Slashdot Mirror
Tearing Apart a Hard-Sell Anti-Virus Ad
climenole writes "I came across an email sent by a security vendor, reminding me, no urging me with the liver-transplant sort of urgency, to renew my subscription to their product, lest my pixels perish. I spent a minute or two staring at the email, thinking about all the poor souls out there who do not have the comfort of being a geek and who may actually take the advertisement seriously." That led to this insightful deconstruction of these over-the-top ads, the kind that make it hard to keep straight the malware makers and the anti-malware makers.
He's a pedant.
Sure, he may make a good point in the last paragraph, but the first few points he makes are stupid.
Friend of mine has the most annoying product ever. Whenever it updates itself, it plays a recording of a voice saying "virus database updated". So we'll just be sitting there and hear that. Since a well-functioning anti-virus just does its thing without bugging the user for the most part, the ones that are for profit have to make themselves loudly obvious and play up the threat level (not to imply there isn't one of course).
I'm not convinced anti-viruses are any better than snake oil, really. Some like Norton are basically viri themselves, slowing your system to a crawl, and all they can do is look for fingerprints of known viri. Sure they can occasionally be bandaids on a sucking chest wound, but the main key to windows security is to not expect it, stay updated, avoid IE, and not run random programs strangers email you. Sure there might be a 0 day in your browser or mail client that causes something like a picture to execute code, but those aren't the main uses.
*gets off rantbox*
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
Malware on Linux? That's unpossible!
http://forums.unrealircd.com/viewtopic.php?t=6562
Little known, though highly comical peice of info, is back in the day the McAfee spam filter constantly triggered on the McAfee advertising emails. You'd think the marketing guys would have figured out their techniques needed adjustment... but instead the smart ones at the top demanded a fix... so the engineers built an exclusion into the software for anything coming from the company... becuase clearly that was the right course of action. I'm not at all surprised their 'emails' can't be distinguished from Phishing spam after all these years.
McAfee is for those who have no idea and therefore the warnings make perfect sense. Ethically wrong, sure. Its been made up by the marketing department with the sole purpose of getting the likely clueless user to cough up. And that i'm sure they do. Tobacco causes cancer yet cigarette companies will still do whatever they can to flog their products to anyone who will buy them. It doesnt mean its right. What do you think about Microsofts 'Windows Genuine Advantage' program? It does absolutely nothing for the user but certainly helps Microsoft make a lot more money. Yet its pushed as giving some sort of advantage.
Those who can, do. Those who cannot, sue.
next thing he'll complain about are ads for health products that are not healthy, but use green color to look "natural" that's just how advertisement works...
Will it blend?
You seem to use the exact same hyperbole that you claim is so harmful. This is a needless article that is preaching to the choir.
Seriously, there are blatant scams advertised and you write an article about a product emphasizing its need.
Kill yourself.
Hail Eris, full of mischief...
E pluribus sanguinem
Right up there with those assholes at Domain Registry of America.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Dirty Stacey Needs Registry Cleaner 5.4
http://maximumhoyt.blogspot.com/2010/04/dirty-stacey-needs-registry-cleaner-54.html
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
Maybe I'm missing something, but why is he all of a sudden complaining about the .NET installation saying when you can disconnect from the internet? I realize that he most likely has an always-on connection, but there is still a large number of people using dial--up connections that only give you x number of hours per month. It's helpful to know that the installation is not going to need the internet again to download some extra bits later on. I'd hardly call a little note of convenience for those who need to ration their internet usage "totally audacious". Maybe somebody can explain how it's shocking and reckless, but I'm just not seeing it.
The one time I actually decide to RTFA, and it's this? What a waste. It probably would have been more amusing if he'd dissected some of the spam e-mails waiting in his inbox.
Buy a new and modish watch today, and become recognizable tomorrow. If you are looking for fancy and cheap jewelry, you just found it.
a click away
That's just a sample of the excitement waiting in mine!
If you must use windows, I totally fail to understand why you need to PAY to use anti-virus. There's plenty of free anti-virus software out there that is better than any of the racketeering paid-for versions. I would have thought every single reader of /. knows this.
/.? It seems more suited for some AOL support board.
