Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Schneier On Scareware Vendor Lawsuits

Posted by CmdrTaco on Thu Oct 02, 2008 08:25 AM
from the now-what-about-the-car-warranty-robot-who-calls-every-day dept.
Security
Bruce Schneier's blog says "This is good: Microsoft Corp. and the state of Washington this week filed lawsuits against a slew of 'scareware' purveyors, scam artists who use fake security alerts to frighten consumers into paying for worthless computer security software. "
+ -
story

Related Stories

Feed: "Scareware" Vendors Sued by bsfeed (1083233)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Schneier On Scareware Vendor Lawsuits 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Microsoft is as big a culprit of this as anyone.

    • I'm actually not sure what you're trying to say... Your comment vaguely appeals to \. sentiment, but what exactly are you getting at? MS spreads FUD is somewhat off-topic...

      Are you suggesting that MS scares users with security alerts into purchasing their software, which is legendary for being secure?

      • Re: (Score:3, Insightful)

        by Hyppy (74366)
        An important update to your software is available! Please download and install "Windows Genuine Advantage" now!

  • scam artists who use fake security alerts to frighten consumers into paying for worthless computer security software

    Sounds a lot like an average Windows advertisement.

  • Unnecessary blog reference (Score:5, Insightful)

    by g051051 (71145) on Thursday October 02 2008, @08:34AM (#25232073) Homepage

    Why does this even reference Bruce Schneier's blog? There's no added value from there. Why not just reference the original article?

  • What an awesome quote on his book cover (Score:3, Funny)

    by DimmO (1179765) on Thursday October 02 2008, @08:34AM (#25232075)
    http://www.schneier.com/images/book-sos-175w.jpg [schneier.com] "The closest the security industry has to a rock star" Well, if that's the case, I'll believe anything he says then. I love rock and roll.

    • Re:What an awesome quote on his book cover (Score:5, Funny)

      by Notquitecajun (1073646) on Thursday October 02 2008, @08:51AM (#25232267)
      So put another dime in the jukebox, baby.

        • Yeah, not to mention that the advent of mp3 players and decent portable speakers means anyone who drops $1.25 into a jukebox to listen to whatever shitty music it has in rotation is a tool.

          Hmm... do I want to pay through my nose to listen to Journey, or should I just whip out my cell phone and crank some Black Flag? Gee, this is a toughie...

      • Why?

        I heard this claim several times already, but never seen an explanation. As far as I can tell, he's a pretty smart guy and what he says seems to make sense.

        So what's the problem with him?

        • It's like people who say "I love reggae. Bob Marley is awesome".

          It is usually just them name-dropping, because he is the only security guy they know of. Not sure I'd call him the rock star of the industry though- Dan Kaminsky and Johnny Long have that covered.

          That said, having read a lot of security literature, and all of Bruce's books, he is the best mind I can think of on high-level security theory- what works, what doesn't, and how to evaluate a solution.

        • So what's the problem with him?

          There is none. "QuantumG" (I assume he thinks he is the indivisible entity of a gangster) is just angry that people don't shun the "obvious" names.

  • If Schneier wants to stop scaring people he should consider trimming his beard. That face-fro looks like it runs Crysis.

    • If Schneier wants to stop scaring people he should consider trimming his beard.

      Halloween's coming up.

      A state government and Microsoft both doing something I approve of? What's this world coming to?

    • Re: (Score:3, Funny)

      by Fred_A (10934)

      I don't know, add glasses and a crowbar and he could star in a videogame. Seems to me like the kind of guy you want talking about computing.

    • Never!

      I wouldn't trust a cryptographer without a beard.

  • Wasn't their a TV advert about this? (Score:3, Funny)

    by MosesJones (55544) on Thursday October 02 2008, @08:35AM (#25232085) Homepage

    scam artists who use fake security alerts to frighten consumers into paying for worthless computer security software

    It was an Apple thing I think warning about some company who was pushing some "extra secure" version of its operating system which in fact gave you less performance and kept nagging at you the whole time. Yup I thought so [youtube.com].

    Oh wait this is some OTHER companies who use security as a scare threat via nagging messages to get you to buy software.

    • Oh wait this is some OTHER companies who use security as a scare threat via nagging messages to get you to buy software.

      You mean M$ "scares" users with UAC to buy Vista? You got some problem with your logic.

      Last time I was checking [google.com] that trick didn't fly.

      If this are lawsuits we're talking, somebody should charge M$ with false advertisement: many end-users were made to think that thanks to UAC Vista is more secure than XP.

