No Honor Among Malware Purveyors

metalion writes "True to the saying 'no honor among thieves,' adware company, Avenue Media, is finding that competing adware company, DirectRevenue, is detecting and deleting their software. Now Avenue Media is crying foul and have filed a lawsuit against DirectRevenue stating that DirectRevenue 'knowingly and with intent to defraud, exceeded its authorized access to users' computers.' DirectRevenue acknowledges that it may uninstall competing applications in its user license agreement. A researcher at Harvard University, Ben Edelman, reasons that 'Once the computer is infected with 10 different unwanted programs, the person is likely to take some action to address the situation.' Just how far will adware companies go to continue to attempt to bombard us with their ads?"

Too funny

[networkBoy]

We all have been complaining about malware for years. . .
Now they are complaining about themselves.
When does it stop?
-nB

fight amongst yourselves

[Se7enLC]

Now if only we could make these malware programs only target other malware programs and not the operation of the PC...

We could have a little battlebots competition! The Amazing Bonzi takes on reigning champion THE GATOR.

Malware attacking malware...

[bonaman_24]

Ironic that they file a lawsuit of thier program being removed when they didn't (explicitly) ask permission to get there in the first place. Maybe we all should just download Virtual bouncer to clean off our systems....oh, wait....

Re:If they succed . . .

[Politburo]

Well, since Ad-aware is run with the full consent of the user, I don't see how it would "exceed the authorizations of the user" or whatever the lawsuit language is.

Re:Now here's an idea

[garcia]

We should require by law that when a spyware application installs itself, it must uninstall another spyware application without damaging the host system, and further that it put itself into add/remove programs.
Just because it is listed in Add/Remove Software doesn't mean it is removed entirely.

I hope the plaintif prevails

[Total_Wimp]

I hope they win the lawsuit. If they were to get the courts to agree that hiding malicious wording in the EULA is fraud then that would be a nice boon to shutting some of these people down.

In fact, just about any attack on the concept of click-through EULAs is pretty good in my book. Scream "contract!" all you want, they're bad for me personally and bad for the industry. Consent and informed consent are two different things and it appears the industry has completely abandonded any pretext of the latter.

TW

Hard to get excited...

[Anonymous Coward]

It's nice to think that at least one adware purveyor is going to be inconvenienced by this little tussle, but it's not so uplifting when you consider that the choice of winners is "adware company #1", "adware company #2", or "lawyers who represent adware companies".

Re:too funny

[Adriax]

Makes you wonder who the judge will side with.

I'm hoping Avenue Media, I make good money removing spyware from people's machines.

Re:If they succed . . .

[Rycross]

Given that they're basing their argument on the asssumption that DirectRevenue "knowingly and with intent to defraud, exceeded its authorized access to users' computers," (Pot, I'd like you to meet Kettle...) I don't think there is much to worry about. Users running ad-aware are directly giving their consent to the program to modify their system.

Exceeded its authorized access?

[ClubStew]

exceeded its authorized access to users' computers

And is my mom and other not-so-savvy users granting said authority in the first place? This suit seems riddled with assumptions that it was legal in the first place to install such software.

And since when has malware displayed any EULA - or any UI, for that matter?

Re:too funny

[Rycross]

I don't really see a lesser of two evils, just two evils squabbling over who gets to screw you over.

Re:Ripoff

[smooth wombat]

This surprises you how? I've had a posting rejected and then seen the EXACT SAME story posted four days later!

Come on, this is Slashdot. You don't actually expect competence, do you?

Playing CoreWars the Internet...

[mikael]

I wondered how long we would have to wait for this to happen. I always imagined it would be university students or black-hats. I never imagined it would be spammers/spyware authors trying to kill each other's programs.

When it will stop.

[AltGrendel]

Never, of course.

However, when the stupid malware companies realize that what they really need to do is be more like the true biologial parasite, then it may slow down. A RL parasite is benign to the host. If they wrote their code so that you never knew it was there, you would never know to complain now would you?

Re:If they succed . . .

[GauteL]

Nothing. Ad-Aware's advertised main function is to remove adware.

This lawsuit is about some adware going outside the boundaries of their advertised function, and removing other adware and only telling the users by the fine print of the EULA.

Re:Well...

[vettemph]

Maybe then people will take some action against these bullshit programs.

We have, It's called Linux.

Mozilla is the key along with a system that is better suited to internet attachment.

Perhaps they should sue their customers

[91degrees]

Clearly, its the customer who is giving the other application permission to uninstall the exisitng malware. The vendors of the other application have no influence or stake in the agreement between the exisitng malware authors and the user. The only party that can breach the agreement is the user.