Should this article be on
I'll probably get laughed at for this, but I thought I'd use this opportunity to get some advice, on something that I have been wondering about lately
I recently switched from XP to Win 7 after the XP got raped bad by a virus (my family did it!). I still decided against an anti-virus as I hate them, but to try and minimize the chance of this happening again I decided to use privilege separation this time around. i.e I'm writing this post from a non-privileged user account, and I type the admin password 50 times a day for all sorts of installations, configuration settings, etc.
My question is: how (un?)safe is a Windows 7 box running under a non-privileged account?
sad to say but this stuff is all to common
i just had "vuse" want to install MS windows AV software on my LINUX install .
"I don't pitch OpenSUSE Linux to my friends, i let Microsoft do it for me
If you have a laptop, the internet is not necessarily ubiquitous. And if your battery life is so bad that you absolutely must be tethered to an outlet, you should think about getting a new one.
The flurry of popup windows you get when an AV expires, along with all the dire warnings from Windows Security Center, won't leave you in any doubt about the status of your antivirus. No email required.
The bigger the vendor, the more "Insert credit card now!" message you'll get.
No sig today...
If you receive an e-mail with a subject of Badtimes, delete it immediately WITHOUT READING IT. This is the most DANGEROUS e-mail virus ever.
It will rewrite your hard drive and scramble any disks that are even close to your computer. It will recalibrate your freezer's coolness setting so all your ice cream melts. It will demagnetize the strips on all your credit cards, screw up the tracking on your VCR, and use subspace field harmonics to render any CDs you try to play unreadable.
It will give your ex-boy/girlfriend/ex-husband/wife your new phone number. It will mix antifreeze into your fishtank. It will drink all your beer and leave its socks out on the coffee table when company comes over. It will put a kitten in the back pocket of your good suit and hide your car keys when you are late for work.
Badtimes will make you fall in love with a penguin. It will give you nightmares about circus midgets. It will pour sugar in your gas tank and shave off both your eyebrows while dating your current boy/girlfriend behind your back and billing the dinner and hotel room to your Visa card.
It moves your car randomly around parking lots so you can't find it. It will tease your dog. It will leave strange messages on your boss's voicemail in your voice. It is insidious and subtle. It is dangerous and terrifying to behold. It is also a rather interesting shade of mauve.
Badtimes will give you Dutch Elm disease. It will leave the toilet seat up. It will make a batch of methamphetamine in your bathtub and leave bacon cooking on the stove while it goes out to chase high school kids with your snowblower.
These are just a few of the signs. Be very, very afraid!
I'm sorry. I'm honestly sorry. Trust me, if we (the techs) could fire the markedroids, they'd be going out the next cannon. And as far as we can overload said cannon without endangering human life (markedroids are NOT human).
The whole scaremongering bothers us the most. Trust me on that one. Because when we, the ones who do actually know when something really is bloody dangerous, cry bloody murder over a security threat, nobody listens anymore.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
OK, it's bad enough when people write or say virii, but vira? Really?
This was once a well known form of extortion, principally of small business owners. While it may still exist, this Internet version seems to have eclipsed it. Crime marches on.
So you're trying to tell me that McAfee has their marketing department send out emails, but doesn't have them make decision about branding?
Tell me, just why do you think McAfee chose red as their "goddamned branding color"?
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Windows is fixed, all right. When you get the users fixed so they don't click on anything promising them dancing bunnies, I'll go out of business.
I'm 35 now. I'm pretty sure I can stay in anti malware 'til I retire...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
seriously, after all the ranting about mcafee being ambiguous and misleading, he himself says "oh and btw, surun[or something equally exotic sounding] is a great and powerful tool." at this point of time the best recommendation to a windows user regarding malware protection is ms se. i'm really surprised to see that se has not become the dominant antivirus. but now i know that its because of people like the author, who is either an asshole or an idiot.
Wealth is the gift that keeps on giving.
I'm convinced Kdawson killed Timothy in his sleep and has been posting as him for quite some time.
I gave up on the paid AV's. Even when you find a good clean one, they end up making it BLOATED by throwing in the kitchen sink. I don't visit/download crap, behind a router & firewall, have a couple anti-malware software I run on demand. Anyone that gets a virus these days isn't being smart.
