SAN FRANCISCO – Defendant Symantec’s motion to dismiss a lawsuit concerning the alleged defects of a computer software security program was granted in part and denied in part by Judge Edward M. Chen of the U.S. District Court of the Northern District of California on Sept. 21.
The court’s ruling in response to Symantec’s motion to dismiss contained several parts. Chen refused to dismiss the California Consumer Legal Remedies Act (CLRA) and False Advertising Law (FAL) claims, saying the plaintiff alleged that Symantec knew of the defects in the software at the time of sale, which Symantec denied.
"Despite this, the complaint sufficiently alleges knowledge, because Symantec designed and produced the software in question. It plausibly follows from this fact that Symantec knew how the Second Software functioned, including that the software unpacked potentially malicious files in a high-privilege environment. ... Therefore, the CLRA and FAL claims survive.”
The judge explained that under the Song-Beverly Act, “'every sale of consumer goods that are sold at retail in this state shall be accompanied by the manufacturer’s and retail seller’s implied warranty that the goods are merchantable,' unless such warranty is properly disclaimed. ... The Song-Beverly claim is therefore dismissed with leave to amend.'”
Regarding the Unfair Competition Law (UCL) claim, Chen said, “because the allegations regarding the third software are lacking, those claims under the unfairness prong are dismissed without prejudice. However, the allegations regarding the second software are sufficient in this regard.”
In ruling on Beyer’s claim for unjust enrichment, Chen said, “Symantec’s only argument against the unjust enrichment claim is that it fails because Beyer’s other claims fail. Because Beyer’s other claims do survive as to the second software, the unjust enrichment claim also survives as to that software. The motion is denied to that extent. But because the claims as to the Third Software do not survive, the unjust enrichment claim is dismissed without prejudice as to the third software.”
“For the foregoing reasons, the court dismisses without prejudice the CLRA, FAL, UCL, and unjust enrichment claims as to the third software. The court otherwise denies the motion to dismiss. The motion to strike is also denied,” the ruling states.
This legal action began when plaintiff Montgomery Beyer filed suit against the Symantec Corp. saying “certain network security software products sold by defendant Symantec Corp., specifically network security software products sold or licensed to consumers under the Norton brand and to businesses under the Symantec brand, ... contained critical defects," the ruling states.
In support of his allegations, Beyer cited a report by Google’s team of cybersecurity analysts who identified alleged vulnerabilities in a component of Symantec’s software, called the AntiVirus Decomposer Engine.
“Symantec advertises that the affected products 'protect against the latest online threats' or 'protects against viruses, spyware, hackers, rootkits, identity theft, phishing scams, and fraudulent web sites,'" Beyer said, as quoted in the ruling. He also alleged that Symantec’s statements were false and that Symantec knew its products had a core decomposer engine defect that exposed entire computer operating systems to various security vulnerabilities. He also alleged that Symantec "failed to disclose that it did not implement patches for third-party source code that it used throughout its product line,” the ruling states.
"Beyer further alleges that Symantec exposed users’ computers to a 'critical vulnerability' by failing to implement industry-standard security measures such as 'sandboxing,'" a practice in which files are opened in an "isolated virtual environment separate from critical processes and programs," the ruling states. He also said that he purchased five Norton Products containing these alleged defects