Symantec Cracks Down on Piracy

Lawsuits highlight dangers of piracy ranging from faulty products to stolen information.

Symantecs decision to file lawsuits against eight companies it accuses of selling pirated software was the latest move in the industrys continuing struggle against counterfeit products.

That it was a top-tier security software provider also highlights the dangers to users who install pirated security products onto their systems.

The eight separate lawsuits, filed over the past several months in U.S. District Court in California and announced May 16, seek more than $55 million in damages from the companies, which include several in California, as well as others in New York, Texas, Florida and Canada.

Scott Minden, Symantecs director of legal affairs, told eWeek that the lawsuits were the result of the efforts of Symantecs Brand Protection Task Force, which reviewed defective disks submitted by customers of the accused businesses.

The group also bought suspected counterfeit software from the businesses. The investigation revealed most of the sales were conducted online, with the actual disks delivered in single, blank white sleeves to unwitting customers without documentation, directions, labeled packaging or activation code information, said officials with Symantec, in Cupertino, Calif.

Cris Paden, a spokesperson for the companys task force, said customers who buy pirated software run the risks that the software might not work—and might crash the machine—or that its loaded with spyware or Trojans designed to capture personal information and send it back to the criminal syndicate who sold it in the first place.

In addition, users wont get updates, leaving the computer vulnerable to future attacks. Minden agreed.

"[Pieces of counterfeit software] dont come with user guides, oftentimes you cant get updates and they dont work properly," he said.

Jason Allen, manager of the Internet anti-piracy arm of the Software and Information Industry Association, in Washington, said the real problem is Web sites or online auctions, where people try to get software cheap and dont realize that what theyre buying may be counterfeit.

"Its very easy to create a Web site that might look legitimate," he said.

For the SIIAs members—which include Symantec—the real problem is eBay, Allen said. Thats not surprising—the huge volume of transactions on the site makes policing individual auctions difficult. Its the same issue thats plagued name-brand or copyrighted industries that produce high-end products, such as handbags.

The SIIA has an Auction Litigation Program through which member companies can report suspected piracy. The SIIA investigates the cases, searching on eBay for potential infringements, and then the group makes test copies of the software. If the software is illegal, the group files suit against the seller behind the sale. So far, the SIIA has filed six suits and has settled three, Allen said.

Education is another goal of the anti-piracy crusaders. People need to learn that just because they see something on eBay or on a Web site and the price seems right, they still need to be careful. Even on a legitimate site, a pop-up ad cant necessarily be trusted, he said.

Not surprisingly, it isnt businesses that are getting taken in by pirates—rather, its individuals looking to buy software used to secure PCs in their homes, Paden said. Symantecs task force includes private investigators, attorneys and other specialists who do nothing but follow up on complaints from victims who assume not only that their software is from Symantec but that Symantec should fix it so they can register their copies or get updates.

Symantec didnt sell it, so Symantec isnt going to compensate for it, Paden said. The company asks for the pirated copies for evidence, though, and makes purchases on its own at the sites where the victims say they bought the illegitimate copies.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.