RetroCoder Threatens Security Vendors 157
john83 writes "RetroCoder the company that brings you SpyMon, a commercial keylogger is trying to stop vendors of security software from looking at their software. RetroCoder uses a EULA that prohibits anti-spyware publishers / software houses from downloading, running or examining the software in any way. Essentially, they're trying to hide a key logger behind copyright law." While they are certainly not the first to do so, it is interesting that companies still take this approach.
Dupe... (Score:3, Informative)
Sorry! (Score:5, Funny)
Lawers will be contacting YOU!
Jolyon
Re:Sorry! (Score:2)
Re:Sorry! (Score:2)
Re:Dupe... (Score:1)
YAD (Score:2, Informative)
This is why I let my subscription lapse. I was sick of paying for duplicate articles:
http://yro.slashdot.org/article.pl?sid=05/11/11/0
As a VA Software Corp stockholder... (Score:2, Insightful)
Your new strategy of having a continuing thread (the Intelligent Design flood), is even better! You just throw up 1 new piece of news and there is a whole new rehash of the same posts. It's the same crap over and over ag
Re:YAD (Score:1)
Forget the software... (Score:3, Interesting)
http://www.thinkgeek.com/gadgets/electronic/5a05/ [thinkgeek.com]
k thx gg
Re:Forget the software... (Score:2)
Re:Forget the software... (Score:2)
Again? Only happened 4 days ago... (Score:2, Informative)
Re:Again? Only happened 4 days ago... (Score:2, Funny)
Nonsense. The Slashdot Random Story Submission Selection System is completely fair and without bias.
It just needs a shuffle feature so that tracks^H^Hstories arne't repeated so often.
Re:Again? Only happened 4 days ago... (Score:2)
Re:Again? Only happened 4 days ago... (Score:3, Insightful)
Meta-moderate that as "unfair", like I do.
Re:Again? Only happened 4 days ago... (Score:1, Offtopic)
What we need.. (Score:3, Interesting)
Simon.
Re:What we need.. (Score:2)
Just to be on the save side.
Re: (Score:2)
Re:What we need.. (Score:2)
Because such a post of course prevents such activity, not unlike a drug dealer asking someone who is buying "Hey man, are you a cop" or putting a sign that reads "officers of the law and all those reporting to them are bared from buying here" above a crack house.
Re: (Score:2)
Re:What we need.. (Score:2)
Four (five?) factors:
1. The purpose and character of your use. Since this is done to help protect people, it seems this is a slam dunk. And since the Supreme Court indicated in 1994 that this is the "primary
Re:What we need.. (Score:1)
That would be perfect. (Score:1)
Re:What we need.. (Score:1)
Why? (Score:3, Insightful)
Otherwise, we would be building law on a number of bad laws.
Re:What we need.. (Score:2)
What we need is a law that makes research a defence to copyright infringement.
This isn't copyright infringement. If it's anything, it's violation of a contract, but that depends on the clause being upheld.
Since this is a dupe... (Score:3, Funny)
lets dupe the comments as well.. :P
"Ah. the popular "Bend Over" EULA."So let them (Score:3, Funny)
Anti-Spyware companies are only doing their job.
Dear god Why? Why? Why? (Score:3, Funny)
I must purge myself of this evil by adding to the multitute of wailing about duplicate postings, and add some extra comments about how much slashdot sucks, the only reason I come to it is to feel superior.
It burn, oh how it burns!
Re:Dear god Why? Why? Why? (Score:1)
Commercial as in installed on your work computer? (Score:2, Insightful)
Or commercial as in installed by a dodgy person at work who gains access to the boss' or sysadmin's workstation for a few minutes?
Or commercial as in bundled with shitty software and then sends out what you type to criminals?
First one - legal, if unethical.
Second one - this type of installation should be removed by Spyware removers.
Third one - the writers of the software should be castrated.
Re:Commercial as in installed on your work compute (Score:1)
Well, I must say (Score:4, Funny)
There, come sue me now you silly fucks.
Re:Well, I must say (Score:2)
Summary is a wee bit off.... (Score:5, Insightful)
Copyright law doesn't have provisions for EULAs. They are using faulty contract law logic to harass security vendors. I honestly think people only think an unsigned, after-the-fact EULA means anything because they've been conditioned throughout their lives to blindingly accept authority, whether real or perceived.
Parent is exactly right. (Score:2)
Re:Parent is exactly right. (Score:2)
Re:Summary is a wee bit off.... (Score:2)
In order to install the software you have to make a copy of it (either copy from the cd to hard drive, or copy from internet page to hard drive) but before you can copy you need a copyright license. What gives you that license if not the EULA?
