Anti-Malware software as Good Samaritan

Sunbelt recently posted a blog about the latest development in the legal battle between Kaspersky antivirus and Zango (an ad-supported software provider that closed its doors this spring).  Here’s a brief summary of the decision:

We are now pleased to report that the Ninth Circuit Court of Appeals has upheld that original decision, affirming that Kaspersky enjoys “good Samaritan” protection afforded by the CDA. In the court’s own words, a provider of “access tools that filter, screen, allow, or disallow content that the provider or users considers obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable is protected from liability [by the CDA] for any action taken to make available to others the technical means to restrict access to that material.” For the Court’s full opinion, see the PDF file (here), which also includes an interesting concurring opinion from one of the panel’s three judges.

As someone who worked for an anti-malware vendor, this decision thrills me.  One could argue that this sets a potentially frightening precedent, but there are natural, built-in checks and balances against this. Simply put:  Detections are ultimately vetted by humans.

Dozens of times a day, virus analysts are asked to determine whether a given piece of code should be added to detection.  As a virus analyst, I’d go through a series of steps to determine the content of a file.  To be brutally blunt, the mental check-list in my head was motivated by a single question – which will cause me more eventual pain, adding this file or not adding this file.

Customers and vendors both figure very highly into this question.  By not adding this file, is it likely that I’ll later get a dozen other customers writing in later with descriptions of pain and woe caused by running this file?  Ugh, that would make me feel horrible, plus I’ll have 12 more emails to answer.  Or conversely, by adding this file will I get a description of pain and woe from the software maker who’s lost business because of a detection?  That’d also be really awful.  So I’d better do everything in my power not to cause that pain.

I remember when trojans first came on the scene.  We were called “anti-virus” software back then, so it took a certain amount of pressure from users to convince us to broaden our categories to include trojans.  This happened again when adware became a real problem – we were anti-malware software, and this was not clearly malicious in its intent!

The anti-malware industry has come a very long way in the last 10 or so years.  It’s because of this evolution that security software has changed so that there are a lot more options for the user who wants a lot more power to make these decisions for themselves.  We understand now how much the nature of the beast can change, and how much specific needs vary from one company to the next.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s