Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware Maker Sues Detection Firm

Posted by CowboyNeal on from the every-trick-in-the-book dept.

Luigi30 writes "ZDnet reports that RetroCoder, makers of the SpyMon remote monitoring program, are suing Sunbelt Software, makers of ConterSpy, a spyware detector program, for detecting the SpyMon as spyware. According to the EULA, SpyMon can not be used in 'anti-spyware research,' and detecting it is therefore a violation of it. 'In order to add our product to their list, they must have downloaded it and then examined it. These actions are forbidden by the notice,' a RetroCoder spokesperson said."

22 of 503 comments (clear)

  1. The answer... by Anonymous Coward · · Score: 5, Funny

    ...is for the detection firm to add a section to their EULA that forbids anti-anti-spyware research!

    1. Re:The answer... by slavemowgli · · Score: 5, Insightful

      You moderators might think that's Funny, but it's actually a very interesting point. If I can, basically, say "you're not allowed to come anywhere near my software" in the EULA as a spyware maker, why can't I say the same thing as an anti-spyware maker?

      What's nice about this is that it works out no matter whether such a clause would be accepted: if it is accepted, then the spyware maker would have violated the anti-spyware product's EULA by looking at how it classifies the spyware. If it's not accepted, on the other hand, then the corresponding clause in the spyware's EULA would also not be accepted.

      Myself, I think that such clauses aren't valid, but I also think that even if a court thinks they are, it'd be pretty impossible to actually get a case, as they could trivially be circumvented. For example, if I visit a friend and use their computer to do something in Photoshop, am I then bound by Photoshop's EULA? Of course not; I didn't buy the program, I didn't install it, I didn't agree to anything. My friend might be (or not), but I certainly am not. A spyware maker could do the same thing: just don't install the spyware yourself, but rather classify it after it infected someone else's computer. (On a side note, I doubt that most spyware actually presents a EULA to the user where he can clearly see what is going to happen, where he's given the opportunity to say "no, thanks" and where, if he does, the spyware will not be installed, anyway).

      --
      quidquid latine dictum sit altum videtur.
  2. I dont think they'll win by bjason82 · · Score: 5, Insightful

    This kind of thing is not likely to stand up in court. Spyware has been proven to be a malicious type of software that voilates one's privacy, therefore I would be shocked if the courts find in favor of the spyware maker. The spyware maker might have thought it was clever adding that clause in their EULA, but essentially what they've stipulated was people cannot investigate how their software works in order to prevent it's unwanted installation on to one's system. Not likely to stand up in court.

  3. Re:I'm not sure which is scarier... by meringuoid · · Score: 5, Insightful
    I'm actually quite glad of this. The outcome of this case will determine just what is and what is not enforceable in an EULA.

    For instance, how about that bit about not disassembling, decompiling or reverse-engineering software that's in so many EULAs? That's the same kind of thing as this 'not use in spyware research' clause. If the one is unenforceable, then is the other one too?

    --
    Real Daleks don't climb stairs - they level the building.
  4. Heuristics ? Or the admit in the EULA by tines · · Score: 5, Insightful

    First: they almost admit in the EULA that is a spyware product. Who the fuck else would put such an idiot line in the EULA. Second: the antispyware company might have used some sort of heuristics. No install required. I would really like to see this go in court: isn't there a limit on the kind of shit people put in that EULA ?

  5. Don't agree to eula! by pawstar · · Score: 5, Insightful

    Em. I don't get it. Who says the the company has to agree to the eula to look at it? If the spyware company declines the eula agreement they are not bound to it and as a result the proggy is not installed. How does that restrict they spyware company from analyzing the binaries present in the setup program? Decompress the archive and create a fingerprint done!

  6. Other great EULA small print by Anonymous Coward · · Score: 5, Funny

    Section 6783.

    You agree that in using this Software, You give Us the right to your first born child.

    Section 6784.

    You agree that in using this Software, you will never hit the "g" key on your keyboard between 4:50AM and 3:15PM. This clause will survive termination of the Agreement.

    Section 6785.

    You will never call the Software a Piece Of Shit in public or in private.

  7. Unenforceble I'd Say by amelith · · Score: 5, Funny

    What's next? Passing a note to a bank teller "By reading this note you have agreed to let me rob your bank and not press the alarm button"?

    EULAs are becoming increasingly cluttered with unenforceable and in cases downright silly things. With any luck a few frivolous lawsuits might see some of them struck down.

