Symantec Sued For Running Fake "Scareware" Scans

Sparrowvsrevolution writes "James Gross, a resident of Washington State, filed what he intends to be a class action lawsuit against Symantec in a Northern District California court Tuesday, claiming that Symantec defrauds consumers by running fake scans on their machines, with results designed to bully users into upgrading to a paid version of the company's software. 'The scareware does not conduct any actual diagnostic testing on the computer,' the complaint reads. 'Instead, Symantec intentionally designed its scareware to invariably report, in an extremely ominous manner, that harmful errors, privacy risks, and other computer problems exist on the user's PC, regardless of the real condition of the consumer's computer.' Symantec denies those claims, but it has a history of using fear mongering tactics to bump up its sales. A notice it showed in 2010 to users whose subscriptions were ending in 2010 warned that 'cyber-criminals are about to clean out your bank account...Protect yourself now, or beg for mercy.'"

Who still pays for antivirus?

[DCTech]

There are perfectly good free antivirus programs now, if you want to run one. Most of them are actually better than the non-free antivirus programs. Microsoft Security Essentials is a free antivirus that is many times better than Symantec's and others. On top of that it is lightweight and fast, compared to the bloated crap that Norton is. It works on slower machines too, detects more viruses and doesn't break stuff.

On 8 June 2011, PC Advisor listed Microsoft Security Essentials 2.0 in its article Five of the Best Free Security Suites, which included Avast! 6 Free Edition, Comodo Antivirus 5.4, AVG Antivirus 2011 and BitDefender Total Security 2012 Beta.

So choose from those. Personally I don't run any antivirus as I don't download random executables from the internet nor surf to random porn sites or download from torrent sites. Windows is also secure now a days, and I haven't had a single malware in like 10 years.

Re:Who still pays for antivirus?

"Personally I don't run any antivirus... ...and I haven't had a single malware in like 10 years"

How can you know that for sure?

Re:Who still pays for antivirus?

[PenquinCoder]

I'm not exactly pro-MS but DTech is correct. MSE is actually one of the better anti-virus programs for windows these days. You can't fault MS for snapping up a company/product that worked well and then including it for free in their (buggy and insecure) OS. It's at least one thing they did right.

Re:Who still pays for antivirus?

[kvvbassboy]

But MSE is the best free antivirus software.

Re:Who still pays for antivirus?

[gman003]

Dude, no, seriously. MSE actually works, and well. From personal experience, I can say that it's faster and more effective than AVG; I've heard from others that they switched to it from Avast, Comodo and Kaspersky.

Everything else Microsoft makes is pretty crap - Windows, Office, IIS, MSN - but apparently even Microsoft crap is better than every other antivirus' crap.

Re:Who still pays for antivirus?

[fuzzyfuzzyfungus]

In this case, his advice is probably correct for those running Windows at home, fluff about his decade-long record of having no viruses he has noticed aside. Security Essentials is 'free' as in 'bundled with your Windows license'; but if you've got a Windows license already, that makes it cheaper than anything that costs additional money and the products that do make a very, very, very, tepid case for why you should purchase them.

In corporate use, it isn't as clear; because ForeFront sure as hell isn't free, or necessarily superior to competing products(no matter how cynical you attempt to be, it is shocking how much more awful AV software is when aimed at intimidating some poor end user who got 90 days 'free' with their best buy box, rather than it is aimed at IT and therefore mostly keeps its mouth shut on the client side, so even some of the vendors that you wouldn't touch with somebody else's 10-foot pole at home can at least produce unobtrusive software for corporate.)

Re:Who still pays for antivirus?

[RogueyWon]

I'm by no means anti-MS (Windows 7 is the only OS on both of my home PCs these days), but I'd take issue with the blanket statement that "Windows is also secure now a days".

I went through endless fun thanks to the parents just before Christmas. They fell for one of those fake-DHL-shipping-notice spam e-mails (as they were actually expecting a Christmas-related DHL delivery) and, with a single click, landed their (3 month old, Norton-"protected", UAC-enabled) PC with one of the most vicious and persistent pieces of malware I've ever seen. One of those fake-AV-software ransomware jobbies. It disabled Norton, blocked Windows from accessing DVD and USB drives, did a dns redirect so that browsers could only access the ransomware page and all kinds of crap. I've sorted these before by doing a system restore from a backup point in safe-mode, but even though the restore allegedly worked in this case, the malware persisted through it quite happily. Ended up doing a full format and reinstall of Windows.

Now, there are a lot of failures in this story; my parents for clicking the link, Norton for being completely (and predictably) useless and so on. But I still have problems with describing an OS where a single click can land you in that kind of mess as "secure".

Personally, I use AVG, on the grounds that it provides some basic protection and makes my system chug less than most of its rivals. But it's by no means infallible, throws up a depressing number of false positives and the only way to avoid infection does appear to be abject paranoia (which is now my default policy).

Re:Who still pays for antivirus?

You don't have to "willingly" download applications/.exe's to get malware, trojans, etc. There's a lot more out there then you think....

Re:Who still pays for antivirus?

