Safe Harbor Spells Win For Kaspersky In Malware Case Against Zango

suraj.sun writes to tell us that the 9th Circuit Court of Appeals has ruled in favor of security company Kaspersky in the recent case questioning their classification of Zango software as malware. "The court ruled that Kaspersky Lab, which classified online media company Zango's software as malware and 'protected' users from it accordingly, could not be held liable for any actions it took to manufacture and distribute the technical means to restrict Zango software's access to others, as Kaspersky Lab deemed it 'objectionable material.' Zango sued Kaspersky Lab to force the Company to reclassify Zango's programs as nonthreatening and to prevent Kaspersky Lab's security software from blocking Zango's potentially undesirable programs. In the precedent-setting ruling for the anti-malware industry, the Court of Appeals for the Ninth Circuit affirmed a lower court ruling that Kaspersky Lab is a provider of an 'interactive computer service' as defined in the Communications Decency Act of 1996 . Part of the Communications Decency Act of 1996 states: 'No provider or user of an interactive computer service shall be held liable on account of ... any action taken to enable or make available to information content providers or others the technical means to restrict access to [objectionable] material.'"

Didn't know what Zango was

[sakdoctor]

So I looked it up:

Zango, formerly ePIPO, 180solutions and Hotbar

Oh look, they've had four different names, because they have to keep running away from how scummy they are.
KILL IT WITH FIRE!

Re:

[Anonymous Coward]

What? They're just cute, harmless lil trojans...

Re:

[someSnarkyBastard]

The only cute harmless trojans that I know of can be found in 20-packs at my local supermarket.

Oblig Xkcd

[rdnetto]

http://xkcd.com/350/ [xkcd.com]

Re:

[riboch]

"It's a trick. Get an axe."

Re:Didn't know what Zango was

[DaMattster]

Both 180solutions and Hotbar were the bane of my existence back in the day. Both these malware items would just keep coming back like persistent, antibiotic resistant strains of bacteria. You think you've got every last little registry entry and file removed and lo and behold it would be back. This wouldn't be malware if the company provided honest instructions for the removal of these programs. In some cases, I had heard, the removal instructions simply added code to reinforce the malware. However, because they are being deceptive about its install and automatic re-install, it makes the behaviour unethical. Therefore Zango and its ilk should take the slap on the ass and go sulk in a corner somewhere.

Re:

[someSnarkyBastard]

sulk in the corner...? No, beat them badly, kill them, and then crush them into a fine powder like the Box Network executives in Futurama.

NO NO! NANOTECHNOLOGY!

[Runaway1956]

http://www.imdb.com/video/imdb/vi1665335321/ [imdb.com]

You should have watched the movie. Around 47 seconds in, you'll see that the little bastards are far more deadly than the big bastard ever was!!

DO NOT CRUSH OR BREAK THE BIG BASTARD!!

Re:Didn't know what Zango was

[NecroPuppy]

Only half my problem was the uninstall of these items.

The other half was the users (bless their hearts) who would reinstall them. It took threatening to fire the next person who installed HotBar before they stopped.

Re:

[Gerzel]

Why? What exactly was so appealing about HotBar that they kept on reinstalling it? What service was it providing?

Re:

[therufus]

It wouldn't have mattered. Most commercial anti-virus packages didn't remove Hotbar and its ilk. That is the entire point of the article. Someone (Kaspersky) had the balls to block this scumware and got sued for the trouble. They won, which is great for the anti-viruses of the world, but it's only at this point the malware is being exposed for what it is.

By simply having anti-virus software before, it wouldn't stop this crap from happening. I truly believe that having an antivirus package is only going to g

Re:

[jonadab]

> You'll get 10% more security by not using Internet Exploiter.

Make that IE or OE.

Outlook Express (err, Windows Mail, whatever they're calling it these days) makes Internet Explorer look like something written by Dan Bernstein. IE only catches malware if you visit a site that's infected. Since most sites aren't infected, you can potentially browse the web for weeks, even months, perhaps even years if you mostly browse the same sites all the time, before you run into any problem. With OE, you have a pr

Re:

[Hurricane78]

I know what you mean. The general rule of system administration and work in general is: If they can do it wrong, they will! And if you tell them, they will forget it as soon as you leave the room.

Re:

[TheSpoom]

I used to have problems with it. And then I stopped doing tech support as a career and started using Linux personally.

Ignorance is bliss.

Re:Didn't know what Zango was

[fataugie]

I say we blast off and nuke the site from space...it's the only way to be sure.

Re:

[Em Emalb]

KILL IT WITH FIRE!

Nah, that would allow the "phoenix" company to rise from the ashes...just using a different name. I'd humbly suggest the following:

Invite a horde of angry Mongols to their office building. Ask said Mongols to do what they do best. Once the flames, smoke, and lamentations of the women die down to a dull roar, invite the US Army to do some tank maneuvers over the remains.

