Schneier On Scareware Vendor Lawsuits

Bruce Schneier's blog says "This is good: Microsoft Corp. and the state of Washington this week filed lawsuits against a slew of 'scareware' purveyors, scam artists who use fake security alerts to frighten consumers into paying for worthless computer security software. "

Unnecessary blog reference

[g051051]

Why does this even reference Bruce Schneier's blog? There's no added value from there. Why not just reference the original article?

Re:Unnecessary blog reference

[QuantumG]

Look at the name of the submitter.. this is blatant self promotion.

And, as is often the case, Schneier's blog doesn't add anything to the article either.

Re:Unnecessary blog reference

[mcgrew]

Bruce Schneier has a lot more credibility in the security field than the Washington Post, the State of Washington, and Microsoft all put together.

FAKE security warnings, for Windows?

[wvmarle]

I'm truly impressed that people can come up with security warnings about Windows that are not true... after all, is there anything as insecure as Windows?

The only thing I think they may have a case with is of course the fake software, as in software that does not do what is advertised. And I'm not even thinking of Windows itself this time.

Re:FAKE security warnings, for Windows?

[MadJo]

Were those attack vectors directed at Linux or at packages running on Linux?
Apache != Linux
MySQL != Linux
etc

Why did it take so long?

[uberlinuxguy]

I'm actually kind of surprised Microsoft has taken this long to take action against those "scareware" guys. It sort of makes one wonder how much of a legal leg they have to stand on. Any lawyers/other legal minds care to weigh in on that?

Courts determining what's required for security?

[compumike]

The law referenced "makes it illegal to misrepresent the extent to which software is required for computer security or privacy." This is such a fishy thing that I'm not really sure if I want courts to determine what exactly is required and therefore whether it is being misrepresented.

Now, maybe there's a case for fraud if the program doesn't do what it purports to do in its advertising, but that doesn't seem to be what's at stake here.

There also might be a case for fraud if, perhaps, the advertising pop-ups are being confused for actual Windows messages. But I suppose in the "real world" advertisements mimic other things to be creative, but are still fairly obviously ads.

Just not sure I like the sound of a law that requires a judge or jury to determine what's required for computer security.

--
Hey code monkey... learn electronics! Powerful microcontroller kits for the digital generation.

Re:colors

[MBGMorden]

Too obvious for your normal user, yes. Your average geek isn't going to get fooled by these things anyways (heck with the way NoScript and my popup blockers are set I don't see them at all anyways). But to the guy who fumbles with the power button and whose eyes glaze over when you speak of "cut and paste", changing the window colors and then having the foresight to pickup on a different color showing up being bad, is way beyond their capabilities.

all anti-virus companies

[Jessta]

"the law makes it illegal to misrepresent the extent to which software is required for computer security or privacy,and it provides actual damages or statutory damages of $100,000 per violation, whichever is greater."

lol, so all the anti-virus software companies(Norton, NOD32,VET etc) and anyone selling 'personal firewall software' is pretty much screwed.

Oh, it gets worse.

[RulerOf]

but surely somebody could just change the desktop colors...

It's worse than that, because it's even more obvious.

This is where the end-user epic fail really is:

Security Alert - Windows Internet Explorer

Or

Security Alert - Mozilla Firefox

End users have so trained themselves to not actually read dialogs that they simply can't tell something they've seen before from something they have not.

It doesn't take a genius to sit at a computer for hours, and hours, and hours on end, every day, at work and at home, to recognize that your "Security Alert - Windows Internet Explorer" causes the cursor to turn into a pointing finger, just like a hyperlinked picture does on the web.

It's the inability of people to grasp these kinds of subtleties, despite years upon years of on-hands experience, that makes security a nightmare and things like UAC such a necessity.... Of course, then we get back to the whole not reading dialogs bit.

Also, predatory software programmers really have culpability. [badanalogy] But to similarly say that it's not your fault you got mugged because you flashed $2000 in cash at 1:00 AM in a biker bar that you've been going to every night for drinks for the last 6 years makes you similarly sound like an idiot.[/badanalogy] Common sense has not much prevalence in the average end-user. Or mugging victim.

Re:Oh, it gets worse.

[RulerOf]

No.

I'm saying that if you're too ignorant to understand that you're asking for it because you feel it's not worth your time to learn anything from your hands-on experience, then it's your own damn fault that you put yourself in that situation. I never said there was anything right or just about crime.

Re:colors

[_Sprocket_]

One of my insights doing a stint behind a helldesk was that some otherwise competent, intelligent people will disengage their thought process when sitting behind a keyboard. Sometimes I felt like psychiatrist - or at least what I suspect many of them do:

1. Listen to problem.
2. Restate problem as a question.
3. Confirm answer given by customer is correct.
4. Assure customer that while correct answer WAS somewhat obvious, we get it all the time and a lot of folks don't figure it out on their own. Add reassuring comment about their savvy in this situation.

Re:You are trying to file a lawsuit. Cancel or All

[Hyppy]

An important update to your software is available! Please download and install "Windows Genuine Advantage" now!