[Joce640k]

I haven't had a single malware in like 10 years.

How do you know? It's not like they pop up a window to let you know if the installation was successful.

Re:Who still pays for antivirus?

[ledow]

Or his browser and security settings don't let him run random malware served from a bog-standard compromised website.

I run Opera, I've yet to see it run a program from the net without my permission. Hell, I have to press play just to make Java/Flash things load because I switched on the option to do so.

Just because *you* are an arse that lets their computer auto-execute anything in a browser (and is subject to lots of known attack vectors over things like Javascript, etc.) doesn't mean the rest of us are.

A browser renders HTML and Javascript. Inside that scope, it's pretty hard to compromise a machine without using some seriously crappy code (i.e. a dodgy browser). Any decent security-conscious user would not be executing plugins of any kind by default or using an insecure browser and would, by that token, be incredibly unlikely to get any sort of infection even if they do browse sites that momentarily have infectious malware added to them (or, more likely, their ad networks, which should also be blocked from running Flash/Java if you have any brains).

Catching a virus is 99% user error and only about 1% software problems. Granted that 1% still exists but if you control the 99% (i.e. DON'T RUN THINGS FROM THE INTERNET) you can be pretty sure of a decently secure experience.

Signed,

A person who's been on the Internet for 15 years without AV and whose only infection came from a CD copy of a SiN game demo from a published magazine (and which was spotted instantly from unusual computer activity even if there was no "obvious" sign of infection) when I was a careless teenager.

Hell, where I work, people send me their infected USB keys for virus checking and data retrieval. If you use your brain, have a good OS, have good settings, turn off autorun and only interact with the files by command line (i.e. "attrib -r -s -h *", "del suspicious_file_x", etc.) then it's virtually impossible to get infected by that avenue, and many others.

And running an AV *scan* occasionally to verify cleanliness is very different to having something intercept every disk read/write, process execution, HTTP packet, etc. in order to keep you safe.

Hell, my "antivirus" is virustotal.com. If I see something dodgy, I know if it's malware and cleanse it myself as necessary, but if I'm just suspicious of something that seems innocent I upload it there and let them tell me if they know about it. I still don't blindly trust anything they verify as clean, but hell, you can't do much more to protect yourself than that (and, no, constant read-intercepts of everything on the disk is still a stupid idea that adds zero additional security).

Re:Who still pays for antivirus?

[DCTech]

I'm by no means anti-MS (Windows 7 is the only OS on both of my home PCs these days), but I'd take issue with the blanket statement that "Windows is also secure now a days".

I went through endless fun thanks to the parents just before Christmas. They fell for one of those fake-DHL-shipping-notice spam e-mails (as they were actually expecting a Christmas-related DHL delivery) and, with a single click, landed their (3 month old, Norton-"protected", UAC-enabled) PC with one of the most vicious and persistent pieces of malware I've ever seen.

So in reality, it isn't Windows problem, it's user problem. Unless you run walled garden like iOS on your PC, there will always be malware that will try to trick user, regardless of OS. It works in Windows, it works in OSX and it works in Linux.

Re:Who still pays for antivirus?

[Riceballsan]

Noscript, adblock etc... there are dozens of ways to dodge things and reduce the chance of infection to .0000001% (there is always the hypothetical possibility of some rogue worm that breaks past a firewall/router, or heck someone breaking into your house and manually running a virus on your system with physical access). If this guy was endorsing or recommending the average joe to use no AV you would have valid reason to insult him, he isn't. Plenty of very tech savy people can safely use a computer with no AV with little to no risk, while many tech unsavy people will fill a computer with virus no matter what protection they use.

Re:Who still pays for antivirus?

[L4t3r4lu5]

I've found that Microsoft Security Essentials is no better than ESET NOD32 for anti-virus protection.

Then again, against anything but zero-day exploits, a properly configured OS and good browsing practices would make a potato a good AV solution.

Re:Who still pays for antivirus?

Since you have worked at a PC shop, and are therefore are presumably a leading information security expert and well versed in the intricacies of system security auditing, please explain this process of manually checking for viruses. Given the general nature of how serious compromises actually work, this revolutionary method will be game changing. I am eagerly awaiting my subscription to your newsletter.

In all seriousness, I hope you didn't bill hours for your security expertise, although sadly I suspect you did.

Re:Who still pays for antivirus?

[Lehk228]

NOD32 is a pretty damned good bar to be "no better than"

for my own home use i use MSE now, back when i was in college and had to connect to the campus network i did run NOD32 and it's damned good, but i can't justify spending money on antivirus when i haven't gotten a virus in years since i am somehow resistant to the urge to download and run OMGPONIESALSONAKEDLADIES.AVI.EXE

Re:Who still pays for antivirus?

[RogueyWon]

No, I think there's a problem with an OS that allows for that degree of fundamental OS modification on the basis of a single click with no user confirmation prompts and no recovery path.

Re:Who still pays for antivirus?

[ElectricTurtle]

Autoruns, Rootkit Revealer. Granted, those are technically not for commercial use (giggle), but seriously, for SOHO stuff you really don't need anything else. This isn't exactly some DoD classified network here.

Re:Who still pays for antivirus?

[somersault]

The vast majority of malware isn't that clever or "serious" in the sense that it's written to specifically target you or a company you work for - so you could check running tasks and a few places in the registry for any dubious executables. You could check if the machine has any unexplained network activity. You might not be able to completely remove the malware just by looking in those places, but you have a good chance of detecting symptoms.

I don't think your sarcasm was particularly warranted in this situation.

Re:Who still pays for antivirus?

[jank1887]

true. I had Symantec corp. edition at home via the office's home use license. bogged down my older pc, older laptop, and netbook. switched all to MSE, and now rarely see Process Explorer showing the AV chewing up 25-50% of the cpu for extended periods of time.

I fear, however, that part of this is the usual Windows integration problem. Office suites that can't access the same undocumented API's as MS Office, running slower as a result, etc. So, once again MS offers a free version of something to undermine another software category (stacker, diskdoubler, defrag, etc.), and whether or not its a better product, it runs better with the software. At least right now this is an optional download, so it's harder to throw the monopoly abuse thing at them on this one.

Re:Who still pays for antivirus?

[Kjella]

Either it was more than a single click, or your story is missing a remote code execution exploit in the browser/plugins they were using. You're in trouble on any OS if you have hostile code running, even if it's just under a normal user account.

Re:Who still pays for antivirus?

Just because *you* are an arse that lets their computer auto-execute anything in a browser

While this guy phrased it somewhat abrasively, his point is valid. Damn close to 100% of infections are the result of requesting that some untrustworthy code run on your machine. Letting any random sites you surf to run even purportedly 'sandboxed' code on your machine is simply idiotic - the last few decades have proven that - and anyone who hasn't learned that by 2012 deserves what they get. It's like living in the slums with and letting crack gangs into your house just because they ask. You might be surprised the first time they trash the place, but after the 20th time, after the 200th time, after reading about it over and over in the mass media, why would you keep inviting them in? Fine, be surprised they trashed your place the first time, but after decades and popular cultural awareness and headlines on CNN and the BBC, you have to be pretty damn stupid if you are still asking them into your house, when you have complete control over whether they can come in or not.

People seem bewildered by this simple concept: don't run random shit from the internet, whether or not it's in a browser sandbox, and 99.999% chance you won't get jacked. If you go running every javascript any site in the whole world asks you to, well... don't act surprised by the results when something manages to escape the sandbox. PEBKAC.

It's 2012. Personal computing started taking off in the 1970's. That's 35 or 40 years now, and computers are a critical and pervasive part of modern society. There's no more excuse for not knowing how to use one.

Re:Who still pays for antivirus?

[elsurexiste]

Not hard at all in most cases. Check the list of running processes for strange names. Run msconfig and check for weird programs starting up. Boot with a pen drive linux distribution, let's say Backtrack. Delete the offending files and clean those scripts. Rinse and repeat.

Re:Who still pays for antivirus?

[Kjella]

Plenty of very tech savy people can safely use a computer with no AV with little to no risk,

Possibly, but how could you tell? I'd say even the tech savvy should run anti-virus for verification, not for prevention. Of course there's the "trash my computer" or "hold it hostage" viruses that you'd know pretty fast after the fact, but there's also the "use as spambot", "steal my identity", "use as DDoS bot", "steal game accounts and CC info", "empty online bank account", "turn into illegal dumpsite", "use as platform for hacking" and probably some more varieties that won't announce themselves.

I know many people use it thoughtlessly, if the virus scanner doesn't find a virus they'll run anything. I only run things from places I think is safe, so if I ever had the AV stop me that'd be a surprise but if you don't use it at all I think you're arrogant. I'd maybe make a small exception if you're running only open source software from your distro's repositories, but any time you're running binaries, particularly binaries downloaded from the Internet then please give me my AV. Even if the software is perfectly legitimate there's no knowing if someone has compromised their download servers.

Re:Who still pays for antivirus?

[datavirtue]

On XP machines the use of root kits that utilize VSS are common. Don't bother trying to remove or use system restore since they are controlling the PC from that vector. Full wipe is the most efficient method of mitigation. On Windows 7 there are not as many root kits that work since Microsoft has implemented a randomized memory placement of juicy services (the old root kits can't take hold because their target memory location is invalid).

Re:Who still pays for antivirus?

[ArsenneLupin]

... would make a potato a good AV solution.

Yes, my pet potato is my best friend and protector. I call him Balthazar...

Re:Who still pays for antivirus?

[CastrTroy]

Well, I guess it all depends on whether or not we want to be running general purpose computers or not. You don't see many people complaining about viruses on the XBox or other game consoles. You don't see people getting viruses on the iPhone/iPad. But then, you can't run whichever program you want on these platforms. You can only run MS (or Apple, or whoever) approved software, unless you take some huge steps to go around the protections. The computer can either be designed to run whatever program the user tells it to run, or it can be made secure so that it only runs signed software. You can't have it both ways. Sadly, I think for this reason, that the majority of the population will go to appliance type computers in the next decade, where the downside is that they can only run signed software from specific markets, but with the upside that they will never get a virus. Those of us who know what we are doing can run general purpose computers, possibly without even having virus scanners, because we are smart enough to not even run the virus in the first place. I have MS Security Essentials, and if it wasn't so lean, I wouldn't run it, because it hasn't detected a single thing in the 2 years I've been using it. Because I know not to download and run crap off the internet.

