On my Mac this page pops up a big full-page ad for some kind of "Clean My Mac!" software. I'm invited to press a "Try it Now" button.
If this is legit software it is marketed by someone who doesn't mind that their ad looks and smells exactly like a trojan.
[EDIT: Or, as suggested below, someone has exploited a JS vulnerability.]
EDIT: Modding up the "Macworld" link below.
[MORE EDIT: Removed suggestion that this thing might be malware; I'm choosing to trust the research of my fellow HN reader, below, who claims it is legit. Thanks for taking the time.]
What should a developer do when they find themselves in a situation where their software might be confused with malware? This app isn’t even all that similar to the malware. The name is completely different, the purpose is completely different (compared to the bogus stated purpose of the malware) – the connection is tenuous at best.
The bad thing is that no app is safe from that. Malware authors can pretend to be anything. Is the correct response to that really to shut down business or whatever you want them do? Should all developers of maintenance or anti-virus software for the Mac really close up shop?
Well, the first-order solution is to not buy popup ads. Popup ads plus "software that 'cleans' your machine" equals "warning sign".
But presumably these ads work, and maybe they work so well that it's worth the collateral damage to one's brand from people whose first reaction is like mine. Hey, it's your life.
The other defense is to build the brand. Get some reviews from someone I've heard of. Name-check those reviews in the ad, maybe even with a link. Buy other ads in other places, where I might see them as I surf. Change the call-to-action buttons to read a little more like "learn more" and a little less like "install this thing now". Heck, I don't know.
And, yes, it's true, the existence of well-known trojans masquerading as "security" software is unfair to legitimate system-utility vendors, just as the existence of spam is unfair to legitimate friendly emailers and the existence of the flu is unfair to people who like to shake hands. What am I supposed to do about that? Encourage people to sneeze on me in the spirit of brotherly love?
You don't sound like you're in the market for that kind of software, which kind of invalidates your entire point.
If I'm selling software that scans for and removes spyware, popups would be a pretty damned compelling marketing channel as people without the savvy to install a popup blocker can probably derive a lot of value from my product.
I've seen these Mac Defender and Mac Protector popups on some reputable sites, so I'm not sure it's the site that is "permitting" it. I think the trojan is taking advantage of some JavaScript vulnerability.
Wow, talk about shooting yourself (Lodsys) in the foot -
As above, in the notice letters we have seen, Lodsys uses screenshots that expressly identify the App Store as the entity that purportedly collects and manages the results of these user interactions at a central location.
Thus, the technology that is targeted in your notice letters is technology that Apple is expressly licensed under the Lodsys patents to offer to Apple’s App Makers. These licensed products and services enable Apple’s App Makers to communicate with end users through the use of Apple’s own licensed hardware, software, APIs, memory, servers, and interfaces, including Apple’s App Store. Because Apple is licensed under Lodsys’ patents to offer such technology to its App Makers, the App Makers are entitled to use this technology free from any infringement claims by Lodsys.
This is an interesting side-effect of Apple's end-to-end control of the iOS environment. This defense may not have worked for Android as you could argue that some of the equipment (non-google-produced handsets) does not fall under the licensing umbrella of the company (Apple in this case).
It's disappointing that the response is "we've already licensed that" rather than "you cannot possibly believe that you really own that."
Everyone I know who is doing real work in tech agrees that patents like this are BS. But everyone keeps playing the broken game. No one yet has had the incentive to make a real push (like lobbying) for real patent reform. It's still cheaper to swat the flies than it is to, I dunno, hire an exterminator? (I've never been good at analogies)
The licensing fees are typically on the order of 1/100th to 1/1000th of what you might have to pay if you lose an infringement case in court. I forget the exact margin, and it varies by circuit, but something Federal court decisions in these cases tend to break in favor of the plaintiff.
It may disappoint you, but no company in their right mind is going to take that gamble.
(IANAL but one of my good friends is a self-confessed patent troll -- in this market, you take what you can get. He explained the whole racket to me over beers one night.)
> The licensing fees are typically on the order of 1/100th to 1/1000th of what you might have to pay if you lose an infringement case in court.
