Symantec Sued For Running Fake "Scareware" Scans

Sparrowvsrevolution writes "James Gross, a resident of Washington State, filed what he intends to be a class action lawsuit against Symantec in a Northern District California court Tuesday, claiming that Symantec defrauds consumers by running fake scans on their machines, with results designed to bully users into upgrading to a paid version of the company's software. 'The scareware does not conduct any actual diagnostic testing on the computer,' the complaint reads. 'Instead, Symantec intentionally designed its scareware to invariably report, in an extremely ominous manner, that harmful errors, privacy risks, and other computer problems exist on the user's PC, regardless of the real condition of the consumer's computer.' Symantec denies those claims, but it has a history of using fear mongering tactics to bump up its sales. A notice it showed in 2010 to users whose subscriptions were ending in 2010 warned that 'cyber-criminals are about to clean out your bank account...Protect yourself now, or beg for mercy.'"

Who still pays for antivirus?

[DCTech]

There are perfectly good free antivirus programs now, if you want to run one. Most of them are actually better than the non-free antivirus programs. Microsoft Security Essentials is a free antivirus that is many times better than Symantec's and others. On top of that it is lightweight and fast, compared to the bloated crap that Norton is. It works on slower machines too, detects more viruses and doesn't break stuff.

On 8 June 2011, PC Advisor listed Microsoft Security Essentials 2.0 in its article Five of the Best Free Security Suites, which included Avast! 6 Free Edition, Comodo Antivirus 5.4, AVG Antivirus 2011 and BitDefender Total Security 2012 Beta.

So choose from those. Personally I don't run any antivirus as I don't download random executables from the internet nor surf to random porn sites or download from torrent sites. Windows is also secure now a days, and I haven't had a single malware in like 10 years.

Re:Who still pays for antivirus?

"Personally I don't run any antivirus... ...and I haven't had a single malware in like 10 years"

How can you know that for sure?

Re:Who still pays for antivirus?

[PenquinCoder]

I'm not exactly pro-MS but DTech is correct. MSE is actually one of the better anti-virus programs for windows these days. You can't fault MS for snapping up a company/product that worked well and then including it for free in their (buggy and insecure) OS. It's at least one thing they did right.

Re:Who still pays for antivirus?

[kvvbassboy]

But MSE is the best free antivirus software.

Re:Who still pays for antivirus?

[gman003]

Dude, no, seriously. MSE actually works, and well. From personal experience, I can say that it's faster and more effective than AVG; I've heard from others that they switched to it from Avast, Comodo and Kaspersky.

Everything else Microsoft makes is pretty crap - Windows, Office, IIS, MSN - but apparently even Microsoft crap is better than every other antivirus' crap.

Re:Who still pays for antivirus?

[RogueyWon]

I'm by no means anti-MS (Windows 7 is the only OS on both of my home PCs these days), but I'd take issue with the blanket statement that "Windows is also secure now a days".

I went through endless fun thanks to the parents just before Christmas. They fell for one of those fake-DHL-shipping-notice spam e-mails (as they were actually expecting a Christmas-related DHL delivery) and, with a single click, landed their (3 month old, Norton-"protected", UAC-enabled) PC with one of the most vicious and persistent pieces of malware I've ever seen. One of those fake-AV-software ransomware jobbies. It disabled Norton, blocked Windows from accessing DVD and USB drives, did a dns redirect so that browsers could only access the ransomware page and all kinds of crap. I've sorted these before by doing a system restore from a backup point in safe-mode, but even though the restore allegedly worked in this case, the malware persisted through it quite happily. Ended up doing a full format and reinstall of Windows.

Now, there are a lot of failures in this story; my parents for clicking the link, Norton for being completely (and predictably) useless and so on. But I still have problems with describing an OS where a single click can land you in that kind of mess as "secure".

Personally, I use AVG, on the grounds that it provides some basic protection and makes my system chug less than most of its rivals. But it's by no means infallible, throws up a depressing number of false positives and the only way to avoid infection does appear to be abject paranoia (which is now my default policy).

Re:Who still pays for antivirus?

You don't have to "willingly" download applications/.exe's to get malware, trojans, etc. There's a lot more out there then you think....

Re:Who still pays for antivirus?

[Joce640k]

I haven't had a single malware in like 10 years.

How do you know? It's not like they pop up a window to let you know if the installation was successful.

Re:Who still pays for antivirus?

