Symantec Sued For Running Fake "Scareware" Scans

Sparrowvsrevolution writes "James Gross, a resident of Washington State, filed what he intends to be a class action lawsuit against Symantec in a Northern District California court Tuesday, claiming that Symantec defrauds consumers by running fake scans on their machines, with results designed to bully users into upgrading to a paid version of the company's software. 'The scareware does not conduct any actual diagnostic testing on the computer,' the complaint reads. 'Instead, Symantec intentionally designed its scareware to invariably report, in an extremely ominous manner, that harmful errors, privacy risks, and other computer problems exist on the user's PC, regardless of the real condition of the consumer's computer.' Symantec denies those claims, but it has a history of using fear mongering tactics to bump up its sales. A notice it showed in 2010 to users whose subscriptions were ending in 2010 warned that 'cyber-criminals are about to clean out your bank account...Protect yourself now, or beg for mercy.'"

Who still pays for antivirus?

[DCTech]

There are perfectly good free antivirus programs now, if you want to run one. Most of them are actually better than the non-free antivirus programs. Microsoft Security Essentials [wikipedia.org] is a free antivirus that is many times better than Symantec's and others. On top of that it is lightweight and fast, compared to the bloated crap that Norton is. It works on slower machines too, detects more viruses and doesn't break stuff.

On 8 June 2011, PC Advisor listed Microsoft Security Essentials 2.0 in its article Five of the Best Free Security Suites, which included Avast! 6 Free Edition, Comodo Antivirus 5.4, AVG Antivirus 2011 and BitDefender Total Security 2012 Beta.

So choose from those. Personally I don't run any antivirus as I don't download random executables from the internet nor surf to random porn sites or download from torrent sites. Windows is also secure now a days, and I haven't had a single malware in like 10 years.

Re:Who still pays for antivirus?

[Anonymous Coward]

"Personally I don't run any antivirus... ...and I haven't had a single malware in like 10 years"

How can you know that for sure?

Re:Who still pays for antivirus?

[kvvbassboy]

But MSE is the best free antivirus software.

Re:Who still pays for antivirus?

[Anonymous Coward]

You don't have to "willingly" download applications/.exe's to get malware, trojans, etc. There's a lot more out there then you think....

Re:Who still pays for antivirus?

[Joce640k]

I haven't had a single malware in like 10 years.

How do you know? It's not like they pop up a window to let you know if the installation was successful.

Re:Who still pays for antivirus?

[DCTech]

I'm by no means anti-MS (Windows 7 is the only OS on both of my home PCs these days), but I'd take issue with the blanket statement that "Windows is also secure now a days".

I went through endless fun thanks to the parents just before Christmas. They fell for one of those fake-DHL-shipping-notice spam e-mails (as they were actually expecting a Christmas-related DHL delivery) and, with a single click, landed their (3 month old, Norton-"protected", UAC-enabled) PC with one of the most vicious and persistent pieces of malware I've ever seen.

So in reality, it isn't Windows problem, it's user problem. Unless you run walled garden like iOS on your PC, there will always be malware that will try to trick user, regardless of OS. It works in Windows, it works in OSX and it works in Linux.

Re:Who still pays for antivirus?

[Riceballsan]

Noscript, adblock etc... there are dozens of ways to dodge things and reduce the chance of infection to .0000001% (there is always the hypothetical possibility of some rogue worm that breaks past a firewall/router, or heck someone breaking into your house and manually running a virus on your system with physical access). If this guy was endorsing or recommending the average joe to use no AV you would have valid reason to insult him, he isn't. Plenty of very tech savy people can safely use a computer with no AV with little to no risk, while many tech unsavy people will fill a computer with virus no matter what protection they use.

Re:Who still pays for antivirus?

[L4t3r4lu5]

I've found that Microsoft Security Essentials is no better than ESET NOD32 for anti-virus protection.

Then again, against anything but zero-day exploits, a properly configured OS and good browsing practices would make a potato a good AV solution.

Re:Who still pays for antivirus?

[RogueyWon]

No, I think there's a problem with an OS that allows for that degree of fundamental OS modification on the basis of a single click with no user confirmation prompts and no recovery path.

Re:Who still pays for antivirus?

[ElectricTurtle]

Autoruns, Rootkit Revealer. Granted, those are technically not for commercial use (giggle), but seriously, for SOHO stuff you really don't need anything else. This isn't exactly some DoD classified network here.

Re:Who still pays for antivirus?

[somersault]

The vast majority of malware isn't that clever or "serious" in the sense that it's written to specifically target you or a company you work for - so you could check running tasks and a few places in the registry for any dubious executables. You could check if the machine has any unexplained network activity. You might not be able to completely remove the malware just by looking in those places, but you have a good chance of detecting symptoms.

I don't think your sarcasm was particularly warranted in this situation.

Re:Who still pays for antivirus?

[Anonymous Coward]

Just because *you* are an arse that lets their computer auto-execute anything in a browser

While this guy phrased it somewhat abrasively, his point is valid. Damn close to 100% of infections are the result of requesting that some untrustworthy code run on your machine. Letting any random sites you surf to run even purportedly 'sandboxed' code on your machine is simply idiotic - the last few decades have proven that - and anyone who hasn't learned that by 2012 deserves what they get. It's like living in the slums with and letting crack gangs into your house just because they ask. You might be surprised the first time they trash the place, but after the 20th time, after the 200th time, after reading about it over and over in the mass media, why would you keep inviting them in? Fine, be surprised they trashed your place the first time, but after decades and popular cultural awareness and headlines on CNN and the BBC, you have to be pretty damn stupid if you are still asking them into your house, when you have complete control over whether they can come in or not.