Then, till the soil, salt it, and nuke it repeatedly from orbit. After the land becomes habitable once again, repeat t

Re:

[Tanktalus]

I see you prefer the "pansy" approach. Hopefully someone else will be sufficiently peeved to propose something a bit harsher.

Re:

[camperdave]

Sigh! It's salt, then till. That way the salt gets worked into the soil.

Re:

[Em Emalb]

Sigh! It's salt, then till. That way the salt gets worked into the soil.

LOL, this part of that inane post is what you chose to latch onto? ;-D

Re:

[dwiget001]

MY GOD, MAN!

What would you do if they **really** pissed you off? /cringes

Re:

[icebrain]

Meh. Vikings are more entertaining. And they have cooler hats.

Oh, and you might skip the separate salting of the soil and nuking stages, and instead just use enhanced-radiation devices ("neutron bombs") with cobalt jackets. Make sure you use ground bursts too, they're dirtier. Just don't stand downwind... the fallout's a bitch.

Re:

[Abreu]

YES, KILL IT WITH FIRE! [killitwithfire.com]

Re:

[ls671]

Here you go:

http://adservices.zango.com/ [zango.com]

http://corporate.zango.com/ [zango.com] ;-))

As long...

[Twillerror]

As long as the anti-malware gives me the choice and some basic information they can clasify Firefox as malware.

Chances are if you don't recognize the software name it was either installed by the OEM or was installed without your knowing...

Plus the open market will sort this sort of thing out. If they start clasfiy incorrectly no one will use them.

Re:As long...

[Anonymous Coward]

For once, a market solution works.

Kind of reminds me of when AVG [slashdot.org] started to play by different rules. The users were vocal and loud; AVG got the picture and fixed their problems.

It's a shame that we need courts to affirm common sense.

Re:

[Gerzel]

Not really.

The open market is very stupid when it comes to software for the most part. They just go with whatever is installed with little to no research into what the program actually runs like or long term performance. It is mostly advertising that gets new software onto computers with a little word of mouth after that. Problems are only noticed when the computer stops "running like it used to" or shows other major faults.

Re:

[LikwidCirkel]

What do you mean? Vista doesn't support ext2 by default, but I've used this driver [fs-driver.org] on XP and Vista without any trouble at all. I don't think not supporting something out of the box equates to making something hard to do.

Re:

[compro01]

Try running a program that requires administrative rights off that ext2 partition.

Re:

[FishWithAHammer]

Why are you trying to install software to a non-native partition? It sounds more like you're the problem here.

Re:

[FishWithAHammer]

You can't run an administrator app off of FAT32 in Vista either (I just tried).

When it's something utterly stupid like this (because Vista requires filesystem bits for its security architecture, as does Linux--don't try to run suid executables off of vfat).

When you are using Vista, you use NTFS. That's how it works, because UAC requires it. If you don't want that security, you can disable it (disable UAC and admin-privileged applications work fine, be it FAT or ext2/3). But you don't get to have both.

If my

Re:

[janrinok]

And why shouldn't someone install their software to a non-native partition? It should work. Before Vista you could quite easily install to ext2/ext3 under Windows but, now, Microsoft have blocked that course of action. See other threads (http://linux.slashdot.org/story/09/07/02/1317229/Linux-Patch-Clears-the-Air-For-Use-of-Microsofts-FAT-Filesystem) for further discussion.

Re:

[FishWithAHammer]

Yes, I know about ext2IFS and others. I also know that you can't run suid apps on vfat in Linux. How about that?

The security model for both Vista and Linux, as I understand them, require filesystem bits. If you don't have them, it's smarter to fail than to do the wrong thing.

Re:

[Runaway1956]

It really doesn't MATTER why he's trying to do it. He's "pushing the envelope" and Microsoft doesn't like it. Just who the fuck is Microsoft to say "NO!" anyway?

Given time and research, some knucklehead may find that Microsoft actually runs better on an Ext3 partition. Not likely, I'll admit - but, what if? Microsoft has the right to block such experimentation?

Re:

[FishWithAHammer]

It's not. If you turn off UAC you can run admin-privileged applications off of ext2 (I just tested it out).

UAC requires data bits off of NTFS. Don't like it? Don't use NTFS. Like the AC above me said, Linux does the same thing on file systems like vfat or ISO9660.

Re:

[FishWithAHammer]

Oh, and if an application requests admin rights correctly (via the API), they work even with UAC on non-NTFS drives. (Just tried that out, too.)

Legacy stuff doesn't work? lol boo hoo, put it on NTFS.

What's more disturbing

[Brian Gordon]

We actually need a court precedent for deciding if adding a feature to your program is legal?

Re:What's more disturbing

[blueg3]

Courts deciding whether we can add features to programs is nonsense.

