Monday, January 30, 2006

Zone Labs Wins as 180Solutions Walks Away A brief battle of dueling press releases broke out today when both 180Solutions and Zone Labs announced the former had dropped its lawsuit against the latter over ZoneAlarm antispyware identifications of 180's products. While Zone Labs' release trumpeted what it said was a victory without concessions, 180Solutions' press release said it dropped the suit because ZoneAlarm's threat classification for its products was downgraded. So which is true? The spokesman for 180Solutions whom I contacted reiterated that the suit was dropped because Zone Labs had made several concessions. "Since we filed the lawsuit, Zone Labs changed two things in their notifications," said Sean Sundwall, director of corporate communications for 180Solutions. "First, they now label our software as 'suspicious' instead of 'dangerous.' Second, they have softened their language about monitoring mouse movements and keystrokes from 'is' to 'may try.' So for them to say nothing has changed is simply false. The reason we dismissed the suit is because the slight change in labeling, combined with the shrinking relevance and marketshare of the ZoneAlarm application, has allowed us to move forward with a handful of business deals that the original labeling prevented." But John Slavitt, general counsel for Zone Labs' parent Check Point Software, countered that the only changes to ZoneAlarm notifications were made before 180Solutions filed the lawsuit. "As would be our practice when any company contacts us about their classification, we did a second review of their products," Slavitt described the chronology of events. "We then informed them that we thought our assessment was right the first time and that the products' behavior still put them in the same categorization. But we also informed them that, as part of a general review, we were changing the screenshots that appear for that classification, and we showed them samples of what the screens would say. All of this was provided to them before they filed the lawsuit. They believed it was not adequate and they went ahead with the case at that time, and now I guess they believe it is adequate and they've dropped it. But we did not make any concessions in this case, and we were prepared to continue to defend it vigorously." Since it filed its motion to dismiss the case without prejudice, 180Solutions retains the right to pursue the action as well. "To be clear, Zone Labs continues to have the most egregious and false representation of our software in the entire scanning application industry," says Sundwall. "Their labeling is completely out of touch with the industry accepted practices of the Anti-Spyware Coalition, which may be why they are the only notable scanning application company not affiliated with that important industry body." Zone Labs doesn't particularly seem to care which industry bodies 180Solutions believes to be important. "Our products work on behavior, not on a name," Slavitt said. "Our objective is to protect our customers, and ZoneAlarm products protect the computers of over 30 million. We design our products and make our assessments based on that, and we think by providing sound research and behavior-driven technology that we're giving our customers what they expect from us." Well, take a wild guess which side of this story I believe. I can't help but suspect that the real reason for 180Solutions' abject surrender in this case is all the other legal problems it faces, topped by the welcome news last week about the Center for Democracy & Technology filing a complaint against it with the FTC. The more time that the spyware/adware crowd's lawyers must devote to defending their clients, rather than attacking the companies that protect our computers against them, the better. Read and post comments about this story here. 6:30:35 PM

Starting a EULA Library The great paradox about shrinkwrap/clickwrap/sneakwrap license agreements is that the vendors insist we have to read all their terms while at that same time making it as hard as possible to do so. Why can't we have a place where we can read their terms before we buy, or see what others have to say about them? Well, I think we can, which is why I'm starting a EULA library on the GripeWiki. A heartening development over the last few months has been the appearance of several programs or websites devoted to analyzing EULAs. Some, like the "EULAlyzer" at Javacool Software, even offer automated scanning of EULAs to pick out the dicier terms for you to consider. It's a great idea, and one that promises as these tools improve to give consumers a fighting chance against the many purveyors of one-sided "agreements." But even with the customer side getting more help from the technology, the odds are still heavily stacked against us. Many software publishers still hide their terms until after you purchase the product, and then spring the license on you during installation when you're eager to start using the program. That means each customer must individually do a EULA analysis with whatever tools they have at their disposal at that moment, and even some of the worst spyware terms might slip through the cracks as a result. To make EULA analysis more of a collaborative effort, and to sharpen the tools that can help us spot the nastiest terms, the first step is to put the licenses someplace where we can all see them and comment on them. That's the kind of thing wikis are built to do, which is why I've begun the EULA Library on my GripeWiki website. And I've started seeding it with some of the license agreements like those of Autodesk, Hilton, and Sony where we've already identified some of the most egregious terms. One thing I'm not certain about is which of many possible methods we should use for debating the uglier points of a particular license, so we'll use some of these classically bad EULAs to do some experimenting. And I'd appreciate any of you with licensing, legal, or wiki expertise clicking on the EULA library's discussion tab and helping us figure out the possibilities. But of course we're going to need everybody we can get to help us find all the bad EULAs out there. So if you run across a license agreement that you think should be brought to our attention, feel free to post it. If you can't figure out how to do so (and I'll admit wikis are proving to be a bit tougher usability-wise than I'd expected), e-mail it to me at Foster@gripe2ed.com and I'll post it for you. The basic idea of the EULA library is to have as many eyes as possible scouting for bad terms and revealing them for all to see. It can't hurt to try, and if in the process we can help build some tools that put customers on a little more equal footing with the vendors, it will be well worth all of our efforts. If we must try to read these license agreements that are so deliberately made unreadable, a library is just one of the things we need. But at least this is going to be one library in which you will not be encouraged to keep quiet. Read and post comments about this story here 10:54:47 AM