Tearing Apart a Hard-Sell Anti-Virus Ad

climenole writes "I came across an email sent by a security vendor, reminding me, no urging me with the liver-transplant sort of urgency, to renew my subscription to their product, lest my pixels perish. I spent a minute or two staring at the email, thinking about all the poor souls out there who do not have the comfort of being a geek and who may actually take the advertisement seriously." That led to this insightful deconstruction of these over-the-top ads, the kind that make it hard to keep straight the malware makers and the anti-malware makers.

So you know they're there

[calmofthestorm]

Friend of mine has the most annoying product ever. Whenever it updates itself, it plays a recording of a voice saying "virus database updated". So we'll just be sitting there and hear that. Since a well-functioning anti-virus just does its thing without bugging the user for the most part, the ones that are for profit have to make themselves loudly obvious and play up the threat level (not to imply there isn't one of course).

I'm not convinced anti-viruses are any better than snake oil, really. Some like Norton are basically viri themselves, slowing your system to a crawl, and all they can do is look for fingerprints of known viri. Sure they can occasionally be bandaids on a sucking chest wound, but the main key to windows security is to not expect it, stay updated, avoid IE, and not run random programs strangers email you. Sure there might be a 0 day in your browser or mail client that causes something like a picture to execute code, but those aren't the main uses.

*gets off rantbox*

Re:So you know they're there

[UNHOLYwoo]

So you're refusing to like a product because of it's default settings? Good luck in life being the guy that won't buy a car because he doesn't know (or care to know) how to adjust the seat.

Re:So you know they're there

[Mad+Merlin]

The core problem is that security is only good security when it's transparent to the user. Of course, users won't buy products that appear to do nothing for them (even if they did actually work perfectly well), thus vendors are forced to produce bad software so that people will buy it.

Re:So you know they're there

[The+Grim+Reefer2]

Whenever it updates itself, it plays a recording of a voice saying "virus database updated". So we'll just be sitting there and hear that. Since a well-functioning anti-virus just does its thing without bugging the user for the most part, the ones that are for profit have to make themselves loudly obvious and play up the threat level (not to imply there isn't one of course).

As other said, it sounds like Avast, and is a easy enough default to change. BTW, while they do sell it, there is also a free version for non-commercial users. Frankly the free version of Avast seems to do a better job than Norton and McAfee by far and IME better than NOD32 and Kaspersky.

Re:So you know they're there

[MoonBuggy]

Friend of mine has the most annoying product ever. Whenever it updates itself, it plays a recording of a voice saying "virus database updated". So we'll just be sitting there and hear that.

Yes, but it also gives you the opportunity to say "Thank you, computer, that will be all" like you're in Star Trek.

Wait... What do you mean I'm the only one who does that? Guys?

Re:So you know they're there

[bendodge]

While I think it's atrocious that Windows has to have a third-party layer akin to the FDA to keep users from getting waylaid by malicious code, I'm a little surprised that you think Avast is better than NOD32 or Kaspersky. The most recent AV-Comparatives report is rather unflattering to Avast. I'm personally a NOD32 (ESET) fan.

http://www.av-comparatives.org/images/stories/test/ondret/avc_report26.pdf

Re:So you know they're there

[The+Grim+Reefer2]

I guess it all depends on what you expect an "anti-virus" program to do. I'm only concerned with Avast looking for viruses and none of the other things listed in the link you posted. ESET detected 183 viruses vs. 182 by Avast, which is virtually identical. Kapersky only detected 105, which makes Avast better in my mind.

I pretty much gave up on NOD32 on my work system when it got hit with Winfixer and ESET missed it. Spybot had no problems with it though and also detected several hundred other trojans that NOD32 missed.

In regards to worms, I rely on Zone Alarm and a hardware firewall.

I guess the difference is that I am not looking for a all encompassing security solution as IME there really isn't one short of turning off all network connectivity.

And I totally agree with you that it's ridiculous that all of this third party software is needed just to keep a Windows system functional.

Re:So you know they're there

[cgenman]

I'd say about a quarter of the completely messed up machines I've seen have come from AntiVirus software that went rogue and deleted large chunks of the system. The only systems that I've had to entirely re-flash were from said destructive AV software. And all of those were either McAfee or Norton.

Re:So you know they're there

[Pharmboy]

While I think it's atrocious that Windows has to have a third-party layer

They don't. I have been using MS Security Essentials for a year now, on several XP, Vista (ugh) and W7 boxes (over a dozen). Uses less resources than even AVG, and haven't had a single virus yet, even with all the stupid browsing that gets done by users. And it is free.

It is sad that you need AV, but at least it is now free, good quality (relatively speaking) and works as good as or better than the average. Of course, I still would rather we switched the whole office to Linux or BSD, but if you have to use Windows, you don't have to use a 3rd party AV solution.

Re:So you know they're there

[st0nes]

viri

Viruses please. And calluses, octopuses, platypuses, polypuses. Thank you, that is all.

Re:So you know they're there

[El_Oscuro]

I have my computer set to say "Just what do you think you are doing, Dave?" when I reboot it.