[Riceballsan]

Noscript, adblock etc... there are dozens of ways to dodge things and reduce the chance of infection to .0000001% (there is always the hypothetical possibility of some rogue worm that breaks past a firewall/router, or heck someone breaking into your house and manually running a virus on your system with physical access). If this guy was endorsing or recommending the average joe to use no AV you would have valid reason to insult him, he isn't. Plenty of very tech savy people can safely use a computer with no AV with little to no risk, while many tech unsavy people will fill a computer with virus no matter what protection they use.

Re:Who still pays for antivirus?

[L4t3r4lu5]

I've found that Microsoft Security Essentials is no better than ESET NOD32 for anti-virus protection.

Then again, against anything but zero-day exploits, a properly configured OS and good browsing practices would make a potato a good AV solution.

Re:Who still pays for antivirus?

Since you have worked at a PC shop, and are therefore are presumably a leading information security expert and well versed in the intricacies of system security auditing, please explain this process of manually checking for viruses. Given the general nature of how serious compromises actually work, this revolutionary method will be game changing. I am eagerly awaiting my subscription to your newsletter.

In all seriousness, I hope you didn't bill hours for your security expertise, although sadly I suspect you did.

Re:Who still pays for antivirus?

[Lehk228]

NOD32 is a pretty damned good bar to be "no better than"

for my own home use i use MSE now, back when i was in college and had to connect to the campus network i did run NOD32 and it's damned good, but i can't justify spending money on antivirus when i haven't gotten a virus in years since i am somehow resistant to the urge to download and run OMGPONIESALSONAKEDLADIES.AVI.EXE

Re:Who still pays for antivirus?

[RogueyWon]

No, I think there's a problem with an OS that allows for that degree of fundamental OS modification on the basis of a single click with no user confirmation prompts and no recovery path.

Re:Who still pays for antivirus?

[ElectricTurtle]

Autoruns, Rootkit Revealer. Granted, those are technically not for commercial use (giggle), but seriously, for SOHO stuff you really don't need anything else. This isn't exactly some DoD classified network here.

Re:Who still pays for antivirus?

[somersault]

The vast majority of malware isn't that clever or "serious" in the sense that it's written to specifically target you or a company you work for - so you could check running tasks and a few places in the registry for any dubious executables. You could check if the machine has any unexplained network activity. You might not be able to completely remove the malware just by looking in those places, but you have a good chance of detecting symptoms.

I don't think your sarcasm was particularly warranted in this situation.

Re:Who still pays for antivirus?

[ArsenneLupin]

... would make a potato a good AV solution.

Yes, my pet potato is my best friend and protector. I call him Balthazar...

Re:Who still pays for antivirus?

[CastrTroy]

Well, I guess it all depends on whether or not we want to be running general purpose computers or not. You don't see many people complaining about viruses on the XBox or other game consoles. You don't see people getting viruses on the iPhone/iPad. But then, you can't run whichever program you want on these platforms. You can only run MS (or Apple, or whoever) approved software, unless you take some huge steps to go around the protections. The computer can either be designed to run whatever program the user tells it to run, or it can be made secure so that it only runs signed software. You can't have it both ways. Sadly, I think for this reason, that the majority of the population will go to appliance type computers in the next decade, where the downside is that they can only run signed software from specific markets, but with the upside that they will never get a virus. Those of us who know what we are doing can run general purpose computers, possibly without even having virus scanners, because we are smart enough to not even run the virus in the first place. I have MS Security Essentials, and if it wasn't so lean, I wouldn't run it, because it hasn't detected a single thing in the 2 years I've been using it. Because I know not to download and run crap off the internet.

Re:Who still pays for antivirus?

[Lonewolf666]

I agree, if you know what you are doing, it helps a lot. In over 10 years on the Internet, mostly without AV software, I had one infection and that was from a remote execution exploit (MSBLAST on Windows 2000).
Even that one could have been avoided, I simply forgot to install the post-SP4 hotfixes after reinstalling the PC due to a non-virus related issue.

My safety measures at the moment consist of

- a DSL router with "lightweight" firewall and NAT - while not a 100% solution, it is better than nothing.

- not using products that have been frequently hacked in the past (except Windows). That means no Internet Explorer and no Outlook.

- generally checking downloads for their file type before opening them. If it is a .com or .exe I did not specifically download, it gets deleted.
      RANT: Especially in this context, fuck Microsoft for making the hiding of file extensions the default in Explorer. I know to switch that off, but for inexperienced users it makes it even easier to fall for "AnnaKournikovaNaked.jpg.exe". /RANT

Re:Who still pays for antivirus?

