Microsoft and the Washington state attorney general have filed lawsuits against antispyware software vendor Secure Computer, alleging that the White Plains, New York, company's Spyware Cleaner software not only fails to remove spyware as advertised, but makes changes to users' computers that make them less secure.
The attorney general's lawsuit is the state's first to be filed under Washington's 2005 Computer Spyware Act.
Washington's 16-count lawsuit was filed this week in U.S. District Court in Seattle, and follows investigations by both Microsoft and the Attorney General's High Tech Fraud Unit. In addition to the Spyware Act violations, the lawsuit accuses Secure Computer of violating the state's Commercial Electronic Mail and Consumer Protection Acts, as well as the federal CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) Act, said Washington Attorney General Rob McKenna in an interview.
"What this company has been doing is marketing its Spyware Cleaner product using false and deceptive means and also corrupting computer users' hard drives as a result of the so-called free scan that they offered to consumers," he said.
The state's lawsuit also names Secure Computer President Paul E. Burke and Web domain owner Gary T. Preston, both of New York state, as defendants. It further charges Zhijian Chen, of Portland, Oregon, Seth Traub, of Portsmouth, New Hampshire, and Manoj Kumar, of Maharashtra, India, in connection with the advertising of the product.
Microsoft has also sued Secure Computer, alleging that the company's Spyware Cleaner e-mail and pop-up advertisements falsely suggested that Microsoft endorsed the product, said Nancy Anderson, vice president and deputy general counsel with Microsoft. "They were illegally using our name and our trademark to frighten consumers," she said.
Microsoft's lawsuit was filed Tuesday in U.S. District Court in Seattle, Anderson said.
A lawyer representing Secure Computer said that the controversial business practices at the heart of the state's case were the fault of marketing affiliates and not Secure Computer. "A lot of these allegations of this advertising ... they have nothing to do with us," said John Dozier, managing partner with Dozier Internet Law PC.
Secure Computer has used a marketing clearing house called Clickbank.com to recruit sales affiliates and one of the Clickbank.com affiliates, Manoj Kumar, was responsible for the advertising that misused the Microsoft brand, Dozier said. Kumar was fired as soon as Secure Computer became aware of his business practices, he said.
Secure Computer does not permit e-mail marketing of the product and it did not even develop the Spyware Cleaner software that McKenna accused of being spyware, Dozier added. The company is simply a "sales and marketing firm," he said.
Secure Computer President Paul Burke was "shocked and surprised" by the allegations in the complaints, Dozier said.
While Dozier could not say who wrote the software in question, it appears to have been authored by a developer named Mladen Bajic, according to Eric Howes, director of malware research at antispyware vendor Sunbelt Software.
Spyware Cleaner does detect some spyware and adware, but it does not qualify as reputable software, Howes said. "It's not completely worthless, but compared to the top antispyware products on the market, it's not even in the same class," he said. "The number of false positives turned up by this product was just ridiculous."
Windows expert Mark Russinovich, best known as the discoverer of the Sony BMG Music Entertainment rootkit software, recently analyzed Spyware Cleaner and found it lacking. "Even on a freshly installed copy of Windows XP, Spyware Cleaner reports close to a dozen 'extreme risk' and 'high risk' infections that include innocuous items like cookies left by MSN.com and several built-in Windows COM components," he wrote in a January 3 posting.
Spyware Cleaner has been sold since about 2004 and the product has been marketed via "spam, pop-up ads, and deceptive hyperlinks," offering a free spyware scan, the attorney general's office said in a statement. These scans inevitably detected spyware, even when none was present and then instructed users to buy Spyware Cleaner. Once customers had paid the $49.95 purchase price, the software would then erase the computer's hosts file, which can used by the browser to block unwanted Web sites.
In tests, the state's investigators found that Spyware Cleaner was unable to detect most genuine spyware programs and that it often falsely identified legitimate files as spyware. "We [tested] this on a computer when we had a fresh install and it falsely identified a number of programs as being spyware when really they were not," McKenna said.
If the allegations in this case are true, Secure Computer could pay dearly. The Washington spyware act imposes a penalty of $100,000 per violation, and the company is also looking at penalties of $250 per violation of the CAN-SPAM Act, as well as $500 and $2000 per violation, respectively, under Washington's antispam and consumer protection laws.
Based on the money that Secure Computer has made off the product, McKenna estimated that thousands of users have been affected and that the penalties will amount "to millions of dollars."