As Expected, Malwarebytes Defeats Enigma’s Lawsuit Without Section 230’s Help

photo by Anik Shrestha,

Malwarebytes and Enigma offer competitive anti-threat software. Malwarebytes classified Enigma’s software as a “potentially unwanted program,” or PUP, and quarantined the programs. Enigma sued Malwarebytes for that classification/quarantine.

Initially, the district court dismissed the case on Section 230(c)(2)(B) grounds. In a terrible ruling, the Ninth Circuit reversed on the misguided theory that Malwarebytes and Enigma are competitors and thus Malwarebytes may have made its classification decisions based on “anticompetitive animus.” On remand, after 2 more years of litigation, the district court has again dismissed the lawsuit, this time on its lack of merits.

Lanham Act False Advertising. Enigma claimed it was false for Malwarebytes to call its programs “malicious,” “threats,” and PUPs. In Asurvio v. Malwarebytes, the court held that such labels were subjective opinions, not verifiably false. The court says this case is “indistinguishable” from Asurvio. The court says “users of Malwarebytes are aware of why it opines that a given software program may be a PUP based on Malwarebytes’ disclosed criteria and can choose to quarantine or un-quarantine the detected program….Enigma’s allegations that Malwarebytes knew the labels used to describe Enigma’s programs were false are conclusory and need not be accepted as true.”

Tortious Interference. Malwarebytes gives users instructions on how to keep using PUPs, so no tortious interference.


On the surface, this looks like a decent outcome. The district court granted Malwarebytes’ motion to dismiss on the grounds that Malwarebytes’ classifications are its opinions, not falsifiable statements of fact. On that basis, it seems like Malwarebytes should be equally positioned to win all future disputes on the same basis. Further, the Asurvio case also relied on Section 230(c)(2)(B) despite the plaintiff’s allegation of anticompetitive animus. So long as Malwarebytes can win these kinds of classification challenges on motions to dismiss, it may not really matter how we get here.

(Of course, with a trip to the 9th Circuit and Supreme Court, this particular case has taken four years and many hundreds of thousands of extra dollars due to the Ninth Circuit craziness).

Despite this good outcome, this case has left two lingering scars on Internet law.

First, the Ninth Circuit created a new workaround to Section 230 based on anticompetitive animus. This workaround is completely undefined–is it coextensive with antitrust law, or does apply when competitors have anticompetitive “intent” even if their actions don’t constitute an antitrust violation? The Ninth Circuit dodged this critical issue. As a result, plaintiffs can freely invoke the anticompetitive animus workaround and impose greater defense costs to resolve this issue. This doctrinal ambiguity is particularly pernicious in the cybersecurity context, where the court created incentives for anti-threat vendors to reduce their vigilance against cybersecurity threats that can claim (legitimately or not) competitive status.

Worse, this appears to be at least the fifth time that the Ninth Circuit has created doctrinal workarounds to Section 230 that appear to benefit no one. Other cases that fit this pattern:

  • Fair Housing Councils v. Section 230 didn’t apply to housing discrimination claims, but the Ninth Circuit ruled four years later that the housing discrimination claims never applied at all.
  • Barnes v. Yahoo. Promissory estoppel is a pleadaround to Section 230, but plaintiffs can’t win promissory estoppel cases.
  • Doe v. Internet Brands. Failure-to-warn claims are a pleadaround to Section 230, but plaintiffs can’t win failure-to-warn claims.
  • Lemmon v. Snap. The story is still being written about this ruling, but it seems like it will fit the pattern. The Ninth Circuit said that Section 230 doesn’t apply to design defect claims that aren’t based on third-party content, but we know that the plaintiff is likely to lose the case on its merits based on a nearly identical case that failed in Georgia courts.

Now, add Enigma v. Malwarebytes and its anticompetitive animus exception to this list. If threat classifications are opinions, then plaintiffs will always lose and the Ninth Circuit’s Section 230(c)(2)(B) workaround does nothing but mess up Section 230. Should we applaud the Ninth Circuit for so carefully policing the boundaries of Section 230’s immunities, or should we criticize them for unnecessarily swiss-cheesing Section 230?

Second, on appeal to the Supreme Court, Justice Thomas used the cert denial as an excuse to blog his misguided free-association thoughts about why he hates Section 230. This screed has perniciously inspired plaintiffs to position their Section 230 case for Supreme Court review and motivated #MAGA politicians to pursue ever-worse censorial regulatory ideas. The legacy of Justice Thomas’ blogging will live on long after the Enigma case is over.

Enigma hasn’t yet appealed the latest ruling, but I assume this case will take another trip to the Ninth Circuit.

Case Citation: Enigma Software Group USA, LLC v. Malwarebytes Inc,, 2021 WL 3493764 (N.D. Cal. Aug. 9, 2021)

Enigma v. Malwarebytes Case Library