'SpyHunter' Ruling Undermines Congress' Approach To Malware, Security Company Argues

The cybersecurity company Malwarebytes is asking a federal appellate court to reconsider its recent decision to revive a lawsuit by rival security company Enigma Software, which says its programs were wrongly classified as potentially problematic.

The ruling, issued last month by a divided panel of the 9th Circuit Court of Appeals, allows Enigma to proceed with claims that Malwarebytes acted anti-competitively, and engaged in false advertising, by flagging Enigma's SpyHunter and RegHunter as “potentially unwanted programs.”

In a 2-1 decision, the appellate judges rejected Malwarebytes' argument that it was immunized from the suit by Section 230 of the Communications Decency Act. That law -- often considered the most important law affecting the internet -- has a provision specifically protecting computer services from liability for offering tools that restrict objectionable material.

Instead, the two judges in the majority said Malwarebytes couldn't rely on Section 230, because Enigma Software is a competitor.

Malwarebytes is now asking the the entire 9th Circuit to review the ruling, arguing that it “strikes at the heart” of the filtering scheme set out by Congress.

“The majority held that the statute contains an unstated exception to immunity allowing a lawsuit any time a plaintiff can plausibly allege that the defendant’s filtering technology has some 'anticompetitive' motivation,” Malwarebytes writes. “That exception threatens to swallow the rule. Because malicious software can easily masquerade as legitimate, its developers can seek to avoid being filtered filing retaliatory lawsuits.”

The legal battle dates to 2016, when Enigma alleged that its programs were wrongly tagged as “threats” and blocked by Malwarebytes. The complaint alleged that Malwarebytes was “unilaterally disrupting” Enigma's relationship with customers who downloaded SpyHunter or RegHunter “to protect their computers from cyberattacks, viruses, hackers, and other threats.”

In addition to arguing it was protected by the Communications Decency Act, Malwarebytes also said Enigma “uses deceptive scare tactics” to “trick” consumers into purchasing subscriptions.

U.S. District Court Judge Edward Davila in the Northern District of California dismissed Enigma's lawsuit, but the 9th Circuit revived the case last month.

“Section 230 does not provide immunity for blocking a competitor’s program for anticompetitive reasons,” Circuit Judge Mary Schroeder wrote in an opinion joined by Judge Robert Lasnik. They sent the case back to the trial court for further hearings.

Ten years ago, the same appellate court sided against adware company Zango in a similar battle involving spyware removal vendor Kaspersky Lab. In that matter, Zango alleged that Kaspersky was interfering with Zango's relationships with its customers by deleting its ad-serving software. The 9th Circuit upheld a trial judge's dismissal of Zango's complaint on the grounds that Section 230 of the Communications Decency Act shielded Kaspersky from liability.

Next story loading loading..