[L4t3r4lu5]

That is exactly what I meant. It's no better than NOD32, and NOD32 is, as far as I'm concerned, the best.

I was almost sad when I stopped sending them my £40 per year for Smart Security.

Re:Who still pays for antivirus?

[tnk1]

Why would MS work to put AV companies out of business? The reason for MSE is plain: they're embarrassed about the (deserved) reputation of their past OSes in terms of security and needed to address it. These bloated AV programs like Symantec's suite were also bogging down the systems of people who use Windows, which makes Windows seem slow as well. In the end, it was a smart move to get in there and provide an AV that was both useful and mostly unobtrusive. This isn't the browser wars where MS was working to elbow out Netscape in a new area of software; AV companies have had years to make money and get it right and have instead written an expensive, and bloated product in almost all cases.

Re:Who still pays for antivirus?

Do you run your linux box as root? No??? Then why run all your Windows 7 executeables as administrator? Either you secured your parents box, or they were logged in with an administrator account and clicked through the UAC pop up without reading or without understanding.

Even if you're logged in as an administrator, that UAC pop up is the "user confirmation prompt" that you were just screaming about not having. And no recovery path? How do you think you'd recover from an rm -rf if you were logged into your term as root?

The fact of the matter is, there was a failure to secure the computer. Judging by how you described the situation and the support structure, that failure was yours.

Re:Who still pays for antivirus?

Depending on the specific situation you may be violating the EULA for those clients. MSE is only for use in a business with up to 10 PCs. After that you need to use and pay for Forefront.

Re:Who still pays for antivirus?

[TheLink]

I'd argue its because Microsoft has access to their own source-code

I doubt that's the real reason, because both Norton and McAfee used to be good. Then they started to be bigger resource hogs than most viruses they were protecting you against (yes there's other evil stuff that viruses do but keep reading...).

I definitely recall Norton/Symantec making systems more unstable or causing problems:
1) Years ago someone had problems fetching email, turns out Norton/Symantec was intercepting the POP3 connections to scan for viruses (ok fine), but some email was causing it to _crash_ (extremely not fine- especially if it turns out to be an exploitable code-injection bug).

2) In 2007: http://www.pcworld.com/article/132050/millions_of_chinese_hit_by_symantec_foulup.html

A virus-signature update delivered automatically to users on Friday about 1:00 a.m. Beijing time to Symantec's antivirus scanning engine mistook two critical system files of the Simplified Chinese edition of Windows XP Service Pack 2 for a Trojan horse. The two files -- netapi32.dll and lsasrv.dll -- were falsely quarantined, which in turn crippled Windows. If an affected PC was rebooted, Windows failed on start-up and showed only a blue screen.

3) On 28 January 2010, Symantec's antivirus software marked Spotify as a Trojan horse, disabling the software across millions of computers

Nowadays depending on the situation I use Avira, MSE or "no antivirus". My personal home machine has no AV installed. My browser runs as a different user process. If I have something that I think is suspicious, I check it with VirusTotal ( https://www.virustotal.com/ ). So far I have had no problems doing things this way, so I don't see the point of constantly incurring the extra CPU/resource costs by installing a real-time virus scanner on my machine. For the past few decades my personal machines have never been infected by a virus. I may have downloaded viruses or malware, but I have not been infected by them. And yes I do know how to check.

A dedicated attacker might be able to put malware on my machine, but they'd know how to use virustotal or similar too, and still be able to plant malware on my machine even if I was running AV software (and wasting resources).

The machine my parents use on the other hand has AV software installed (not Symantec, nor McAfee).

AV software is not needed everywhere and in some cases if installed, it indicates someone is doing something wrong: http://xkcd.com/463/

Given my track record vs Symantec's track record, I would prefer to take the bet that Symantec is more likely to screw up my system than a virus. There have been other antivirus vendors with similar screw ups too.

On a related note, Trend screwed up notoriously - albeit with its antispam product, blocking the letter "p".

For these reasons production servers and other important machines that are well secured and managed should NOT have antivirus software installed.

If they are so poorly managed that the operators are much more likely to screw up than the AV vendors, then sure, install AV, but that means you are doing something wrong.

Re:Who still pays for antivirus?

[Billly+Gates]

No you need a real anti virus package like Avast! or MSE if you refuse to have full shield protections.

All it takes is 1 ad with a zero day exploit in flash or javascript to get on your system. It has happened to me twice this year. No I do not click on random shit and everything is up to date. The javascript hack used an IP address therebye bypassing XSS cross domain and openDNS security. Very sneaky.

