for example, where 2 people are shooting wildly in the woods and a third person is shot, and neither of the 2 people actually know which one killed the 3rd person), then the 2 people must prove that they didn't kill the 3rd person in order to not be held personally liable. This only arises after it has been shown that they were jointly liable, though.
Another example is res ipsa loquitor. This means that the thing that happened is evidence of negligence unto itself. Usually, the plaintiff is not in a position to be able to prove what exactly happened to him, but the certain thing that happened to him could only have happened through negligence of the defendant.
In all of these cases, you still need to hale someone into court and show that they are negligent and then they may have to prove otherwise, but that's not assuming that they aren't innocent until proven guilty.
Oh, don't worry... they can't possibly win this case.
This isn't the kind of case that's filed to win in court, its purpose is to intimidate the defendant. Hopefully the court will smack them good and hard.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
One or the other. It's bad enough the company has this in their EULA, but the fact they are trying to enforce it through the courts proves one of two things. They either have a legal department/management team with serious balls or their legal department/management team is out of their mind. One or the other. I personally would believe the latter. I can't wait until it gets laughed out of court or, even better, the judge takes the evidence and does whatever he has to do to get the company prosecuted.
Since I'm not logged in yet when posting this message, I have to type in a captcha. This one is "agree". By typing this, what am I agreeing to? Crap, time to get my lawyer to read this page before pressing preview.
But why is the rum gone?
No, it isn't. For one thing, a civil trial will never result in a verdict of guilty or not guilty, but in a verdict of liable or not liable. Second, there may or may not be a presumption of liabilty for any particular matter. While a prosecutor always must establish the guilt of criminal defendant, a civil defendant in some cases may be presumed liable unless the defendant establishes that he should not be liable.
The warnings on the download page talk about criminal court. Whatever they're paying the attorney that wrote it for them is too much.
"Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
Am I the only one who finds the words 'gynaecologists' and 'adhesion' in the same sentence mildly disturbing, yet strangely erotic?
Yes? Alright, I'll get my coat...
We Build Beautiful Websites
Oh, advertising your product as a tool for criminals is just begging for legal action.
"Finally, proving a negative is not what the US court system is based on, at least from what I've heard about it - innocent until proven guilty"
/. or other foums ? (I now duck my head in anticipation of being modded down as troll or flaimbait)
Have you seen the courts in action lately?
"Hell, I could successfully defend them against this, and IANAL."
Wrong.
If you install the program you are bound by the EULA. I think your resasoning may appear sound on first examination but as you say, you are not a lawyer, and courts often have their own ways of looking at the facts of any given case. When you talk of "extracting the package...." in any other way than an installation, you are looking at probable violation of intellectual property rights, as interpreted and ruled in case after case, by the court systems today. If the code or other properties were examined in any other way than by examing how the product perfomed after an installtion (where the EULA had to be agreed to) that may well leave the defendent wide open to a violation of the DMCA or some other law pertaining to intellectual property. SpyMon is, in all liklihood, proprietary, and you can be sure that RetroCoder would *not* give Sunbelt software permission to dissassemble or in any way modify or examine their code without their express written consent first. I doubt such consent was ever given.
Don't misunderstand me: I think RetroCoder's SpyMon may very well be SpyWare, but just becasue you dont like a law or a company doesnt mean it they don't have a case. What really bothers you , I think, is that EULAs and other Intellectual Proprty Rights Laws are designed to give far too much power to the owners and therefore leaves room for abuse of customers, consumers, or other interested parties. Indeed, this case is a perfect example of that abuse. To that belief I say "RIGHT YOU ARE." The laws with regard to EULAs and Copyright (the DMCA in particular) need to be changed.
In the mean time Sunbelt could very well lose this case, as they well may deserve to, given how the pertinent laws are constructed and interpreted by the courts. Either that, or we can hope that the court finds some way to declare the law(s) on the basis of which the case has been filed as unconstitutional, but I wouldn't hold out much hope for that.
In short, don't point your non-lawyer finger at the bad company or the courts. Point it at the Lawmakers who passed the law and their greedy, shortsighted supporters who lobbied for these highly misguided pieces of legislation in the first place.
Put another way - who is more foolish? The fools who propose a law, the fools who pass a law, the fools who abuse the law, or the fools who watch it all happen, get angry, and then do nothing about it except maybe complain on
Have *you* joined the EFF yet or wriiten your congressman?
uR iGn0ranc3, Their Power
I think you wrote it out nicely, but I think I've a work around towards your argument of enforcement of the EULA. so I would present the following
a) both firms are software houses, this would negate the stronger/weaker side of the argument. make both sides equal to the judge.
b) both firms are familiar with Eula's, this would slow down or stop spy-ware detectors line of thinking. judge would only have to say " you have one in your software ", spy-ware detection company says "yes sir", Judge says " well you would expect people to agree to yours, so you now have to agree to their " ( or at least place them in a bad light )
c) because both parties are equals, the courts might lean towards the spy-ware company.
