Forgot your password?
typodupeerror
Security IT

Symantec Sued For Running Fake "Scareware" Scans 391

Posted by samzenpus
from the selling-fear dept.
Sparrowvsrevolution writes "James Gross, a resident of Washington State, filed what he intends to be a class action lawsuit against Symantec in a Northern District California court Tuesday, claiming that Symantec defrauds consumers by running fake scans on their machines, with results designed to bully users into upgrading to a paid version of the company's software. 'The scareware does not conduct any actual diagnostic testing on the computer,' the complaint reads. 'Instead, Symantec intentionally designed its scareware to invariably report, in an extremely ominous manner, that harmful errors, privacy risks, and other computer problems exist on the user's PC, regardless of the real condition of the consumer's computer.' Symantec denies those claims, but it has a history of using fear mongering tactics to bump up its sales. A notice it showed in 2010 to users whose subscriptions were ending in 2010 warned that 'cyber-criminals are about to clean out your bank account...Protect yourself now, or beg for mercy.'"
This discussion has been archived. No new comments can be posted.

Symantec Sued For Running Fake "Scareware" Scans

Comments Filter:
  • by DCTech (2545590) on Thursday January 12, 2012 @09:04AM (#38672608)

    There are perfectly good free antivirus programs now, if you want to run one. Most of them are actually better than the non-free antivirus programs. Microsoft Security Essentials [wikipedia.org] is a free antivirus that is many times better than Symantec's and others. On top of that it is lightweight and fast, compared to the bloated crap that Norton is. It works on slower machines too, detects more viruses and doesn't break stuff.

    On 8 June 2011, PC Advisor listed Microsoft Security Essentials 2.0 in its article Five of the Best Free Security Suites, which included Avast! 6 Free Edition, Comodo Antivirus 5.4, AVG Antivirus 2011 and BitDefender Total Security 2012 Beta.

    So choose from those. Personally I don't run any antivirus as I don't download random executables from the internet nor surf to random porn sites or download from torrent sites. Windows is also secure now a days, and I haven't had a single malware in like 10 years.

    • by Anonymous Coward on Thursday January 12, 2012 @09:09AM (#38672628)

      "Personally I don't run any antivirus... ...and I haven't had a single malware in like 10 years"

      How can you know that for sure?

      • by v1 (525388)

        "Personally I don't run any antivirus... ...and I haven't had a single malware in like 10 years"

        How can you know that for sure?

        It probably has something to do with the fruit-shaped logo on his computer. ;) (I can say the same thing, for the same reason)

        Tho getting more OT, I'm surprised that Symantec would stoop to doing fake scans in the most blatant expression of scareware. They already have a very long list of suckers, they don't need to break the law to be well into the black. They had to know doing

    • by RogueyWon (735973) * on Thursday January 12, 2012 @09:28AM (#38672786) Journal

      I'm by no means anti-MS (Windows 7 is the only OS on both of my home PCs these days), but I'd take issue with the blanket statement that "Windows is also secure now a days".

      I went through endless fun thanks to the parents just before Christmas. They fell for one of those fake-DHL-shipping-notice spam e-mails (as they were actually expecting a Christmas-related DHL delivery) and, with a single click, landed their (3 month old, Norton-"protected", UAC-enabled) PC with one of the most vicious and persistent pieces of malware I've ever seen. One of those fake-AV-software ransomware jobbies. It disabled Norton, blocked Windows from accessing DVD and USB drives, did a dns redirect so that browsers could only access the ransomware page and all kinds of crap. I've sorted these before by doing a system restore from a backup point in safe-mode, but even though the restore allegedly worked in this case, the malware persisted through it quite happily. Ended up doing a full format and reinstall of Windows.

      Now, there are a lot of failures in this story; my parents for clicking the link, Norton for being completely (and predictably) useless and so on. But I still have problems with describing an OS where a single click can land you in that kind of mess as "secure".

      Personally, I use AVG, on the grounds that it provides some basic protection and makes my system chug less than most of its rivals. But it's by no means infallible, throws up a depressing number of false positives and the only way to avoid infection does appear to be abject paranoia (which is now my default policy).

