Slashdot Mirror
Spyware Maker Sues Detection Firm
Luigi30 writes "ZDnet reports that RetroCoder, makers of the SpyMon remote monitoring program, are suing Sunbelt Software, makers of ConterSpy, a spyware detector program, for detecting the SpyMon as spyware. According to the EULA, SpyMon can not be used in 'anti-spyware research,' and detecting it is therefore a violation of it. 'In order to add our product to their list, they must have downloaded it and then examined it. These actions are forbidden by the notice,' a RetroCoder spokesperson said."
their EULA is GENIUS>.... evil evil genius.
actually I am happy to see you, however that is in fact a banana in my pocket.
If it looks like a duck, and sounds like a duck, then it must be a duck. :P
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
...is for the detection firm to add a section to their EULA that forbids anti-anti-spyware research!
The fact that someone actually is trying this, or the fact that I'm half-afraid it might work.
Let's all hope not.
To fight the war on terror, stop being afraid.
Anyone remember those MOTD's on pirate-software FTP sites giving us a pseudo-legal-brief about President Clinton signing some law, and then "FBI AGENTS YOU CANNOT ENTER THIS SITE"?
Please help metamoderate.
This kind of thing is not likely to stand up in court. Spyware has been proven to be a malicious type of software that voilates one's privacy, therefore I would be shocked if the courts find in favor of the spyware maker. The spyware maker might have thought it was clever adding that clause in their EULA, but essentially what they've stipulated was people cannot investigate how their software works in order to prevent it's unwanted installation on to one's system. Not likely to stand up in court.
If you do produce a program that will affect this software's ability to perform its function, then you may have to prove in criminal court that you have not infringed this warning.
Is it legal for contracts to include conditions that are physically impossible to do? If so, my next bit of software is coming with a "If you can't prove you didn't make copies of the software, you owe us for as many copies as could possibly have been made between the time you first run the program and the time we sue you." Since nobody reads those things anyway.
On a mostly unrelated note, I wrote a program that shows funny pictures. It's awesome, and it's only 1 cent, for... processing purposes, if anyone's interested in a download.
First: they almost admit in the EULA that is a spyware product. Who the fuck else would put such an idiot line in the EULA. Second: the antispyware company might have used some sort of heuristics. No install required. I would really like to see this go in court: isn't there a limit on the kind of shit people put in that EULA ?
Em. I don't get it. Who says the the company has to agree to the eula to look at it? If the spyware company declines the eula agreement they are not bound to it and as a result the proggy is not installed. How does that restrict they spyware company from analyzing the binaries present in the setup program? Decompress the archive and create a fingerprint done!
Section 6783.
You agree that in using this Software, You give Us the right to your first born child.
Section 6784.
You agree that in using this Software, you will never hit the "g" key on your keyboard between 4:50AM and 3:15PM. This clause will survive termination of the Agreement.
Section 6785.
You will never call the Software a Piece Of Shit in public or in private.
What's next? Passing a note to a bank teller "By reading this note you have agreed to let me rob your bank and not press the alarm button"?
EULAs are becoming increasingly cluttered with unenforceable and in cases downright silly things. With any luck a few frivolous lawsuits might see some of them struck down.
Ame
They don't need to be able to win. All they need is to have enough of a case to threaten them with long, costly litigation - and once the expected cost of defending themselves is greater than the cost of caving in, most businesses will cheerfully cave. In fact, for publicly traded companies you can make a decent case that it's their duty to do so.
Trust the Computer. The Computer is your friend.
Have they no shame!??
The spyware people should be treated like programming commands and scripts: "Carried out and executed".
In general, I think the USA should change its name to "SueSA". When are people going to take responsibility for their own actions? If someone walks on my sidewalks and trips in a hole in it, it's their own g*dd*mn f**ing fault for not watching where they are going, not mine.
This message has been ROT-13 encrypted twice for higher security.