Re:Who still pays for antivirus?

[dkleinsc]

There's also the GPL-licensed ClamAV, which has a Windows version called Immunet which isn't half-bad.

Re:Who still pays for antivirus?

[Lonewolf666]

I agree, if you know what you are doing, it helps a lot. In over 10 years on the Internet, mostly without AV software, I had one infection and that was from a remote execution exploit (MSBLAST on Windows 2000).
Even that one could have been avoided, I simply forgot to install the post-SP4 hotfixes after reinstalling the PC due to a non-virus related issue.

My safety measures at the moment consist of

- a DSL router with "lightweight" firewall and NAT - while not a 100% solution, it is better than nothing.

- not using products that have been frequently hacked in the past (except Windows). That means no Internet Explorer and no Outlook.

- generally checking downloads for their file type before opening them. If it is a .com or .exe I did not specifically download, it gets deleted.
      RANT: Especially in this context, fuck Microsoft for making the hiding of file extensions the default in Explorer. I know to switch that off, but for inexperienced users it makes it even easier to fall for "AnnaKournikovaNaked.jpg.exe". /RANT

Re:Who still pays for antivirus?

Actually -

Microsoft Security Essentials is available for small businesses with up to 10 PCs. If your business has more than 10 PCs, you can protect them with Microsoft Forefront Endpoint Protection.

Since you mention "Enterprise versions of Windows 7" you likely are in an environment that is some order of magnitude larger but many small businesses run it.

Re:Who still pays for antivirus?

[L4t3r4lu5]

That is exactly what I meant. It's no better than NOD32, and NOD32 is, as far as I'm concerned, the best.

I was almost sad when I stopped sending them my £40 per year for Smart Security.

Re:Who still pays for antivirus?

[tnk1]

Why would MS work to put AV companies out of business? The reason for MSE is plain: they're embarrassed about the (deserved) reputation of their past OSes in terms of security and needed to address it. These bloated AV programs like Symantec's suite were also bogging down the systems of people who use Windows, which makes Windows seem slow as well. In the end, it was a smart move to get in there and provide an AV that was both useful and mostly unobtrusive. This isn't the browser wars where MS was working to elbow out Netscape in a new area of software; AV companies have had years to make money and get it right and have instead written an expensive, and bloated product in almost all cases.

Re:Who still pays for antivirus?

Do you run your linux box as root? No??? Then why run all your Windows 7 executeables as administrator? Either you secured your parents box, or they were logged in with an administrator account and clicked through the UAC pop up without reading or without understanding.

Even if you're logged in as an administrator, that UAC pop up is the "user confirmation prompt" that you were just screaming about not having. And no recovery path? How do you think you'd recover from an rm -rf if you were logged into your term as root?

The fact of the matter is, there was a failure to secure the computer. Judging by how you described the situation and the support structure, that failure was yours.

Re:Who still pays for antivirus?

Depending on the specific situation you may be violating the EULA for those clients. MSE is only for use in a business with up to 10 PCs. After that you need to use and pay for Forefront.

Re:Who still pays for antivirus?

You just made my point for me. You wouldn't have actually solved the problems at all. If you think "lack of obvious indications that anything is still on the system" qualifies as solving the problem, you're making a living from lying to uninformed customers. Instead, you should be informing your customers of the actual risks involved related to the security of the private (frequently, including financial information) data on their systems.

Do you even try to deal honestly with your customers, or do you prefer to make decisions for them with a bunch of "it's highly technical, you wouldn't understand" hand waving, or perhaps hope they walked in the door informed enough to already know what they truly need? Do you prefer to take the lazy approach of selling snake oil just because "it's cheap enough that they can afford it," instead of maybe coming up with more efficient ways to do things better and less expensively? Do you also have an herbal supplements counter at your checkout, just in case your customers need some trusted home remedies while they're out?

Look, if a PC is compromised, you don't try to "fix it" by removing malware, at least certainly not as the first option. No, you don't even try to get clever and say "hey I'll use this trusted boot CD with malware removal stuff on it," because that's nearly as crappy in a number of cases, and remember that you don't actually know what is on the system, you just know it's compromised and have no way of knowing with any assurance how bad it actually is. You inform the customer that the safest course of action is (1) make a copy of all data on the hard drive, and if they already have known good backups that's even better (2) identify what needs to be kept, (3) nuke and pave the PC with a fresh OS load, (4) scan the living hell out of the customer's data using everything available to you (oh, you didn't really want to bother with checking the data? I've got some PDFs and JPEGs that do nifty tricks, sure do hope there's not any recently crafted stuff on that system), (5) reinstall applications, (6) put the customer's data back on the system.