I am not a lawyer, been using lawyers since I was 9, I like lawyers. Lawyers make my life easy.
if you see me, smile and say hello.
Was I the only one who saw this subject line and though goatse.... ?? I must admit, it made me flinch.
Alex, I'll take keybindings not used by Emacs for $400....
The whole point of this software is to secretly install it on someone else's computer - it's a keylogger and screen grabber. The person whose computer this gets installed on never agreed to any eula. So if an anti-spyware company found an infected box, neither they nor the person whose computer it is are in violation of the eula. Nor the jerk who installed it, since I doubt they expected to get caught.
From the forums you see people are using this to try to spy on spouses they think are unfaithful, etc. Give it up people, if you're installing spyware to monitor your spouse for infidelity your relationship is already over.
Just to clarify -- we are not being sued. We received a demand to remove their product from our database. I've blogged about it here http://sunbeltblog.blogspot.com/2005/11/retrocoder .html
Alex Eckelberry
Sunbelt
Next, write this on your T-shirt ...
"By looking at me, you agree to
Sadly, for full effect, it would have to be printed on the *inside* of the shirt.
Maybe they never downloaded it in the first place. Maybe they are acting on the basis of experience that is typically gathered by a practitioner of the field who also works to diagnose malfunctions in client computers where previous detection efforts have failed. This would not necessarily mean your software caused any such problems, but rather, your software may have co-existed on a machine with previously undetected malware which was also performing similar spying actitivies, although for malicious intentions. On the basis of these activities, they would never have agreed to your EULA in the first place as they would never have downloaded a copy of the software.
The ability to detect software like yours, which presumably has no ill-intent, is still necessary, IMHO, because of the existant possibility of ill-intended installation by other parties, such as kids spying on their parents first (it happens), or one spouse spying on the other in domestic issue civil cases (it happens a lot). Unless you can prove that your software has unbreakable facilities that prevent anyone from installing the software except in cases where it would involve only legal spying (e.g. parents spying on kids), I don't think you have a valid basis for demanding that your software be exempted. And I do not see how the software is capable of evaluating the domestic role of the person doing the installation.
My real concern has nothing to do with your software. It has everything to do with all spyware in general, and the establishment of legal defenses that they all may use if you take this matter to court and prevail. Such a ruling would be universally harmful to everyone.
In an unrelated issue, how is your software going to spy on kids that are skipping Windows and booting up a Knoppix CD instead to get to the internet to surf for 7un3z, w4r3z, and pr0n? You know kids are doing it, and not just the smart ones. Do you warn parents that your software cannot detect all these cases?
now we need to go OSS in diesel cars
Not a funny question at all when you consider the ramifications of one person installing software on a computer and agreeing to an EULA that a second person then uses. How do you sort this out?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
But, as other people have pointed out already, if you (as the spyware detector programmer) sell your program to someone who has spyware already present on their computer, you're completely off the hook. Just because your program can detect SpyMon and correctly identify it as spyware, it doesn't necessarily follow that you *must* have downloaded, installed and executed a copy of SpyMon yourself. It's very likely that you independantly thought up ways that spyware might hide, and put in detection methods to locate such junk. It's also very possible that SpyMon is using a "well-known" method of hiding, such as the "$sys$" method that Sony tried recently.
Our problem is that companies like Sunbelt do not properly look at software before they blacklist it..........This shows that either they do not examine programs properly or that they ignore copyright law.
I have several points.
1. If you hadn't BLOCKED them from "inspecting" your software in the first place (per your EULA), then they might have actually "properly looked at your software"!! If you block them then they can't examine it now can they?
2. Since you mention that "anti-spyware companies can't look at your software", then that probably threw up a red flag to them. Where there's smoke, there's fire. And by coming out and flat out saying "anti-spyware companies can't look", you're making them blacklist you by default.
3. If they got a computer that had some files they didn't recognize on it, and looked up their origin via the internet, then they aren't tampering with your software. They may very well not have seen any EULA anyway. All they needed to see was it was a "spying" program and that "anti-spyware companies aren't allowed to examine it". So whenever a computer has those files, mark them as spyware.
To me, you guys set yourself up for this. If someone doesn't want me to look at something they are trying to sell, then I'm going to tell everyone else it's probably bad news.