++++ fake ticker ++++ Johnny Bash, famous for writing applications like WORM32 and Trojan.Hoax, has today filed a lawsuit against McAffee. His complaint is that the EULA for this applications specifically forbids the reverse engineering or analyzing of the code for anti-virus companies. He says that by downloading and installing his latestes achievment, McAffee implicitly agreed to the conditions and thus violated the EULA by including the anti-virus measures in their latest software.
Ah. the popular "Bend Over" EULA.
“Common sense is not so common.” — Voltaire
U.S. lawsuits are merrier and merrier all the time! Very few surrealist artists had as much imagination as some lawyers do!
... from the forgotten corner in europe
But if it weighs the same as a duck, it must be a witch.
At least here at Brazil.
To a contrat be valid, it must be an agreement between two parts. In the case of an EULA the consumer doesnt have any power of negociation, and in pratice cant change anything on the EULA.
The brazilian legislation also states that you cant be forced to agree with a contract that prejudice, or denies, any of your rights. This way no EULA can really be enforced here.
Just my 2c.
---- You know how some doctors have the Messiah complex - they need to save the world? You've got the "Rubik's" complex
Perhaps there should be a system where any software installed has to agree to a license on that computer. So I can add my own EULA to my computer and any software vendor that has their software on my computer has to agree to it. There can be a nice API that can be used to get at the license and everything. If I have to agree to an EULA when installing their products on my machine, they should have to agree to my EULA to run their software on my machine. If they break it then I can sue them.
This is fair too, because as much as I don't understand their EULAs, they wont be able to understand mine. Vive la revolution in software consumer rights!
Ah.. the popular soviet russia joke...
...
spywares sue YOU now becomes reality
Next, write this on your T-shirt
"By looking at me, you agree to
The modern world is completely founded on contracts of one form or another - an EULA being an example of such a contract. Now this case is clearly ridiculous, and as such I fully expect the challenge to fail (and further could set interesting precedents regarding the reach of EULAs). BUT the company should have the right to bring the challenge, and should be heard by a judge.
You cannot just wave your hands at something that sounds ridiculous and then refuse to hear it, because you certainly will end up ignoring meritous cases.
Just go to
http://www.spymon.com/downloads/install.exe
Then you can extract the files from the installer exe without agreeing to anything.
By reading this post, you agree to pay me $1,000,000.
Rediculous is ridiculous!
Oh, don't worry... they can't possibly win this case.
The EULA only enforces certain rules if you want to use the program. If you do not use the program - which would mean running the binaries, if I'm any judge - you may not use the program.
It would be most interested to see whether their EULA contains something along the lines 'this software is provided as-is, and is not fit for any express purpouse' - something similar can IIRC be found in MS Office. That clause would counter and dispel the clause that claims it can not be used in spyware research - regardless of the fact that the program does not have to be running for it to be examined. It doesn't even have to be installed, and the EULA doesn't even have to be read, let alone agreed to.
The package can be extracted, binaries examined... And, if the sued company wants to be evil, they can just claim that any software that forbids the end-user to include it in spyware research (and how in the world would you enforce that rule against NOD32's heuristics and automatic mailing suspicious binaries to their lab really escapes me) deserves to be added to their spyware list. They never had to get past reading the EULA to add the program to their list, so they never would have installed it and, of course, never agreed to the EULA in the first place. If they never installed the program, the EULA is unenforceable.
Finally, proving a negative is not what the US court system is based on, at least from what I've heard about it - innocent until proven guilty (unless it's a terrorism accusation, but I don't really want to troll right now). So the spyware maker has to prove that there was no possible way for the sued company to examine their binaries without agreeing to their EULA. If the sued company can prove that there is at least one way for them to do that, the spyware maker cannot prove that they didn't do it. Innocent until proven guilty.
Hell, I could successfully defend them against this, and IANAL.
Ignore this signature. By order.
The general gist is correct, but "innocent until proven guilty" is a principle that applies to criminal matters, not civil matters.
A previous court case a few years ago declared that reverse engineering is legal. Few, very few, judges will go against a precident that's lasted that long.
