Feeds

McAfee SiteAdvisor sued over 'spyware' tag

If 7Search wins, you lose

  • alert
  • submit to reddit

Seven Steps to Software Security

In a case that could tie the hands of companies trying to protect their customers from internet threats, a website owner with past ties to a notorious piece of spyware has filed a lawsuit claiming it is being unfairly maligned by warnings from McAfee that the site poses a risk to its customers.

7Search.com filed the complaint in US District Court in Illinois. It seeks unspecified monetary damages and an injunction ordering McAfee's SiteAdvisor service to designate the site as safe. SiteAdvisor, which warns users when they are about to visit a site that may pose security threats, currently displays a warning that reads: "Feedback from credible users suggests that downloads on this site may contain what some people would consider adware, spyware, or other potentially unwanted programs."

7Search.com insists there are no software downloads available whatsoever on its site and argues the warning amounts to a willful attempt to injure a legitimate business.

"Customers of 7Search who have opened accounts with 7Search.com have later terminated that business relationship as a result of seeing McAfee's false, deceptive, confusing and/or misleading statements and representations about 7Search.com," the complaint contends.

7Search was the site that once upon a time offered the much reviled 7FaSST Search Toolbar, which according to analyses such as this was a purported browser accelerator program that in some cases used ActiveX to forcibly install itself on users' PCs. Once there, it logged detailed information about user's browsing habits.

In its complaint, 7Search says that "Since at least 2003 there have been no direct downloads available on the 7Search.com site."

What the complaint doesn't say is that people who own 7Search.com have ties to browseraccelerator.com, a site that pushes a browser toolbar that "helps users improve their online experience dramatically by displaying within a browser everything an informed consumer needs to know about the web site being visited."

Eric Howes, director of malware research at security provider Sunbelt Software, installed the software on a virtual machine and quickly noticed the software was offering search results that mixed sponsored links from unsponsored links.

"What they're trying to do is sneak adversing past the user without the user recognizing the search results ... are sponsored, paid-for results," he said. He also said the software by no means represented a high risk because it didn't appear to track individual users or forcibly install itself. Still, he said: "We would probably target it because of the overwhelming presence of advertising."

Indeed, two Sunbelt products, Viper and CounterSpy, block the installation of the program.

7Search.com's owner also appears to have ties to validatedsearch.com, a site that competes with McAfee's SiteAdvisor by providing third-party certification to end users that a given website is trustworthy. The administrative contact for both sites, as well as browseraccelerator.com is listed as one Patrick Devereaux in Chicago, according to Whois search results.

The viability of lawsuits that take action against anti-malware providers for their warnings has been questioned by some legal experts. They say a provision in the Communications Decency Act (CDA) expressly protects providers of "interactive computer services" who provide services that filter pornography or other potentially unwanted content.

"An anti-spyware vendor saying, 'Don't go here, but go here instead' is exactly the kind of filtering decision that the statute was designed to protect," said Eric Goldman, a professor of law at Santa Clara University.

Indeed, a federal judge recently invoked the CDA in blocking a similar suit crudware maker Zango filed against anti-virus provider Kaspersky. The decision is now on appeal.

Additionally, Goldman says free speech guarantees likely protect vendors as well.

We sure hope so. The lawsuits' outcome will have a profound impact on the protections anti-malware providers are permitted to offer at a time when threats on the internet are skyrocketing. If they win, we all lose. ®

Update

A McAfee spokesman just issued the following company statement: "SiteAdvisor rates Web sites to make the Web safer to surf. Our methodologies provide for a repeatable and objective reasoning based on facts and the threat landscape. At times people disagree with our ratings. Those Web site owners are encouraged to work with us on such matters."

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.