Spyware flap looks headed for court

A legal showdown is brewing between anti-spyware vendors and adware marketing companies that contend their software has been unfairly targeted for detection and deletion. In between the combatants stand IT professionals and consumers who only want relief from what they say has become a growing blight upon corporate desktops and home PCs.

Claria, formerly known as The Gator Company, recently complained to Computer Associates because CA's PestPatrol anti-spyware software detects and deletes Claria's Gain ad-targeting software, including Gator eWallet. After reviewing Claria's complaint, CA last week eliminated from its product the ability to detect Claria adware. By late Friday, however, CA had determined that all eight of Claria's products violate user privacy and security in some form and added detection for them back into PestPatrol.

"We're trying to be objective in the reasons a vendor is included as spyware," says Tori Case, director of eTrust security management at CA. The criteria for spyware are based on the privacy, security and performance impact that code has on computers and networks, she says. Suspending detection of the Claria adware during the formal appeals process is standard procedure, Case says, adding CA was disclosing the situation for the sake of "transparency" to customers and the rest of the industry. Yahoo's anti-spyware service is based on the PestPatrol product.

For its part, Claria said in a statement: "We have initiated a dialogue with Computer Associates about what we believe to be issues in the way their PestPatrol product informs consumers about Gain software on consumers' desktops."

Other adware marketing firms also are vehemently objecting to being classified as spyware and are fighting to be removed from the target lists of anti-spyware software. As the disputes gain steam, lawyers on both sides are getting ready to rumble.

A company called 180solutions makes search-assistance software called Zango that shows ads to users. Within the past month, the company sent letters to several anti-spyware vendors demanding that they drop 180solutions from their spyware databases.

180solutions, a privately held company that recovered from near-bankruptcy a few years ago to claim $50 million in revenue and 250 employees at the end of last year, is telling the anti-spyware vendors, including Sunbelt Software, Webroot Software, Aluria, InterMute and Microsoft, to back down.

"They make money removing applications such as ours," says Todd Sawicki, senior director of marketing at 180solutions. "They're making false representation about us as a business. What we don't like is they're making egregious, overwrought statements. They're scaring users. We want them to know we're safe and we represent no threat."

Security experts criticize adware because it typically works by tracking users' Web activity, an action regarded as a compromise to privacy. In addition, multiple types of adware crowding onto a machine can cause slowdowns and even crashes.

Sawicki says there are "truly malicious evil actors out there" with code that should be detected and eradicated because it undermines user privacy and security - he named CoolWebSearch as one - but he insists that 180solutions is not among them.

"It's the language and the [categorization as] spyware," he adds. "We have the firm belief that the person has the right to choose what's on the machine. We're not so different from a media company like NBC. They make money showing ads and so do we."

If the anti-spyware vendors don't stop treating the 180solutions code as spyware, the adware vendor "reserves the right to pursue legal alternatives," Sawicki says. "It's worth a battle."

Microsoft enters the action

According to Sawicki, Microsoft, one of the newest entrants in the anti-spyware market, also is making false and misleading statements about 180solutions. His company fears that Microsoft could use its power on the desktop to shut out adware firms.

Microsoft declined to comment on the dispute, and the legal issues involved remain murky.

Attorney Mark Rasch, senior vice president and chief security counsel at security firm Solutionary, says the claims of the adware vendors revolve around the legal notion of libel and defamation. He says the adware firms believe "the anti-spyware vendors make a decision that puts these companies out of business."

He points out that the word "spyware" has no established legal definition or prohibitions associated with it, other than one Utah law. There is legislation pending in Congress.

If this battle does go to court, Microsoft, with its vast resources, will have the best chance of standing up to a legal challenge, Rasch adds. "Microsoft is going to end up setting the standards due to its market power and ability to litigate," he says.

According to 180solutions, the anti-spyware vendors are not the only parties unfairly maligning its product. Sawicki also reserves criticism for network managers who complain about adware and are clamoring for anti-spyware software. "These network managers are fear-mongering, too, because it helps them get more budget," he says.

Predictably, it is an accusation that raises the hackles of network professionals.

Bonnie Norman, systems security engineer at Wellstar Health System, says unwanted spyware programs are clogging the hospital's computers and networks. Sometimes computers have to be totally re-imaged because they are so gummed up with various types of code that medical personnel download without understanding the consequences.

"With spyware, they're looking at our computers to see what's in it," Norman says. "They're stealing our bandwidth. They're using social engineering to get people to download their software."

Norman says she was surprised to hear that CA's PestPatrol at one point wasn't blocking Claria's Gator eWallet, which she says her company strives to eliminate. The hospital blocks spyware at the gateway using a TippingPoint Technologies intrusion-prevention system and is looking at deploying the McAfee desktop anti-spyware product later this spring.

Some of the anti-spyware vendors say the barrage of adware complaints is eating into their time and resources.

"They constantly have their attorneys sending us letters," says Richard Stiennon, director of threat research at Webroot. "They cite unfair business practices and libel." To date, Webroot has not removed detection for code under pressure from adware vendors. But Stiennon says he sees a legal confrontation approaching.

Adware firms use pressure

Stu Sjouwerman, COO at Sunbelt, which makes CounterSpy Enterprise, says 180solutions uses high-pressure tactics to be removed from the spyware database. "They're saying, 'We're legit, aboveboard and we're the good guys,'" Sjouwerman says.

As part of the dispute, 180solutions pressured Sunbelt to remove a white paper analysis of the 180solutions software from the Web. Sunbelt did so, claiming the move was legally prudent under the circumstances.

Sjouwerman, who notes that CounterSpy simply flags code and users can decide to delete it or not, says adware vendors are becoming "intimidating."

"A lawsuit is a potential that could cost us a few hundred grand to defend ourselves," he says.

Anti-spyware software vendor InterMute also is in a dispute with 180solutions. InterMute's director of threat research, Anthony Arrott, says there's been a sharp upturn in complaints from adware firms, with about one per week asking for exemption from spyware detection.

"The most pernicious part about it is they can eat up our resources in just processing these claims, leaving us with less to find new spyware," Arrott says.

Learn more about this topic

Test: Enterprise-level anti-spyware software

Webroot shines in sweeping up the spyware. Network World, 12/13/04.

Anti-spyware buyer's guide

Latest vendor specs on 20 products.

10 ways to stop spyware

Spyware cleaners fall short; follow these steps to stamp out spyware for good. Network World, 03/28/05.

Coast anti-spyware consortium falls apart

Anti-spyware consortium collapses. Network World, 02/08/05.

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies