The software giant filed several lawsuits under Washington's Computer Spyware Act

Sep 30, 2008 12:37 GMT  ·  By

Microsoft has allied with the Washington Attorney General Office in the fight against software developers that use scare tactics in order to convince users to buy their so called security products. The Attorney General has agreed to file seven of the lawsuits brought forward by Microsoft.

Scareware is a name used to describe software which is marketed through fake security alerts or notifications. These messages have the purpose of scaring the user into buying an application in order to fix a security problem that might not even exist. Even more, these products can themselves have adware or spyware components and can make serious changes to a computer system by blocking possible attempts of uninstalling them.

Microsoft chose to pursue legal action against the developers of such products in Washington because of the state's Computer Spyware Act. This law prohibits the misleading of users regarding the necessity of security products on their systems and it actually specifies damages of $100,000 for each violation.

"We won't tolerate the use of alarmist warnings or deceptive 'free scans' to trick consumers into buying software to fix a problem that doesn't even exist," said Washington Attorney General Rob McKenna, according to Brian Krebs of Security Fix. "We've repeatedly proven that Internet companies that prey on consumers' anxieties are within our reach," added Mr. McKenna.

Vendors that Microsoft pursued legal action against include the owners of Antivirus 2009, Malwarecore, WinDefender, WinSpywareProtect, XPDefender, but more importantly RegistryCleanerXP. The RegistryCleanerXP lawsuit is more significant because detailed information about the company that owns the product  actually exists. The company is located in The Woodlands, Texas, is called Branch Software and its owner is James Reed McCreary IV.

The company used the Windows Messenger service to send messages to numerous IP blocks. The messages were alerting the users about fictional infections on their computers and instructed them to buy the RegistryCleanerXP application. The product is sold for $39.95, but it's not even efficient according Paula Selis, Senior Counsel for the Consumer Protection Division, High Tech Unit, of the Washington State Attorney General’s office. She pointed out that the product identified the same 43 errors which it tagged as “critical” on all of their test machines. "We're absolutely certain that consumers across the country have been deeply affected by this," Selis added.

Alex Eckelberry, president of security vendor Sunbelt, who has been tracking these products for a while now and has been writing about them on his blog, commented for Security Fix that "this is an absolutely huge problem, and these rogue anti-spyware products are what most consumer PCs are getting infected with now". He also pointed out that "these guys are doing whatever it takes to get you to buy their [bad] software," ranging from fake security alerts sent in various ways to serving them as codecs or web browser plugins.