Fake Antivirus Peddlers Outpacing Real AV Firms
An anonymous reader tips a writeup at KrebsOnSecurity.com detailing how purveyors of fake antivirus or 'scareware' programs have aggressively stepped up their game to evade detection. The posting is based on a report from Google's malware detection team (PDF). "Beginning in June 2009, Google charted a massive increase in the number of unique fake antivirus installer programs, a spike that Google security experts posit was a bid to overwhelm the ability of legitimate antivirus programs to detect the programs. Indeed, the company discovered that during that time frame, the number of unique installer programs increased from an average of 300 to 1,462 per day, causing the detection rate to plummet to below 20 percent. ... In addition, Google determined that the average lifetime of sites that redirect users to Web pages that try to install scareware decreased over time, with the median lifetime dropping below 100 hours around April 2009, below 10 hours around September 2009, and below one hour since January 2010."
I don't think I have to point this out, but for the sake of clarity: the point is not that the vast majority of people are straying away from known AV software providers to unknown software providers; it is that the vast majority don't know any better and believe what the computer tells them!
To be nice, the average user is very naive. If they see a popup saying they need this AV, they trust it.
"I use a Mac because I'm just better than you are."
Pardon me sir, but this herb root extract can lower your blood pressure. Meaning that you can live a long and healthy life. It's not FDA approved but it's certified by these doctors.
It works just as well in meat space too.
Its shocking though, nobody would trust someone in the real world telling you that you need something they are providing without some kind of double check.
If someone showed up at your house and told you that your water could kill because of some microbe you have never heard of that they claim is getting into your pipes and the only way to make yourself safe is to install this helpful filter that they are selling would you believe them?
A big difference is that the fake antivirus pop-ups aren't usually trying to sell you anything, they just want you to click OK! It's easy to click OK, and, for the average [clueless] user, just clicking OK doesn't feel nearly as risky as letting a stranger into your home, or buying a mysterious product.
I think most people just do a naive, clueless sort of risk assessment. If the pop-up is telling the truth, they really need the software. If the pop-up is lying... well, they're not directly paying anything and have no idea what could go wrong, so they assume it's not a problem. Therefore, they decide to click OK to install the software. To them, it's more like some random person standing on the sidewalk telling them, "You should walk on the other side of the street; there's a dead skunk halfway up the block and you really don't want to get near it." Eventually people will learn... but it may take a few generations.
Generally, no. Generally, the reason is that the advertisers and their site owners rarely truly care. Have you seen the utter shit, spam, fakes, frauds that masquerade as Facebook ads, however often you click "X" and report it as "misleading / deceptive". Seriously, go to apple.com/store. Look for the neon green MacBook Air. You know, the one you can "test/review then keep for free"...
It's lip service. They. Just. Don't. Care. The advertisers are paying the bills, not you.