    Ame

    1. Re:Unenforceble I'd Say by theonetruekeebler · · Score: 5, Insightful
      It's more like
      • By reading this note the teller agrees that the Funds Recovery Action undertaken by the Funds Recoverer is not a bank robbery.
      • Teller agrees to withdraw and surrender such funds as the Funds Recoverer demands.
      • Teller agrees that the Funds Recoverer is not responsible for any financial loss resultant from Teller's participation in the Funds Recovery Action.
      • Any attempts at funds recovery undertaken by Teller or his or her employeer against the Funds Recoverer is expressly disallowed as a derivative work of this Funds Recovery Action.
      • Any video recordings of the Funds Recovery Action are expressly disallowed as a derivative work of this Funds Recovery Action and are the property of the Recoverer.
      • Teller agrees to fund all legal and medical expenses incurred by the Recoverer resultant from the Teller's refusal to cooperate in the Funds Recovery Action.
      • Teller agrees that any violation of this Agreement, including refusal to accept the Agreement, shall entitle the Recoverer to financial compensation of twice the amount demanded in the original Recovery Action.
      • Now put the money in the bag and lie down on the fucking floor.
      --
      This is not my sandwich.
  8. Virus creator sues McAffee for USD 200$ Mio by lightweave · · Score: 5, Funny

    ++++ fake ticker ++++ Johnny Bash, famous for writing applications like WORM32 and Trojan.Hoax, has today filed a lawsuit against McAffee. His complaint is that the EULA for this applications specifically forbids the reverse engineering or analyzing of the code for anti-virus companies. He says that by downloading and installing his latestes achievment, McAffee implicitly agreed to the conditions and thus violated the EULA by including the anti-virus measures in their latest software.

  9. Re:Does it work against FBI agents too? by Kjella · · Score: 5, Interesting

    Anyone remember those MOTD's on pirate-software FTP sites giving us a pseudo-legal-brief about President Clinton signing some law, and then "FBI AGENTS YOU CANNOT ENTER THIS SITE"?

    They never stopped, FTP simply lost importance. IRC fserves used to have them too. Websites, DC++ hubs, eMule hubs, WinMX shares as well. It's funny, I've had people present me that and then ask me if I'm a cop as well. Even after sending them this and this they still think it is for real. I guess it's some kind of mental self-defense, denial or whatever that makes them go LALALALALA I can't hear you.

    Kjella

    --
    Live today, because you never know what tomorrow brings
  10. Re:My god by OrangeTide · · Score: 5, Funny

    Ah. the popular "Bend Over" EULA.

    --
    “Common sense is not so common.” — Voltaire
  11. So much fun by pepeperes · · Score: 5, Funny

    U.S. lawsuits are merrier and merrier all the time! Very few surrealist artists had as much imagination as some lawyers do!

    --
    ... from the forgotten corner in europe
  12. Re:If it looks like a duck and sounds like a duck. by Anonymous Coward · · Score: 5, Funny

    But if it weighs the same as a duck, it must be a witch.

  13. EULA's on individual computers by pilybaby · · Score: 5, Interesting

    Perhaps there should be a system where any software installed has to agree to a license on that computer. So I can add my own EULA to my computer and any software vendor that has their software on my computer has to agree to it. There can be a nice API that can be used to get at the license and everything. If I have to agree to an EULA when installing their products on my machine, they should have to agree to my EULA to run their software on my machine. If they break it then I can sue them.

    This is fair too, because as much as I don't understand their EULAs, they wont be able to understand mine. Vive la revolution in software consumer rights!

  14. Re:My god by AnonymousBystander · · Score: 5, Funny

    Ah.. the popular soviet russia joke...
    spywares sue YOU now becomes reality

    Next, write this on your T-shirt
    "By looking at me, you agree to ...

  15. Message for SpyMon developers by 50m31sl4sh. · · Score: 5, Funny

    By reading this post, you agree to pay me $1,000,000.

    --
    Rediculous is ridiculous!
  16. Re:My god by cp.tar · · Score: 5, Interesting

    Oh, don't worry... they can't possibly win this case.

    The EULA only enforces certain rules if you want to use the program. If you do not use the program - which would mean running the binaries, if I'm any judge - you may not use the program.

    It would be most interested to see whether their EULA contains something along the lines 'this software is provided as-is, and is not fit for any express purpouse' - something similar can IIRC be found in MS Office. That clause would counter and dispel the clause that claims it can not be used in spyware research - regardless of the fact that the program does not have to be running for it to be examined. It doesn't even have to be installed, and the EULA doesn't even have to be read, let alone agreed to.

    The package can be extracted, binaries examined... And, if the sued company wants to be evil, they can just claim that any software that forbids the end-user to include it in spyware research (and how in the world would you enforce that rule against NOD32's heuristics and automatic mailing suspicious binaries to their lab really escapes me) deserves to be added to their spyware list. They never had to get past reading the EULA to add the program to their list, so they never would have installed it and, of course, never agreed to the EULA in the first place. If they never installed the program, the EULA is unenforceable.