Also, legal documents like EULAs and Contracts cannot by their wording violate the US Constitution, the constitute of the State in which it is written, nor current Federal, current State, County, and City laws. EULAs and Contracts do not give companies and individuals the ability to bypass the Word of Law.
A few examples of companies trying to get away with this are:
* Company rules restricting employee fraternization - They may have the right do to this in company premises, but I'd like to see them try to enforce such a rule in an employee's private residence. I can smell Civil Rights Violation a mile away. The ACLU would drool at the chance to handle a case like this.
* At Will causes in company contracts - In my state some business I worked for have "AT WILL" clauses saying they can let you go for any reason or no reason at all. Technically this is an attempt to circumvent Labor Laws and Equal Opportunity Labor Laws and likely wouldn't hold up in court.
There are just some examples of what companies are trying to get away with. No one person is above the law and no company should be allowed to be above it either.
Michael "TheZorch" Haney
thezorch@gmail.com
http://thezorch.googlepages.com/home
Ah, but Sunbelt *never downloaded* it. They obtained their copy otherwise, thus the *PDA* is unenforceable in their case. SpyMon was already on a client's computer, and was giving the client grief. It was from an examination of this computer at their client's request that SpyMon was detected, and further dealt with.
Sunbelt never *ran* SpyMon, nor did they ever download it, therefore no EULA[1], nor PDA was violated.
[1] Other post deal satisfactorily with the *run* issue.
"Oh drat these computers, they're so naughty and so complex, I could pinch them." --Marvin the Martian
Retrocoder Limited has NOT threatened to sue Sunbelt - we are currently looking at what legal options we have to defend our product.
This is a copy of the text sent to Sunbelt:
"If you read the copyright agreement when you downloaded or ran our
program you will see that Anti-spyware publishers/software houses
are NOT allowed to download, run or examine the software in any
way. By doing so you are breaking EU copyright law, this is a criminal
offence. Please remove our program from your detection list or we will
be forced to take action against you."
The action will be that we may be (in our opinion) forced to get the UK police authorities involved with Sunbelt over copyright theft. This is a criminal offence, not a civil one I believe.
Retrocoder Limited as the copyright holder, has the right to say who may or may not have its program. If someone has its program without permission, are they not guilty of a criminal offence?
For example, if you have a copy of Windows without MicroSofts permission, is this not a crime?
Below is a copy of the text sent to Joris Evers (who wrote the original article from it):
"As you can see, at the moment it is just a warning to them to stop
blacklisting the program. Our program is not a "trojan" or "virus",
it is used to keep a remote "eye" on your kids or employees. The user
must have access to the users machine in order to install the client.
Only the installer of the program can view the client machine. Our
program does not attempt to bypass firewalls or other such protection.
This is very different from "trojans" and "viruses" - they replicate
themselves and spread uncontrollably, you do not usually need direct
access to the users machine. They often try to bypass firewalls in
order to "reach" the internet.
Our problem is that companies like Sunbelt do not properly look at
software before they blacklist it. They clearly ignored legally
enforceable warnings that what they would be doing is not allowed by
the copyright holder. This shows that either they do not examine
programs properly or that they ignore copyright law. In order to add
our product to their trojan/virus list they must have downloaded it
and then examined it. Both of these actions are forbidden by the
copyright notice.
A similar situation arose with Grisoft with the AVG product. We sent
a similar warning letter out to them and they responded by removing
our programs from their blacklist. This resolved the situation and no
further action has been taken.
I will be consulting with our solicitor in the next few weeks about
companies like Sunbelt, what civil/criminal laws have been broken, and
how best to involve the UK Police authorities in action against them."
Since when did EULAs become meritorious in any way, shape, or form?
They've been stuck down as non-binding as many times as they've been upheld;
they often have clauses in them which are not only onerous, but downright illegal;
they do not have any form of traditional contractual agreement methods, wherein both parties have the ability (allowed by contract law) to modify the contract to their satisfaction;
and they represent the interests of one party to the exclusion of the rights of the other.
Tell me again why this sort of dispute should be allowed past the doors of any courtroom?
