Symantec Sued For Running Fake "Scareware" Scans

Sparrowvsrevolution writes "James Gross, a resident of Washington State, filed what he intends to be a class action lawsuit against Symantec in a Northern District California court Tuesday, claiming that Symantec defrauds consumers by running fake scans on their machines, with results designed to bully users into upgrading to a paid version of the company's software. 'The scareware does not conduct any actual diagnostic testing on the computer,' the complaint reads. 'Instead, Symantec intentionally designed its scareware to invariably report, in an extremely ominous manner, that harmful errors, privacy risks, and other computer problems exist on the user's PC, regardless of the real condition of the consumer's computer.' Symantec denies those claims, but it has a history of using fear mongering tactics to bump up its sales. A notice it showed in 2010 to users whose subscriptions were ending in 2010 warned that 'cyber-criminals are about to clean out your bank account...Protect yourself now, or beg for mercy.'"

Re:Who still pays for antivirus?

[PenquinCoder]

I'm not exactly pro-MS but DTech is correct. MSE is actually one of the better anti-virus programs for windows these days. You can't fault MS for snapping up a company/product that worked well and then including it for free in their (buggy and insecure) OS. It's at least one thing they did right.

Re:Who still pays for antivirus?

[gman003]

Dude, no, seriously. MSE actually works, and well. From personal experience, I can say that it's faster and more effective than AVG; I've heard from others that they switched to it from Avast, Comodo and Kaspersky.

Everything else Microsoft makes is pretty crap - Windows, Office, IIS, MSN - but apparently even Microsoft crap is better than every other antivirus' crap.

It's not AV at the heart of this complaint.

[jimicus]

This isn't Symantec AV we all know and love(!) at the heart of these complaints. It's one of those "sooper-registry-optimizer!!11" programs that Symantec apparently offer.

Now, these strike me as somewhat odd. I've been dealing with Windows in one form or another since before the registry even existed - and I've never yet seen one of these tools do the slightest bit of good. Sure, if there's a specific problem (eg. malware) then a specific tool to deal with it may well help - but every single generic registry optimiser I've ever seen seems to be optimised to suck £20-30 from the customer's bank account rather than actually help them in any way.

Re:Who still pays for antivirus?

[Lehk228]

NOD32 is a pretty damned good bar to be "no better than"

for my own home use i use MSE now, back when i was in college and had to connect to the campus network i did run NOD32 and it's damned good, but i can't justify spending money on antivirus when i haven't gotten a virus in years since i am somehow resistant to the urge to download and run OMGPONIESALSONAKEDLADIES.AVI.EXE

Re:Who still pays for antivirus?

[jank1887]

true. I had Symantec corp. edition at home via the office's home use license. bogged down my older pc, older laptop, and netbook. switched all to MSE, and now rarely see Process Explorer showing the AV chewing up 25-50% of the cpu for extended periods of time.

I fear, however, that part of this is the usual Windows integration problem. Office suites that can't access the same undocumented API's as MS Office, running slower as a result, etc. So, once again MS offers a free version of something to undermine another software category (stacker, diskdoubler, defrag, etc.), and whether or not its a better product, it runs better with the software. At least right now this is an optional download, so it's harder to throw the monopoly abuse thing at them on this one.

Re:Who still pays for antivirus?

Actually -

Microsoft Security Essentials is available for small businesses with up to 10 PCs. If your business has more than 10 PCs, you can protect them with Microsoft Forefront Endpoint Protection.

Since you mention "Enterprise versions of Windows 7" you likely are in an environment that is some order of magnitude larger but many small businesses run it.

Re:Who still pays for antivirus?

[L4t3r4lu5]

That is exactly what I meant. It's no better than NOD32, and NOD32 is, as far as I'm concerned, the best.

I was almost sad when I stopped sending them my £40 per year for Smart Security.

Re:Who still pays for antivirus?

Do you run your linux box as root? No??? Then why run all your Windows 7 executeables as administrator? Either you secured your parents box, or they were logged in with an administrator account and clicked through the UAC pop up without reading or without understanding.

Even if you're logged in as an administrator, that UAC pop up is the "user confirmation prompt" that you were just screaming about not having. And no recovery path? How do you think you'd recover from an rm -rf if you were logged into your term as root?

The fact of the matter is, there was a failure to secure the computer. Judging by how you described the situation and the support structure, that failure was yours.

Re:Who still pays for antivirus?

Depending on the specific situation you may be violating the EULA for those clients. MSE is only for use in a business with up to 10 PCs. After that you need to use and pay for Forefront.

Re:Who still pays for antivirus?

[TheLink]

I'd argue its because Microsoft has access to their own source-code

I doubt that's the real reason, because both Norton and McAfee used to be good. Then they started to be bigger resource hogs than most viruses they were protecting you against (yes there's other evil stuff that viruses do but keep reading...).

I definitely recall Norton/Symantec making systems more unstable or causing problems:
1) Years ago someone had problems fetching email, turns out Norton/Symantec was intercepting the POP3 connections to scan for viruses (ok fine), but some email was causing it to _crash_ (extremely not fine- especially if it turns out to be an exploitable code-injection bug).

