Adware/Malware and Software Development
Nasir Pasha, Esq.

Adware/Malware and Software Development

Malware is Everywhere

Malware (or malicious software) is really the key term here. Malware’s definition is at the eyes of the beholder, but I use the term generally as software that you do not want. It can include everything from the destructive virus to the annoying adware popup asking you to clean your PC.

Most malware seems to come in the form of those unwanted software add-ons that seem to come with any free download on the internet.

Downoading the top ten downloads on CNET’s download.com’s site, according to Lowell Heddings, the “How-To Geek” your desktop, will look something like this:top_ten_download.comCNET is a fairly “reputable” website and Download.com has been around since, well, as long as most people can remember the modern internet, yet somehow these add-on toolbars, PC cleaners, virus detectors, and malware removers seem to just be bloated, annoying, and frankly malicious software.

How is “Malware” Bundles Even Allowed?

Heddings further points out that Download.com’s own “Malicious Software Policies” specify their representation that their software that is listed do not contain “viruses, Trojan horses, malicious adware, spyware, or other potentially harmful components.” Most importantly, no software is listed that “installs without notice and without the user’s consent.”

It seems that publishers and directories like CNET take the position that it is not a malicious adware, spyware, or potentially harmless if the user consents to the software. If you actually take the time to read those End User Licenses Agreements that many of us, including us lawyers, tend to not read, you would see that you are consenting to the download and installation of all those random junk  toolbars and software.

Malware Bundling Goes Undetected Everywhere

It is when these kinds software are not properly disclosed or even mistakenly included in bundled software or pre-installed systems that the law actually has something to say.

Take Lenovo’s recent debacle after researchers found their devices came with pre-installed adware from a company called Superfish. In that case, user’s new laptops came with popups displaying scantily clad women as alleged in a class action lawsuit against Lenovo.

Mobile apps are not any less vulnerable. Professional hackers are targeting the Apple’s App Store and Google Play Store to inject its hidden malware into a usable app.

Bundled Software Makes Money for Developers

There are plenty of networks (including CNET) that encourage you to give your well-built software out for free in exchange for bundling software with yours.  They all include a pay-per-download or pay-per-install model that can be very attractive to a software developer that would otherwise not make a dime to giving software away for free.

It is a fair assumption that most of these platforms will comply with proper disclosures needed to the end user, but rarely do these arrangements exceed the bare minimum.

  • Diversity, Employment Discrimination and Inclusion

    September 17, 2015

    Diversity in the workplace, a totally laudable goal, is actually harder to achieve than many employers appreciate, and ill-conceived or badly executed efforts can actually make things worse, opening the door to legal liability.  To …

  • Can You Get Fired For Being Racist? [e215]

    August 17, 2015

    Nasir and Matt discuss how racism led to employees getting fired and another instance where a judge overturned a decision to terminate a racist employee. Transcript: NASIR: Okay. Welcome to our podcast where we cover business in …

  • Can An Employer Be Held Liable For An Employee's Facebook Post? [e259]

    March 14, 2016

    The guys kick off the week by discussing the lawsuit in Hawaii where an employee posted a defamatory remark about a customer and tried to hold the employer liable. They also discuss the new anti-discrimination and …

  • Product Liability 101 for Small Importers

    September 16, 2014

    Global sourcing has lots of exciting potential. The recent entry of Alibaba.com onto the global stage along with others such as the FITA Buy/Sell Exchange, Euro Pages and Global Sources seems to presage a new …

  • Nine Legal Strategies to Protect Your Brand

    June 25, 2015

    Perhaps you’re never dreamed of a Google or Facebook-sized business empire – multiple products generating multiple streams of income that seem to semi-magically renew themselves. Something a bit more modest might be fine as well. Whatever …

  • Is PTO Enough When Paid Sick Leave Is Required?

    January 19, 2016

    Look around your office. Is anyone out sick today? (Alternatively, is someone who is in the office clearly too sick to be there?) According to Bloomberg BNA, sick leave will be a big issue for …

  • Erotic Data on Employee Smartphones: What Can an Employer Do?

    March 03, 2016

    The topic of teachers getting into trouble over sex-related matters has become almost a sub-genre of American journalism for several decades now. In the late 1990's, Washington schoolteacher Mary Kay Letourneau became a tabloid feature …

  • How One Business Was Awarded Money From An Untrue Yelp Review [e226]

    September 30, 2015

    Nasir and Matt talk about a judge in New York awarding a business owner $1,000 as a result of a bad Yelp review left by a disgruntled customer.  They also discuss a recent lawsuit appeal …

  • How to Avoid Age Discrimination

    November 05, 2015

    Employee Performance Evaluation If you scan through the national newspapers you will find article after article about managers and supervisors who are agonizing over the behavior of employees. Sometimes this agony is brought about by the …

  • How to Protect Trade Secrets

    January 26, 2016

    Coca-Cola’s recipe for its soda is supposed to be one of the best kept secrets ever. The original recipe is said to be kept in a vault in the company’s Atlanta home where visitors to …

Potential Liability of Software Bundling

For the most part, software platforms have the know-how to ensure proper disclosure to the user. It is very easy to slap together a shrink-wrap agreement that no one is going to read and they.

Part of the problem is that the laws surrounding malware are not very strong. Take for example a lawsuit against an adware vendor that developed a software called “Text Enhance.” That software caused a popup to appear each time the user’s mouse would hover over certain keywords. A claim was brought under the Computer Fraud and Abuse Act (CFAA), but the court did not permit the claim to go forward because the damage threshold of $5,000 was not met and that the court is unable to aggregate the harm to other users.

The CFAA has some of the sharpest teeth in combating this issue, but how useless it would be to have to reach that $5,000 for each single user.

Slightly more useful are the civil claims that may be available under state laws that include trespass to personal property or violations of unfair competition. Unfortunately, the damages aspect to these types of claims are usually equally useless unless it can be turned into a class action, such as the case in Lenovo.

It would seem the answer to this problem (assuming you agree it is one), is not a legal one.

The real question is what legitimately operating company wants to be associated with bloatware or bundled useless adware? Developers’ negative reputation may be enough to deter most and end user diligence for the rest.

Going After the Real Bad Actors

Assuming you can differentiate those unwanted software programs that get bundled with other software slowing down your computer and just plain spyware and viruses, how do you go after the real criminals? The biggest problem is that the laws of the United States do not apply the laws of Nigeria, China or Russia (not to pick on any one country). Most of the real malicious software is distributed internationally.

Extradition treaties do not apply until you figure out who committed the crime–which is impossible if you have no authority to investigate across international borders.

With very little legal recourse, if you are busy unscrambling an attacked network or infested personal computer, you have already lost. No lawyer is going to get you out of this one. Call tech support.

 

 

 

Read More