      • Re: (Score:2, Insightful)

        by DCTech (2545590)

        I'm by no means anti-MS (Windows 7 is the only OS on both of my home PCs these days), but I'd take issue with the blanket statement that "Windows is also secure now a days".

        I went through endless fun thanks to the parents just before Christmas. They fell for one of those fake-DHL-shipping-notice spam e-mails (as they were actually expecting a Christmas-related DHL delivery) and, with a single click, landed their (3 month old, Norton-"protected", UAC-enabled) PC with one of the most vicious and persistent pieces of malware I've ever seen.

        So in reality, it isn't Windows problem, it's user problem. Unless you run walled garden like iOS on your PC, there will always be malware that will try to trick user, regardless of OS. It works in Windows, it works in OSX and it works in Linux.

        • by cduffy (652)

          So in reality, it isn't Windows problem, it's user problem. Unless you run walled garden like iOS on your PC, there will always be malware that will try to trick user, regardless of OS. It works in Windows, it works in OSX and it works in Linux.

          Infecting the whole system (not just that one account) with a single click (no UAC, no gksudo/sudo, etc)? Not so much.

          Privilege escalation bugs are certainly easier to come by than remote exploits, for any OS, but that's not to say that everyone has known ones runnin

        • by RogueyWon (735973) * on Thursday January 12, 2012 @09:51AM (#38672982) Journal

          No, I think there's a problem with an OS that allows for that degree of fundamental OS modification on the basis of a single click with no user confirmation prompts and no recovery path.

          • by jimicus (737525)

            No, I think there's a problem with an OS that allows for that degree of fundamental OS modification on the basis of a single click with no user confirmation prompts and no recovery path.

            I'd like to know how you'd propose getting around that in general terms with any modern OS.

            gksudo and the prompt on OS X - once you've persuaded the person to enter their password, you're away. You've got root access, you can do literally anything you like. Up to and including patching the kernel so that you are more-or-less impossible to remove.

            • No, I think there's a problem with an OS that allows for that degree of fundamental OS modification on the basis of a single click with no user confirmation prompts and no recovery path.

              I'd like to know how you'd propose getting around that in general terms with any modern OS.

              gksudo and the prompt on OS X - once you've persuaded the person to enter their password, you're away. You've got root access, you can do literally anything you like. Up to and including patching the kernel so that you are more-or-less impossible to remove.

              I guess it means no root access or sudo privilege for the user.

              Unfortunately, the user and admin of a home PC are usually one and the same.

          • by Anonymous Coward on Thursday January 12, 2012 @10:42AM (#38673412)

            Do you run your linux box as root? No??? Then why run all your Windows 7 executeables as administrator? Either you secured your parents box, or they were logged in with an administrator account and clicked through the UAC pop up without reading or without understanding.

            Even if you're logged in as an administrator, that UAC pop up is the "user confirmation prompt" that you were just screaming about not having. And no recovery path? How do you think you'd recover from an rm -rf if you were logged into your term as root?

            The fact of the matter is, there was a failure to secure the computer. Judging by how you described the situation and the support structure, that failure was yours.

      • by Kjella (173770)

        Either it was more than a single click, or your story is missing a remote code execution exploit in the browser/plugins they were using. You're in trouble on any OS if you have hostile code running, even if it's just under a normal user account.

      • On XP machines the use of root kits that utilize VSS are common. Don't bother trying to remove or use system restore since they are controlling the PC from that vector. Full wipe is the most efficient method of mitigation. On Windows 7 there are not as many root kits that work since Microsoft has implemented a randomized memory placement of juicy services (the old root kits can't take hold because their target memory location is invalid).

