Endpoint Security , Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development

Federal Judge Dismisses Lawsuit Against Malwarebytes

Malwarebytes' Right to Flag 'Potentially Unwanted Applications' Upheld
Federal Judge Dismisses Lawsuit Against Malwarebytes

A federal judge has dismissed a lawsuit brought against security vendor Malwarebytes, which was accused of illegally classifying two security applications developed by the plaintiff - another software developer - as being harmful.

See Also: 2024 Threat Hunting Report: Insights to Outsmart Modern Adversaries

Enigma Software, which has offices in Clearwater, Florida, as well as in Lithuania and Bulgaria, filed the lawsuit in October 2016 in the U.S. District Court for the Northern District of California. On Tuesday, U.S. District Judge Edward J. Davila dismissed the lawsuit.

Enigma Software's complaint against Malwarebytes.

Enigma Software accused Malwarebytes of illegally classifying two of its applications as "potentially unwanted programs" or PUPs for short: an anti-malware program called SpyHunter and a program designed to clean hard drives and Windows registries called RegHunter.

Enigma contended that Malwarebytes intended to interfere with its customer base and retaliate against the company "for a separate lawsuit Enigma filed against a Malwarebytes affiliate."

That separate lawsuit involved the online technology forum Bleeping Computer. Enigma sued Bleeping Computer in 2016 after it posted a negative review of SpyHunter. The lawsuit was settled earlier this year and Bleeping Computer excised the review from its site.

In the wake of Judge Davila's decision, Malwarebytes CEO Marcin Kleczynski says in a blog post that while the decision might sound mundane, "the reality is that this is not only a critical win for Malwarebytes, but for all security providers who will continue to have legal protection to do what is right for their users."

Kleczynski adds: "As PUPs became more prevalent and problematic, we began offering protection against them too, a choice that is now backed by the U.S. District Court."

Enigma Software sued Malwarebytes for flagging two of its software applications as potentially unwanted software. (Source: Enigma Software's complaint)

Enigma Software didn't immediately respond to a request for comment. But the company announced Thursday that it plans to appeal the decision in the Court of Appeals for the 9th Circuit.

Contentious Classifications

The lawsuit is a reminder that more than a decade ago, anti-virus companies began flagging some applications as PUPs. Such applications often exhibit behaviors that information security companies judge to be risky or annoying, such as injecting ads, installing root digital certificates or surreptitiously bundling apps into their installers without notifying users or by hiding that notification in lengthy, impenetrable end-user license agreements.

In February 2016, Malwarebytes called out some of the behaviors that trigger such a classification.

"PUP criteria includes advertising no-nos such as obtrusive pop-ups, web infractions such as altered search results or bookmark insertions, or download offenses, such as prepopulated check boxes or the liberal use of 'recommended' next to an option," the company said.

In response to the lawsuit filed by Enigma, meanwhile, Malwarebytes contended that it has a right to flag Engima's applications as PUPs under the immunity provision of the Communications Decency Act.

In the dismissal order, Judge Davila agrees, saying that the act absolves a service provider of liability for good-faith decisions to restrict access to material that it deems to be "obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected."

A key case cited by Malwarebytes involved a dispute between anti-virus vendor Kaspersky Lab and Zango, a now-defunct advertising software application. The software displayed advertisements to users in exchange for free video clips, email emoticons and other freebies.

But Zango was criticized by security experts who alleged that its rogue affiliates used questionable distribution methods and software exploits to forcibly install the application on computers. In November 2006, Zango reached a $3 million settlement with the Federal Trade Commission, which, among other contentions, alleged that the software was deceptive and difficult to remove.

After Kaspersky Lab put Zango in the PUP category, however, Zango took the anti-virus firm to court. In June 2009, the 9th Circuit Court of Appeals ruled in Kaspersky's favor, finding the company's actions were protected by the immunity provision of the Communications Decency Act.

Looking for Customers

Enigma Software may have lost this round of its case against Malwarebytes. But it's still hoping customers will install its SpyHunter program and stick with it, even if Malwarebytes flags the application.

One of the Enigma Software's web pages for SpyHunter offers an installer that disables Malwarebytes, allowing SpyHunter to function on a computer. And it blames Malwarebytes for the situation, alleging it "initiated this course of action."

Enigma Software's instructions for disabling Malwarebytes.

The Enigma Software notice states: "We are very sorry for the inconvenience, but this is outside of our control."

Executive Editor Mathew Schwartz also contributed to this story.


About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.