After your infected your done. I reformat my system as I do banking and student loans on it and can't risk infection. There is no excuse not to run anti virus software in 2012. It is not 2002 where all you need is a hardware firewall and not use IE 6 to magically be 100% secure anymore. Hackers have moved on and target flash, java, and ajax ads to bypass Windows and target all 3 browsers.

Re:Who still pays for antivirus?

[jackbird]

And how many billable hours is that rebuild, when the customer has actual applications installed that Ninite won't load up (say, a full Autodesk Suite, 10 years of Quickbooks versions side-by-side, originally purchased through downloading, or some horrible niche vertical business management app)?

When a new perfectly serviceable desktop runs $400, you end up incentivizing people to throw infected PCs in the trash or simply not repair infected machines. That's crazy.

Re:Who still pays for antivirus?

I'm sorry you got infected. However you are spreading FUD. MSE is, of course, a real time scanner. Anything that is written to the file system is scanned first; just like with other real time scanners. Now, there probably wasn't a definition for the particular nasty you got infected with at the time. Either that, or you turned off real time - which MSE warns you not to do.

Re:Who still pays for antivirus?

[pclminion]

"Full shielding?" what's with the dorky sci-fi talk? Invert the phase polarity and reroute power to the weapons array! Do you call your car the Starship Enterprise as well?

Re:Who still pays for antivirus?

[hairyfeet]

The problem I have with MSE is thus: As someone who actually has to clean up the machines when they get infected I've found MSE to frankly not be great on anything but Windows 7, on XP its especially horrid as it doesn't seem to catch drivebys until its too late and the code has been loaded on the page which means its shutting the barn after the horse has done left. On Win 7 its good, low resource, and quiet, but on XP it just doesn't do the drivebys well at all. Kicks ass on downloads, not great anywhere else. Now with MSFT concentrating on Win 7/8 that's understandable but not something an XP owner wants to hear. Maybe its because it was never supposed to be an AV, it was originally Giant AntiSpy before getting bought by MSFT, whatever the reason it just doesn't seem to stop real world threats like it does in those tests.

What I've found with my real world customers is either Comodo CIS or Avast free both seem to do the trick and stop bugs cold in ALL the currently supported versions of Windows. Comodo is better if you want to tweak as it has much deeper controls than Avast, i also prefer it on XP because its built in firewall is a hell of a lot better than the default XP one, whereas Avast is better on Vista/7 if you know the person and can tweak the user case on initial install. By that I mean if you have someone that ONLY surfs, but doesn't use P2P or IM? You can easily kill the P2P and IM shields and thus lower its footprint. Its also better for the more clueless customers as its UI is a lot simpler than Comodo.

That said on my gamer box and my netbook I use MSE simply because i'm not going anywhere where it will actually be used since i'm not running P2P or IM or going to anywhere other than a handful of well known sites such as Slashdot so its a security blanket more than anything and since i've found it does less it uses less when it comes to resources. But in my own personal tests with some off lease office boxes 6 months ago when i purposely went to some "Hey look at teh titties!" topsites both MSE and AVG got pwned, while Comodo and Avast didn't. So I'd say it depends on the user, if you are like me and practice safe computing? MSE is the lowest resource and doesn't cause a speed hit when gaming. you got users that are more likely to click things or just wander around the web? Then Avast or Comodo either one will be a better fit. I've been using Comodo on XP and Avast on Vista/7 for nearly 3 years now and knock on wood not a single box brought back infected, which is saying something when you have those "Punch the clown win an iPhone" click happy users.

Re:Who still pays for antivirus?

[hairyfeet]

Maybe he just likes their products? So far I've been accused of being a shill for, in no particular order, MSFT, AMD, Comodo, and one who accused me of being a shill for Apple which I thought was particularly funny as the only Apple product I've ever owned is a B&W G3 I have sitting in the closet. If the guy is a shill he'll be modbombed off the planet and that will be that but you can't say for sure someone is a shill just because they like certain products. I mean I've never gotten so much as a sticker from AMD (Come on assholes, at least send me some stickers!) but I've had nothing but good luck with their CPUs and chipsets and think they give the best bang for the buck, so now that's all I ever use in new builds. Comodo is nice enough to give their AV free to business as well as home users and they make some kick ass free stuff like Comodo Time Machine which allows me to walk a customer through fixing a PC so badly broken by their kid the thing wouldn't even boot in under 10 minutes flat so i'm all "Yay Comodo!" but again not so much as a T-shirt.