People seem bewildered by this simple concept: don't run random shit from the internet, whether or not it's in a browser sandbox, and 99.999% chance you won't get jacked. If you go running every javascript any site in the whole world asks you to, well... don't act surprised by the results when something manages to escape the sandbox. PEBKAC.

It's 2012. Personal computing started taking off in the 1970's. That's 35 or 40 years now, and computers are a critical and pervasive part of modern society. There's no more excuse for not knowing how to use one.

Re:Who still pays for antivirus?

[ElectricTurtle]

Where 'completely ineffective' means 'able to solve all problems experienced by customers' yeah, I'm ok with that. You don't need a CISSP to be an effective bench tech at a local PC shop. The customers can't afford it and don't need it. Get off your ridiculous high horse.

Re:Who still pays for antivirus?

[Lonewolf666]

I agree, if you know what you are doing, it helps a lot. In over 10 years on the Internet, mostly without AV software, I had one infection and that was from a remote execution exploit (MSBLAST on Windows 2000).
Even that one could have been avoided, I simply forgot to install the post-SP4 hotfixes after reinstalling the PC due to a non-virus related issue.

My safety measures at the moment consist of

- a DSL router with "lightweight" firewall and NAT - while not a 100% solution, it is better than nothing.

- not using products that have been frequently hacked in the past (except Windows). That means no Internet Explorer and no Outlook.

- generally checking downloads for their file type before opening them. If it is a .com or .exe I did not specifically download, it gets deleted.
      RANT: Especially in this context, fuck Microsoft for making the hiding of file extensions the default in Explorer. I know to switch that off, but for inexperienced users it makes it even easier to fall for "AnnaKournikovaNaked.jpg.exe". /RANT

Re:Who still pays for antivirus?

[tnk1]

Why would MS work to put AV companies out of business? The reason for MSE is plain: they're embarrassed about the (deserved) reputation of their past OSes in terms of security and needed to address it. These bloated AV programs like Symantec's suite were also bogging down the systems of people who use Windows, which makes Windows seem slow as well. In the end, it was a smart move to get in there and provide an AV that was both useful and mostly unobtrusive. This isn't the browser wars where MS was working to elbow out Netscape in a new area of software; AV companies have had years to make money and get it right and have instead written an expensive, and bloated product in almost all cases.

Re:Who still pays for antivirus?

[Anonymous Coward]

You just made my point for me. You wouldn't have actually solved the problems at all. If you think "lack of obvious indications that anything is still on the system" qualifies as solving the problem, you're making a living from lying to uninformed customers. Instead, you should be informing your customers of the actual risks involved related to the security of the private (frequently, including financial information) data on their systems.

Do you even try to deal honestly with your customers, or do you prefer to make decisions for them with a bunch of "it's highly technical, you wouldn't understand" hand waving, or perhaps hope they walked in the door informed enough to already know what they truly need? Do you prefer to take the lazy approach of selling snake oil just because "it's cheap enough that they can afford it," instead of maybe coming up with more efficient ways to do things better and less expensively? Do you also have an herbal supplements counter at your checkout, just in case your customers need some trusted home remedies while they're out?

Look, if a PC is compromised, you don't try to "fix it" by removing malware, at least certainly not as the first option. No, you don't even try to get clever and say "hey I'll use this trusted boot CD with malware removal stuff on it," because that's nearly as crappy in a number of cases, and remember that you don't actually know what is on the system, you just know it's compromised and have no way of knowing with any assurance how bad it actually is. You inform the customer that the safest course of action is (1) make a copy of all data on the hard drive, and if they already have known good backups that's even better (2) identify what needs to be kept, (3) nuke and pave the PC with a fresh OS load, (4) scan the living hell out of the customer's data using everything available to you (oh, you didn't really want to bother with checking the data? I've got some PDFs and JPEGs that do nifty tricks, sure do hope there's not any recently crafted stuff on that system), (5) reinstall applications, (6) put the customer's data back on the system.

Or I suppose you can do what a lot of local PC shops do and bill them for 2 to 4 hours of labor to "scan and disinfect" their system in place, because that's gotta be just as good, right? Maybe just charge them a nice flat $49.95 rate for the snake oil services you're rendering, and toss in a sample pack of those herbal supplements for good measure. What could possibly go wrong?

I guess it's easy to claim somebody's on a "high horse" when you're uninformed and/or dishonest. Have a nice day.

Re:Who still pays for antivirus?

[Billly Gates]

No you need a real anti virus package like Avast! or MSE if you refuse to have full shield protections.

All it takes is 1 ad with a zero day exploit in flash or javascript to get on your system. It has happened to me twice this year. No I do not click on random shit and everything is up to date. The javascript hack used an IP address therebye bypassing XSS cross domain and openDNS security. Very sneaky.

After your infected your done. I reformat my system as I do banking and student loans on it and can't risk infection. There is no excuse not to run anti virus software in 2012. It is not 2002 where all you need is a hardware firewall and not use IE 6 to magically be 100% secure anymore. Hackers have moved on and target flash, java, and ajax ads to bypass Windows and target all 3 browsers.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Who still pays for antivirus?

[default luser]

Nope, Common Sense 2012 Platinum here. Haven't had any infection in well over half a decade.

You and I used to be on the same page. I was smart and never got infected for years despite having no running virus scanner. I would verify every few months by running an online virus check, and that was that.

But two years ago I started reading about hackers compromising websites and ad networks and injecting their own exploits into an otherwise trusted webpage. Even tools like Noscript couldn't keep you %100 safe because of potential exploits in Javascript and PDF (unless you wanted to live in the dark ages of the web).

No amount of Common Sense could save you from this attack, and you had no idea when it could strike. I installed Microsoft Security Essentials, and I'm glad now that I did: a few months ago it caught a drive-by download exploit from a website I trusted. I'm very happy to have that level of protection on the Wild Wild Web.