back to article Kaspersky beats Zango in malware classification case

Kaspersky Lab has secured a legal victory against notorious adware firm Zango, with a ruling that goes a long way towards protecting security software developers from nuisance lawsuits from the developers of internet pests in future. The judgment might also protects security researchers from legal threats when disclosing …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    WTF?

    Not so fast

    While you jump up and down about how much Zango stinks, you might wish to remember the law of unintended consequences. CDA? Really? The CDA was designed to help service providers avoid being sued for filtering people it thought, in good faith, should not be posting on their services (remember Compuserv?)

    Now - ANY APPLICATION that checks for updates from a server (ie. all of them) can be classified as a "service" under this 9th circuit ruling. So, no security drones, you won't be sued but get ready for all out warfare because the malware guys are going to be able to knock out anything they think, in "good faith" should be filtered and there's nothing you can do about it. If Microsoft doesn't like Mozilla, Mozilla will be filtered and the CDA stops the lawsuit. Google doesn't like Bing, good luck finding Bing - no lawsuit because Google is now a protected CDA service.

    Install a piece of freeware on your desktop to clean your registry - BAM! - good luck ever downloading a competing product - they've been "filtered" and because of the CDA (and the fact that the registry cleaner is a "service" because it pings a lousy update server) there are no lawsuits available.

    This ruling sucks. Zango should have won despite what you think about Zango or what you think about Kaspersky. Even the judges admit that this is a lousy law written during the stone age and should be updated quickly by the US Congress.

    Your shallow take on this not so complex issue gets a FAIL because of your inability to see past good guys and bad guys.

  2. Ian Michael Gumby
    Unhappy

    El Reg is over simplifying the decision...

    First, I am in agreement with the decision of the court and the ruling of the appellate court.

    However... It is important to remember the following:

    http://www.ca9.uscourts.gov/datastore/opinions/2009/06/25/07-35800.pdf

    -=-

    FISHER, J., Circuit Judge, concurring:

    I concur with my colleagues that the plain language of the

    Communications Decency Act’s “good samaritan” immunity

    provision, 47 U.S.C. § 230(c)(2)(B), given the way Zango has

    framed its appeal, compels us to affirm the district court’s

    judgment that Kaspersky is immune from liability. Nonetheless,

    extending immunity beyond the facts of this case could

    pose serious problems if providers of blocking software were

    to be given free license to unilaterally block the dissemination

    of material by content providers under the literal terms of

    § 230(c)(2)(A). The risk inheres in the disjunctive language of

    the statute — which permits blocking of “material that the

    provider or user considers to be obscene, lewd, lascivious,

    filthy, excessively violent, harassing, or otherwise objectionable,

    whether or not such material is constitutionally protected”

    — and the unbounded catchall phrase,“otherwise

    objectionable.” See § 230(c)(2)(A), (B).

    -=-

    I believe that this caution come in part by this foot note:

    -=-

    8Although Amicus National Business Coalition on E-Commerce and

    Privacy takes the position that Zango’s software is not objectionable under

    § 230(c)(2)(A), as did Zango in the district court, Zango does not pursue

    the issue on appeal except in reply. An amicus curiae generally cannot

    raise new arguments on appeal, United States v. Gementera, 379 F.3d 596,

    607-08 (9th Cir. 2004), and arguments not raised by a party in an opening

    brief are waived. See Eberle v. City of Anaheim, 901 F.2d 814, 818 (9th

    Cir. 1990) (“It is well established in this circuit that ‘[t]he general rule is

    that appellants cannot raise a new issue for the first time in their reply

    briefs.’ ”). Because Zango has not argued that the statute limits the material

    a provider of an interactive computer service may properly consider

    “objectionable,” that question is not before us.

    -=-

    One wonders if Zango did frame their appeal better if it would have made a difference. If not, it would have at least made the appellate decision more binding for future cases.

    The sad face is because there's a potential loophole that could have been closed.

  3. John Smith 19 Gold badge
    Happy

    Zango is dead but this ruling will live on

    Hopefully to kneecap future generations of annoying, useless, intrusive companies whose idea of a business model is infiltrating someone elses machine and squatting there.

    it won't work on Phorm, but I wish it would.

    Either way. FOAD

  4. Anonymous Coward
    Thumb Up

    Ha ha!