So instead of spewing the "nigger cocksucker faggot' constantly, aka Troll, shill astroturfer why not simply judge each individual post on its own merits or lack thereof? As I posted earlier while i don't think MSE is a good product for those risky surfers or those on XP it is a decent product and it does seem to always be in the top five so he's speaking the truth there. Now if this were a post on FOSS and he was saying "Use Win 7 and MSE!" that would be a troll, but this is a post about windows AVs so I don't see where his post is anything but on topic.

Personally I think its nice when we can stop with the name calling and simply be geeks, isn't that nice? If what he is posting is bullshit give us some links, tear apart his arguments with rational arguments of your own, this way we can ALL learn and be better informed, isn't that a better way to go?

Re:Who still pays for antivirus?

[default+luser]

Nope, Common Sense 2012 Platinum here. Haven't had any infection in well over half a decade.

You and I used to be on the same page. I was smart and never got infected for years despite having no running virus scanner. I would verify every few months by running an online virus check, and that was that.

But two years ago I started reading about hackers compromising websites and ad networks and injecting their own exploits into an otherwise trusted webpage. Even tools like Noscript couldn't keep you %100 safe because of potential exploits in Javascript and PDF (unless you wanted to live in the dark ages of the web).

No amount of Common Sense could save you from this attack, and you had no idea when it could strike. I installed Microsoft Security Essentials, and I'm glad now that I did: a few months ago it caught a drive-by download exploit from a website I trusted. I'm very happy to have that level of protection on the Wild Wild Web.

Not mine; but apropos...

[fuzzyfuzzyfungus]

They are merely respectable businessmen, offering you their protection...

Antivirus?

[SuricouRaven]

We used to use Symantic antivirus at my workplace. Then we had a virus outbreak. Not a cutting-edge virus, just an old USB-stick-infector that symantic was powerless against. Didn't even detect it half the time, and when it did failed to do anything. So we use Sophos now.

Re:Antivirus?

[ledow]

Unfortunately, I can tell you the same story about any AV product out there, from personal experience.

Go to virustotal.com and upload any "known" virus you encounter and see how many big-name AV vendors don't recognise it at all.

Then make yourself a utility that crashes your system or takes over your startup entries, or does exactly what any virus will do and see how it fares against the same tests. I'd be very surprised if *any* of them picked it up, even with "heuristics" turned on.

Re:Antivirus?

[jimicus]

Then make yourself a utility that crashes your system or takes over your startup entries, or does exactly what any virus will do and see how it fares against the same tests. I'd be very surprised if *any* of them picked it up, even with "heuristics" turned on.

Contrariwise, I'm a big fan of scripting away work for efficiency gains - and I've noticed some heuristic scanners have a tendency to block a lot of functionality in many scripts. You're buggered either way.

Not totally fake in a way

[hcs_$reboot]

A number of users reported that after installing Symantec anti-viruses their system was slower, could detect false-positives, or worse, hang.
So in a way, the "scareware" is not totally wrong, as it warns about a degraded system - which may well be the case after the full product is installed.

It's not AV at the heart of this complaint.

[jimicus]

This isn't Symantec AV we all know and love(!) at the heart of these complaints. It's one of those "sooper-registry-optimizer!!11" programs that Symantec apparently offer.

Now, these strike me as somewhat odd. I've been dealing with Windows in one form or another since before the registry even existed - and I've never yet seen one of these tools do the slightest bit of good. Sure, if there's a specific problem (eg. malware) then a specific tool to deal with it may well help - but every single generic registry optimiser I've ever seen seems to be optimised to suck £20-30 from the customer's bank account rather than actually help them in any way.

Hmm.

[slasho81]

Symantec is scaring people to get what they want. So by definition, Symantec are terrorists.

Their product sucks, but their blog...

[virgnarus]

While I agree Symantec products are awful bloatware that infect many OEM and the PCs of other less educated souls, I do enjoy their malware analysis blog. Being someone who's studying reverse engineering, kernel debugging, and advanced PC troubleshooting (investigating BSODs, hangs, etc.), I enjoy reading about the dissection of malware and their approach in doing so. Indeed, there are many malware analysis blogs out there that offer the same, but I can't see how someone wouldn't appreciate more, regardless of whoever it is that's providing it.

MSE vs. Avast

[tepples]

What makes Microsoft Security Essentials better than Avast?

Re:MSE vs. Avast

[lgarner]

Avast has started popping up "alerts" trying to get you to buy their paid product. Of course, the product is free and they're allowed to try to convert some of the free users to paid ones, but I'm also allowed to switch AV products. The Avast popups just got too annoying.