2) In 2007: http://www.pcworld.com/article/132050/millions_of_chinese_hit_by_symantec_foulup.html

A virus-signature update delivered automatically to users on Friday about 1:00 a.m. Beijing time to Symantec's antivirus scanning engine mistook two critical system files of the Simplified Chinese edition of Windows XP Service Pack 2 for a Trojan horse. The two files -- netapi32.dll and lsasrv.dll -- were falsely quarantined, which in turn crippled Windows. If an affected PC was rebooted, Windows failed on start-up and showed only a blue screen.

3) On 28 January 2010, Symantec's antivirus software marked Spotify as a Trojan horse, disabling the software across millions of computers

Nowadays depending on the situation I use Avira, MSE or "no antivirus". My personal home machine has no AV installed. My browser runs as a different user process. If I have something that I think is suspicious, I check it with VirusTotal ( https://www.virustotal.com/ ). So far I have had no problems doing things this way, so I don't see the point of constantly incurring the extra CPU/resource costs by installing a real-time virus scanner on my machine. For the past few decades my personal machines have never been infected by a virus. I may have downloaded viruses or malware, but I have not been infected by them. And yes I do know how to check.

A dedicated attacker might be able to put malware on my machine, but they'd know how to use virustotal or similar too, and still be able to plant malware on my machine even if I was running AV software (and wasting resources).

The machine my parents use on the other hand has AV software installed (not Symantec, nor McAfee).

AV software is not needed everywhere and in some cases if installed, it indicates someone is doing something wrong: http://xkcd.com/463/

Given my track record vs Symantec's track record, I would prefer to take the bet that Symantec is more likely to screw up my system than a virus. There have been other antivirus vendors with similar screw ups too.

On a related note, Trend screwed up notoriously - albeit with its antispam product, blocking the letter "p".

For these reasons production servers and other important machines that are well secured and managed should NOT have antivirus software installed.

If they are so poorly managed that the operators are much more likely to screw up than the AV vendors, then sure, install AV, but that means you are doing something wrong.

MSE vs. Avast

[tepples]

What makes Microsoft Security Essentials better than Avast?

Re:MSE vs. Avast

[lgarner]

Avast has started popping up "alerts" trying to get you to buy their paid product. Of course, the product is free and they're allowed to try to convert some of the free users to paid ones, but I'm also allowed to switch AV products. The Avast popups just got too annoying.

Re:Who still pays for antivirus?

I'm sorry you got infected. However you are spreading FUD. MSE is, of course, a real time scanner. Anything that is written to the file system is scanned first; just like with other real time scanners. Now, there probably wasn't a definition for the particular nasty you got infected with at the time. Either that, or you turned off real time - which MSE warns you not to do.

Re:Who still pays for antivirus?

[hairyfeet]

The problem I have with MSE is thus: As someone who actually has to clean up the machines when they get infected I've found MSE to frankly not be great on anything but Windows 7, on XP its especially horrid as it doesn't seem to catch drivebys until its too late and the code has been loaded on the page which means its shutting the barn after the horse has done left. On Win 7 its good, low resource, and quiet, but on XP it just doesn't do the drivebys well at all. Kicks ass on downloads, not great anywhere else. Now with MSFT concentrating on Win 7/8 that's understandable but not something an XP owner wants to hear. Maybe its because it was never supposed to be an AV, it was originally Giant AntiSpy before getting bought by MSFT, whatever the reason it just doesn't seem to stop real world threats like it does in those tests.

What I've found with my real world customers is either Comodo CIS or Avast free both seem to do the trick and stop bugs cold in ALL the currently supported versions of Windows. Comodo is better if you want to tweak as it has much deeper controls than Avast, i also prefer it on XP because its built in firewall is a hell of a lot better than the default XP one, whereas Avast is better on Vista/7 if you know the person and can tweak the user case on initial install. By that I mean if you have someone that ONLY surfs, but doesn't use P2P or IM? You can easily kill the P2P and IM shields and thus lower its footprint. Its also better for the more clueless customers as its UI is a lot simpler than Comodo.

That said on my gamer box and my netbook I use MSE simply because i'm not going anywhere where it will actually be used since i'm not running P2P or IM or going to anywhere other than a handful of well known sites such as Slashdot so its a security blanket more than anything and since i've found it does less it uses less when it comes to resources. But in my own personal tests with some off lease office boxes 6 months ago when i purposely went to some "Hey look at teh titties!" topsites both MSE and AVG got pwned, while Comodo and Avast didn't. So I'd say it depends on the user, if you are like me and practice safe computing? MSE is the lowest resource and doesn't cause a speed hit when gaming. you got users that are more likely to click things or just wander around the web? Then Avast or Comodo either one will be a better fit. I've been using Comodo on XP and Avast on Vista/7 for nearly 3 years now and knock on wood not a single box brought back infected, which is saying something when you have those "Punch the clown win an iPhone" click happy users.