    Take that, bastard Zango! Yay! Way to go Amercan legal system! How do you get rid of Zango? I reformat the drive these days

  5. James O'Brien
    WTF?

    Question here

    Why was this case still going if Zango went out of business? Surely they would have said stuff it why should we waste money for a defunct company?

  6. Oninoshiko
    Go

    Re: James O'Brien

    the case contenues dispite the failure of the company because there could be (and in this case are) matters of legal interpritation that need to be decided.

  7. JohnG

    @Spanky

    "Install a piece of freeware on your desktop to clean your registry - BAM! - good luck ever downloading a competing product - they've been "filtered"....."

    Malware makers do this anyway - they don't care if there's a law or not. Those "regular" companies that do block or otherwise disable their competitors' products are always exposed and rarely survive such a move.

    Whether it's spammers, "marketing companies" trying to steal personal information or those touting bogus security products, these shysters are forever going to US courts to thwart the best efforts of genuine security organisations to counter their uninvited and unwanted "services". It is refreshing to see a US court see through the bullshit at the first attempt. However, as the plaintiff is no longer around to pay costs, I guess Kaspersky will have to pay their own costs.

  8. Anonymous Coward
    Linux

    @Spanky

    The solution's simple - only ever install software that you control, not software that controls you.

  9. Dave Mundt
    Grenade

    re: the subtitle, etc

    Greetings and salutations.

    Here in America, we call it a F***king shovel....(as the joke goes - and yes...this is a VERY on-topic comment)

    However, this is a good example of why the CDA is a poorly written law that got pushed through on the emotional wave of "it's for the children"...instead of some rational way of putting up appropriate roadblocks to minimize the chance of an emotionally traumatic image being dumped on a person who is not yet mature enough to deal with it. The law's language SPECIFICALLY targets pornography through most of the text, but, alas, has a really bad "and other objectionable material" clause tossed in at the end. This massive, Big Rig sized loophole is probably the basis of the lawsuit, and, really should be removed.

    Actually, I think the whole CDA should be stricken from the books, and, the responsibility of dealing with the kid's exposure to sex be dumped back in the parent's lap, where it used to be and where the responsibility SHOULD be.

    But that is just me.

    Regards

    Dave Mundt

  10. Francis Vaughan

    In good faith

    @Spanky. You need to check the definition of acting in good faith. None of the examples you give are such. Indeed they are clearly acting in bad faith, would be actionable in their own right, and in no way protected. Just because you say you are acting in good faith does nothing to change the matter of whether you are or not.

  11. DR

    like it or not...

    @"Hopefully to kneecap future generations of annoying, useless, intrusive companies whose idea of a business model is infiltrating someone elses machine and squatting there."

    My first question is do you know how Zango was installed?

    Second question, Does a user actively selecting to install Zango, either by downloading from the source or by installing alongside another app that they got for free, because the publisher of the other app funded their development through it, actually sound like infiltrating?

    so my third question is are you an idiot?

    All users who were "infected" by Zango at one point of another actively chose to download something that was either just Zango, or had Zango attached as a revenue stream for a third part, (whose software you were installing).

    The only people who installed Zango unaware were those who just clicked next several times without reading.

    Personally, I'll agree, I did find Zango annoying, but I chose to install it to use a third party application that had aligned it's self with it.

    I chose to use that software, may people chose to use that software.

    it's not like Zango was some kind of dirty trojan that "infiltrated" people's computers, they chose to install it.

    After their death I was reading the post mortem blog posts, the ex-directors had released.

    They were completely honest about the mistakes that they made, in their business, but also honest about how companies like Kappersky saying that their software was malware had crippled their business.

    Personally, I don't think that anybody who chooses to install software should complain about it.

    and I don't think that they should call it malware. they ruined a business with their miss-classification. and a court ruling should definitely have been against them. (kapersky)

    Yes, I agree Zango did use resources and upset the user experience, for that same reason I'm now classifying Java as malware. for it persistently runs a java quick start on a machine I have at home to reduce load times.

    I'll also classify Itunes as malware for it's service that runs persistently, (despite the fact that I've not plugged in an Ipod into my computer in well over a year).

    Yes, I chose to install those applications. but the fact that they run all the time degrades my user experience.

    so that's the same situation. an app that a user chose to install that always runs, degrades the user experience, would kapersky have the balls to classify Itunes as malware? and do you think that the ruling would be the same when Apple took them to court...

This topic is closed for new posts.

Other stories you might like