Maksim Kabakou - stock.adobe.com
NSS Labs ended its legal battle against the Anti-Malware Testing Standards Organization, Symantec and ESET.
The independent testing firm dropped its antitrust lawsuit Tuesday, which was filed in 2018 against AMTSO (a nonprofit organization) and several top endpoint security vendors, including Symantec, ESET and CrowdStrike. The suit accused the vendors and AMTSO of conspiring to prevent NSS Labs from testing their products by boycotting the company.
In addition, NSS Labs accused the vendors of instituting restrictive licensing agreements that prevented the testing firm from legally purchasing products for public testing. The suit also alleged AMTSO adopted a draft standard that required independent firms like NSS Labs to give AMTSO vendor members advance notice of how their products would be tested, which NSS Labs argued was akin to giving vendors answers to the test before they took it.
In May, NSS Labs and CrowdStrike agreed to a confidential settlement that resolved the antitrust suit as well as other lawsuits between the two companies stemming from NSS Labs' 2017 endpoint protection report that included negative test results for CrowdStrike's Falcon platform. Under the settlement, NSS Labs retracted the test results, which the firm admitted were incomplete, and issued an apology to CrowdStrike.
In August, a U.S. District Court judge for the Northern District of California dismissed NSS Labs' antitrust claims, ruling in part that NSS Labs failed to show how the alleged conspiracy damaged the market, which is required for antitrust claims. The judge also said NSS Labs' complaint failed to show ESET and AMTSO participated in the alleged conspiracy (Symantec did not challenge the conspiracy allegations in the motion to dismiss). The ruling allowed the company to amend the complaint; instead, NSS Labs dropped its lawsuit.
Still, the testing firm had some harsh words in its statement announcing the dismissal of the suit. NSS Labs said vendors "were using a Draft Standard from the non-profit group to demonstrate their dissatisfaction with tests that revealed their underperforming products and associated weaknesses, which did not support their marketing claims."
"During the past year, AMTSO has made progress to be more fair and balanced in its structure, vendors have shown progress in working with testing organizations, and the market itself has had significant change and notable acquisition activity," NSS Labs CEO Jason Brvenik said in the statement. "It is said that sunshine is the best disinfectant, and that has been our experience here. We look forward to continued improvement in the security vendor behaviors."
AMTSO sent the following statement to SearchSecurity:
"While AMTSO welcomes NSS Lab's decision to dismiss, its actions were disruptive, expensive, and without merit," said Ian McShane, an AMTSO Board member and senior director of security products at Elastic. "However, we agree with its statement that 'sunshine is the best disinfectant,' and we're looking forward to NSS Labs re-joining AMTSO, and to its voluntary participation in standard-based testing. We believe this will give customers a greater assurance that the tests were conducted fairly."
AMTSO did not comment on whether the organization has made any specific changes to its structure or policies in the wake of the antitrust suit.
NSS Labs changed its approach to testing results earlier this year with its 2019 Advanced Endpoint Protection Group Test, which redacted the names of vendors that received low scores and "caution" ratings. At RSA Conference 2019, Brvenik told SearchSecurity that NSS Labs decided to take a "promote, not demote" approach that focuses on the vendors that are doing well.