Could lawsuits put a damper on spyware? This morning I spoke with David Fish, the lawyer at The Collins Law Firm who is responsible for two evolving class-action lawsuits against major adware developers 180 Solutions and Direct Revenue LLC.
I also recently asked Paul Bryan at Microsoft whether it is considering pursuing legal action against spyware makers as it did in its much-publicized judgement against spammer OptInRealBig.com LLC. "Yes," he said repeatedly as I completed my question, before backpedalling a bit.
Brian, director of product management for client security, says Microsoft's role is to provide "consumer guidance" about spyware, provide tools such as its beta Microsoft Windows AntiSpyware software for addressing the problem, and participate with others on legislation and law enforcement. There is a spectrum with regard to adware and spyware, he says. When spyware tends to be on the "known bad side," says Bryan, "It's a clear-cut picture of what you do and what action you take." While Microsoft has cut some adware makers some slack of late in terms of how it classifies their products in its Anti-Spyware offering, the company appears to be more willing than ever to bring the hammer down on adware makers who continue to exploit Windows vulnerabilities to surrepticiously install their wares.
At The Collins Law Firm, Fish says his firm's lawsuit is already having the desired effect. "We’re starting to see many in the adware and spyware industry starting to change their practices," he says. For example, 180 Solutions is unveiling a new client that's supposed to prevent distributors of its search tool from performing unauthorized installations on consumers' machines. And Direct Revenue just announced that it will stop using "third-party affiliate networks" to distribute its software and will instead deliver its adware "exclusively through its own promotion of free advertising-supported software and a set of distribution partners with which it has direct relationships."
I suspect that Fish's firm is taking too much credit for those changes, which I believe were already well under way. However, legal liabilities, as well as legislative intiatives and pressure from groups such as the Anti-Spyware Coalition and The Center for Democracy and Technology are bound to start forcing the large adware makers to clean up their collective acts - as well as those of their affiliates and distributors.
The adware industry is also also finding that it can't push around anti-spyware software makers as easily as in the past. As large companies like Symantec have moved into the anti-spyware market and displaced smaller startups, it's getting harder for adware makers to use the threat of legal action to stop their products from being identified in spyware databases of "unwanted software." Recently, for example, Symantec Corp. counter-sued Hotbar.com Inc. over this issue.
But the big adware companies are only the most visible part of the problem. Many other purveyors of spyware exist. "Unfortunately, a lot of them are hard to track down. You have a lot of them overseas and they do things that make it difficult to catch them. We do our best to go after the ones we can find," says Fish. While law firms can go after the low-hanging fruit - the larger companies with deeper pockets to pay damages - they have little incentive to do much against the shadier groups out there. That's where prosecutors, regulators and big companies with a vested interest - such as Microsoft - will have to step in.