      • by CastrTroy (595695) on Thursday January 12, 2012 @10:21AM (#38673224) Homepage
        Well, I guess it all depends on whether or not we want to be running general purpose computers or not. You don't see many people complaining about viruses on the XBox or other game consoles. You don't see people getting viruses on the iPhone/iPad. But then, you can't run whichever program you want on these platforms. You can only run MS (or Apple, or whoever) approved software, unless you take some huge steps to go around the protections. The computer can either be designed to run whatever program the user tells it to run, or it can be made secure so that it only runs signed software. You can't have it both ways. Sadly, I think for this reason, that the majority of the population will go to appliance type computers in the next decade, where the downside is that they can only run signed software from specific markets, but with the upside that they will never get a virus. Those of us who know what we are doing can run general purpose computers, possibly without even having virus scanners, because we are smart enough to not even run the virus in the first place. I have MS Security Essentials, and if it wasn't so lean, I wouldn't run it, because it hasn't detected a single thing in the 2 years I've been using it. Because I know not to download and run crap off the internet.
      • Personally, I like MS Security Essentials as it's about as effective as AVG was. The nice thing is, it ties into Windows Update and does get an update once a month. In fact, I was able to convince a senior friend to pull McAffee from her system (caused to many slowdowns) and installed it. Much better performance for her and it doesn't get in the damn way.

        As part of my system security settings, I've enabled DEP for all processes instead of the limited subset that MS enables by default. The interesting thing

    • by Anonymous Coward on Thursday January 12, 2012 @09:31AM (#38672804)

      You don't have to "willingly" download applications/.exe's to get malware, trojans, etc. There's a lot more out there then you think....

    • by Joce640k (829181) on Thursday January 12, 2012 @09:31AM (#38672810) Homepage

      I haven't had a single malware in like 10 years.

      How do you know? It's not like they pop up a window to let you know if the installation was successful.

      • by ifrag (984323)

        How do you know? It's not like they pop up a window to let you know if the installation was successful.

        No, some of them do. The popup that warns you it's time to purchase the full version of their virus scanner with cleaning capability, because--surprise--you are infected now.

        Seriously though, this is how I identified one of my old XP boxes was infected. Also around the time I switched from Avast to MSE.

      • Well, dunno about him, but before I gave in and tried an antivirus again around Christmas, I can say that everything loaded much faster, there was no suspicious modem activity, there were no popups telling me to pay X dollars or else, and haven't had any funny charges on my credit card either.

        Honestly, if I had any malware, it was far better behaved than any antivirus I've ever seen. From a simple pragmatic point of view, I should have stuck with that.

    • I do not recommend AVG. It will not leave you alone about system scans and I have found no way to disable the "warning." Also, Microsoft Security Essentials is nice--despite my loathing of Microsoft. I personally do not run any antivirus myself, which I find to be the cleanest solution. For regular users though I would recommend MSE--it stays out of the way. It is not legal for use in a business or on Enterprise versions of Windows 7.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        Actually -

        Microsoft Security Essentials is available for small businesses with up to 10 PCs. If your business has more than 10 PCs, you can protect them with Microsoft Forefront Endpoint Protection.

        Since you mention "Enterprise versions of Windows 7" you likely are in an environment that is some order of magnitude larger but many small businesses run it.

    • by dkleinsc (563838)

      There's also the GPL-licensed ClamAV [clamav.net], which has a Windows version called Immunet which isn't half-bad.

    • None of the free AV suites provide central management from a server-side console. Secondly, even MSE states in the EULA that it's not to be used in a business environment. It's for personal use only. Microsoft Forefront Endpoint Protection 2010 however a version of MSE that's centrally managed and in fact uses the same engine and definitions.

      BTW, I recommend Trend Micro WFB for small and medium businesses. The new version of Vipre is good from a management point of view, but still on the fence of how effect

    • Maybe you're a shill after all, who modded this shit up? You work for Waggener Edstrom?

    • I haven't run anti-virus since '99 or so, and once I trained the kid how not to click pop-ups and stuff when he's surfing porn, I quit having to format and re-install the OS. It's all about which sites one visits.

    • Who still pays for antivirus?

      People who buy cheap machines from OEMs that come laden with crapware. After the 6 month "free trial" the software pops-up a big glaring "you're not protected anymore please pay" sign, and most people probably give in.

      I just encountered TWO different "free trial" antivirus programs installed on a family member's cheap E-Machines POS (they really cashed-in there). I removed both and replaced it with MSE.