Of course, I might be biased. I just added an undocumented feature to our popular medical records management software that allows doctors to access patients' medical records over the Internet. Encryption and access restrictions work just fine, I think, provided the software is configured properly...

Re:

[DaMattster]

Why does that "undocumented feature" scare me? Encryption and access restrictions are certainly not full proof. Even the AES-256 encryption scheme might have a significant flaw as reported in slashdot yesterday. If you are 100% certain that your system is full proof, I certainly wouldn't buy it. Your solution might be good but it might make use of other run time libraries and shared objects with notorious leaks that would let a would be intruder gain, not just access, but root level access. Your over c

Re:

[Brian Gordon]

Leave.

Re:

[Domint]

What's that wooshing noise?

Re:

[maxume]

Your sarcasm is inane. I'm perfectly comfortable with the legislature mandating that doctors and health care providers use software that meets certain standards when storing patient information, but I do not want a court deciding what those standards are.

Re:

[blueg3]

They don't -- they decide if a particular piece of software meets those standards, which is the job a court does.

Re:What's more disturbing

[Crazy Wolverine]

I think even more alarming is the fact that Zango didn't get laughed out of the courtroom, and that this case made it all the way to the 9th circuit court of appeals. Back when they were 180Solutions, they were one of the most notorious adware companies around.

Re:

[fataugie]

I think even more alarming is the fact that Zango didn't get laughed out of the courtroom

You mean like SCO?

Thank you, thank you....let the Karma flow ;)

Re:

[Repossessed]

You have to realize *how* Zango lost in the lower court.

There's a bit of the law, meant for internet filter companies, that says you can't sue if someone filters your site/product incorrectly.

Zango getting trounced in court is a good thing of course (they should have flat out arrested them when they showed up to the courthouse), but this law being upheld for a new, unintended purpose of the original bill, leaves legitimate products without recourse as well.

Also, *anyone* can file an appeal, prior to the SCO

Re:

[jhol13]

Well, it does make a sense, a bit. Think if Microsoft (or Apple - for e.g. iPhone) would prohibit everything made by Brian Gordon.

Obviously situation here is quite different, but Zango definitely is (was?) trying to make thing look the same.

Re:

[value_added]

We actually need a court precedent for deciding if adding a feature to your program is legal?

Like everything else, that would depend on what your program does and what laws apply, wouldn't it?

Say you're a convicted monopolist, and your program does ... see where I'm going?

As regards this case, if a claim of tortious interference with contractual rights, violation of the Washington Consumer Protection Act, trade libel, and unjust enrichment can be made, then yes, you may need a court precedent.

That's not to

Re:

[Registered Coward v2]

We actually need a court precedent for deciding if adding a feature to your program is legal?

Well, the court was deciding if Kaspersky was illegally interfering with Zango's business and customers. That's been a role of teh court in the US for a long time. You can be held liable for interfering with someone else's business; the flip side of this is if someone's software blocked you from installing a competitors or accessing their web pages, even if you wanted to use the competitor product as well.

And to stave off the inevitable "but Zango is evil and so deserved it..." responses:

Yes, and I think t

Re:

[mea37]

How glib. (In spite of the fact that 3 or 4 moderators apparently don't think so.)

The law governs all manner of simple actions that can be described with harmless-sounding generalisms, under certain circumstances. It's the context and effect of doing those general things that either is, or is not, legal.

Is it legal to twitch my finger? But what if my finger is wrapped around the trigger of a gun, which I'm pointing at a clerk at a convenience store? Do I need a court precedent for deciding if moving my

It's about time

[cyberzephyr]

Zango and all of it's various iterations have been a plague for countless people. I'm glad the court ruled against them and i hope it sets a good example.

Not that this ruling is a bad thing...

[geminidomino]

I'm pleased with this, but I'm confused.

Wasn't the CDA shot down way back?

Re:

[osu-neko]

Wasn't the CDA shot down way back?

Only the anti-indecency/anti-obscenity parts.

Re:

[MasterOfMagic]

Part of the CDA was struck down [wikipedia.org], primarily the parts of the CDA dealing with protecting children from indecent speech. The CDA was amended by Congress to remove the sections the court found unconstitutional.

Serves them right.

[LikwidCirkel]

I certainly remember 180-Solutions for being the last straw for me ever using MSIE. Several times they got me with their creative drive-by-installs back in the day, and those were just about the only malware infections I've had in my life. They're an absolute scumbag company and I'm glad about the outcome of this.

What's next?

[JobyOne]

Child molesters suing to have their name removed from the registered sex offenders databases?

Re:What's next?

[FrostDust]

Even the most virulent of scumbags deserve their day in court.

Re:

[JobyOne]

What worries me isn't so much that people are allowed to sue if they feel they have been wronged (that's a wonderful freedom).

