Symantec's suit, which was filed Tuesday afternoon in a San Jose, Calif., federal court, doesn't seek damages from Hotbar.com, a browser and e-mail toolbar vendor, but instead is petitioning for a legal ruling affirming Symantec's position that Hotbar's programs "are indeed adware and can be treated as computer security risks."
The suit is only the latest in the ongoing battle between adware/spyware distributors and the security firms that sell software to detect and delete those programs.
"Because we believe we will have to deal with this in the courts, we would like to get some clarification," said Joy Cartun, Symantec's senior director of legal affairs for Symantec. "We want the court to rule that we're not violating Hotbar's legal rights by detecting their software as adware."
According to the suit, Symantec was first approached by Hotbar in July 2004, and was asked to remove its software from Symantec's database. At that time, Symantec reviewed its classification of Hotbar, and told the advertising and software company that it would continue to count it as adware.
In the past year, said Symantec in the papers filed with the U.S. District Court, Northern District of California, Hotbar threatened to bring litigation no fewer than five times. "Symantec has concluded and ended its discussion with Hotbar," the lawsuit continued. "It now seeks declaratory relief to clarify its right to detect Adware.Hotbar as described, without any legal cloud."
Hotbar did not respond to requests for comment on the lawsuit. The New York-based company, which says it "offers business partners a new and creative way to cut through Web clutter and effectively reach an enormous, global, contextually targeted audience," is privately held, and counts Deutsche Bank and the Eurofund among its investors. Its R&D facilities are in Tel Aviv, Israel.
Hotbar has threatened other anti-adware and anti-spyware vendors, most recently Sunbelt Software, which sells the enterprise-aimed CounterSpy. In a letter sent to Sunbelt (and posted in PDF format on Sunbelt's Web site), Hotbar told Sunbelt to "cease and refrain from referring to any of Hotbar's Software as 'spyware,' 'adware' or any other nickname for an undesirable program in any manner whatsoever, and delete Hotbar from any programs and/or website you operate, develop or distribute which list programs which are regarded as spyware, adware or any other kind of undesirable programs."
Sunbelt's president, Alex Eckelberry, wrote in his blog last month that he was surprised Hotbar took such an aggressive stance. "Hotbar is what we label 'low-risk adware.' We list them in our database, we display them in the scan results, but we tell the user 'This is not a big deal.'"
Symantec's Cartun said that her company had received a similar letter.
By most definitions, Hotbar's toolbars and skins for Internet Explorer, Outlook, and Outlook Express are adware, said noted spyware and adware activist and researcher Ben Edelman. "Nowhere does Hotbar affirmatively show users any mention of its numerous forms of ads, pop-ups, pop-unders, toolbar ads, auto-opening sidebars, and even desktop icons," Edelman said.
In the cease and desist letter Hotbar sent Sunbelt Software, the former claimed that "the user provides a full conscious consent to each and every aspect of Hotbar software," during the installation process, a contention Edelman rejects.
"To say Hotbar users 'consent to each and every aspect' is truly a puzzling misstatement of the facts. That's certainly not what I've seen, or what I've chronicled in screenshots and videos," he added.
"Until yesterday, adware and spyware makers could send out threatening letters with almost no downside," said Edelman as he put the Symantec court case into perspective. "Nothing bad would happen to them, and maybe something good would happen, maybe the anti-spyware vendor would give in and remove them from their database."
Symantec's lawsuit shows that at least some vendors are ready to make adware distributors shoulder some costs for their actions, he said.
"In the short term, this shows Symantec has some backbone, but there are market forces at play here, too," said Edelman. "They don't want their customers furious at them, asking 'what are we paying you for if you're not detecting adware?'"
Symantec's Cartun agreed. "We're not carrying some standard into battle here, and we're not saying that all these guys are evil. But we think that customers should have the right to know what's on their computers, and the right to remove what they don't want."
"The lawsuit by itself isn't a big deal," said Edelman. "What's a big deal is that it shows there's a nasty fight going on [between adware and anti-adware companies]. Both are coming to the table with all their weapons."