Or I suppose you can do what a lot of local PC shops do and bill them for 2 to 4 hours of labor to "scan and disinfect" their system in place, because that's gotta be just as good, right? Maybe just charge them a nice flat $49.95 rate for the snake oil services you're rendering, and toss in a sample pack of those herbal supplements for good measure. What could possibly go wrong?

I guess it's easy to claim somebody's on a "high horse" when you're uninformed and/or dishonest. Have a nice day.

Re:Who still pays for antivirus?

[TheLink]

I'd argue its because Microsoft has access to their own source-code

I doubt that's the real reason, because both Norton and McAfee used to be good. Then they started to be bigger resource hogs than most viruses they were protecting you against (yes there's other evil stuff that viruses do but keep reading...).

I definitely recall Norton/Symantec making systems more unstable or causing problems:
1) Years ago someone had problems fetching email, turns out Norton/Symantec was intercepting the POP3 connections to scan for viruses (ok fine), but some email was causing it to _crash_ (extremely not fine- especially if it turns out to be an exploitable code-injection bug).

2) In 2007: http://www.pcworld.com/article/132050/millions_of_chinese_hit_by_symantec_foulup.html

A virus-signature update delivered automatically to users on Friday about 1:00 a.m. Beijing time to Symantec's antivirus scanning engine mistook two critical system files of the Simplified Chinese edition of Windows XP Service Pack 2 for a Trojan horse. The two files -- netapi32.dll and lsasrv.dll -- were falsely quarantined, which in turn crippled Windows. If an affected PC was rebooted, Windows failed on start-up and showed only a blue screen.

3) On 28 January 2010, Symantec's antivirus software marked Spotify as a Trojan horse, disabling the software across millions of computers

Nowadays depending on the situation I use Avira, MSE or "no antivirus". My personal home machine has no AV installed. My browser runs as a different user process. If I have something that I think is suspicious, I check it with VirusTotal ( https://www.virustotal.com/ ). So far I have had no problems doing things this way, so I don't see the point of constantly incurring the extra CPU/resource costs by installing a real-time virus scanner on my machine. For the past few decades my personal machines have never been infected by a virus. I may have downloaded viruses or malware, but I have not been infected by them. And yes I do know how to check.

A dedicated attacker might be able to put malware on my machine, but they'd know how to use virustotal or similar too, and still be able to plant malware on my machine even if I was running AV software (and wasting resources).

The machine my parents use on the other hand has AV software installed (not Symantec, nor McAfee).

AV software is not needed everywhere and in some cases if installed, it indicates someone is doing something wrong: http://xkcd.com/463/

Given my track record vs Symantec's track record, I would prefer to take the bet that Symantec is more likely to screw up my system than a virus. There have been other antivirus vendors with similar screw ups too.

On a related note, Trend screwed up notoriously - albeit with its antispam product, blocking the letter "p".

For these reasons production servers and other important machines that are well secured and managed should NOT have antivirus software installed.

If they are so poorly managed that the operators are much more likely to screw up than the AV vendors, then sure, install AV, but that means you are doing something wrong.

Re:Who still pays for antivirus?

[fast+turtle]

Personally, I like MS Security Essentials as it's about as effective as AVG was. The nice thing is, it ties into Windows Update and does get an update once a month. In fact, I was able to convince a senior friend to pull McAffee from her system (caused to many slowdowns) and installed it. Much better performance for her and it doesn't get in the damn way.

As part of my system security settings, I've enabled DEP for all processes instead of the limited subset that MS enables by default. The interesting thing is, I've only got a single exception listed that is a windows game from 1998 (Call To Power2).

The one thing I do know is that eventually I'll pick up something that infects my system bad enough that the easiest thing is to nuke it from orbit and reinstall. Much faster now that I'm using a bootable 8GB flash drive with Windows on it along with a full copy of all the Updates from MS. This speeds up a reinstall to the next to last patch level before I even allow the computer to connect to the net when it can grab the latest updates and complete the process.

Re:Who still pays for antivirus?

[Billly+Gates]

No you need a real anti virus package like Avast! or MSE if you refuse to have full shield protections.

All it takes is 1 ad with a zero day exploit in flash or javascript to get on your system. It has happened to me twice this year. No I do not click on random shit and everything is up to date. The javascript hack used an IP address therebye bypassing XSS cross domain and openDNS security. Very sneaky.

After your infected your done. I reformat my system as I do banking and student loans on it and can't risk infection. There is no excuse not to run anti virus software in 2012. It is not 2002 where all you need is a hardware firewall and not use IE 6 to magically be 100% secure anymore. Hackers have moved on and target flash, java, and ajax ads to bypass Windows and target all 3 browsers.

Re:Who still pays for antivirus?

[jackbird]

And how many billable hours is that rebuild, when the customer has actual applications installed that Ninite won't load up (say, a full Autodesk Suite, 10 years of Quickbooks versions side-by-side, originally purchased through downloading, or some horrible niche vertical business management app)?

When a new perfectly serviceable desktop runs $400, you end up incentivizing people to throw infected PCs in the trash or simply not repair infected machines. That's crazy.

Re:Who still pays for antivirus?