That's exactly my point about how it's currently still cheaper to swat the flies. But they could at least publicly argue for patent reform, and heap scorn on patent trolls, which shouldn't be as expensive.
> IANAL but one of my good friends is a self-confessed patent troll -- in this market, you take what you can get.
If you're really struggling to make ends meet, I can understand resorting to behavior even if you don't agree with it 100%. I'm sure I would steal bread if it were my only alternative to going hungry. But in the bigger picture such people/companies are leeches on the economy and should have their legal weapons (patents) taken away from them.
The actual response further legitimizes a broken system. It presupposes that the patent is valid. Nontechnical people (including lawmakers) reading the news about it will continue to have a mistaken impression in their heads that the patent system is a functioning, productive system that technical people are fully behind.
The proposed response would be a small step towards delegitimizing it in people's minds. People love Apple products; if they heard from Apple that this patent part of a deeply broken system, that would be one step on the way towards actually getting it changed.
It's disappointing to those of us standing on the sideline enjoying the show. But it must be very comforting for App developers, knowing that Apple is standing by them.
No one yet has had the incentive to make a real push (like lobbying) for real patent reform.
There's a catch-22 in this situation. Only large companies have the lobbying muscle to effect change. Apple, Microsoft, Google, and other players clearly risk more than they gain from the current patent system, but if they speak out against it, the trolls will organize a PR campaign smearing "huge, faceless corporations" for "picking on the little guy that drives American innovation."
Meanwhile, the little guys have essentially no voice at all in government, so their actual opinion doesn't matter.
Worse, the entire US government is basically composed of lawyers, members of a tribe that benefits from the status quo.
While this is true, I think it's more about the money they all are able to derive from each other wielding their respective patent portfolios than about the potential bad press from trolls.
Really in this scenario the trolls are almost the good guys, as long as they are attacking the big players like Microsoft. If we get enough cases like i4i v. MS, the big companies will decide that the current patent system is too dangerous even considering their large patent portfolios that they use to reciprocally gouge their contemporaries and competitors out of money.
Right now MS et al are not too worried about patents because any competitor who brings a suit on a patent claim can be counter-sued by one of MS's patents; if someone comes demanding that MS buy a license, MS can reciprocate and demand that that party license a patent it holds. These kinds of cross-licensing agreements and reciprocal lawsuits go on behind the scenes all the day long at the big tech players.
If we get more patent trolls who only hold patents and don't put out a real product for the big guys to counter-target with their own portfolio of tech patents, then we'll be in a situation where even an extensive portfolio can't protect the big players any more and they'll have to advocate for reform. We just have to make it cost more than their profit from cross-licensing, etc.
Just another handful of injunctions similar to the one from i4i case, which ordered MS to stop selling Office, and we'll be looking good.
When Intellectual Ventures first started they claimed to be trying to fix the broken system by buying up tech patents in the interest of all the players that invested in it. This is how they initially got big investments from the major tech companies.
Now that they are clearly a patent troll, and a scary one at that, it looks like the conditions you set out for reform are that much closer to coming to being. I wonder if Myhrvold will end up acting in the interest of the tech industry after all...
Don't forget, though, that this is unlikely to be the end. Lodsys clearly disagrees with this, given that they sent the letters to the developers, and will probably take Apple to court over whether the license applies to the app makers or not.
I don't see why Lodsys would take Apple to court given that both parties acknowledge that Apple and Lodsys have a licensing agreement for the technology. And the given the fact that Lodsys's claim is that Appstore developers do not have such a license their pursuit of individual developers makes sense.
As it stands now, if there is to be a suit between Apple and Lodsys, it will require Apple to act as plaintiff on behalf of its developers and that could potentially open up a huge can of worms for Apple because it could establish a higher level obligations and responsibilities between Apple and its developers. The fact that Apple responded via public letter rather than lawsuit is indicative of approaching this as a PR issue rather than a serious licensing issue - i.e. if it was clear that Apple's agreement with Lodsys allowed them to sub-license the technology to third parties they would have sought an injunction rather than issuing what boils down to essentially a press release.