Re:Obligatory.

Malware on Linux? That's unpossible!
http://forums.unrealircd.com/viewtopic.php?t=6562

Spam exclusion

Little known, though highly comical peice of info, is back in the day the McAfee spam filter constantly triggered on the McAfee advertising emails. You'd think the marketing guys would have figured out their techniques needed adjustment... but instead the smart ones at the top demanded a fix... so the engineers built an exclusion into the software for anything coming from the company... becuase clearly that was the right course of action. I'm not at all surprised their 'emails' can't be distinguished from Phishing spam after all these years.

McAfee is for noobs

[kaptink]

McAfee is for those who have no idea and therefore the warnings make perfect sense. Ethically wrong, sure. Its been made up by the marketing department with the sole purpose of getting the likely clueless user to cough up. And that i'm sure they do. Tobacco causes cancer yet cigarette companies will still do whatever they can to flog their products to anyone who will buy them. It doesnt mean its right. What do you think about Microsofts 'Windows Genuine Advantage' program? It does absolutely nothing for the user but certainly helps Microsoft make a lot more money. Yet its pushed as giving some sort of advantage.

Re:McAfee is for noobs

[Shadow+of+Eternity]

It's not any more ethically wrong than anything else. The REAL problem are those "YOU HAVE A VIRUS CLICK HERE" fake-windows webpages. Even if you know better sometimes finding a way out can be tricky because the fuckers have started opening "OK" boxes over where you'd normally click to close the window.

Re:McAfee is for noobs

[Smauler]

Tobacco causes cancer yet cigarette companies will still do whatever they can to flog their products to anyone who will buy them. It doesnt mean its right.

I enjoy tobacco and don't mind dying younger. They're not doing anything wrong by supplying what I ask of them. They might be abusing dimlows but that does not mean they're abusing me. What they are doing _is_ right. AV vendors on the other hand only have a business from abusing dimlows - anyone who knows anything about it will generally either use free AV or none at all.

Re:McAfee is for noobs

[astar]

do you wish to assert that your dying young is not going to have some sort of social cost I have to pick up?

I question the dimbulb argument. I have a very nice IQ. No doubt I am a dimbulb here and there anyway. But tobacco has often been a big issue in my life. And I come out of an era where tobacco company out and out lies are well established. I wonder how I should process your remarks.

Lastly your argument would also support giving out smack on the street corner. Somehow, I suspect that you would find making that argument inconvenient.

Takes one to know one.

[cacba]

You seem to use the exact same hyperbole that you claim is so harmful. This is a needless article that is preaching to the choir.

Seriously, there are blatant scams advertised and you write an article about a product emphasizing its need.

Re:Takes one to know one.

[mindbrane]

This is a needless article that is preaching to the choir.

uhmmm, ya maybe, but me, i think of it as more of a contrapuntal invention inviting the choir to join in, but then, that's how i see most /. articles.

Also obligatory:

[Nimey]

Kill yourself.

Advertisers are deceptive assholes, film at 11

[sootman]

Right up there with those assholes at Domain Registry of America.

Re:Advertisers are deceptive assholes, film at 11

[zzyzyx]

Their letters come with prepaid reply envelopes. I always take some time to inform them of the other great opportunities I receive along in the mail.

Re:It's not "insightful"

[insertwackynamehere]

You aren't the person AV expiration warnings are targets at then. You successfully ran a network connected Windows machine for years and only got one virus, so by definition you aren't the targeted audience.

What a waste

[X3J11]

The one time I actually decide to RTFA, and it's this? What a waste. It probably would have been more amusing if he'd dissected some of the spam e-mails waiting in his inbox.

Buy a new and modish watch today, and become recognizable tomorrow. If you are looking for fancy and cheap jewelry, you just found it.

a click away

That's just a sample of the excitement waiting in mine!

Why pay?

[owlnation]

If you must use windows, I totally fail to understand why you need to PAY to use anti-virus. There's plenty of free anti-virus software out there that is better than any of the racketeering paid-for versions. I would have thought every single reader of /. knows this.

Should this article be on /.? It seems more suited for some AOL support board.

Re:Windows privelege separation

[Nimey]

My previous post didn't take into account privilege-escalation attacks, of which there may be some undiscovered/unreported ones.

It's best to have multiple layers of defense.

Expired AVs do popups, not emails

[Joce640k]

The flurry of popup windows you get when an AV expires, along with all the dire warnings from Windows Security Center, won't leave you in any doubt about the status of your antivirus. No email required.

The bigger the vendor, the more "Insert credit card now!" message you'll get.

Danger! Bad Times Virus!!!

[swamp_ig]

If you receive an e-mail with a subject of Badtimes, delete it immediately WITHOUT READING IT. This is the most DANGEROUS e-mail virus ever.

It will rewrite your hard drive and scramble any disks that are even close to your computer. It will recalibrate your freezer's coolness setting so all your ice cream melts. It will demagnetize the strips on all your credit cards, screw up the tracking on your VCR, and use subspace field harmonics to render any CDs you try to play unreadable.