Re:Summary is a wee bit off.... (Score:3, Informative)
Re:Summary is a wee bit off.... (Score:2, Informative)
http://www.copyright.gov/title17/92chap1.html#117 [copyright.gov]
Re:Summary is a wee bit off.... (Score:4, Insightful)
The doctine of fair use. If, in order to use a product which you've purchased you need to make a temporary or permanent copy of it, then that use must by definition be fair.
Re:Summary is a wee bit off.... (Score:2)
You also copy text from a book into your brain in order to read it, and in your brain it gets copied around lots of different areas, derivative works are created, etc etc, in order for you to comprehend the book. There is no distribution involved, because all areas of your brai
Perhaps, but you're way off. (Score:2)
Of course it does. The right to copy something (ie: copyright) can be Licensed to another party (say, an End User), who would have to accept the Agreement in order to receive the copyright license.
I honestly think people only think an unsigned, after-the-fact EULA means anything because they've been conditioned throughout their lives to blindingly accept authority, whether real or perceived.
Due to the faulty (IMO) notion that running a program is "copying" it
Re:Perhaps, but you're way off. (Score:2)
But the question of whether or not a given clause in the licence is enforcable falls within the scope of contract law, not copyright law. They are hiding behind contract law by including that clause, and then saying "as you broke the agreement, you have no licence, and so are violating copyright law".
Re:Perhaps, but you're way off. (Score:1)
When I buy a painting and display it on the wall, I don't need any sort of EULA. When I buy a program and run it, I don't need an EULA either. Copyright law works fine in both cases. In fact, there is no law anywhere that says I have to agree to the EULA in order to use the software. I bought it, I don't agree with the EULA, therefore the EULA is not binding. The purchase is then covered under basic copyright law, which means I bought it, I can use it
Re:Perhaps, but you're way off. (Score:1)
But that still doesn't make it an EULA.
Re:Perhaps, but you're way off. (Score:2)
Your GPL statement is totally wrong in all ways since the GPL doesn't cover use, only distribution.
The legal basis of EULAs is in contract law, and exists only because you were presented with the EULA. It's extremely shaky legal ground, although some jurisdictions give them explicit legal power (UCITA), and there have been some cases that accept thier force. Note that at least one of those cases only accept
Re:Summary is a wee bit off.... (Score:2)
Probably, I don't know. I really don't believe authority is morally given or waived behind obfuscation like a typical EULA, regardless of alleged legality.
Dupe is cool (Score:1, Redundant)
Fine (Score:3, Funny)
EULA shouldn't be used against people (Score:1)
While I do read most EULAs that I get with my software, software like this that has no purpose on my machine is something I want to have removed. What gives them the right to say "While this has been installed on your machine (probably without your consent), you cannot have anything remove it from you system.
I picture a small bald guy sitting in the background rubbing his hands together and cackling madly thinking
copyright law (Score:2)
That's what you get when copyright laws are as draconian as they have become. Technically, they have every right to prevent others from examining their software.
Re:copyright law (Score:2)
This is about Eulas. Now, the question of whether the Eula is valid and binding depends on two issues. First, can Eulas be binding? The answer is yes, depending on what the conditions are. The second is, will this particualr Eula be binding? I suspec
Re:copyright law (Score:2)
EULAs are a whole other can of worms. Obviously, EULAs should not be able to stop you from exercising fair use, but EULAs are still on shaky enough legal ground that anything could happen in court.
Re:copyright law (Score:2)
I disagree. As far as I know, retroengineering is allowed by law in the US and in most countries in Europe. At least for ensuring interoperability. So they can not prevent me to examine their software if it is running on my computer.
Re:copyright law (Score:1)
Simple Solution (Score:3)
In otherwords, make it policy to call this crap a threat until it can be proven otherwise. This isn't "innocent until proven guilty" time.
Re:Simple Solution (Score:1)
I have a better solution. Simply send this company your own EULA. If they would like their software to run on our machines, they agree to the following terms yada yada yada...
Make the letter a shrink wrap license. Simply by opening the letter, they agree to the terms. If they would like to rescind the agreement, they can send a refund to e
Re:Simple Solution (Score:2)
Re:Simple Solution (Score:1)
Couldn't emule & gang use the same defense? (Score:5, Interesting)
It is a well known fact that several p2p programs were attacked by the minions of various **AA, injecting malicious pseudo-clients into the essentially closed networks. Those attacks wouldn't have been possible without extensive technical analysis of the modus operandi of those networks. At least in most of those cases, it is pretty appearant that the attack was accomplished by downloading and examining the official client for that network.
Couldn't those p2p networks utilize the same defense? I.e. establish in their EULA that their code and protocol may not be examined for the purpose of a malicious sabotage in their operation?
I seem to recall that some p2p EULAs actually had such a clause. Was it ignored with no consequnces?
Re:Couldn't emule & gang use the same defense? (Score:2)
And don't forget emule was reversed engineered from edonkey to start with.
