Slashdot Mirror
Symantec Sued For Running Fake "Scareware" Scans
Sparrowvsrevolution writes "James Gross, a resident of Washington State, filed what he intends to be a class action lawsuit against Symantec in a Northern District California court Tuesday, claiming that Symantec defrauds consumers by running fake scans on their machines, with results designed to bully users into upgrading to a paid version of the company's software. 'The scareware does not conduct any actual diagnostic testing on the computer,' the complaint reads. 'Instead, Symantec intentionally designed its scareware to invariably report, in an extremely ominous manner, that harmful errors, privacy risks, and other computer problems exist on the user's PC, regardless of the real condition of the consumer's computer.' Symantec denies those claims, but it has a history of using fear mongering tactics to bump up its sales. A notice it showed in 2010 to users whose subscriptions were ending in 2010 warned that 'cyber-criminals are about to clean out your bank account...Protect yourself now, or beg for mercy.'"
There are perfectly good free antivirus programs now, if you want to run one. Most of them are actually better than the non-free antivirus programs. Microsoft Security Essentials is a free antivirus that is many times better than Symantec's and others. On top of that it is lightweight and fast, compared to the bloated crap that Norton is. It works on slower machines too, detects more viruses and doesn't break stuff.
On 8 June 2011, PC Advisor listed Microsoft Security Essentials 2.0 in its article Five of the Best Free Security Suites, which included Avast! 6 Free Edition, Comodo Antivirus 5.4, AVG Antivirus 2011 and BitDefender Total Security 2012 Beta.
So choose from those. Personally I don't run any antivirus as I don't download random executables from the internet nor surf to random porn sites or download from torrent sites. Windows is also secure now a days, and I haven't had a single malware in like 10 years.
They are merely respectable businessmen, offering you their protection...
We used to use Symantic antivirus at my workplace. Then we had a virus outbreak. Not a cutting-edge virus, just an old USB-stick-infector that symantic was powerless against. Didn't even detect it half the time, and when it did failed to do anything. So we use Sophos now.
A number of users reported that after installing Symantec anti-viruses their system was slower, could detect false-positives, or worse, hang.
So in a way, the "scareware" is not totally wrong, as it warns about a degraded system - which may well be the case after the full product is installed.
Slashdot, fix the reply notifications... You won't get away with it...
This isn't Symantec AV we all know and love(!) at the heart of these complaints. It's one of those "sooper-registry-optimizer!!11" programs that Symantec apparently offer.
Now, these strike me as somewhat odd. I've been dealing with Windows in one form or another since before the registry even existed - and I've never yet seen one of these tools do the slightest bit of good. Sure, if there's a specific problem (eg. malware) then a specific tool to deal with it may well help - but every single generic registry optimiser I've ever seen seems to be optimised to suck £20-30 from the customer's bank account rather than actually help them in any way.
I know I'm in the minority of computer users (though not on slashdot) in that I understand how to keep my computer clean by not running completely unknown programs and all that stuff, and as such haven't had a single virus hit in at least 5 years - the last one was on windows 95 and it got past Norton, but I noticed it in the task manager and manually cleaned the system. But, to be safe, I do have antivirus - ClamWin. It only runs when I tell it to, it's free, and doesn't sit in memory popping up ZOMG YOU'RE GONNA DIE! messages all the time like a Symantec product. Sure, I don't have the absolutely latest cutting edge virus defs or heuristics, but I just have it run overnight once a week or force a check on downloaded things, and if I was really suspicious about something going on I'd try to manually clean it or just reformat the system partition. And if I'm really suspicious of a program and it doesn't show up for ClamWin, I'll copy it to my linux box and run it in wine. I guess what I'm trying to say is that a properly configured firewall and brain replaces 99% of the need for antivirus.
As I said though, I wouldn't expect the majority of computer users to have any sort of security awareness, and there is something to be said for a company-wide uniform system, so I guess that's why Symantec and McAfee still have business. I hope this suit sticks though - for someone who keeps backups and is able to reimage their system when needed, the time their programs waste over the course of your computer's lifetime is much more than the downtime that a virus causes (once again, for a computer-savvy user). Coupled with their fear-mongering ads, I view them as more underhanded than Bonzai Buddy.
I think it is ironic that Microsoft fights like hell to make sure the customer is using their browser but leaves the security of the system "up to the user". As far as being scary: Is it any more frightning than the OS itself telling you, "Your unprotected! Get AV now!"? Why the hell would they want to frighten customers about the security of the system instead of just adding it to the OS?!? Insanity!
Having to work for a living is the root of all evil.
...AV companies are in cahoots with the majority of virus writers.
The strongest evidence prior to this incident has been the high profile nature of virus attacks. If I were a virus writer my goal would be to remain as undetectable as possible. I would not want the presence of my program to be noticed as it did its work. The fact that the majority of viruses make their presence quite noticeable implies to me that my recognition of their presence is the goal. It is the problem, reaction, solution paradigm applied to making AV software more ubiquitous and profitable. That these same majority of viruses are written to be nigh impossible to manually remove further supports this hypothesis.
The average home user is IGNORANT. Business types embrace marketers who "sell the sizzle" when in the computer world, it's highly regrettable. MSE may or may not be the best free AV. What makes it marketable, including from the IT point of view, is that it keeps it's mouth shut and doesn't ask those IGNORANT users questions that they can't ever hope to make an informed choice on. In that respect, it's a winner. Perhaps it will strip out something that a user deliberately installed but for the most part, I find it agreeable although I still favor Avast as long as I can turn off the web page rating snap-in which isn't even compatible with iGoogle.
PROVE IT!
I've been running Symantec for a very long time and while there "Norton 360" and some of the other products are bloated the Antivirus runs great. I do realize that its not the choice of many but I have NEVER seen the aforementioned "tatic" describe. So unless you got legitimate reference and articles to point out this is a mere trolling story line.
They just figured, with everyone being Idiocracy-level retarded nowadays, why not profit from the idiocy and help natural selection out a bit.
After all, it works great for Microsoft, Apple, "our" governments, and really just about every other company.
That's why I stopped hating Microsoft: The more they make their users suffer, more of an advantage using Linux offers, and the more natural selection helps us out. Brain-up, or die out. Of course nobody wants to admit that, and everybody wants to stay politically correct, so the idiots don't catch on. So I will probably get modded to hell. But I'll still say it: That's a Good Thing.
Measuring an antivirus (actually, "security suite") package by the performance of its runtime is kinda like measuring the effectiveness of a crane by its top-speed on the road, regardless of it only being able to life 1kg.
How many times have a come across a PC that cannot get on the internet as norton has borked winsock and other things in windows, and if you try to uninstall without the norton removal tool, good f-ing luck on getting on the internet to download the tool. norton just loves to bork internet connections worse than most viri
Symantec is scaring people to get what they want. So by definition, Symantec are terrorists.
This is really shocking! AV companies never try to scare users to buy into self-fed SCAM business.
Well, dunno about him, but before I gave in and tried an antivirus again around Christmas, I can say that everything loaded much faster, there was no suspicious modem activity, there were no popups telling me to pay X dollars or else, and haven't had any funny charges on my credit card either.
Honestly, if I had any malware, it was far better behaved than any antivirus I've ever seen. From a simple pragmatic point of view, I should have stuck with that.
A polar bear is a cartesian bear after a coordinate transform.
Sorry to hear of your parent's troubles, buy I have to ask - Did you set up their user account as "administrator" or "user"? If you set it up as admin, I'd suggest YOU made the error that caused the problem.
Unix/Linux/OS X users normally run with limited permissions to prevent system changes, and require a password to make such changes. This serves as a warning and usually works pretty good. Windows can and should be set for limited user rights, with a separate user account for admin. Yeah, some stupid apps that exist that require admin rights, but you simply set the shortcut properties to "run as admin" or use alternant credentials.
I file bug reports when an app requires admin permissions. Good companies fix it, bad ones blow it off.
I have an elderly (85) neighbor who just wants to be able to read his email and look at the pictures of his grandchildren that their parents send. He was constantly being confused and alarmed by scareware and Windows security announcements, offers to upgrade Hotmail, etc, which occured practically every time he turned on his machine. I put him on Ubuntu, set it up to go straight to his Gmail when he powered on, and to never announce upgrades (he's happy with status quo as long as he has a working machine). Problem solved, he's happy as a clam, and loved how much faster his computer ran.
I'm wondering if this charge is legally provable. I would think the complainant would have to do some reverse engineering of Symantec's software and reverse engineering is most likely forbidden by Symantec's EULA. Without this, how can it be proven what Symantec did or did not find on the computer? Even then, does anyone think it can be made understandable to a judge or 12 jurors?
"Love is a familiar; Love is a devil: there is no evil angel but Love." --William Shakespeare ('Love's Labors Lost')
While I agree Symantec products are awful bloatware that infect many OEM and the PCs of other less educated souls, I do enjoy their malware analysis blog. Being someone who's studying reverse engineering, kernel debugging, and advanced PC troubleshooting (investigating BSODs, hangs, etc.), I enjoy reading about the dissection of malware and their approach in doing so. Indeed, there are many malware analysis blogs out there that offer the same, but I can't see how someone wouldn't appreciate more, regardless of whoever it is that's providing it.