[director_mr]

Everything else Microsoft makes is pretty crap? Your examples are Windows (7 I presume) and Microsoft Office I'd have to disagree with you about, because I haven't found a better alternative. Windows 7 I find on par with OS X Lion, either can be better than the other depending on what you are doing. And Microsoft Office is tons better than any alternative I know of.

Re:Who still pays for antivirus?

I'm sorry you got infected. However you are spreading FUD. MSE is, of course, a real time scanner. Anything that is written to the file system is scanned first; just like with other real time scanners. Now, there probably wasn't a definition for the particular nasty you got infected with at the time. Either that, or you turned off real time - which MSE warns you not to do.

Re:Who still pays for antivirus?

[L4t3r4lu5]

For clarity; IMHO, NOD32 > MSE > Everything else.

Re:Who still pays for antivirus?

[spire3661]

Noscript and adblock only work for advanced users and can be quite annoying to even that group, not to mention you rob your favorite sites of revenue. I cannot in good conscience use them.

Re:Who still pays for antivirus?

Posting anon due to modding above.

ESET has, for years, offered a guide to prevent such issues with games. I agree with those who say ESET is "the best" in that it's not only effective but really doesn't bog a system down. I still think the value proposition of MSE is great. Most folks just don't need the customization options ESET offers.

Here's the ESET gaming config PDF.

Re:Who still pays for antivirus?

[icebraining]

rm: it is dangerous to operate recursively on `/'
rm: use --no-preserve-root to override this failsafe

Re:Who still pays for antivirus?

[pclminion]

"Full shielding?" what's with the dorky sci-fi talk? Invert the phase polarity and reroute power to the weapons array! Do you call your car the Starship Enterprise as well?

Re:Who still pays for antivirus?

[hairyfeet]

The problem I have with MSE is thus: As someone who actually has to clean up the machines when they get infected I've found MSE to frankly not be great on anything but Windows 7, on XP its especially horrid as it doesn't seem to catch drivebys until its too late and the code has been loaded on the page which means its shutting the barn after the horse has done left. On Win 7 its good, low resource, and quiet, but on XP it just doesn't do the drivebys well at all. Kicks ass on downloads, not great anywhere else. Now with MSFT concentrating on Win 7/8 that's understandable but not something an XP owner wants to hear. Maybe its because it was never supposed to be an AV, it was originally Giant AntiSpy before getting bought by MSFT, whatever the reason it just doesn't seem to stop real world threats like it does in those tests.

What I've found with my real world customers is either Comodo CIS or Avast free both seem to do the trick and stop bugs cold in ALL the currently supported versions of Windows. Comodo is better if you want to tweak as it has much deeper controls than Avast, i also prefer it on XP because its built in firewall is a hell of a lot better than the default XP one, whereas Avast is better on Vista/7 if you know the person and can tweak the user case on initial install. By that I mean if you have someone that ONLY surfs, but doesn't use P2P or IM? You can easily kill the P2P and IM shields and thus lower its footprint. Its also better for the more clueless customers as its UI is a lot simpler than Comodo.

That said on my gamer box and my netbook I use MSE simply because i'm not going anywhere where it will actually be used since i'm not running P2P or IM or going to anywhere other than a handful of well known sites such as Slashdot so its a security blanket more than anything and since i've found it does less it uses less when it comes to resources. But in my own personal tests with some off lease office boxes 6 months ago when i purposely went to some "Hey look at teh titties!" topsites both MSE and AVG got pwned, while Comodo and Avast didn't. So I'd say it depends on the user, if you are like me and practice safe computing? MSE is the lowest resource and doesn't cause a speed hit when gaming. you got users that are more likely to click things or just wander around the web? Then Avast or Comodo either one will be a better fit. I've been using Comodo on XP and Avast on Vista/7 for nearly 3 years now and knock on wood not a single box brought back infected, which is saying something when you have those "Punch the clown win an iPhone" click happy users.

Re:Who still pays for antivirus?

[hairyfeet]

Maybe he just likes their products? So far I've been accused of being a shill for, in no particular order, MSFT, AMD, Comodo, and one who accused me of being a shill for Apple which I thought was particularly funny as the only Apple product I've ever owned is a B&W G3 I have sitting in the closet. If the guy is a shill he'll be modbombed off the planet and that will be that but you can't say for sure someone is a shill just because they like certain products. I mean I've never gotten so much as a sticker from AMD (Come on assholes, at least send me some stickers!) but I've had nothing but good luck with their CPUs and chipsets and think they give the best bang for the buck, so now that's all I ever use in new builds. Comodo is nice enough to give their AV free to business as well as home users and they make some kick ass free stuff like Comodo Time Machine which allows me to walk a customer through fixing a PC so badly broken by their kid the thing wouldn't even boot in under 10 minutes flat so i'm all "Yay Comodo!" but again not so much as a T-shirt.