It will give your ex-boy/girlfriend/ex-husband/wife your new phone number. It will mix antifreeze into your fishtank. It will drink all your beer and leave its socks out on the coffee table when company comes over. It will put a kitten in the back pocket of your good suit and hide your car keys when you are late for work.

Badtimes will make you fall in love with a penguin. It will give you nightmares about circus midgets. It will pour sugar in your gas tank and shave off both your eyebrows while dating your current boy/girlfriend behind your back and billing the dinner and hotel room to your Visa card.

It moves your car randomly around parking lots so you can't find it. It will tease your dog. It will leave strange messages on your boss's voicemail in your voice. It is insidious and subtle. It is dangerous and terrifying to behold. It is also a rather interesting shade of mauve.

Badtimes will give you Dutch Elm disease. It will leave the toilet seat up. It will make a batch of methamphetamine in your bathtub and leave bacon cooking on the stove while it goes out to chase high school kids with your snowblower.

These are just a few of the signs. Be very, very afraid!

Re:Danger! Bad Times Virus!!!

[Hurricane78]

What? Badtimes is my Ex??

Re:Obligatory.

OK, it's bad enough when people write or say virii, but vira? Really?

Re:Obligatory.

[Runaway1956]

A shame you posted as AC - I would have modded you up.

Yes, of course malware will run on Linux. And, you do point out that the malware was installed from a subverted "trusted source".

You also remind me that I've been stupid sometimes. I've been lazy, and failed to double check the md5 checksums of tarballs on occasion. With that Unreal story in mind, maybe I'll be less lazy in the future. Thanks for the reminder, Mr. Coward.

Re:It's not "insightful"

[shog9]

I don't get it ... he's complaining that an e-mail shouts "Danger Will Robbins!" because his AV subscription has expired? On Windows that's a situation to be concerned about.

He's complaining that an email from the vendor of a AV product he tried three years ago is shouting assertions as to the status of his AV protection. This is just a little different from an AV vendor reminding you to renew your subscription - it's probably a safe bet that he's moved on to a different AV product.

...doesn't an expired AV subscription warrant some sort of urgency being conveyed in the message?

The day/week/month after the subscription expired? Maybe. But three years later? That's getting disturbingly close to those sketchy telemarketers who call up to warn you that the warranty on your automobile is expiring. Whether or not you have a warranty. Or an automobile.

Is it somewhat unrealistic to expect advertisers to reign in the hyperbole? Yeah, sadly, it is. But at the same time, it does speak rather poorly of a company that purports to be a legitimate vendor of security software, when they're using tactics very similar to those used by the producers of software they should be protecting you from.

Re:It's not "insightful"

[shog9]

It's the principle of the thing. You go to a doctor, and you expect to see him wash his hands and/or put on gloves before examining you. Never mind that it's unnecessary most of the time; it should be a habit for him, simply because sometimes it matters, and when it matters it matters a lot.

Seeing a security company take a cavalier attitude with your information - even when that information probably isn't terribly sensitive and probably won't get intercepted anyway doesn't inspire confidence in their dedication to protecting your information in the scenarios where it does matter.

Re:Obligatory.

[Kitkoan]

A shame you posted as AC - I would have modded you up.

Yes, of course malware will run on Linux. And, you do point out that the malware was installed from a subverted "trusted source".

You also remind me that I've been stupid sometimes. I've been lazy, and failed to double check the md5 checksums of tarballs on occasion. With that Unreal story in mind, maybe I'll be less lazy in the future. Thanks for the reminder, Mr. Coward.

As a Linux user myself, I forget about how possible it is too. Would explain the new (that I've noticed) function in Ubuntu 10.04 that marks any program downloaded from a non-trusted as Non-Executable (you can make it executable by right-clicking it and checking the Executable box under Property-Permissions) to prevent you from blindly installing possible malware. Reminds me of Android's way of programs, preventing you from installing anything randomly unless you at least somewhat understand it might be bad to just install anything.

Re:3 Years with No AV

[Killjoy_NL]

Not having AV is just like having unprotected sex, she could be infecting other people all the time.

Keeping your comp clean is more like being a responsible adult in this community, get her a free AV, they are out there. ClamAV, AVG, etc.

Re:Obligatory.

[jimicus]

Unless you've been living under a rock for the last 10 years, you'll know that while malware in Windows can spread when the user inadvertently executes something (which Linux does protect you against), it also frequently spreads by tricking the user into thinking they want to execute it (which Linux can't protect against) or taking advantages of security holes (which Linux can't protect against).

It only pains me to see you've been modded +5.

Re:It's not "insightful"

[tuxgeek]

My guess is that you didn't RTFA
The author downloaded a free version of McAfee 3 years ago as a test/review of their product
He wasn't a paying customer

McAfee recently spammed him with the ad in question
Carefully crafted fear as a marketing tool is the issue at hand here

Maybe next time you should RTFA before posting .. then your post wouldn't sound stupid
No flame intended, just a suggestion ..