I've been expecting something like this for years, now, and I'm a bit pleased that somebody is finally calling Symantec on their scare tactics. Pretty-much since Norton was sold to them and became Symantec Anti-Virus (or whatever they call it these days), their products have been crap. ...Expensive crap. ...Expensive crap that scares its users into paying more. ...For products that slow things down and don't generally work.
So there.
What makes Microsoft Security Essentials better than Avast?
An entire page of people "in the know" talking about their favorite "scanner" of encrypted, closed source who-knows-what.
Reality: nothing protects against a zero-day exploit. So you're all full of crap.
I'm astounded at all the people complaining that even lightweight, free AV packages use too great a proportion of their box's resources. In an age where 16GB of DDR3 can be found for under $100, and a six core >3.0 GHZ proc for less than $200, can we really still blame the AV package? I routinely scan, run CPU intensive scientific stuff, and play games (mostly skyrim, SWTOR nowadays) all at the same time, and I'll be damned if I've ever noticed chugging.
no it's not kinda like it. Unless you planning to drive your crane very far 8 hours a day.
I gotta ask, has any other /.er actually run NAV in the past year? I installed N360 v3 on my father-in-law's computer. Install took 1 minute (no reboot) about 8 months ago and he has not gotten a single virus, malware, spyware, anything since. Prior while running Mcaffee I had to clean up some event at least once per month.
I am not saying NAV is perfect (or even the best) but please stop basing your opinion on a product from 5 years ago. As for a free product from Microsoft? To me that's asking the fox to guard your hen house.
It's more like Toyota selling a car that can have all it's controls and engine reconfigured from a panel stuck on the outside of the car. [...] I'd blame the car first for having such a stupid feature
So you're blaming Toyota for putting a hood (BrE: bonnet) on its cars. Or what do I misunderstand?
There is no better anti-virus then good solid, tested backups.
How do you test backups for viruses? In fact, how do you test backups at all without having an identical computer to which to restore the system?
I'll hazard a guess that it was probably Windows XP RTM, no router. Not everybody has the foresight to burn a slipstreamed operating system install disc whenever a new service pack comes out. This is especially true when the only backup copy of the operating system that came on the computer was a "recovery partition" that just unzips the initial out-of-box image onto the main partition, blowing away both the operating system and the users' documents.
I thought Microsoft would make it easy to answer the question "What will it cost to protect the eleventh PC in this organization?" but I couldn't make head nor tail of Microsoft's PDF document describing pricing for Forefront.
Never used AV at home before. Right now we only have 4 boxes running and only the one my daughter uses has Security Essentials on it. The others have nothing. In 20 years I've never gotten a virus on a home system. But I run all updates, I shut off the internet when we don't use it and I don't allow unapproved installs or downloads by my wife or kid. Oddly enough, being a responsible computer user results in having a much faster system. Call me a fool, but a 20 year track record of clean systems without AV and I'd say the fool is the guy paying $25 a year to protect themselves from viruses that are probably already patched in the OS.
Regardless of what corporate AV suite you intend to go with (Symantec or not), be sure you have at least 4GB of RAM installed for all Windows 7 workstations
How would one use more than 3 GB of RAM with a device for which a 64-bit driver is either unavailable or defective? An example of the latter is Zebra's LP2844 printer driver, which wouldn't work with my company's in-house label printing software.
How many people in the future will want general purpose computers? I think the market will always be big enough
Other people disagree, claiming that everybody except people who develop computer software for a living can get by with an appliance. Take a moment to compare the price of a video game console to the price of a video game console devkit to see how the market might not always be big enough.
Granted, appliance type computers may still be cheaper, but I don't think they'll ever be an order of magnitude cheaper. Perhaps only around 1/2 the price.
You can't compile iPad applications on an iPad, even if it's been docked to an external keyboard and monitor. You need a Mac ($649) and an iOS developer subscription ($396 over the expected four-year service life of an iPad). The combination of an iPad, a Mac, and an iOS developer subscription isn't exactly ten times an iPad alone, but it's close to three times. It comes a bit closer to an order of magnitude for the difference between an iPod touch and what is needed to program it, and that's assuming that Apple doesn't eliminate Mac models when expanding its iOS product line.
Just like your comment is actually immune to common sense. Douchebag.
I've found that Microsoft Security Essentials is no better than ESET NOD32 for anti-virus protection.
Then again, against anything but zero-day exploits, a properly configured OS and good browsing practices would make a potato a good AV solution.
