Feeds

McAfee SiteAdvisor sued over 'spyware' tag

If 7Search wins, you lose

  • alert
  • submit to reddit

Securing Web Applications Made Simple and Scalable

In a case that could tie the hands of companies trying to protect their customers from internet threats, a website owner with past ties to a notorious piece of spyware has filed a lawsuit claiming it is being unfairly maligned by warnings from McAfee that the site poses a risk to its customers.

7Search.com filed the complaint in US District Court in Illinois. It seeks unspecified monetary damages and an injunction ordering McAfee's SiteAdvisor service to designate the site as safe. SiteAdvisor, which warns users when they are about to visit a site that may pose security threats, currently displays a warning that reads: "Feedback from credible users suggests that downloads on this site may contain what some people would consider adware, spyware, or other potentially unwanted programs."

7Search.com insists there are no software downloads available whatsoever on its site and argues the warning amounts to a willful attempt to injure a legitimate business.

"Customers of 7Search who have opened accounts with 7Search.com have later terminated that business relationship as a result of seeing McAfee's false, deceptive, confusing and/or misleading statements and representations about 7Search.com," the complaint contends.

7Search was the site that once upon a time offered the much reviled 7FaSST Search Toolbar, which according to analyses such as this was a purported browser accelerator program that in some cases used ActiveX to forcibly install itself on users' PCs. Once there, it logged detailed information about user's browsing habits.

In its complaint, 7Search says that "Since at least 2003 there have been no direct downloads available on the 7Search.com site."

What the complaint doesn't say is that people who own 7Search.com have ties to browseraccelerator.com, a site that pushes a browser toolbar that "helps users improve their online experience dramatically by displaying within a browser everything an informed consumer needs to know about the web site being visited."

Eric Howes, director of malware research at security provider Sunbelt Software, installed the software on a virtual machine and quickly noticed the software was offering search results that mixed sponsored links from unsponsored links.

"What they're trying to do is sneak adversing past the user without the user recognizing the search results ... are sponsored, paid-for results," he said. He also said the software by no means represented a high risk because it didn't appear to track individual users or forcibly install itself. Still, he said: "We would probably target it because of the overwhelming presence of advertising."

Indeed, two Sunbelt products, Viper and CounterSpy, block the installation of the program.

7Search.com's owner also appears to have ties to validatedsearch.com, a site that competes with McAfee's SiteAdvisor by providing third-party certification to end users that a given website is trustworthy. The administrative contact for both sites, as well as browseraccelerator.com is listed as one Patrick Devereaux in Chicago, according to Whois search results.

The viability of lawsuits that take action against anti-malware providers for their warnings has been questioned by some legal experts. They say a provision in the Communications Decency Act (CDA) expressly protects providers of "interactive computer services" who provide services that filter pornography or other potentially unwanted content.

"An anti-spyware vendor saying, 'Don't go here, but go here instead' is exactly the kind of filtering decision that the statute was designed to protect," said Eric Goldman, a professor of law at Santa Clara University.

Indeed, a federal judge recently invoked the CDA in blocking a similar suit crudware maker Zango filed against anti-virus provider Kaspersky. The decision is now on appeal.

Additionally, Goldman says free speech guarantees likely protect vendors as well.

We sure hope so. The lawsuits' outcome will have a profound impact on the protections anti-malware providers are permitted to offer at a time when threats on the internet are skyrocketing. If they win, we all lose. ®

Update

A McAfee spokesman just issued the following company statement: "SiteAdvisor rates Web sites to make the Web safer to surf. Our methodologies provide for a repeatable and objective reasoning based on facts and the threat landscape. At times people disagree with our ratings. Those Web site owners are encouraged to work with us on such matters."

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.