Slashdot Mirror
Computer Associates Offers Warranties
Kelvin D. writes, "Computer Associates has come up with a new angle to get consumers to buy its security software — a warranty with cash benefits if you catch a virus ($1,500) or get your identity stolen ($5,000). From the article: 'Users who want the identity theft coverage need to both install and register their copies of Warranty Corporation of America's Mobile Lifeline (included). No registration, no coverage.'" Moblie Lifeline includes something that sounds like a benign Trojan: it lets you retrieve or delete files from your stolen computer if it's ever connected again to the Internet.
how do we know they are secure enough to prevent others from hacking in and doing that to your NOT stolen computer that you are using? Seems a huge potential downside.
34486853790
Connection too slow for X forwarding? Try "ssh -CX user@host"
I predict if they honor this and publicize it well, they will be bankrupt within two years.
You say you want a revolution....
They've been advertising this service in the TD catalog for a couple of months. The 1,500 warranty is for HARDWARE damage. Obviously, viruses and trojans are unlikely to ever cause a physical hardware problem with the machine, and even if they do it would be impossible to prove. They're essentially promoting a software warranty that they'll never have to honor.
My work computer got infected by a trojan yesterday. I was browsing a BBS where some malicious user had posted a SWF that opened up some other page on an IP, I'm not sure but I think it could have been the most recent MS IE critical vunerability. My boss spent from 9am to 2pm trying to get rid of a trojan. The antivirus the PC already had was Symantec, which was what first alerted us to it this morning. It couldn't remove it, so we tried AVG and Pandasoft as well as House Call. Nothing would shift the damn thing, it ended up with me having to replace the PC with a spare one. He'd have loved to have cashed in on this, as we both wasted most of our workday.
This is merely a marketing ploy. Lets be realistic, the fine print will actually keep this occuring in almost any instance.
I am also betting that there will be additional fine print about the identity theft... as it occurs so frequently. Plus, you will have to follow their guidelines. Which will probably include industry best practice information... which if you were willing to follow that, in most instances you wouldn't have a problem with identity theft anyways.
Justin - Don't be afraid of my blog, it won't bite.
So, I am to believe that my identity will be stolen because my laptop is not secure enough.
NOT, mind you, because dozens (hundreds? Impossible for me to find out) of companies consider my personal and financial information to be their intellectual property to be sold to other companies.
NOT, mind you, because these companies have basically no interest in protecting the data in that losing it does not hurt them any (maybe a token fine tops). So they don't encrypt it, lose backup tapes, let employees take it home on laptops, etc.
NOT, mind you, because the banking and finance industry, against all common sense, believes my social security number to be not only a positive identifier, but an authentication token that obviously only I could ever know. And since we all need same minute loans, any credit apps must go through ASAP, no wasting time to take any steps to actually identify the person making the request.
Nope, it must be because my laptop is running the right CA software.
Finkployd
1. Be another Antivir company.
2. Buy CAI's package.
3. Infect your machines with the latest trojans that NOBODY has any signatures or heuristics for.
4. Profit.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
the $1500 dollar waranty only kicks in if they can't remove the virus. And hell, what counts as 'removing' a virus anyway. Given that most viruses use random file names and sizes, and many periodically update themselves to change their signatures (becomming 'new' viruses in the process), good luck proving that the virus wasn't fully removed. But that won't prevent the techies from taking the heat from an asshat who thinks he's due $1500.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Wikipedia calls a Trojan "a malicious program that is disguised as or embedded within legitimate software." Given that, something that the installer knows about and isn't malicious can't really be "a benign Trojan."
1) Write one new virus a week 2) Infect my own PC 3) Collect weekly salary of $1500 (Profit!!!)
So, what this seems like is it lets you connect to your stolen computer to retrieve the files. A sort of hidden, unprotected FTP server on your computer. Couldn't this possibly be used by a hacker to steal your files remotely? How does the computer know it has been stolen, and how does it identify the rightful user? And how can you ensure that someone doesn't get your files before you do?
Seems like a potentially dangerous utility, even worse than the Sony rootkit.
Not only "land of the free" but "land of the lawyers" who love a good old 1st amendment smackdown. Shihar 153932
"Well, Mr. Smith, our records do show that this identity was proven to be stolen. Of course we paid out according to our warrenty. Our records show the $5,000 was paid out on X date. You didn't receive it? Well, we sent it to Y address. That's not you? Oh, it seems to have been paid to the wrong person, but unfortunately we can't do anything about that, as it appears you've been the victim of identity theft. Want to buy a warrenty to protect you against this in the future? No? Well, have a nice day.
Exigo spamos et dona ferentes
Does "properly" mean not as fast as it should, internet explorer sending my data somewhere it shouldn't? What is Properly. That world will cause CA to soar or sink, depending on how judges define it.
Cheers,
-feno
Why the *HELL* Microsoft doesn't offer Warranty protection like this.
This is a great product, IMHO. This is CA putting their money where their mouth is. I don't know anything about their actual coding abilities, but I really like it from the actual business angle.
As for me, I run OS X & Linux, and have not yet had the need for an anti-virus product, even though an up to date ClamAV does reside on my systems.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
...it lets you retrieve or delete files from your stolen computer if it's ever connected again to the Internet.
All potential security holes aside, this presumes that the thieves didn't replace your HD after stealing it, or reformat/reinstall. What would be more useful would be a call-home email to your addy that gives you an IP address, nslookup and tracert data, as well as any other information that can be used to track it back to a physical address. Maybe a keystroke log as well, and a list of recently opened files and visited URL's?
There is no mod option "-1: Disagree" for a reason. "Overrated" is not an acceptable substitute. Post something instead.
I actually worked for a start up that tried this years ago. The company has been dead for 2 years now, but evidence of it still lingers. Google combinations of "Promisemark", "Virus Protection Plan", "Identity Theft Protection Plan", etc...
What CA is doing here is complete nonsense. Several problems spring to mind immediately:
1) Identity theft involves a lot more than just the laptop sitting in front of a user. It involves the user's total awareness of unusual requests for personal information and commitment to protect that information. Social engineering, dumpster diving, and (certainly) user stupidity can all compromise the security of the data. CA will find a good chunk of its customers who were just careless about what they wrote down or told whom, and kick itself in the pants. You can't indemnify human failure.
2) If the laptop is compromised by a virus that sends keystrokes to a Romanian website, CA will want forensic proof. It will have to see conclusive evidence that (a) its software worked correctly and was not subject to accidental or deliberate tampering by the user, (b) any personal information obtained in this manner was used intentionally to impersonate the user and cause harm, and of course (c) that the machine in question "failed" as a direct result of the virus (although to what extent "failed" covers is unclear). Just the resources necessary to conduct proper forensics alone is daunting enough, and $5000 for theft and $1500 for virus infection seems a pittance. It's a lose-lose proposition, and CA is trying to make it sound generous.
3) The offer to encrypt or destroy data on any stolen laptop is laughably absurd, and serves no purpose except as a way to TRY and get the last laugh in. "So you took my laptop? Well, I'll just have to think of a REAL GOOD comebacker. Oh, I know. If you are stupid enough to connect it to the Internet, I can erase what you probably already got off the drive by then. Ha, ha." The machine is gone and at the mercy of the thief, and Josephine User is up the creek with no paddles.
4) Most frustratingly, it is misleading for a technology company to offer services that distorts what "identity theft" really involves. You are not educating the user in the process except "If I lose my laptop I get $$$". You are not providing a truly comprehensive plan to combat this problem. All this "offer" does is to try and make money. Again, clever marketing does not make a bad idea into a good one.