      The sad thing is, you can get a crapware-free PC [microsoft.com], but the price premium is

  • Antivirus? (Score:5, Interesting)

    by SuricouRaven (1897204) on Thursday January 12, 2012 @09:11AM (#38672654)
    We used to use Symantic antivirus at my workplace. Then we had a virus outbreak. Not a cutting-edge virus, just an old USB-stick-infector that symantic was powerless against. Didn't even detect it half the time, and when it did failed to do anything. So we use Sophos now.
    • Re:Antivirus? (Score:5, Interesting)

      by ledow (319597) on Thursday January 12, 2012 @09:20AM (#38672722) Homepage

      Unfortunately, I can tell you the same story about any AV product out there, from personal experience.

      Go to virustotal.com and upload any "known" virus you encounter and see how many big-name AV vendors don't recognise it at all.

      Then make yourself a utility that crashes your system or takes over your startup entries, or does exactly what any virus will do and see how it fares against the same tests. I'd be very surprised if *any* of them picked it up, even with "heuristics" turned on.

      • by Joce640k (829181)

        I often respond to obviously-a-virus emails inside Virtual PC just to see what happens. The antivirus usually doesn't start protecting me until a week or more after the email arrives.

        A week is an awfully long window for infection in the internet age. It makes antivirus programs next-to-useless IMHO.

        The single best thing a Windows user can do to protect themself is not run as administrator.

        {Cue all the "Or not run windows!" replies...}

        • {Cue all the "Or not run windows!" replies...}

          Or, as an alternative, run any infection vector program inside a VM, and access it from your main Windows host via RDP (if running a copy of Windows in the VM) or X (for Linux VMs). With my setup, I have Internet Explorer set to not run any scripts or plugins, and the Firefox icon points to a Cygwin script that launches Firefox on a remote Linux box. Same with IM clients, etc. Went from having to rebuild the Windows box that the kids used on a weekly basis to hardly having to touch it at all.

      • by Spad (470073)

        This is true, however, Symantec's corporate AV/Endpoint is still pretty terrible and has been for a while, even if you ignore the ludicrously unreliable uninstall mechanism.

        Personally I tend to shill for Sophos in these situations, but that's mostly because I've had very good experiences with their products; I'm sure there are lots of other AV solutions that are just as good for the Windows workplace depending on your needs.

      • Re:Antivirus? (Score:4, Interesting)

        by jimicus (737525) on Thursday January 12, 2012 @10:28AM (#38673300)

        Then make yourself a utility that crashes your system or takes over your startup entries, or does exactly what any virus will do and see how it fares against the same tests. I'd be very surprised if *any* of them picked it up, even with "heuristics" turned on.

        Contrariwise, I'm a big fan of scripting away work for efficiency gains - and I've noticed some heuristic scanners have a tendency to block a lot of functionality in many scripts. You're buggered either way.

    • Dump it and get ESET's enterprise protection. 1/3 the memory footprint, and significantly faster scanning time. If I had the option, I'd drop Sophos like a ginger stepchi... uhhh... A bad case of the cla.... errr... A hot potato. Unfortunately, due to bulk licensing, they come out around 50% cheaper than competitors, and bean counters are tight-fisted nowadays.
    • For all those curious people replying, I should have identified the virus. The Sophos identified it as Ramnit/A, and it certainly looks like Ramnit in the way it infects HTML files. It also infects removeable drives, hideing files in the recycle bin folder and using an autorun file to launch them, and places itsself in start menu startup. We believe it came in via USB, and suspect Patient Zero to be a user who brought in a copy of Grand Theft Auto 2 he torrented.
  • by hcs_$reboot (1536101) on Thursday January 12, 2012 @09:14AM (#38672682)
    A number of users reported that after installing Symantec anti-viruses their system was slower, could detect false-positives, or worse, hang.
    So in a way, the "scareware" is not totally wrong, as it warns about a degraded system - which may well be the case after the full product is installed.
    • Symantec has a well-deserved reputation for being atrocious; but pretty much any AV mechanism that does on-access scanning(which is most of them by default, though it can generally be turned off somewhere, if you feel particularly lucky) is going to tank your apparent disk access speeds, since the AV process has to chew on the data before handing them over to the program requesting them. Unless you have an SSD or a fairly punchy RAID setup, lousy disk access speeds are one of the best ways to make a system
  • by jimicus (737525) on Thursday January 12, 2012 @09:19AM (#38672714)

    This isn't Symantec AV we all know and love(!) at the heart of these complaints. It's one of those "sooper-registry-optimizer!!11" programs that Symantec apparently offer.

