Malware detection software provider gets important victory allowing it to flag unwanted driver installer

Despite a recent Ninth Circuit decision denying immunity to malware detection provider for targeting competitor’s software, court holds that Section 230 protected Malwarebytes from liability for designating software driver program as potentially unwanted program.

Plaintiff provided software that works in real time in the background of the operating system to optimize processing and locate and install missing and outdated software drivers. Defendant provided malware detection software designed to scan consumer’s computers and to report potentially unwanted programs. After defendant’s software categorized plaintiff’s sofware as a potentially unwanted program, plaintiff sued, putting forth a number of business torts, including business disparagement, tortious interference and common law unfair competition.

Defendant moved to dismiss under 47 U.S.C. 230(c)(2)(B), which provides that no provider of an interactive computer service shall be held liable on account of any action taken to enable or make available others the technical means to restrict access to material that the provider deems to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable.

The court granted the motion to dismiss, holding that Malwarebytes was immune from suit under Section 230. It differentiated the case from the Ninth Circuit’s recent decision in Enigma Software Group USA, LLC v. Malwarebytes, Inc., 946 F.3d 1040 (9th Cir. 2019), in which the court held that Section 230 immunity did not protect Malwarebytes for designating a competitor’s anti-malware software as “otherwise objectionable”. In this case, the court found that plaintiff’s software did not make it a competitor to defendant. Since the parties were not direct competitors, the limitations on Section 230’s protection did not apply.

The case can be met with a bit of a sigh of relief to those who, along with Professor Goldman expressed concern that the Enigma case would make it more difficult for anti-malware providers to offer their services. Though Enigma did limit Section 230 protection for these vendors, this decision shows that Section 230 immunity in this space is not dead.  

Asurvio LP v. Malwarebytes, Inc., 2020 WL 1478345 (N.D. Cal. March 26, 2020)

See also

Best practices for providers of goods and services on the Internet of Things

Scroll to top