So instead of spewing the "nigger cocksucker faggot' constantly, aka Troll, shill astroturfer why not simply judge each individual post on its own merits or lack thereof? As I posted earlier while i don't think MSE is a good product for those risky surfers or those on XP it is a decent product and it does seem to always be in the top five so he's speaking the truth there. Now if this were a post on FOSS and he was saying "Use Win 7 and MSE!" that would be a troll, but this is a post about windows AVs so I don't see where his post is anything but on topic.

Personally I think its nice when we can stop with the name calling and simply be geeks, isn't that nice? If what he is posting is bullshit give us some links, tear apart his arguments with rational arguments of your own, this way we can ALL learn and be better informed, isn't that a better way to go?

Re:Who still pays for antivirus?

[default+luser]

Who still pays for antivirus?

People who buy cheap machines from OEMs that come laden with crapware. After the 6 month "free trial" the software pops-up a big glaring "you're not protected anymore please pay" sign, and most people probably give in.

I just encountered TWO different "free trial" antivirus programs installed on a family member's cheap E-Machines POS (they really cashed-in there). I removed both and replaced it with MSE.

The sad thing is, you can get a crapware-free PC, but the price premium is astounding. I'm constantly amazed just how much companies like Symantec pay to put their shitty "free trial that is not a free trial" products on PCs. And since people insist on paying the least they can (insert above family member here), they will always be flooded with crapware.

Re:Who still pays for antivirus?

[default+luser]

Nope, Common Sense 2012 Platinum here. Haven't had any infection in well over half a decade.

You and I used to be on the same page. I was smart and never got infected for years despite having no running virus scanner. I would verify every few months by running an online virus check, and that was that.

But two years ago I started reading about hackers compromising websites and ad networks and injecting their own exploits into an otherwise trusted webpage. Even tools like Noscript couldn't keep you %100 safe because of potential exploits in Javascript and PDF (unless you wanted to live in the dark ages of the web).

No amount of Common Sense could save you from this attack, and you had no idea when it could strike. I installed Microsoft Security Essentials, and I'm glad now that I did: a few months ago it caught a drive-by download exploit from a website I trusted. I'm very happy to have that level of protection on the Wild Wild Web.

Re:Who still pays for antivirus?

[nigelo]

So, once you finally detect that you have some malware (how do you do that, again?) you are ready to go back to some backup that doesn't have the malware (how do you know which backup saveset to pick?) that may be months or years-old.

It sounds to me like you just lost months or years of data and code updates, even if you can guarantee the backup you chose to restore from was good (no malware).

Re:Who still pays for antivirus?

[dasunt]

I will agree that autoruns and a rootkit revealer are great tools.

I'm also fond of searching for other files created at the same time as any viruses found. I prefer to do this from a known-good computer, after manually pulling the drive. This will often find other suspicious files that virus scanners miss. Admittedly, a virus could come along that would change its creation/modfication time, but IME, virus writers don't bother doing this.

I would also add pstools to the list, especially for removal. There are too many viruses that operating with several executables. Make a batch script to: 1. copy notepad.exe to the same directory as the executables. 2. kill the offending virus processes via pskill. 3. rename the virus binary. 4. copy notepad.exe to the virus binary names. Then clean up where the virus is launched from and reboot. If notepad comes up, there's a problem. Again, a virus writer could trivially code around this problem with a hash check of the binary, but it's more trouble than it seems to be worth for virus writers.

Heck, for a "this computer is infected" problem, just search for files created around the time the problem started. The result will often find some of the viruses. Then clear out temp folders under windows, temp flash folders, and the print spool, just for good measure. Also run a rootkit revealer on the drive.

The bigger problem is often the mess that remains. File associations can be messed up. Sometimes, the machine, once infected, isn't bootable, and removing the virus often does not solve the problem (virus writers don't seem to be very good at compatibility checking their viruses).

The advantage to a wipe & reload of a computer is that it fixes all of these problems. And it's a solution I usually recommend. Plus, most people with viruses have enough crapware installed that their systems are far from an ideal state. But manual virus removals have their place, especially in the real world. I'd prefer a wipe & reload, but sometimes there's that one program people have and the install disks were lost ages ago and it's vital to their continued existence (or something along those lines).

Re:Who still pays for antivirus?

[Whiteox]

I had a really helpful Indian/Pakistani/Asian guy from a Microsoft security company call me up and told me my PC was infected. I followed his instructions and he took remote control of my system to clean it up! And it only cost me $99.

Re:Who still pays for antivirus?

[doccus]

Fruit shaped logo.? Surely you refer to "Banana Junior".. correct?

Not mine; but apropos...

[fuzzyfuzzyfungus]

They are merely respectable businessmen, offering you their protection...

Antivirus?

[SuricouRaven]

We used to use Symantic antivirus at my workplace. Then we had a virus outbreak. Not a cutting-edge virus, just an old USB-stick-infector that symantic was powerless against. Didn't even detect it half the time, and when it did failed to do anything. So we use Sophos now.

Re:Antivirus?

[ledow]

Unfortunately, I can tell you the same story about any AV product out there, from personal experience.

Go to virustotal.com and upload any "known" virus you encounter and see how many big-name AV vendors don't recognise it at all.

