RetroCoder Threatens Security Vendors

john83 writes "RetroCoder the company that brings you SpyMon, a commercial keylogger is trying to stop vendors of security software from looking at their software. RetroCoder uses a EULA that prohibits anti-spyware publishers / software houses from downloading, running or examining the software in any way. Essentially, they're trying to hide a key logger behind copyright law." While they are certainly not the first to do so, it is interesting that companies still take this approach.

Summary is a wee bit off....

[Rude+Turnip]

"Essentially, they're trying to hide a key logger behind copyright law."

Copyright law doesn't have provisions for EULAs. They are using faulty contract law logic to harass security vendors. I honestly think people only think an unsigned, after-the-fact EULA means anything because they've been conditioned throughout their lives to blindingly accept authority, whether real or perceived.

Couldn't emule & gang use the same defense?

[Qa1]

It is a well known fact that several p2p programs were attacked by the minions of various **AA, injecting malicious pseudo-clients into the essentially closed networks. Those attacks wouldn't have been possible without extensive technical analysis of the modus operandi of those networks. At least in most of those cases, it is pretty appearant that the attack was accomplished by downloading and examining the official client for that network.

Couldn't those p2p networks utilize the same defense? I.e. establish in their EULA that their code and protocol may not be examined for the purpose of a malicious sabotage in their operation?

I seem to recall that some p2p EULAs actually had such a clause. Was it ignored with no consequnces?

Sorry!

[jolyonr]

I think you'll find, if you read the slashdot EULA, you are NOT ALLOWED to check for dupe articles.

Lawers will be contacting YOU!

Jolyon

The funny thing is,

[jasen666]

they're tying to enforce a EULA on 3rd and 4th parties. Who the hell installs keyloggers on their own computer? Obviously, the "user" of the software is installing this discretely on someone else's computer. So the EULA is trying to prevent this 3rd party from scanning and removing the illicitely installed software, and trying to prevent the 4th party (anti-spyware/virus vendors) from facilitating the 3rd party in keeping their machine clean.
And if a piece of software is installed without my permission on my own computer, I'm sure as hell not bound by any EULA's. This is really a moronic attempt to legitimize their malware.

The next trend in internet worms: hidden EULA's to prevent AV software from removing them?

Mandating the second EULA screen

[interstellar_donkey]

The standard EULA is long, dull, and filled with legalese. The problem, as I see it, is that this gives software vendors the chance to hide malicious intent deep withen the contents of the EULA which customers can not reasonabily be expected to read.

I'd like to see law be written that requires a second part of the EULA, in it's own sepearte 'click yes to continue' box that outlines anything the software or service does that users may find questionable. It should be written in plain, simple words that outlines the potential for more malicious uses, and requires a user to click a 'yes I understand' next to each item.

For example:

EULA PART II:
THIS SOFTWARE MAY/WILL DO THE FOLLOWING.
PUT AN 'X' NEXT TO EACH BULLET STATING YOU UNDERSTAND THE INTENT BEFORE CONTINUING

[ ] o This software will collect personally identifible information and send it to third parties
[ ] o This software will access your email contact lists and send them to third parties
[ ] o This software will log your keystrokes and sufring habits and send them to third parties
[ ] o This software does not have an easy 'uninstall' feature
[ ] o This software will destroy data on your hdd
[ ] o This software will install additional programs on your computer that has nothing to do with this software

PUT AN 'X' IN THE BOX NEXT TO EACH STATEMENT STATING YOU UNDERSTAND AND CLICK YES TO CONTINUE BEFORE SOFTWARE IS INSTALLED.

It won't happen, but it'd be nice.

Feedback

[xor.pt]

I just got some feedback from Spymom.

We are not suing SunBelt - SlashDot got it wrong!

From Sunbelt themselves:
http://yro.slashdot.org/comments.pl?sid=167981&thr eshold=1&commentsort=5&tid=123&mode=thread&cid=140 09674

The original article:
http://news.zdnet.com/2100-1009_22-5944208.html

If you read the text on SlashDot linked to above you will see that we are not unreasonable, we just don't want our app that people have bought to be deleted without the owners permission or knowledge - as has happened with numerous "big" companies.

When contacting these "big" companies - including Symantec about the problem they simply refuse to reply - we initially tried to contact them all about 9 months ago in order to bring about some kind of cooperative agreement, with information about detecting out program as a commercial keylogger and about uninstalling our program safely (if the user decided to do so).

Our point is that commercial programs are different that trojans written by criminals. It is fair that they are pointed out by the anti-virus/trojan program, but not fair that they are automatically deleted. The user should be told that they are a commercial keylogger or similar and the default action should be to not delete. AVG by comparison deleted them without informing the user.

We are open about what ports are being used and we do not try to bypass firewalls or shutdown anti-virus programs. All are easily possible as you probably well know and we feel that comparing it to programs written by criminals is unfair.

We, as a company, are very easy to contact - if we had been contacted/replied to by the anti-virus companies (initially - before we had to put the download notice up) we would have told them how to safely uninstall the client program, and we would have also told them of a special flag - that if present would stop the client from installing again in the future. They would also have been given information that would have told the user WHO was attempting to spy on them! The condition would have been as above - that the user be informed that it was a commercial program and the default action would have been not to uninstall.

Sunbelt will soon be given this information in the hope that other companies will follow in the way they list the program (if detected).

Best regards,
  Anthony

Victime Rarely Sign the EULA

[darkonc]

If someone else installed the keylogger on my computer I haven't signed or read the EULA. When I find this 'unwanted gift', I'm free to forward it on to an anti-virus company after (or as part of the process of) removing it from my computer.

In other words, I think that RetroCoder is going to have to prove that the people on who'se computers this stuff is running have seen the EULA. Then, of course there's the fact that RetroCoder is engaged in contributory violation of people's privacy, which means that they're coming to court with 'Unclean Hands".

Of course Retro Coder could avoid this condrom if they always make sure that, whenever the progam starts up, it displays the EULA, notifying a 'user' that the software is running, how they can identify it (so that they can avoid 'infringement'), and automatically (and safely) removing itself from the computer it the end-user does not accept the EULA....

Under any other conditions, I'd say that it's Retro that would be toast in court.