    Finally, proving a negative is not what the US court system is based on, at least from what I've heard about it - innocent until proven guilty (unless it's a terrorism accusation, but I don't really want to troll right now). So the spyware maker has to prove that there was no possible way for the sued company to examine their binaries without agreeing to their EULA. If the sued company can prove that there is at least one way for them to do that, the spyware maker cannot prove that they didn't do it. Innocent until proven guilty.

    Hell, I could successfully defend them against this, and IANAL.

    --
    Ignore this signature. By order.
  17. Hasn't a crime been commited by Sunbelt? by doubledutchdesigns · · Score: 5, Informative

    Retrocoder Limited has NOT threatened to sue Sunbelt - we are currently looking at what legal options we have to defend our product.

    This is a copy of the text sent to Sunbelt:

    "If you read the copyright agreement when you downloaded or ran our
    program you will see that Anti-spyware publishers/software houses
    are NOT allowed to download, run or examine the software in any
    way. By doing so you are breaking EU copyright law, this is a criminal
    offence. Please remove our program from your detection list or we will
    be forced to take action against you."

    The action will be that we may be (in our opinion) forced to get the UK police authorities involved with Sunbelt over copyright theft. This is a criminal offence, not a civil one I believe.

    Retrocoder Limited as the copyright holder, has the right to say who may or may not have its program. If someone has its program without permission, are they not guilty of a criminal offence?

    For example, if you have a copy of Windows without MicroSofts permission, is this not a crime?

    Below is a copy of the text sent to Joris Evers (who wrote the original article from it):

    "As you can see, at the moment it is just a warning to them to stop
    blacklisting the program. Our program is not a "trojan" or "virus",
    it is used to keep a remote "eye" on your kids or employees. The user
    must have access to the users machine in order to install the client.
    Only the installer of the program can view the client machine. Our
    program does not attempt to bypass firewalls or other such protection.

    This is very different from "trojans" and "viruses" - they replicate
    themselves and spread uncontrollably, you do not usually need direct
    access to the users machine. They often try to bypass firewalls in
    order to "reach" the internet.

    Our problem is that companies like Sunbelt do not properly look at
    software before they blacklist it. They clearly ignored legally
    enforceable warnings that what they would be doing is not allowed by
    the copyright holder. This shows that either they do not examine
    programs properly or that they ignore copyright law. In order to add
    our product to their trojan/virus list they must have downloaded it
    and then examined it. Both of these actions are forbidden by the
    copyright notice.

    A similar situation arose with Grisoft with the AVG product. We sent
    a similar warning letter out to them and they responded by removing
    our programs from their blacklist. This resolved the situation and no
    further action has been taken.

    I will be consulting with our solicitor in the next few weeks about
    companies like Sunbelt, what civil/criminal laws have been broken, and
    how best to involve the UK Police authorities in action against them."

  18. Asshole is right. Look at this... by bigtallmofo · · Score: 5, Interesting

    Everything about these idiots screams "asshole". Look at their web site advertising their product:

    Don't know what your kids are doing on the net?
    Worried that your partner is cheating on you?
    Want to see what your employees are really doing instead of working?
    Ever wanted to be a hacker like in the movies?
    Great product niche - allowing paranoid idiots to spy on everyone in their life. Then there's a fantastically smug notice at the bottom of the web site that says:

    Please note that the "crack" by "team tbe" doesn't work anymore. ;)

    Like I said - everything these guys do and say has asshole written all over it.

    --
    I'm a big tall mofo.
  19. Re:My god by ezberry · · Score: 5, Interesting

    It isn't true that both parties have to have the ability to modify the contract to their satisfaction (I'm in law school and I've taken contracts... ). EULAs are adhesion contracts, which force the accepting party to the terms of the offering party. From Obstetrics & Gynecologists Ltd. v. Pepper (693 P.2d 1259) 'An adhesion contract need not be unenforceable if it falls within reasonable expectations of the weaker or "adhering" party and is not unduly oppressive. However, courts will not enforce against an adhering party a provision limiting the duties or abilities of the stronger party absent plain and clear notification of the terms and an understanding consent.' So, in the end, you are right that this won't be enforced, but for the wrong reason.

  20. Re:Asshole is right. Look at this... by AntEater · · Score: 5, Funny

    Was I the only one who saw this subject line and though goatse.... ?? I must admit, it made me flinch.

    --
    Alex, I'll take keybindings not used by Emacs for $400....