For home users, sure. For work, corporate, enterprise, no. I've tested many, and I've yet to find anything better than ESET NOD32 for medium to large networks. Centralized updates, controls, new client/config installation pushing (push a button, and the client is remotely installed on a machine), logs, alerts, reports, etc. etc. etc.
This is a monumental difference between stand alone "good" and network "good".
I8-D
Just ran the registry mechanic myself, it does what it says. I verified that it was detecting legitimate registry errors (really more like artifacts) from programs I'd uninstalled. It also did a fine job of erasing all of my internet history which I really would have preferred it notify me about first.
Microsoft is the only antivirus software provider for the Windows platform that: 1) Has a vested interest in keeping viruses off the O/S. 2) No vested interest in the continued existence of viruses. Everybody else is pretty much like a pharmaceutical company. There is a lot more profit to be had selling you pills and band-aids the rest of your life than actually curing the disease. Actually fixing the problem is not in their best interest. AFAICT this holds true for all of the platforms. Anybody profiting from the problem has a vested interest in the problem continuing to exist.
Yeah, since I started using Adblock Plus, I stopped being bombarded with infections - scans (AdAware, Spybot) turned up less and less, to the point where I ran them less and less.
I listen to both RIAA and non-RIAA stuff if I like the music, tangential business/politics nonwithstanding.
Anyone remember when Norton was Norton and it was cool?
Taking the term anti-virus to the most base view that normal users see ( covering malware, scareware, rootkits and browser hijacks - all supposedly covered by these AV products).
I have seen to many times when free or commercial anti-virus fails to detect stuff coming in. One gets complaints that machines are not working so well anymore and upon examination you discover that despite AV software the machine has been usurped in some manner by some kind of *ware, often even having ( well in older versions anyway) disabled the AV, free or commercial.
I am going to paint with a broad brush here, but in my experience traveling salespeople's laptops have been the ones that have opened my eyes the most about these kind of issues. I swear, salespeople (not all) must be in competition as to who can show off the most crap to each other, in the process exposing their machines.
Thank god for smart phones replacing some of these laptops and so far having less issues in this regard. So far anyway...
They both will go where no sane business has gone before in order to extract money from customers. It's my sincere hope neither is around in a couple years. Shame on any computer vendor that includes Symantec on their PC.
Of course, this used to be Norton's, which was also CRAP.
I installed Norton Tools on my Win95 box back in the day. Went to defrag the disk and it did this really, really, dumb thing. It defragged the FAT first, and then it started to actually move the files around.
When the program shot itself in the head about halfway through, and crashed the whole system, it came back up unbootable.
I realized then that Peter Norton sucks RANCID ASS at software design. Symantec seems to be continuing that tradition of SUCKING RANCID ASS at software design.
All in all, I will never EVER buy any of that half-baked, kindergarten-grade, fuck-off lazy SHIT SYMANTEC SOFTWARE again.
And I strongly recommend anyone else stay away from it like it is the fucking Ebola virus.
One day I feel I'm ahead of the wheel / the next it's rolling over me / I can get back on / I can get back on
I can come up with a few:
Google: Join G+ now, or you will find yourself extinct on the Internet!
Facebook: Sign up now, or you will die in a friendless, dark basement.
Twitter: Follow us now, if you don't want to be followed!
who the hell is symantec, and what is this "antivirus" thing?
- linux user
FUCK Symantec!!!
Assholes. They deserve to be fired. Out of a cannon. Into the sun.
MSE doesn't waste resources trying to mask the perfectly fine Windows chrome.
Windows chrome isn't "perfectly fine" if changes to the chrome confuse noobs. I've seen people get confused by the difference in chrome between Windows XP Luna and the default theme on Xubuntu, which is roughly the same amount of change as between Windows XP Luna and Windows Vista/7 Aero. Masking the Windows chrome allows one set of screenshots in the manual to cover both Windows XP Luna and Windows Vista/7 Aero without confusing noobs.
[MSE] also will never bother you about upgrading to the paid version
That's because the paid version's pricing info is so hard to find. Once you install it on ten computers in your organization, you're supposed to buy Forefront Endpoint before installing it on an eleventh, but Google led to me to a page on Microsoft's web site to the effect "call for pricing".
People still use Windows????
you had me at #!
Anti virus software companies sell fear and pray on the ignorance of modern computer users. Americans are so used to living in fear of everything and need to be told that if you do not buy their software, hackers will get into your computer and steal all your money, rape your family pets and then turn it into a bomb to kill you. (The computer, not your pets)
As free solutions get better and better, and the business model of pay solutions start to fail, we get to a point, I think, where the only alternative is to start writing viruses. It's definitely in their area of expertise.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Kidding. However I could hear my in-laws saying that.
