Feeds

McAfee SiteAdvisor sued over 'spyware' tag

If 7Search wins, you lose

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

In a case that could tie the hands of companies trying to protect their customers from internet threats, a website owner with past ties to a notorious piece of spyware has filed a lawsuit claiming it is being unfairly maligned by warnings from McAfee that the site poses a risk to its customers.

7Search.com filed the complaint in US District Court in Illinois. It seeks unspecified monetary damages and an injunction ordering McAfee's SiteAdvisor service to designate the site as safe. SiteAdvisor, which warns users when they are about to visit a site that may pose security threats, currently displays a warning that reads: "Feedback from credible users suggests that downloads on this site may contain what some people would consider adware, spyware, or other potentially unwanted programs."

7Search.com insists there are no software downloads available whatsoever on its site and argues the warning amounts to a willful attempt to injure a legitimate business.

"Customers of 7Search who have opened accounts with 7Search.com have later terminated that business relationship as a result of seeing McAfee's false, deceptive, confusing and/or misleading statements and representations about 7Search.com," the complaint contends.

7Search was the site that once upon a time offered the much reviled 7FaSST Search Toolbar, which according to analyses such as this was a purported browser accelerator program that in some cases used ActiveX to forcibly install itself on users' PCs. Once there, it logged detailed information about user's browsing habits.

In its complaint, 7Search says that "Since at least 2003 there have been no direct downloads available on the 7Search.com site."

What the complaint doesn't say is that people who own 7Search.com have ties to browseraccelerator.com, a site that pushes a browser toolbar that "helps users improve their online experience dramatically by displaying within a browser everything an informed consumer needs to know about the web site being visited."

Eric Howes, director of malware research at security provider Sunbelt Software, installed the software on a virtual machine and quickly noticed the software was offering search results that mixed sponsored links from unsponsored links.

"What they're trying to do is sneak adversing past the user without the user recognizing the search results ... are sponsored, paid-for results," he said. He also said the software by no means represented a high risk because it didn't appear to track individual users or forcibly install itself. Still, he said: "We would probably target it because of the overwhelming presence of advertising."

Indeed, two Sunbelt products, Viper and CounterSpy, block the installation of the program.

7Search.com's owner also appears to have ties to validatedsearch.com, a site that competes with McAfee's SiteAdvisor by providing third-party certification to end users that a given website is trustworthy. The administrative contact for both sites, as well as browseraccelerator.com is listed as one Patrick Devereaux in Chicago, according to Whois search results.

The viability of lawsuits that take action against anti-malware providers for their warnings has been questioned by some legal experts. They say a provision in the Communications Decency Act (CDA) expressly protects providers of "interactive computer services" who provide services that filter pornography or other potentially unwanted content.

"An anti-spyware vendor saying, 'Don't go here, but go here instead' is exactly the kind of filtering decision that the statute was designed to protect," said Eric Goldman, a professor of law at Santa Clara University.

Indeed, a federal judge recently invoked the CDA in blocking a similar suit crudware maker Zango filed against anti-virus provider Kaspersky. The decision is now on appeal.

Additionally, Goldman says free speech guarantees likely protect vendors as well.

We sure hope so. The lawsuits' outcome will have a profound impact on the protections anti-malware providers are permitted to offer at a time when threats on the internet are skyrocketing. If they win, we all lose. ®

Update

A McAfee spokesman just issued the following company statement: "SiteAdvisor rates Web sites to make the Web safer to surf. Our methodologies provide for a repeatable and objective reasoning based on facts and the threat landscape. At times people disagree with our ratings. Those Web site owners are encouraged to work with us on such matters."

Secure remote control for conventional and virtual desktops

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.