Then make yourself a utility that crashes your system or takes over your startup entries, or does exactly what any virus will do and see how it fares against the same tests. I'd be very surprised if *any* of them picked it up, even with "heuristics" turned on.

Re:Antivirus?

[jimicus]

Then make yourself a utility that crashes your system or takes over your startup entries, or does exactly what any virus will do and see how it fares against the same tests. I'd be very surprised if *any* of them picked it up, even with "heuristics" turned on.

Contrariwise, I'm a big fan of scripting away work for efficiency gains - and I've noticed some heuristic scanners have a tendency to block a lot of functionality in many scripts. You're buggered either way.

Not totally fake in a way

[hcs_$reboot]

A number of users reported that after installing Symantec anti-viruses their system was slower, could detect false-positives, or worse, hang.
So in a way, the "scareware" is not totally wrong, as it warns about a degraded system - which may well be the case after the full product is installed.

It's not AV at the heart of this complaint.

[jimicus]

This isn't Symantec AV we all know and love(!) at the heart of these complaints. It's one of those "sooper-registry-optimizer!!11" programs that Symantec apparently offer.

Now, these strike me as somewhat odd. I've been dealing with Windows in one form or another since before the registry even existed - and I've never yet seen one of these tools do the slightest bit of good. Sure, if there's a specific problem (eg. malware) then a specific tool to deal with it may well help - but every single generic registry optimiser I've ever seen seems to be optimised to suck £20-30 from the customer's bank account rather than actually help them in any way.

Re:It's not AV at the heart of this complaint.

[Spad]

Registry "bloat" is a bit like encumberence in RPGs; there's very little difference between a new "clean" registry and one that's full of leftover crap from old apps and the like (as opposed to actual issues that may be present, but no automated system can reliably resolve those) right up you hit the limit and slow to a crawl. These days you'd have to be going some to reach that point, so it's just not worth the risk of knackering your system for some negligible performance gain.

Re:It's not AV at the heart of this complaint.

[DavidTC]

CCleaner does what you're talking about, and is of course, free. (And you should have it anyway because of the actual functionality of it.)

All registry cleaners are essentially scams. Deleting paths to hundreds of files that don't exist anymore might speed up windows by 1 second during boot. None of it's worth paying any money for. Although if you have CCleaner you might was well run the registry scanner everyone once in a while, it won't hurt.

User's choice dyslexia from hell.

[sgt+scrub]

I think it is ironic that Microsoft fights like hell to make sure the customer is using their browser but leaves the security of the system "up to the user". As far as being scary: Is it any more frightning than the OS itself telling you, "Your unprotected! Get AV now!"? Why the hell would they want to frighten customers about the security of the system instead of just adding it to the OS?!? Insanity!

Hmm.

[slasho81]

Symantec is scaring people to get what they want. So by definition, Symantec are terrorists.

Well, here's my metric

[Moraelin]

Well, dunno about him, but before I gave in and tried an antivirus again around Christmas, I can say that everything loaded much faster, there was no suspicious modem activity, there were no popups telling me to pay X dollars or else, and haven't had any funny charges on my credit card either.

Honestly, if I had any malware, it was far better behaved than any antivirus I've ever seen. From a simple pragmatic point of view, I should have stuck with that.

Not a problem on Linux

[archlinuxftw]

I have an elderly (85) neighbor who just wants to be able to read his email and look at the pictures of his grandchildren that their parents send. He was constantly being confused and alarmed by scareware and Windows security announcements, offers to upgrade Hotmail, etc, which occured practically every time he turned on his machine. I put him on Ubuntu, set it up to go straight to his Gmail when he powered on, and to never announce upgrades (he's happy with status quo as long as he has a working machine). Problem solved, he's happy as a clam, and loved how much faster his computer ran.

Re:Not a problem on Linux

[OhHellWithIt]

Not entirely. I've occasionally hit web sites that purport to run a scan and find a boatload of viruses on my computer. Since I don't use an antivirus program, it might be credible, except that I'm running Linux and the files "found" by the "scan" are things like Windows DLLs which are not, in fact, anywhere on it. I'm not sure if the web sites where I've seen this have any connection to Symantec. I hope the plaintiff takes them to the cleaners!

Their product sucks, but their blog...

[virgnarus]

While I agree Symantec products are awful bloatware that infect many OEM and the PCs of other less educated souls, I do enjoy their malware analysis blog. Being someone who's studying reverse engineering, kernel debugging, and advanced PC troubleshooting (investigating BSODs, hangs, etc.), I enjoy reading about the dissection of malware and their approach in doing so. Indeed, there are many malware analysis blogs out there that offer the same, but I can't see how someone wouldn't appreciate more, regardless of whoever it is that's providing it.

MSE vs. Avast

[tepples]

What makes Microsoft Security Essentials better than Avast?

Re:MSE vs. Avast

[lgarner]

Avast has started popping up "alerts" trying to get you to buy their paid product. Of course, the product is free and they're allowed to try to convert some of the free users to paid ones, but I'm also allowed to switch AV products. The Avast popups just got too annoying.

Re:MSE vs. Avast

[Khyber]

MSE doesn't have that shitty announcer that Avast has.