Actually I'd prefer to rape your mum while you watched.
Peter Norton must be rolling in the grave of what used to be his company.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
Lately i have found some auto-installed "online scanner" from Symantec on various computers my relatives use, and it seems to operate in the most intrusive way possible. It basically pops up ever so often, nagging the user to run a update and scan but if a issue is found one must buy a full license from Symantec to get any removal going.
Setting it to keep quiet seems to do nothing, and uninstalling it just means it will show up again in short order.
My suspicion is that it comes down via facebook somehow, but i have never hung around long enough to see it actually install.
comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
You click on a deb download it and open it with the automated installer.
You enter your password and now your computer has had a root kit installed easier than Windows.
There was no warning, no UAC and no virus scanner.
You all put too much faith in Linux.
IDS and IPS solutions such as Tripwire
Uncomplicated Firewall (UFW)
Modem lights don't flash when I am not using the Internet
Wireshark can monitor each machine externally
No unwanted services (deamons) run
No unwanted ports open
The machine does not slow down over time
MD5 and SHA sums verify file integrity
I can (and do) read the source code
I control the updates
I can boot off of an external disk and look for viruses and rootkits, but what is the point?
Those who don't know use Windows. Those who know better use Apple, Those who know best use Linux. For everyone else there's BSD.
Got tired of paying yearly subscription fees, so I've spent over 10 years developing my own scanner (http://www.tot-ltd.org).
http://www.tot-ltd.org/blacklist/0-F - Info obtained from pretty much any site that makes honeynet/honeypot, malware md5 information available online.
http://www.tot-ltd.org/whitelist/0-F - Info obtained from National Software Resourece Library (http://www.nsrl.nist.gov/) public archive, along with archives of legit applications and os installation files.
http://www.tot-ltd.org/installation.db - Default malware install paths/file names.
http://www.tot-ltd.org/ports/ - Default trojan ports. Only returns a positive hit if file fails detection in the blacklist database.
http://www.tot-ltd.org/API/ API based heuristics.
And there's more info at http://www.tot-ltd.org/techinf.html and http://www.tot-ltd.org/techinf2.html
Name me 1 (one) website where I can get my Linux box infected with 1 click.
Just one, please, I implore you. I REALLY want to see this. I always hear how "it is of course also possible with Linux", but I have never, ever, since 2002 when I started using Linux, seen such a website.
So PLEASE show it to me.
Otherwise shut the fuck up.
If I were to write a virus or other malware these days, that would be one of the first things I would consider getting right.
:)
Scanning network traffic is a waste of time. A proper virus these days would do things by sending and receiving in bursts.. maybe on PCs left on 24/7 in the middle of the night for example. I run a CheckPoint Firewall-1 based router in my house with live virus and malware scanning and frankly, I still run antivirus on my PC. It's free and it does actually work.
There are some great programs which don't have to be installed which simply list the executables, DLLs and etc running on your PC and checks against online databases to see if the file and/or version that is running is legit. It doesn't do anything, but in a matter of less than a minute each month, you can just check your machine for anything naughty.
I on the other hand have two kids who use all my computers, so I run anti-virus because you can't be sure when the next time they'll try the new "Pokemon Forever free game!!!!" is. Then before you know it, there will be pictures of my kids playing games on a Saturday morning in their underwear in perverts hands all over the world. For that reason I actually also put tape over the webcams on my laptops which don't have sliding shutters. I'm not paranoid, but I do know that if you were that kind of perv, you'd only need to show up on Google for a matter of an hour or two under the name Pokemon if you're into little boys or Beiber if you're into girls and you can flood a server with endless images. Anti-virus wouldn't even catch that. Now that I think of it... I think I'll write a nifty little generic webcam driver which will simulate the shutter by posting a default image there instead... something like road kill. Then when you specifically enable the web camera, it would switch back. I bet I could sell that for $1 a copy for Windows or Mac
How is $649 + $396 = 3 * $499?
iPad appliance: $499
iPad with peripherals needed to turn it into a general-purpose computer: $499 + $649 + $396
Also, you're talking about the cost of appliances VS the cost developing for the appliances. Which is quite different the cost of appliances VS the cost of a general purpose computer than can run programs written on the same machine.
Until the iPad had a serious general-purpose competitor (Honeycomb tablets), the only notable iPad-sized general-purpose computer was an iPad plus what amounted to a peripheral used to develop for it. It didn't really matter that the Mac was a general-purpose computer by itself because Apple refuses to sell a Mac in an iPad form factor. The iPod touch 2 lasted even longer (three years) before a serious general-purpose competitor (Galaxy Player) arrived.