Adware/Malware and Software Development
Nasir Pasha, Esq.

Adware/Malware and Software Development

Malware is Everywhere

Malware (or malicious software) is really the key term here. Malware’s definition is at the eyes of the beholder, but I use the term generally as software that you do not want. It can include everything from the destructive virus to the annoying adware popup asking you to clean your PC.

Most malware seems to come in the form of those unwanted software add-ons that seem to come with any free download on the internet.

Downoading the top ten downloads on CNET’s download.com’s site, according to Lowell Heddings, the “How-To Geek” your desktop, will look something like this:top_ten_download.comCNET is a fairly “reputable” website and Download.com has been around since, well, as long as most people can remember the modern internet, yet somehow these add-on toolbars, PC cleaners, virus detectors, and malware removers seem to just be bloated, annoying, and frankly malicious software.

How is “Malware” Bundles Even Allowed?

Heddings further points out that Download.com’s own “Malicious Software Policies” specify their representation that their software that is listed do not contain “viruses, Trojan horses, malicious adware, spyware, or other potentially harmful components.” Most importantly, no software is listed that “installs without notice and without the user’s consent.”

It seems that publishers and directories like CNET take the position that it is not a malicious adware, spyware, or potentially harmless if the user consents to the software. If you actually take the time to read those End User Licenses Agreements that many of us, including us lawyers, tend to not read, you would see that you are consenting to the download and installation of all those random junk  toolbars and software.

Malware Bundling Goes Undetected Everywhere

It is when these kinds software are not properly disclosed or even mistakenly included in bundled software or pre-installed systems that the law actually has something to say.

Take Lenovo’s recent debacle after researchers found their devices came with pre-installed adware from a company called Superfish. In that case, user’s new laptops came with popups displaying scantily clad women as alleged in a class action lawsuit against Lenovo.

Mobile apps are not any less vulnerable. Professional hackers are targeting the Apple’s App Store and Google Play Store to inject its hidden malware into a usable app.

Bundled Software Makes Money for Developers

There are plenty of networks (including CNET) that encourage you to give your well-built software out for free in exchange for bundling software with yours.  They all include a pay-per-download or pay-per-install model that can be very attractive to a software developer that would otherwise not make a dime to giving software away for free.

It is a fair assumption that most of these platforms will comply with proper disclosures needed to the end user, but rarely do these arrangements exceed the bare minimum.

  • 10 Tips to Prevent Business Litigation

    September 24, 2015

    An ounce of prevention, as they say, is really just sound business practice. Litigation can be ruinously expensive and may force a business into liquidation. Even a “win” can devour the time and energy you need to …

  • When the Boss Sells the Company

    December 11, 2014

    I once worked for a company that had been rumored, maybe, at some distant time in the future, possibly, but not certainly, perhaps in connection with a potential sale or not, to be tentatively considering …

  • How to Avoid Age Discrimination

    November 05, 2015

    Employee Performance Evaluation If you scan through the national newspapers you will find article after article about managers and supervisors who are agonizing over the behavior of employees. Sometimes this agony is brought about by the …

  • The Cost of Converting Independent Contractors to Employees

    October 06, 2015

    While Uber may be receiving the lion’s share of the attention on the topic, there has been no shortage of court rulings, IRS audits, and labor decisions on the issue of workforce misclassification. With a …

  • Advertising & Marketing: A Legal Guide for Small Business

    December 16, 2014

    Staying compliant with advertising and marketing is simple if you focus on just being truthful and clear with your customers. The rest is just understanding some subtleties on how to navigate the common legal traps in …

  • What to Look for When Buying a Franchise

    March 05, 2015

    Thinking of buying a franchise?  That’s very exciting. For many, franchising is the first foray into owning your own business. As with any business purchase, however, you will want to make sure that you can …

  • The Consequences of Scraping Data From A Competitor [e221]

    September 07, 2015

    The guys discuss the lawsuit filed by PhantomAlert against Waze concerning accusations of data scraping a database. Transcript: NASIR: All right. Welcome to our podcast where we cover business in the news and add our legal twist. …

  • Is PTO Enough When Paid Sick Leave Is Required?

    January 19, 2016

    Look around your office. Is anyone out sick today? (Alternatively, is someone who is in the office clearly too sick to be there?) According to Bloomberg BNA, sick leave will be a big issue for …

  • Product Liability 101 for Small Importers

    September 16, 2014

    Global sourcing has lots of exciting potential. The recent entry of Alibaba.com onto the global stage along with others such as the FITA Buy/Sell Exchange, Euro Pages and Global Sources seems to presage a new …

  • Can Employers Still Use Credit History in Hiring?

    June 18, 2015

    Job seekers hate credit checks. They see it as invasive data collection with only remote relevance to job performance. It has also been argued that credit checks unfairly burden those who have or have had …

Potential Liability of Software Bundling

For the most part, software platforms have the know-how to ensure proper disclosure to the user. It is very easy to slap together a shrink-wrap agreement that no one is going to read and they.

Part of the problem is that the laws surrounding malware are not very strong. Take for example a lawsuit against an adware vendor that developed a software called “Text Enhance.” That software caused a popup to appear each time the user’s mouse would hover over certain keywords. A claim was brought under the Computer Fraud and Abuse Act (CFAA), but the court did not permit the claim to go forward because the damage threshold of $5,000 was not met and that the court is unable to aggregate the harm to other users.

The CFAA has some of the sharpest teeth in combating this issue, but how useless it would be to have to reach that $5,000 for each single user.

Slightly more useful are the civil claims that may be available under state laws that include trespass to personal property or violations of unfair competition. Unfortunately, the damages aspect to these types of claims are usually equally useless unless it can be turned into a class action, such as the case in Lenovo.

It would seem the answer to this problem (assuming you agree it is one), is not a legal one.

The real question is what legitimately operating company wants to be associated with bloatware or bundled useless adware? Developers’ negative reputation may be enough to deter most and end user diligence for the rest.

Going After the Real Bad Actors

Assuming you can differentiate those unwanted software programs that get bundled with other software slowing down your computer and just plain spyware and viruses, how do you go after the real criminals? The biggest problem is that the laws of the United States do not apply the laws of Nigeria, China or Russia (not to pick on any one country). Most of the real malicious software is distributed internationally.

Extradition treaties do not apply until you figure out who committed the crime–which is impossible if you have no authority to investigate across international borders.

With very little legal recourse, if you are busy unscrambling an attacked network or infested personal computer, you have already lost. No lawyer is going to get you out of this one. Call tech support.

 

 

 

Read More