Microsoft Caves In To Dutch Site On Spyware Spat

Welcome Guest. | Log In| Register | Membership Benefits

February 24, 2005 (2:37 PM EST)

By Gregg Keizer , TechWeb Technology News

Microsoft this week agreed to both apologize and pay a Dutch portal for mistakenly flagging it as a purveyor of malicious content, the latest in a rash of problems that anti-spyware vendors -- including Microsoft -- have recently faced.

The Startpagina.nl directory site objected to being classified as a "browser hijacker" by the first edition of Microsoft AntiSpyware, the beta software Microsoft first released in early January, and demanded that Microsoft change its tune.

After being threatened with legal action, Microsoft gave in on Monday, and agreed to pay an undisclosed sum to Startpagina.nl's parent company. It has also posted an apology on its own Dutch and Belgian sites dedicated to the AntiSpyware application.

"Microsoft regrets the problems to Startpagina.nl and its users," Microsoft said in the apology. Microsoft's update of AntiSpyware last week corrected the problem, the company also said in the notice.

"Because almost all computers use Windows as their operating system, one mistake by Microsoft can cause considerable damage for other businesses," said Bert Wiggers, the director of Startpagina.nl, in a statement earlier this week. "But the apology is what matters the most." The face-down is an example of how vulnerable anti-spyware vendors are to pressure, said Michael Cherry, an analyst with Directions on Microsoft. "It's my biggest fear about anti-spyware, he said.

"Will Microsoft get too weak on calling badly-behaved software 'malicious,'?" asked Cherry. "Will the company hold to a definition of badly-behaved software, even if it means they have to go into court and defend it?"

Cherry was leery. "Microsoft has already come under pressure from people claiming their software isn't malicious, and Microsoft folded like a house of cards."

The Redmond, Wash.-based developer could also easily turn out to be a prime target, said Cherry, of people out to make a quick buck if they see Microsoft as soft on spyware.

"It's not inconceivable that someone could build a business model around the idea of creating some malicious software, getting it listed as 'spyware' by Microsoft, and then threaten to go to court," he postulated.

"Microsoft's a target," said Cherry, "because of its resources. You think someone will bother suing LavaSoft (which makes the for-free Ad-Aware) or Spybot (another popular free anti-spyware tool)?"

Microsoft isn't the only company feeling the pressure. The CastleCops Web site, where members review security software and anti-spyware utilities can be downloaded, recently received a "cease and desist" letter from the lawyer representing iDownload. That firm claimed that its iSearch toolbar had been classified by CastleCops as "certified spyware/foistware, or other malware," and demanded that the site stop referring to iSearch as such.

If not, "we will take all necessary action against your company to protect Download from your continuing tortuous conduct," wrote the lawyer.

CastleCops, however, wasn't cowed. In its response last Friday, its lawyer returned fire. "A cursory search of the Internet reveals that the Download/iSearch brand has quite a controversial image to be sure," wrote Benjamin Rice, CastleCops' attorney. "In addition, Symantec, LavaSoft, Computer Associates, Spyware Warrior, Spyware Blaster, and Doxdesk, to name a few, report that the iSearch toolbar, published by iDownload is spyware."

Symantec, for instance dubs iSearch spyware, saying it "is a search hijacker and also tracks user activity on a remote server."

Also recently, both LavaSoft and Computer Associates, which acquired the PestPatrol anti-spyware vendor in 2004, have been accused by anti-spyware advocates of caving in to another spyware distributor, WhenU, and removing its software from their databases.

To make anti-spyware work, vendors need a backbone, said Cherry. "Anti-spyware software's only as good as the willingness of its maker to stand behind the signature file [that identifies something as spyware]."

Try TechWeb's RSS Feed!
(Note: The feed delivers stories from TechWeb.com only, not the entire TechWeb Network.)

SECURITY WHITE PAPERS AND REPORTS

Configuration Audit and Control for Virtualized Environments
Find out how to maintain the same level of stability and security across both virtual and physical environments, using the same software and approach.

CIGNA Finds Good Therapy: Builds a More Efficient Risk Management, Streamlined Compliance, and System Security Program
To bolster the vulnerability management portion of its overall risk management program, CIGNA selected QualysGuard, thus enabling the company to streamline control of its entire vulnerability management lifecycle: asset discovery, vulnerability assessments, track security fixes, and meet federal, state, and internal policy regulations.

Best Practices for Windows Vista Planning, Migration, and Ongoing Management
It is vital to ensure PC system and data security during migration to Windows Vista. This white paper highlights considerations that must be addressed over the entire migration process.

Auditing: What You Need to Know
All companies must go through a formal auditing process to ensure they're meeting various compliance demands. In theory, this exercise will help them understand where their security holes are and how to make appropriate improvements. But how do companies ensure their auditors understand specific IT security issues and requirements? We find out.