Feeds

McAfee SiteAdvisor sued over 'spyware' tag

If 7Search wins, you lose

  • alert
  • submit to reddit

Build a business case: developing custom apps

In a case that could tie the hands of companies trying to protect their customers from internet threats, a website owner with past ties to a notorious piece of spyware has filed a lawsuit claiming it is being unfairly maligned by warnings from McAfee that the site poses a risk to its customers.

7Search.com filed the complaint in US District Court in Illinois. It seeks unspecified monetary damages and an injunction ordering McAfee's SiteAdvisor service to designate the site as safe. SiteAdvisor, which warns users when they are about to visit a site that may pose security threats, currently displays a warning that reads: "Feedback from credible users suggests that downloads on this site may contain what some people would consider adware, spyware, or other potentially unwanted programs."

7Search.com insists there are no software downloads available whatsoever on its site and argues the warning amounts to a willful attempt to injure a legitimate business.

"Customers of 7Search who have opened accounts with 7Search.com have later terminated that business relationship as a result of seeing McAfee's false, deceptive, confusing and/or misleading statements and representations about 7Search.com," the complaint contends.

7Search was the site that once upon a time offered the much reviled 7FaSST Search Toolbar, which according to analyses such as this was a purported browser accelerator program that in some cases used ActiveX to forcibly install itself on users' PCs. Once there, it logged detailed information about user's browsing habits.

In its complaint, 7Search says that "Since at least 2003 there have been no direct downloads available on the 7Search.com site."

What the complaint doesn't say is that people who own 7Search.com have ties to browseraccelerator.com, a site that pushes a browser toolbar that "helps users improve their online experience dramatically by displaying within a browser everything an informed consumer needs to know about the web site being visited."

Eric Howes, director of malware research at security provider Sunbelt Software, installed the software on a virtual machine and quickly noticed the software was offering search results that mixed sponsored links from unsponsored links.

"What they're trying to do is sneak adversing past the user without the user recognizing the search results ... are sponsored, paid-for results," he said. He also said the software by no means represented a high risk because it didn't appear to track individual users or forcibly install itself. Still, he said: "We would probably target it because of the overwhelming presence of advertising."

Indeed, two Sunbelt products, Viper and CounterSpy, block the installation of the program.

7Search.com's owner also appears to have ties to validatedsearch.com, a site that competes with McAfee's SiteAdvisor by providing third-party certification to end users that a given website is trustworthy. The administrative contact for both sites, as well as browseraccelerator.com is listed as one Patrick Devereaux in Chicago, according to Whois search results.

The viability of lawsuits that take action against anti-malware providers for their warnings has been questioned by some legal experts. They say a provision in the Communications Decency Act (CDA) expressly protects providers of "interactive computer services" who provide services that filter pornography or other potentially unwanted content.

"An anti-spyware vendor saying, 'Don't go here, but go here instead' is exactly the kind of filtering decision that the statute was designed to protect," said Eric Goldman, a professor of law at Santa Clara University.

Indeed, a federal judge recently invoked the CDA in blocking a similar suit crudware maker Zango filed against anti-virus provider Kaspersky. The decision is now on appeal.

Additionally, Goldman says free speech guarantees likely protect vendors as well.

We sure hope so. The lawsuits' outcome will have a profound impact on the protections anti-malware providers are permitted to offer at a time when threats on the internet are skyrocketing. If they win, we all lose. ®

Update

A McAfee spokesman just issued the following company statement: "SiteAdvisor rates Web sites to make the Web safer to surf. Our methodologies provide for a repeatable and objective reasoning based on facts and the threat landscape. At times people disagree with our ratings. Those Web site owners are encouraged to work with us on such matters."

Next gen security for virtualised datacentres

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?