My computer has a software TNC!! (Score:2, Interesting)
It's time that end users also create a software TNC for their computer. If your software runs on my computer, using my resources, then it will have to comply to the following rules:
- It has to use the resources to my direct(!) benefit.
- It has to give me full control over it's behavior (e.g., uninstall possible)
That's all. Simple, but powerful.
It would be inte
They won't win (Score:1, Interesting)
FESPatHHRiO (Score:2)
Anyway, it's a totally worthless approach. The anti-spyware programmers could handle it in at least three ways.
Re:FESPatHHRiO (Score:2)
I would include the country the scumware manafacturers reside in as well. If they think the UK courts will allow this, they are in for a bit of a shock. (Even though apparently the Sony DRM thing would probably be legal in the UK) As this would be a Civil issue, the benefit to the public good would be taken into account, and
RetroCoder (Score:1)
This is analogous to... (Score:1)
It is too damn early to have a beer...
It's people like this (Score:2)
I hope Sunbelt have the courage and money to stand up to this in court. EULAs that attempt to impose restrictions such as this on end users are morally wrong and need to be declared unenforcable. I have no problem with the usual "no warranty, no guarantee, you're not allowed to copy this and give it to your friends, etc" sort of stuff, but this is bullshit.
ECLA? (Score:3, Interesting)
The funny thing is, (Score:4, Interesting)
And if a piece of software is installed without my permission on my own computer, I'm sure as hell not bound by any EULA's. This is really a moronic attempt to legitimize their malware.
The next trend in internet worms: hidden EULA's to prevent AV software from removing them?
Re:The funny thing is, (Score:2)
Since the whole point is that the end user doesn't know the software is installed, how can they adhere to the ridiculous conditions of the EULA? They can't, and therefore, the EULA is pointless.
But analyzing or reverse engineering the software can be done. Somebody else needs
Re:The funny thing is, (Score:2, Informative)
If the keylogger were installed on
Mandating the second EULA screen (Score:5, Interesting)
I'd like to see law be written that requires a second part of the EULA, in it's own sepearte 'click yes to continue' box that outlines anything the software or service does that users may find questionable. It should be written in plain, simple words that outlines the potential for more malicious uses, and requires a user to click a 'yes I understand' next to each item.
For example:
EULA PART II:
THIS SOFTWARE MAY/WILL DO THE FOLLOWING.
PUT AN 'X' NEXT TO EACH BULLET STATING YOU UNDERSTAND THE INTENT BEFORE CONTINUING
[ ] o This software will collect personally identifible information and send it to third parties
[ ] o This software will access your email contact lists and send them to third parties
[ ] o This software will log your keystrokes and sufring habits and send them to third parties
[ ] o This software does not have an easy 'uninstall' feature
[ ] o This software will destroy data on your hdd
[ ] o This software will install additional programs on your computer that has nothing to do with this software
PUT AN 'X' IN THE BOX NEXT TO EACH STATEMENT STATING YOU UNDERSTAND AND CLICK YES TO CONTINUE BEFORE SOFTWARE IS INSTALLED.
It won't happen, but it'd be nice.
Re:Mandating the second EULA screen (Score:1)
I'd like to see a EULA that doesn't use all caps ;)
Re:Mandating the second EULA screen (Score:2)
How exactly do you define plain and simple words? How do you define malicious use? EVERY condition in the EULA is designed to limit the liability of the software vendor - if they were all stuff you'd agree to anyway they wouldn't bother to write it down. If they intend to give you free customer service, for example, they don't write it down, since you aren't going to turn it away simply because it
Re:Mandating the second EULA screen (Score:2)
When a piece of software is obtained, be it downloaded or purchased in physical media, a user has an expectation as to what that software should do. While in the process of installing that software, a user should be able to continue with the confidence that he or she will
Re:Mandating the second EULA screen (Score:2)
You'd almost need to have a standard EULA embodied in law (there was such a movement a few years ago which was massively protested by programmers ev
Pfffft. (Score:2)
Get Joe Random User to install it and agree to EULA.
Get Joe Random User to agree to let *you* inspect his PC.
You did not install the software or read the EULA, so you do whatever you feel like, and proceed to tell the world.
Tada! Obnoxious EULA bypassed.
Let them try and stop someone (Score:1, Interesting)
RetroCoder can't stop anyone from examining their code, unless they're going to encrypt it somehow. If it winds up on someone's machine, and that someone happens to work for a software security company, and he/she is an industrious hacker with the time and patience, they'll rip open the pathetic key-logging code, figure out its secrets at home on their PC, then bring the knowledge to work and poof -- key-logger neutralized. What's RetroCoder going to do, hire spys to follow everyone who works for all the so
Feedback (Score:4, Interesting)
We are not suing SunBelt - SlashDot got it wrong!