    Now, these strike me as somewhat odd. I've been dealing with Windows in one form or another since before the registry even existed - and I've never yet seen one of these tools do the slightest bit of good. Sure, if there's a specific problem (eg. malware) then a specific tool to deal with it may well help - but every single generic registry optimiser I've ever seen seems to be optimised to suck £20-30 from the customer's bank account rather than actually help them in any way.

    • by Spad (470073)

      Registry "bloat" is a bit like encumberence in RPGs; there's very little difference between a new "clean" registry and one that's full of leftover crap from old apps and the like (as opposed to actual issues that may be present, but no automated system can reliably resolve those) right up you hit the limit and slow to a crawl. These days you'd have to be going some to reach that point, so it's just not worth the risk of knackering your system for some negligible performance gain.

      • by Lehk228 (705449)
        there are scans that are worth running, but i am pretty sure there are free tools that do what need to be done, scans that look for dead references, which cause the system to attempt and fail to load files or libraries that no longer exist on the filesystem can speed up installs, however installers / uninstallers have gotten a lot better about that kind of crap so there are not nearly as many dangling references left in the registry by common software
        • by DavidTC (10147)

          CCleaner does what you're talking about, and is of course, free. (And you should have it anyway because of the actual functionality of it.)

          All registry cleaners are essentially scams. Deleting paths to hundreds of files that don't exist anymore might speed up windows by 1 second during boot. None of it's worth paying any money for. Although if you have CCleaner you might was well run the registry scanner everyone once in a while, it won't hurt.

  • by sgt scrub (869860) <saintium@@@yahoo...com> on Thursday January 12, 2012 @09:33AM (#38672822)

    I think it is ironic that Microsoft fights like hell to make sure the customer is using their browser but leaves the security of the system "up to the user". As far as being scary: Is it any more frightning than the OS itself telling you, "Your unprotected! Get AV now!"? Why the hell would they want to frighten customers about the security of the system instead of just adding it to the OS?!? Insanity!

  • Hmm. (Score:5, Funny)

    by slasho81 (455509) on Thursday January 12, 2012 @10:15AM (#38673180)
    Symantec is scaring people to get what they want. So by definition, Symantec are terrorists.
  • I have an elderly (85) neighbor who just wants to be able to read his email and look at the pictures of his grandchildren that their parents send. He was constantly being confused and alarmed by scareware and Windows security announcements, offers to upgrade Hotmail, etc, which occured practically every time he turned on his machine. I put him on Ubuntu, set it up to go straight to his Gmail when he powered on, and to never announce upgrades (he's happy with status quo as long as he has a working machine)
    • Not entirely. I've occasionally hit web sites that purport to run a scan and find a boatload of viruses on my computer. Since I don't use an antivirus program, it might be credible, except that I'm running Linux and the files "found" by the "scan" are things like Windows DLLs which are not, in fact, anywhere on it. I'm not sure if the web sites where I've seen this have any connection to Symantec. I hope the plaintiff takes them to the cleaners!
  • I'm wondering if this charge is legally provable. I would think the complainant would have to do some reverse engineering of Symantec's software and reverse engineering is most likely forbidden by Symantec's EULA. Without this, how can it be proven what Symantec did or did not find on the computer? Even then, does anyone think it can be made understandable to a judge or 12 jurors?
  • by virgnarus (1949790) on Thursday January 12, 2012 @10:57AM (#38673506)
    While I agree Symantec products are awful bloatware that infect many OEM and the PCs of other less educated souls, I do enjoy their malware analysis blog. Being someone who's studying reverse engineering, kernel debugging, and advanced PC troubleshooting (investigating BSODs, hangs, etc.), I enjoy reading about the dissection of malware and their approach in doing so. Indeed, there are many malware analysis blogs out there that offer the same, but I can't see how someone wouldn't appreciate more, regardless of whoever it is that's providing it.

God made machine language; all the rest is the work of man.

Working...