What worries me is that we've built a society where the answer to every little thing has become "sue them." We also built this stupid society on top of a court where the most expensive legal team wins.

It's a nasty world for the little guys.

Re:

[idontgno]

Well, in a world of people with strongly-held and violently-opposed opinions, the courts are a slightly less socially damaging decision process than some of [wikipedia.org] the [wikipedia.org] alternatives [wikipedia.org].

Re:

[JobyOne]

Yeah, it's all well and good that there aren't international corporations fighting it out in the street.

What do I do though when I'm wronged by one of these massive entities? I suck it up and get on with my life. When Allconnect fucked up and cost me $150 what did I do? I called their support line a couple times, and when they refused to help I filed a complaint with the Better Business Bureau and moved on ($150 poorer).

There isn't a damn thing I can do in the face of a massive corporation, even wh

1st Amendment

[Tokolosh]

So it's come to this. Kaspersky has to rely on a crappy law to avoid getting in trouble. This should be simple - freedom of speech! And the scummyness or otherwise of the plaintiff (or the defendant) should not be relevant.

Re:

[0racle]

1st amendment rights only apply to (as should all constitutional rights) citizens.

Re:

[Tokolosh]

I am always annoyed when I hear on the news or read in the paper a report the Congress has "...passed a law allowing..." For example, "Arizona Set To Pass Law Allowing Guns In Bars And Restaurants."

The only way this could happen is if Congress repeals a law preventing....

The 9th and 10th Amendments are my favorites!

Re:

[mea37]

The 1st Ammendment protects expression, not action. Even the protection on a written piece is diminished if it is functional. With program code, your "audience" is a machine; it cannot appreciate any ideas you might exprses, but can only function according to your instructions.

I expect it would be a rare day that software functionality would be protected by the 1st Ammendment.

Problem is...

[cdrguru]

I don't see any standard that says what, precisely, "objectionable" materials might be. If this is used only in a very limited sense, it is probably OK.

However, I suspect there might be a considerable outcry if AVG decided to make their free tool treat various BitTorrent clients as "objectionable" but their paid-for version did not. Without extremely strict well-defined guidelines for what constitutes "objectionable" this sort of thing can be used to target anything and now there is a court precedent sayi

Re:Problem is...

[powerlord]

I find Kernel32.dll objectionable since it kept causing my user's machines to Blue-Screen.

I keep deleting it from their partitions, but then they just complain their machine stopped working and needs to be re-imaged.

Bunch of crybabies if you ask me.

ISPs can now block ads

[Animats]

This expands the "safe harbor" of the CDA to cover ad-blockers. Now, ISP's can offer ad removal as a service. Corporate firewalls can provide ad-blocking. This would cut web traffic way down and speed up browsing.

Re:

[velen]

browsing what? no revenue from ads, no traffic from ads = bad.

Re:

[stei7766]

It might encourage ad people to have their ads not be obnoxious pieces of crap.

Probably not, but I can hope.

Re:

[seekret]

browsing what? no revenue from ads, no traffic from ads = bad.

Not neccessarily, it would encourage people to have a business model that wasn't dependent on advertising. I hate that so many companies and people rely on ads for money, why don't they try offer a service or product that people can pay for instead? I'm not opposed to advertising when it's done right as a supplementary income, but it's ridiculous that you can offer nothing yet still profit off it simply by linking to someone else.

Re:

[noidentity]

This expands the "safe harbor" of the CDA to cover ad-blockers. Now, ISP's can offer ad removal as a service.

That'd be a sure-fire way to get a sort of reverse net-non-neutrality from the part of hosts. "You are attempting to visit adinfested.com. Your ISP filters ads, so we will not send any content. Choose a different ISP to view this site."

Re:

[seekret]

That I agree with, and I should have mentioned in my previous reply a few seconds ago that I don't think the ISP's should be blocking us from any site for any reason, even if it's because of ads.

Have a think about this angle.

[therufus]

Zango sues Kaspersky for interfering with their business model. This is a legitimate move on Zango's part (and yes, I know they're scum but go with me here).

Kaspersky blocked Zango in the first place for being malware. What is malware? There is software out there that installs on a computer for the purpose of using customer data to make money for the software company or some related company. However to be classed as malware it has to be either installed via deceit or be non compliant when a user is performi

Re:

[TimSSG]

Am I going crazy here, or did what I just type make complete sense?

I think what you said made complete sense; but, in no way can I confirm or deny your sanity. Tim S.

If you want to read the actual judicial opinion...

[crankyspice]

... Here it is: http://www.ca9.uscourts.gov/datastore/opinions/2009/06/25/07-35800.pdf [uscourts.gov]

The quoted clause, however . . .

[Rambo Tribble]

. . . sounds like an open invitation to hot and cold running censorship straight from your ISP's tap.