So, the users should be punished for violating the copyright on the software they didn't want in the first place, and was installed without their knowledge.

Re:Now here's an idea

[Anonymous Coward]

> We should require by law that when a spyware application installs itself, it must uninstall another spyware application ...

But on a clean install, there IS no spyware to uninstall. So how can you install the first program without breaking...wait, that's brilliant!

Advertisers in general are going insane

[wowbagger]

I'd submitted this gem [nbc10.com] to /., but they obviously felt it wasn't news.

A lady in El Paso gets a telemarketing call. She says no, repeatedly. Telemarketer ignores her, repeatedly. She hangs up, forcefully.

She later gets a letter saying:

Jill Beyer,

Before you are rude to another telemarketer, you should keep in mind that he or she has your phone number and your address.

Many of them live in your own state and most don't give a (expletive)!

So, Ms. Beyer, the next time a telemarketer calls and you don't want to be bothered, a simple "not interested" will do.

Your son or daughter or next-door neighbor's daughter could very well be a telemarketer. A handicapped, wheelchair-bound person could be a telemarketer. A biker or ex-con is more likely to be a telemarketer. You really, really shouldn't (expletive) with them!

As they say in the telemarketing industry, "Have a good day Ms. Beyer!"

So, we have:

• Television stations prohibiting us from recording shows (via the broadcast bit)
• TV execs saying "skipping commercials is theft"
• Telemarketers threatening those who will not listen to their pitches.
• Adware companies fighting over who can infest your computer.
• Drive-by installs of adware

OK, I move that we commit all advertisers to institutions for the criminally insane, right now.

Any seconds?

Re:When it will stop.

[teromajusa]

Unlike a real parasite, malware's goal isn't just to survive and reproduce - it goal is to generate revenue. I don't see how a company can generate revenue by secretly installing truely benign software on your system.

Re:too funny

[Zaknafein500]

You and me both. As much as I hate the stuff, spyware has just about made me a mint.

Re:When it will stop.

[michrech]

Why, that'd be by making their software take up very little space, ONLY monitor, for example, what web sites you are visiting (something that should take very little CPU time, or could even be scheduled to run in the wee-hours, and then, again in the wee-hours, reporting back to it's home company.

Said home company could then gather up all the data, find out what sites are being visited the most, and direct their 'customers' to advertise at said sites.

If done properly, even 10 of these types of programs should not be noticable...

Or something...

Off to the patent office with me! Gotta patent the idea before them aweful software companies steal it!

hum

[zobi]

The EULA displayed during DirectRevenue's adware installation states:

"You further understand and agree, by installing the software, that the software may, without any further prior notice to you, remove, disable or render inoperative other adware programs resident on your computer..."

If the legal suite goes in favor of DirectRevenue, it will be matter of days before this kind of EULA is modified, to allow adware programs to uninstall adware-removal tools as well!

Honor among thieves

[swb]

I thought that there *was* honor among thieves, the contradictory nature of the statement "There is honor among thieves" giving it its resonance.

Re:Firmware ADS.

[d_strand]

Maybe they'll make it illegal to skip ads and comercials, but that would be too insane wouldn't it?

oh wait....

Re:Cool!

[MillionthMonkey]

Unfortunately, we don't get to pick an arbitrary fitness evaluation. If spyware does damage to our network infrastructure, and yet delivers the most advertising, spamming and phishing revenue, it is fit as spyware.

Actually it only needs to deliver advertising/spamming/phishing revenue. If it hitches a ride on a worm, that would make it even more fit.
Damage to the network is a "neutral" trait until it starts to interfere with spyware downloads.

Re:When it will stop.

[Bertie]

Not benign - there's nothing much benign about malaria, for instance. It's not about not affecting your host, it's about not killing it, and that's true of malware as much as it is of a biological parasite.

Re:Well...

[Anonymous Coward]

Glad this was modded funny!

Because it is. Have you tried to kill Messenger access to the Internet? Microsoft has played every trick in the book to make sure that this program can get through any firewall unless you make the firewall so tight that you might as well have no Internet access whatsoever.

My point is that your remedies will only be effective so long as Microsoft allows them to be. As long as Windows code is hidden behind a proprietary screen, you will never know. Linux and other software, however, being Open Source, will never be able to hide this for long.

Pay no attention to this post. Continue to bask in the warm glow of your secure systems.

EULAs not intended to be read

[ae]

When I got my IBM ThinkPad X31 about a year ago, I figured I might as well try to boot Windows just once to see what kind of hardware-specific tools IBM supplied. (Trying to get a refund for an operating system I did not want was not possible, since IBM made it clear, that if you did not agree to the licenses of all the supplied software, you were free to return the laptop, which, of course, was not an option.)