Everything about these idiots screams "asshole". Look at their web site advertising their product:
;)
Don't know what your kids are doing on the net?
Worried that your partner is cheating on you?
Want to see what your employees are really doing instead of working?
Ever wanted to be a hacker like in the movies?
Great product niche - allowing paranoid idiots to spy on everyone in their life. Then there's a fantastically smug notice at the bottom of the web site that says:
Please note that the "crack" by "team tbe" doesn't work anymore.
Like I said - everything these guys do and say has asshole written all over it.
I'm a big tall mofo.
Scott Adams did it better. Dilbert didn't read the EULA which stated that by installing pkg X, he was agreeing to become Bill Gates' towel-boy.
Censorship is telling a man he can't have a steak just because a baby can't chew it. --Mark Twain
It isn't true that both parties have to have the ability to modify the contract to their satisfaction (I'm in law school and I've taken contracts... ). EULAs are adhesion contracts, which force the accepting party to the terms of the offering party. From Obstetrics & Gynecologists Ltd. v. Pepper (693 P.2d 1259) 'An adhesion contract need not be unenforceable if it falls within reasonable expectations of the weaker or "adhering" party and is not unduly oppressive. However, courts will not enforce against an adhering party a provision limiting the duties or abilities of the stronger party absent plain and clear notification of the terms and an understanding consent.' So, in the end, you are right that this won't be enforced, but for the wrong reason.
"The general gist is correct, but "innocent until proven guilty" is a principle that applies to criminal matters, not civil matters."
That's patently false. Sometimes, the burden of proof is with the defendant because of the nature of the case. For example, in cases of joint liability (for example, where 2 people are shooting wildly in the woods and a third person is shot, and neither of the 2 people actually know which one killed the 3rd person), then the 2 people must prove that they didn't kill the 3rd person in order to not be held personally liable. This only arises after it has been shown that they were jointly liable, though.
Another example is res ipsa loquitor. This means that the thing that happened is evidence of negligence unto itself. Usually, the plaintiff is not in a position to be able to prove what exactly happened to him, but the certain thing that happened to him could only have happened through negligence of the defendant.
In all of these cases, you still need to hale someone into court and show that they are negligent and then they may have to prove otherwise, but that's not assuming that they aren't innocent until proven guilty.
Oh, don't worry... they can't possibly win this case.
This isn't the kind of case that's filed to win in court, its purpose is to intimidate the defendant. Hopefully the court will smack them good and hard.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Was I the only one who saw this subject line and though goatse.... ?? I must admit, it made me flinch.
Alex, I'll take keybindings not used by Emacs for $400....
Maybe they never downloaded it in the first place. Maybe they are acting on the basis of experience that is typically gathered by a practitioner of the field who also works to diagnose malfunctions in client computers where previous detection efforts have failed. This would not necessarily mean your software caused any such problems, but rather, your software may have co-existed on a machine with previously undetected malware which was also performing similar spying actitivies, although for malicious intentions. On the basis of these activities, they would never have agreed to your EULA in the first place as they would never have downloaded a copy of the software.
The ability to detect software like yours, which presumably has no ill-intent, is still necessary, IMHO, because of the existant possibility of ill-intended installation by other parties, such as kids spying on their parents first (it happens), or one spouse spying on the other in domestic issue civil cases (it happens a lot). Unless you can prove that your software has unbreakable facilities that prevent anyone from installing the software except in cases where it would involve only legal spying (e.g. parents spying on kids), I don't think you have a valid basis for demanding that your software be exempted. And I do not see how the software is capable of evaluating the domestic role of the person doing the installation.
My real concern has nothing to do with your software. It has everything to do with all spyware in general, and the establishment of legal defenses that they all may use if you take this matter to court and prevail. Such a ruling would be universally harmful to everyone.
In an unrelated issue, how is your software going to spy on kids that are skipping Windows and booting up a Knoppix CD instead to get to the internet to surf for 7un3z, w4r3z, and pr0n? You know kids are doing it, and not just the smart ones. Do you warn parents that your software cannot detect all these cases?
now we need to go OSS in diesel cars