  • FAKE security warnings, for Windows? (Score:4, Insightful)

    by wvmarle (1070040) on Thursday October 02 2008, @08:36AM (#25232101)

    I'm truly impressed that people can come up with security warnings about Windows that are not true... after all, is there anything as insecure as Windows?

    The only thing I think they may have a case with is of course the fake software, as in software that does not do what is advertised. And I'm not even thinking of Windows itself this time.

    • Re:FAKE security warnings, for Windows? (Score:5, Interesting)

      by sjwest (948274) on Thursday October 02 2008, @08:56AM (#25232331)

      If you run a linux os with a modern web browser, and you visit a site with the scareware it is mildly amusing to see that your registry is screwed up and the site looks like internet explorer in colour scheme but you can download an exe to fix.

      Its happened twice to me, and i find them amusing.

      Im quite sure this is how windows zombies get signed up, but my penguin knows better.

    • There is a monster out there less secure than windows and it is called Internet Explorer.

    • ...after all, is there anything as insecure as Windows?

      Emo kids?

    • WARNING! Your computer may have spyware. Click here for our FREE REGISTRY SCAN!

      • Re:FAKE security warnings, for Windows? (Score:4, Insightful)

        by MadJo (674225) on Thursday October 02 2008, @09:32AM (#25232763) Homepage Journal

        Were those attack vectors directed at Linux or at packages running on Linux?
        Apache != Linux
        MySQL != Linux
        etc

        • In that case you should say the same about Windows. Most of the attacks (particularly drive-by attacks related to surfing) are targeted at IE, an application. Oh bad example, according to MS it's an integral part of the OS. Never mind.

          Then there are attacks directed at Outlook, ISS, and so on. Very few are directed at the Windows core. Same will account for Linux: unless the attack is done locally (most are over a network), it is always an application that is the first line of defense.

      • Yes I know, big strides have been made by Microsoft to improve it. The whole design of Windows unfortunately has never been with security in mind, this in contrast to Unix and it's clones and derivatives which is designed to be part of a network and multi-user.

        Microsoft has a lot to do to really make it secure, and when seven years of development for a minor upgrade (XP to Vista) can't fix it, nothing short of starting from scratch can.

        Win XP/Vista is a huge improvement over 98 and ME, however the number

  • colors (Score:4, Interesting)

    by apodyopsis (1048476) on Thursday October 02 2008, @08:46AM (#25232217)
    I'm confused, I don't use windows, but surely somebody could just change the desktop colors and then when a warning alert turned up in the old colors they would know it was a scam?

    Is that too obvious?

    • Re:colors (Score:5, Insightful)

      by MBGMorden (803437) on Thursday October 02 2008, @08:57AM (#25232349)

      Too obvious for your normal user, yes. Your average geek isn't going to get fooled by these things anyways (heck with the way NoScript and my popup blockers are set I don't see them at all anyways). But to the guy who fumbles with the power button and whose eyes glaze over when you speak of "cut and paste", changing the window colors and then having the foresight to pickup on a different color showing up being bad, is way beyond their capabilities.

      • Re: (Score:3, Insightful)

        by _Sprocket_ (42527)

        One of my insights doing a stint behind a helldesk was that some otherwise competent, intelligent people will disengage their thought process when sitting behind a keyboard. Sometimes I felt like psychiatrist - or at least what I suspect many of them do:

        1. Listen to problem.
        2. Restate problem as a question.
        3. Confirm answer given by customer is correct.
        4. Assure customer that while correct answer WAS somewhat obvious, we get it all the time and a lot of folks don't figure it out on their own. Add reas

    • True Story:

      After reformatting, one of the first things I do is go to AVG's website and download some virus protection. I google, and, thanks to a shitty mouse or my stupidity, accidentally click on another legitimate website. Adware, crapware, and more all taint the once pure machine via IE. All because AVG returned a couple of sites that are no where near legitimate.

      No warning would have helped in that case.

    • but surely somebody could just change the desktop colors...

      It's worse than that, because it's even more obvious.

      This is where the end-user epic fail really is:

      Security Alert - Windows Internet Explorer

      Or

      Security Alert - Mozilla Firefox

      End users have so trained themselves to not actually read dialogs that they simply can't tell something they've seen before from something they have not.

      It doesn't take a genius to sit at a computer for hours, and hours, and hours on end, every day, at work and at home, to recognize that your "Security Alert - Windows Internet Explorer" causes the cursor to turn into a pointing finger, just like a hyperli

        • Re: (Score:2, Insightful)

          by RulerOf (975607)
          No.

          I'm saying that if you're too ignorant to understand that you're asking for it because you feel it's not worth your time to learn anything from your hands-on experience, then it's your own damn fault that you put yourself in that situation. I never said there was anything right or just about crime.