Yet they are a perfect example of the schizophrenic nature of our legislators:
Yet,
Imagen how many more cities, counties and states would have to declare bankruptcy if everybody stopped smoking tomorrow.
And ye shall know the truth, and the truth shall make you free.
John 8:32(King James Version)
A shame you posted as AC - I would have modded you up.
Yes, of course malware will run on Linux. And, you do point out that the malware was installed from a subverted "trusted source".
You also remind me that I've been stupid sometimes. I've been lazy, and failed to double check the md5 checksums of tarballs on occasion. With that Unreal story in mind, maybe I'll be less lazy in the future. Thanks for the reminder, Mr. Coward.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
McAfee are going in for the hardsell. At work our enterprise uses McAfee Anti-virus products. They've had add-ons to IE and Firefox for some time, but the latest automatic updates were ridiculous. They've added a McAfee toolbar WHICH TAKES UP AN ENTIRE LINE of screen space just to list a little red/green McAfee button. Firefox already lists McAfee as a "problematic extension" but doesn't mention the wasted space problem: http://kb.mozillazine.org/Problematic_extensions
It doesn't affect Chrome. Ironically one of Chrome's selling points it makes maximum use of available screen space. McAfee now makes that even more true!
I very rarely send out emails to multiple parties, and I never send out something worthy of a Snopes review. But I did send out a mass email containing the link from TFA, even to some who already understood what it explained. They could use it to explain to others, the inherent un-trustworthiness of commercial AV "providers."
A shame you posted as AC - I would have modded you up.
Yes, of course malware will run on Linux. And, you do point out that the malware was installed from a subverted "trusted source".
You also remind me that I've been stupid sometimes. I've been lazy, and failed to double check the md5 checksums of tarballs on occasion. With that Unreal story in mind, maybe I'll be less lazy in the future. Thanks for the reminder, Mr. Coward.
As a Linux user myself, I forget about how possible it is too. Would explain the new (that I've noticed) function in Ubuntu 10.04 that marks any program downloaded from a non-trusted as Non-Executable (you can make it executable by right-clicking it and checking the Executable box under Property-Permissions) to prevent you from blindly installing possible malware. Reminds me of Android's way of programs, preventing you from installing anything randomly unless you at least somewhat understand it might be bad to just install anything.
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
The article mostly ignores the text of the add, which is also manipulative (in the ways many ads are). For instance, "McAfee would like to ensure you continue to enjoy a fast and safe online experience" implies your internet will slow down or be scarily unsafe without their product. "We do care about your security" tries to demolish negative views of large companies by putting on a human face. The ad follows up with a friendly special deal (just for everyone): "we would like to offer ... protection ... at a very competitive price: ... 50% off". They don't give price comparisons justifying their use of "competitive", either. They slip the assertion at the end of a sentence that has another idea as its focus in the hopes you'll just accept that their price is in fact competitive. That manipulation is probably the most clever device in the ad.
One thing that struck me as improbable was that the full price the ad quotes is 49.98 pounds, which happens to be neatly divisible by 2. It seems as if the full price was calibrated to be cut in half just so ads could say "50% off" instead of the messier "nearly 50% off", or similar. The ad finishes with a list including some scary words (anti... "virus", "spam", and "spyware") followed by the comforting thought that their product "preserves you and your computer from the most dangerous online threats." At the bottom, they add a sense of urgency to accepting their offer: "Offer expires 31 December 2009," so you don't put off renewing your subscription.
It's speculation, but I don't think a single part of that ad was written with the motivation of actually helping users. Every part of it is dripping with pretty transparent manipulation with the clear motivation of getting you to buy, buy, buy.
Not having AV is just like having unprotected sex, she could be infecting other people all the time.
Keeping your comp clean is more like being a responsible adult in this community, get her a free AV, they are out there. ClamAV, AVG, etc.
This is the sig that says NI (again)
Unless you've been living under a rock for the last 10 years, you'll know that while malware in Windows can spread when the user inadvertently executes something (which Linux does protect you against), it also frequently spreads by tricking the user into thinking they want to execute it (which Linux can't protect against) or taking advantages of security holes (which Linux can't protect against).
It only pains me to see you've been modded +5.