I didn't get very far, though. Before it would boot (acutally, install Windows from a restore parition) the software wanted my to agree to two click-through EULAs, one from Microsoft and one from IBM. The funny part is that the license texts, which would have required tens of pages each if printed for sure, was displayed in two tiny text areas, only three text lines high. There was no option to save or print the licenses, and, if I call correctly, there was even some music playing in the background.

The point is, noone is intended to read these texts. I'm not sure what implications that has for the validity of this kind of licenses in various jurisdictions (IANAL etc), but the whole situation is just weird.

(Needless to say, I powered off the machine at that point and net-booted a Debian installer.)

Re:If they succed . . .

[krgallagher]

"This lawsuit is about some adware going outside the boundaries of their advertised function, and removing other adware and only telling the users by the fine print of the EULA."

But that is how most adware gets installed in the first place. If the fine print of the EULA is good enough to authorize an install, it should be good enough to authorize a removal. It is, after all, the end users computer. These companies act like they own the computer instead of the end user.

Actually, this brings to light a larger question..

[Ratphace]

...and that question is just how binding is a company allowed to make its EULA?

I think all the EULA's are out of control as to how much control and ownership these companies have over your PC and what right's we as owners of the PC should have reserved.

I keep hoping someday, someone, somewhere will really bring all these EULA's that we are all subjected to each and everytime we install something, under a microscope and start really questioning the legality of said EULA's.

Just my 2 cents...

Long Live the Click-through EULA!

[Anonymous Coward]

Sounds perfectly legal to me. I'd be willing to bet Direct Revenue's EULA (you know, the one I'm sure everyone who installs their software reads before doing so) has a clause in it that says "Our software is allowed to delete competitor's software."

Since the user no doubt agreed to it, I see no problem here.

Re:Spyware filing a lawsuit?

[Anonymous Coward]

In what fucked up police state can you be charged with "intent to deliver" because police find "several marijuana stems". WTF is that all about. Who in their right mind would buy a freakin MJ stem? And charged with possesion of "drug paraphenalia"? What, like a cigarette rolling paper, or a pipe? Why weren't they charged with "possesion of a deadly weapon", I'm sure they had a kitchen drawer full of knives that could kill someone. Or why not terrorism, I'm sure you could make a bomb from what was under the kitchen sink. Same connection as with a rolling paper, maybe for dope, maybe not. I did not know that your legal system had been changed to include the presumption of guilt. That must make it easier for investigators.

I really feel sorry for those of you who live in the "land of the free", every day it becomes more obvious that there is NOTHING free about your land. Please, please, please get congress moving on putting up that 40ft high "security" wall around the US, the sooner you are all locked in, the better off the rest of the world will be. Oh wait, no, sell it as "the sooner that we are all locked OUT", that will get congress moving.

I can not believe that I ever wanted to get a green card. Throwing out that application was the best thing I ever did. Had I not done so, I would be waiting around to be drafted by the least competent leader on earth, to go fight a war that pads his friends pockets, yet solves nothing. Oh, and waiting to see if some cop is going to decide that THIS pipe is paraphanalia, and that twig is trafficing.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Too funny

[pete-classic]

It's always hard to tell where a slashdot poster is coming from. That's doubly true of ACs.

The idea of peace through threat of mutually assured destruction pre-dates Reagan. See, for example, the Wikipedia article on MAD [wikipedia.org]. The idea that "the only winning move is not to play" certainly existed outside the movie, but it was the point of the movie. That movie was the way in which that idea, phrased in that way, solidified in the American consciousness.

It's a shame that you choose to post anonymously, since I'd enjoy continuing this conversation.

-Peter

Re:Advertisers in general are going insane

[Feanturi]

but simply saying "Please place me on your 'Do Not Call' list" is always a sufficient way to deal with telemarketers

Nope, it makes me angry, and it's good to express one's anger. And if enough people express it, maybe we can have our phones back at last. The anger comes from not just your call, no. It comes because your call has come as the second or third time that day that I have been pulled away from what I was doing, ran to a phone that I had been waiting for for some other reason, and it's someone presuming to butt into my private time to try to sell me something. Some people tolerate it fine, good for them. Some people just really want someone to talk to (I've done telemarketing at one point actually, so I know this). The rest of us are busy having our lives, and unless you're going to make a contribution to at least my phone bill, stay the hell off my phone. I pay for it to be used for my purposes, you can't reasonably presume that my priorities include salesmen in my own home at any time that is convenient to them. Friends, family, certainly, these are priorities. Others are trespassers.