Seems to me (IANAL) that Apple could sue on fraud or breach of contract: if Lodsys sold a license to Apple on the pretext that the developers were covered, and then later went after those developers as if they weren't covered, Apple could claim that Lodsys either misrepresented themselves, or failed to honor their side of the contract.
but at least the legal burden then falls on Apple and not mom & pop app dev. Worst case scenario I'd expect Apple pays Lodsys an undisclosed sum to license the tech for the devs.
Perhaps, but now Apple has contested that their developers are in fact licensed, and that Lodsys has already received what they claim is due to them. Seems like they've found a way to inject themselves into the battle in a way that should bring the fight home to them.
A la the RIAA shakedown business model a patent troll tried to extort a bunch of independent developers that had no chance of fighting back. Then Apple (with their well-documented $60 billion of fuck-you money) stepped in and said we've already paid you your protection fee-it transfers to our developers, now please go away before this gets ugly.
I think this is pretty great. (Other than the fact that the current software patent system encourages this sort of thing, natch)
On a related note, where does this put the developers who got the letter? I can't imagine that this letter just makes everything all hunky dory. How do they respond now that Apple has issued a statement?
If Lodsys doesn't respond by retracting their letters/complaints, Apple will likely seek an injunction, preventing Lodsys from moving ahead with third-party lawsuits until the status of Apple's current license is determined in court. That's going to take time, however; and there's no guarantee that a judge will grant the injuction.
If I were a developer sitting in the hot seat, I'd feel inclined to delay as long as possible, forcing Lodsys to fight an expensive legal battle with a much larger opponent. Ducking service, while often unfavorable in the court's view, would be a virtually free method of prolonging Lodsys' engagement with indie developers, and would cost them only inconvenience.
And that is how you win this kind of case... by out-waiting/spending the other side.
If Apple does, in fact, gain an injunction, it almost doesn't matter what Lodsys does, as Apple can drag their case out until it's not feasible for Lodsys to fight any longer, or by winning/settling.
Section 2.5 of the license agreement seemingly covers developers in this case:
---
2.5 Ownership Apple retains all rights, title, and interest in and to the Apple Software and any Updates it may make available to You under this Agreement. You agree to cooperate with Apple to maintain Apple's ownership of the Apple Software, and, to the extent that You become aware of any claims relating to the Apple Software, You agree to use reasonable efforts to promptly provide notice of any such claims to Apple. The parties acknowledge that this Agreement does not give Apple any ownership interest in Your Applications
---
IANAL, but they seem to have followed Apple's instructions and are, seemingly, in the clear with this response.
In a strange situation, Apple isn't technically a party to any of this yet. One or several will probably try to get the case dropped on the basis of Apple's claim. Or at least try to put off any litigation until Apple's claim gets backed up in court. Right now its all still saber rattling.
I would hope it means Apple's going to tear them a new one if they continue moving against the developers, and it certainly seems like that's the next step if Lodsys continues.
[IANAL]
What is clear from Apple's response is that it boils down to a dispute regarding the limits of Apple's license of Lodsys technology. Apple claims First Sale Doctrine - LodSys claims limited licensing. Personally, it seems unlikely that any reasonably well drafted agreement for commercial purposes would license a patent such that the other party could pass their rights without limitation to additional parties at their pleasure because this would essentially amount to a complete transfer of the IP rights to the other party (Apple in this case).
I'll add that because appears to be a formal agreement between Apple and Lodsys, the suits against individual developers look more like a new twist in an ongoing dispute than the pure patent trolling which the tech press has tended to use to describe the story (i.e. this seems more like an escalation of an issue of which Apple was aware than an attack from out of nowhere).
If this is legit software it is marketed by someone who doesn't mind that their ad looks and smells exactly like a trojan.
[EDIT: Or, as suggested below, someone has exploited a JS vulnerability.]
EDIT: Modding up the "Macworld" link below.
[MORE EDIT: Removed suggestion that this thing might be malware; I'm choosing to trust the research of my fellow HN reader, below, who claims it is legit. Thanks for taking the time.]