Incidentally, what would happen if you downloaded and ran (through wine) malware.exe on a linux machine?
I've always wondered about that, I mean it runs and replicates the windows directory structure just fine.
Admit nothing. Deny Everything. Make Counter-accusations.
it also frequently spreads by tricking the user into thinking they want to execute it (which Linux can't protect against)
Thats why I wrote that 'preventing you from installing anything randomly unless you at least somewhat understand it might be bad to just install anything'. Its a warning to basic users that this isn't a trusted program from the safer channels and your taking your own risks installing it. If the user is tricked into installing it anyways even after having to go around such a warning then it's their fault and there isn't much you could do. Not everything you download from the internet isn't going to be good for your computer, but not everything you download will be bad either. By at least taking these steps to help prevent against problems like these (while offering a wide selection of pre-approved software like those found in the Ubuntu Software Centre) it only helps the user I see. Sure it's a minor annoyance to have to keep checking the box to install whatever you want, but you still have that freedom while beginners are given a good, solid warning. And I feel that this is a much better approach to software security then Windows annoying 'Are you sure you want to do this?' warnings as there are safe, pre-approved selections (that a free so it's not someone trying to make the biggest kickback).
As for security holes, there is only so much that can be done. In Ubuntu I have a Update Program that updates both the OS and programs that were installed from the Ubuntu Software Centre. I can also (following very basic instructions on many sites) have it update software from other locations I feel are safe. While security can never be perfect (history shows this time and time again), there are steps that can be taken to help improve it and I feel many of these steps are taken in Linux.
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
It seems absolutly counter intuitive to say that a user running a Windows OS shouldn't use an anti-virus program. Yet, some of the comments in this thread, and many articles at dedoimedo.com are saying that their use is uncalled for. That's hard to believe. The malware writers aren't passivly waiting for users to visit their sites or download infected software. A review of honeypot statistics will verify this.
But why? Stating that "You don't need an anti-virus in Windows" is intreging. But, statements like this need to be backed up. Otherwise, its just an opinion without foundation.
I would love to run my XP system without the use of an AV program. I'd uninstall the one I have now if:
Depends on how sophisticated the malware is, really. And, it also depends on how your Wine bottles are set up. Installing malware to it's own bottle would allow it almost no resources to work with. Installing to your "main" default bottle would provide a lot of resources, with their potential exploits. Of course, even with a rather sophisticated malware, and a lot of resources in the Wine bottle to which it was installed, you can just kill the process at any time. I've not yet seen the malware that can fool the various Linux resource monitors, like they can fool Task Manager.
To date, the worst malware that I've seen run on Linux are browser hijacks. The kind that grab your browser, runs a fake security scan, and tells you that you have various infection on Drive C:/ And, I've been Rickrolled. Running Noscript pretty much takes care of that nonsense, though.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Unless you've been living under a rock for the last 10 years, you'll know that both Windows and Linux protect against inadvertent execution - they use different methods, but that doesn't mean Windows doesn't have protection, and it doesn't mean Linux is foolproof.
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
I think you're not getting the rather veiled point of my comment: the machine is not infected.
The anti-virus industry feeds off the rather well-founded paranoia of geeks who surf infected porn sites all day. Just because *your* machine would get shot to hell after a couple of hours of *your* browsing habits, doesn't mean everyone else's does, and I think I can prove it.
I'll put it to you this way: try telling an LA Harley rider to wear a helmet. See what they say about that.
"And the meaning of words; when they cease to function; when will it start worrying you?"
I think your ignorance is showing instead of me not getting any veiled or not points.
You do not NEED to browse to get infected.
Some years ago I installed a PC, hooked it up to the internet to get drivers and within seconds I had the MS-Blast worm, no browsing needed.
With all due respect, this type of thing is my job, I know what I am talking about.
And please do not imply anything about my browsing habits without any evidence. Online porn got boring many many years ago, it's just pneumatics after a while.
This is the sig that says NI (again)
Wait, are you stating that ubuntu has modified the default web browsers to explicitly make some files downloaded executable? Seriously, wtf? You should *always* be forced to manually flip the permissions on a downloaded file to make it executable. That you are getting excited that some things downloaded *aren't* executable worries me.