From Sunbelt themselves:
http://yro.slashdot.org/comments.pl?sid=167981&th
The original article:
http://news.zdnet.com/2100-1009_22-5944208.html [zdnet.com]
If you read the text on SlashDot linked to above you will see that we are not unreasonable, we just don't want our app that people have bought to be deleted without the owners permission or knowledge - as has happened with numerous "big" companies.
When contacting these "big" companies - including Symantec about the problem they simply refuse to reply - we initially tried to contact them all about 9 months ago in order to bring about some kind of cooperative agreement, with information about detecting out program as a commercial keylogger and about uninstalling our program safely (if the user decided to do so).
Our point is that commercial programs are different that trojans written by criminals. It is fair that they are pointed out by the anti-virus/trojan program, but not fair that they are automatically deleted. The user should be told that they are a commercial keylogger or similar and the default action should be to not delete. AVG by comparison deleted them without informing the user.
We are open about what ports are being used and we do not try to bypass firewalls or shutdown anti-virus programs. All are easily possible as you probably well know and we feel that comparing it to programs written by criminals is unfair.
We, as a company, are very easy to contact - if we had been contacted/replied to by the anti-virus companies (initially - before we had to put the download notice up) we would have told them how to safely uninstall the client program, and we would have also told them of a special flag - that if present would stop the client from installing again in the future. They would also have been given information that would have told the user WHO was attempting to spy on them! The condition would have been as above - that the user be informed that it was a commercial program and the default action would have been not to uninstall.
Sunbelt will soon be given this information in the hope that other companies will follow in the way they list the program (if detected).
Best regards,
Anthony
Re:Feedback (Score:1)
Security Vendors (Score:3, Insightful)
It's up to the consumer to decide what goes on their computer, and if an anti-spyware maker wants to warn users of the threats, they have every right to. Otherwise, they're not doing the service THEY are promissing the customer, by identifying those things that spy on them. It really does perplex me how much people try and push with flawed licenses and poor IP laws. If there's any sign it needs to be revamped, this is it.
-M
Whatever (Score:1)
A dose of their own medicine... (Score:1)
CounterSpy cannot be used by creators of spyware, virus, worms, or other forms of malware to determine if their malware is detected by CounterSpy.
The same claim? (Score:1)
Then we can build caged arena's where two men enter...one man leaves. Seem
this is complete nonsense (Score:2)
But you can (Score:2)
No it's just nonsense (Score:2)
Excessive Use Leads2 Anarchy (Score:2, Interesting)
Victime Rarely Sign the EULA (Score:5, Interesting)
In other words, I think that RetroCoder is going to have to prove that the people on who'se computers this stuff is running have seen the EULA. Then, of course there's the fact that RetroCoder is engaged in contributory violation of people's privacy, which means that they're coming to court with 'Unclean Hands".
Of course Retro Coder could avoid this condrom if they always make sure that, whenever the progam starts up, it displays the EULA, notifying a 'user' that the software is running, how they can identify it (so that they can avoid 'infringement'), and automatically (and safely) removing itself from the computer it the end-user does not accept the EULA....
Under any other conditions, I'd say that it's Retro that would be toast in court.
Like I've Always Said (Score:3, Interesting)
It's nothing but coercion masquerading as "agreement". That's why it's frequently hidden in EULAs and other "contracts" that nobody is likely to read and which depend on "opt-out" rather than "opt-in" such as actually having to sign a real contract and exchange value.
Okay, I declare myself... (Score:3, Interesting)
Now, will they be in violation of their own EULA when their junk ends up on any PC that I use through no fault of my own? I certainly won't ask for their software to be installed of my own free will, but that is not how their model works, now is it?
So, if we all sign on as developers of a FOSS anti-spyware project, are we all effectively protected from these people, as it is against their EULA for their software to be pushed to us? And who gets in trouble, us, or the operators of the sites that are responsible for feeding us this garbage?
Threats of criminal actions by civilians (Score:2)
IANAEB (I am not an English Barrister), and I admit I have no idea how things work in that part of the world. In the U.S. civilians can't bring criminal actions, only a prosecuting attorney (e.g., District Attorney,
Re:Do editors (Score:1)
Re:What If... (Score:1)
Probably not much. It seems to me that the SpyMon EULA don't ask if the user agree to the text, just if they understand it...
It is entirely possible to understand a text and still disagree with it
Re:The company behind RetroCoder (Score:1)
Re:Who would you pay for keylogger? (Score:1)
Now if you still have that wife after you've basically told her you don't trust her, that might be a different issue. I see it being quite handy for keeping an eye on the kids, though I'm more in the mindset of keep all the kids computers in the public area so I can just look at them and see if they are arranging a rendevous with the int
Re:On the topic of disclaimers (Score:1)