Saturday, I blogged that Secure Computing LLC had responded to a lawsuit by Microsoft and the Washington State AG’s. However, I couldn’t find their Answer on the PACER system (a way to get Federal court documents online). I had even contacted the attorney in the case with no success.
Well, this morning Eric Chien over at Symantec was kind enough to provide me with the docs.
And it’s worth reading.
While I can’t claim to have done an exhaustive study of both the original complaint by the AG and Secure Computing’s response, a few points struck me in their Answer:
False positives: The original lawsuit shows a number of standard Windows registry keys being marked as “Bonzi Buddi”. These are clearly false positives. However, Secure’s answer is:
“Secure Computer was consistently advised by the developer that the product was without ‘false positives.’”
Huh? Since when did getting an assurance from your developer absolve you of responsibility? We’ve had our own issues with false positives, as have virtually all other antispyware companies, and getting an email from your developer assuring you that “no, there are no false positives”, without any independent investigation and research seems laughable.
Erasing the Hosts file contents: Secure defends its practice of erasing the contents of the Windows hosts file:
“Simply stated, there is ample independent expert commentary to support a complete removal of the contents of the hosts file in order to optimize scan results. This is exactly what Secure Computer’s software was doing.”
Whoa. I’m sorry, but running a free spyware scan and getting your hosts file hosed (when you might have built it up to your preferences over a long period of time) is, in my mind, totally irresponsible and I really don’t know what “expert commentary” would support this action. Remove individual entries if they are bad, but don’t just arbitrarily wipe out the hosts file contents.
They claim they never had an affiliate program in place:
“Secure Computer operates no affiliate program at all, despite the allegations of the Plaintiff. All of the allegations about third parties marketing the products of Secure Computer relate to activities undertaken by the sales force engaged solely and exclusively by “Clickbank.com.” Secure Computer does not operate an affiliate marketing program.”
To me, this appears to be a play on words. ClickBank is its own type of affiliate program with a large number of affiliates in place (basically, it’s sort of an affiliate and low-level marketplace hybrid). Few companies (like Amazon.com) actually run and manage their own affiliate program (we don’t either, we use a third party system for affiliates).
Blame the affiliates: They blame the spam and Windows Messenger popups on ClickBank affiliates Whatever. According to the CAN-SPAM act, the advertiser is responsible for how their products are marketed through email. Otherwise, everyone would be able to use the hackneyed “it’s not our fault, it’s the affiliates” argument.
Comments about Microsoft:
“Plaintiff, while touting the benefit of using the Microsoft AntiSpyware software, fails to disclose that Microsoft’s anti-spyware software is presently identifying a primary competitor’s anti-spyware software (Symantec’s Norton Anti-Virus) as a “password stealer,” leading to destruction of that program on consumer’s computers around the world, and more notably, throughout the State of Washington. Likewise, Plaintiff fails to note that Microsoft’s anti-spyware software does not report Claria as adware, even though the industry considers it an aggressive adware program.”
And
“Microsoft is attempting to buy Claria for undisclosed sales and marketing purposes.”
Actually, this is a bit different: You don’t have to actually buy the Microsoft AntiSpyware program, so if it presents a false positive which would scare you, you don’t have to buy it in order to remove this “threat” (something you had to do with Secure’s product). Secondly, Microsoft’s AntiSpyware had the Symantec false positive in for only a very short period of time.And finally, MS AntiSpyware DOES, in fact, detect Claria as adware.
And Microsoft is not “attempting to buy Claria”. This was a controversy that blew over back in July of last year.
Free scan: While I strongly disagree with the practice of “scan and buy” spyware scanners (where you download a spyware scanner, it finds all sorts of nasties, but you have to pay to remove anything), they do make a good point about one thing: The AG’s complaint said “Defendants mislead the user into believing that they are only downloading a free scanner, something that is different from anti-spyware software”. Secure’s answer: “Plaintiff ignores the fact that almost every anti-spyware application works the same way as Secure Computer’s Spyware Cleaner.” Well, that’s a broad statement, but they are right that the use of the phase “Free spyware scan” to include a full download of an antispyware application is not an uncommon practice.
My read on the whole situation? Secure had what was probably an unremarkable antispyware product on the SpywareWarrior rogue antispyware list, which had false positives and was marketed in an extremely aggressive fashion, through their use of ClickBank (itself a popular affiliate program for rogue antispyware programs). The company is trying to absolve themselves of any responsibility in the matter. While they certainly aren’t in the criminal class of the SpywareSheriff/Raze/Winfixer crowd, it does appear that they still have some dirty laundry to take care of.
It’s an object lesson about being careful as to what affiliates you use and how you market on the Internet.
Finally, remember that these are the guys who allegedly had this popup:
(Image from the Washington AG’s complaint)
And here’s all the details (for convenience, I’ve also linked to the original Microsoft/Washington State AG’s complaint here.)
Securecomputeranswer.pdf (87 KB)
Alex Eckelberry