    • I've occasionally seen actual dialog boxes pop up with these warnings back when I used Windows and IE, so it isn't just graphics that look like boxes.

      • Most Windows users don't know that the default colors can be changed. As far as the background goes, I worked for four months in a small tech shop and was the only person there not using the default wallpaper. Not because everybody else was too busy to do it, just too lazy.

  • Courts determining what's required for security? (Score:5, Insightful)

    by compumike (454538) on Thursday October 02 2008, @08:46AM (#25232221) Homepage

    The law referenced "makes it illegal to misrepresent the extent to which software is required for computer security or privacy." This is such a fishy thing that I'm not really sure if I want courts to determine what exactly is required and therefore whether it is being misrepresented.

    Now, maybe there's a case for fraud if the program doesn't do what it purports to do in its advertising, but that doesn't seem to be what's at stake here.

    There also might be a case for fraud if, perhaps, the advertising pop-ups are being confused for actual Windows messages. But I suppose in the "real world" advertisements mimic other things to be creative, but are still fairly obviously ads.

    Just not sure I like the sound of a law that requires a judge or jury to determine what's required for computer security.

    --
    Hey code monkey... learn electronics! Powerful microcontroller kits for the digital generation. [nerdkits.com]

  • all anti-virus companies (Score:3, Insightful)

    by Jessta (666101) on Thursday October 02 2008, @08:59AM (#25232377) Homepage

    "the law makes it illegal to misrepresent the extent to which software is required for computer security or privacy,and it provides actual damages or statutory damages of $100,000 per violation, whichever is greater."

    lol, so all the anti-virus software companies(Norton, NOD32,VET etc) and anyone selling 'personal firewall software' is pretty much screwed.

    • Maybe not a geek. The average user, in my experience, can't keep viruses at bay without them.

      While a lot of AV makers will try to convince you that you'll be screwed without the $100 security suite, they tend to sell what they say they are selling and don't have fake positives in the product in an effort to try to convince you to buy them.

      And anyone that ran Windows XP RTM/SP1 knows that a firewall of some sort was required (hardware or non-Microsoft software) due to all the exploits. You could be own

  • More Government Regulation (Score:3, Funny)

    by Jawn98685 (687784) on Thursday October 02 2008, @09:20AM (#25232601)
    When will these ultra-liberal, extremist zealots realize that more regulation just doesn't work? It is no suprise to see that the term "worthless security software" should be bandied about by such out-of-touch elitist snobs. We all know that the free market should determine what is "worthless" and what is not. Why do socialist thugs like Microsoft and the Washington State Attorney General's Office get off, trying to bully patriotic, tax-paying, small computer security businesses this way?

    • You're right!

      But, I can tell from your message that you have a high level of contamination in your home drinking water. It's already affecting your speech. I'm from the Federated Department of Drinking Water Security. (Flashes badge that is a perfect knock-off) You have nothing to fear though, for a nominal fee, I can provide you with a water security solution that will keep your faucet from broadcasting it's location to the evil germs and heavy metals that are lurking just outside.

  • I'm glad someone is finally taking action against these malware scammers. I do tech support part time and 95% of my recent virus removal jobs have involved these nasty little programs.

  • Scaring consumers = basis of modern advertising (Score:3, Interesting)

    by kaltkalt (620110) on Thursday October 02 2008, @03:36PM (#25238187) Homepage
    Modern commercials rely on one of two things to sell a product or service. One, you will improve your chances of having sexual intercourse with a desireable mate if you purchase our product/service. Two, you are in danger and you need to purchase our product/service to be safe. Over the past couple of years the "scare" meme has turned into more of a direct threat. The best example is those horrible, evil free credit report dot com commercials, where they come out and say if you don't buy our product you'll lose all your money and have to work at a crappy seafood restaurant and drive a shit car (the fact that they're selling something is only to be discerned in the fine print at the bottom of the commercial and the last few words, quickly rattled off, at the end of the commercial). "Buy our product or be poor" is a threat. Auto insurance companies do this a lot too... I just saw an Allstate ad that showed a family losing all their money due to a car accident because they didn't have Allstate insurance. None of these threats is a legitimate concern for consumers. There's nothing different about saying consumers have a security problem on their computers and need to buy software to fix it. "Buy our product or hackers will destroy your computer and steal your private data." It should be illegal to threaten consumers. Such commercial speech should not be protected by the First Amendment.
    • Microsoft may have a case in that it makes the OS seem bad. If fake programs lie and say you have 50 viruses, 120 pieces of spyware and 60 registry errors, it makes the OS look like a pile of junk.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.