Microsoft has agreed to apologise to and pay a Dutch portal for mistakenly flagging it as a purveyor of malicious content.
The Startpagina.nl directory site had objected to being classified as a "browser hijacker" by the first edition of Microsoft AntiSpyware, a beta software Microsoft launched early January, and demanded that Microsoft change its tune.
Microsoft gave in on Monday [US] after being threatened with legal action.
The software giant has agreed to pay an undisclosed sum to Startpagina.nl's parent company. It has also posted an apology on its own Dutch and Belgian sites dedicated to the AntiSpyware application.
"Microsoft regrets the problems to Startpagina.nl and its users," Microsoft said in the apology. Microsoft's update of AntiSpyware last week corrected the problem, the company added.
"Because almost all computers use Windows as their operating system, one mistake by Microsoft can cause considerable damage for other businesses," said Bert Wiggers, the director of Startpagina.nl, in a statement. "But the apology is what matters the most."
Anti-spyware vendors are vulnerable to pressure, said Michael Cherry, an analyst with Directions on Microsoft. "It's my biggest fear about anti-spyware," he said.
"Will Microsoft get too weak on calling badly-behaved software 'malicious'?" asked Cherry. "Will the company hold to a definition of badly-behaved software, even if it means they have to go into court and defend it?"
"Microsoft has already come under pressure from people claiming their software isn't malicious, and Microsoft folded like a house of cards."
Cherry said the developer could also easily be targeted by people out to make a quick buck if they see Microsoft as soft on spyware.
"Someone could build a business model around the idea of creating some malicious software, getting it listed as 'spyware' by Microsoft, and then threaten to go to court," he said.
"Microsoft's a target," said Cherry, "because of its resources. You think someone will bother suing LavaSoft (which makes the for-free Ad-Aware) or Spybot (another popular free anti-spyware tool)?"
Microsoft isn't the only company feeling the pressure.
The CastleCops website in the US, where members review security software and anti-spyware utilities can be downloaded, recently received a "cease and desist" letter from a lawyer representing iDownload.
iDownload claimed its iSearch toolbar had been wrongly classified by CastleCops as malware.
"We will take all necessary action against your company to protect iDownload from your continuing tortuous conduct", wrote a lawyer for the company.
CastleCops' lawyer returned fire.
"A cursory search of the internet reveals that the Download/iSearch brand has quite a controversial image to be sure," wrote Benjamin Rice, CastleCops' attorney.
"Symantec, LavaSoft, Computer Associates, Spyware Warrior, Spyware Blaster, and Doxdesk, to name a few, [also] report that the iSearch toolbar, published by iDownload is spyware."
Symantec said iSearch was a "search hijacker" and also tracked user activity on a remote server.
LavaSoft and Computer Associates, which acquired the PestPatrol anti-spyware vendor in 2004, have recently been accused by anti-spyware advocates of caving in to another spyware distributor, WhenU, and removing its software from their databases.
To make anti-spyware work, vendors need to stand firm, said Cherry. "Anti-spyware software's only as good as the willingness of its maker to stand behind the signature file [that identifies something as spyware]."
Issue: 315 | May 2013
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.