Symantec Sued For Running Fake "Scareware" Scans

Sparrowvsrevolution writes "James Gross, a resident of Washington State, filed what he intends to be a class action lawsuit against Symantec in a Northern District California court Tuesday, claiming that Symantec defrauds consumers by running fake scans on their machines, with results designed to bully users into upgrading to a paid version of the company's software. 'The scareware does not conduct any actual diagnostic testing on the computer,' the complaint reads. 'Instead, Symantec intentionally designed its scareware to invariably report, in an extremely ominous manner, that harmful errors, privacy risks, and other computer problems exist on the user's PC, regardless of the real condition of the consumer's computer.' Symantec denies those claims, but it has a history of using fear mongering tactics to bump up its sales. A notice it showed in 2010 to users whose subscriptions were ending in 2010 warned that 'cyber-criminals are about to clean out your bank account...Protect yourself now, or beg for mercy.'"

Who still pays for antivirus?

[DCTech]

There are perfectly good free antivirus programs now, if you want to run one. Most of them are actually better than the non-free antivirus programs. Microsoft Security Essentials [wikipedia.org] is a free antivirus that is many times better than Symantec's and others. On top of that it is lightweight and fast, compared to the bloated crap that Norton is. It works on slower machines too, detects more viruses and doesn't break stuff.

On 8 June 2011, PC Advisor listed Microsoft Security Essentials 2.0 in its article Five of the Best Free Security Suites, which included Avast! 6 Free Edition, Comodo Antivirus 5.4, AVG Antivirus 2011 and BitDefender Total Security 2012 Beta.

So choose from those. Personally I don't run any antivirus as I don't download random executables from the internet nor surf to random porn sites or download from torrent sites. Windows is also secure now a days, and I haven't had a single malware in like 10 years.

Re:Who still pays for antivirus?

[Anonymous Coward]

"Personally I don't run any antivirus... ...and I haven't had a single malware in like 10 years"

How can you know that for sure?

Re:

[v1]

"Personally I don't run any antivirus... ...and I haven't had a single malware in like 10 years"

How can you know that for sure?

It probably has something to do with the fruit-shaped logo on his computer. ;) (I can say the same thing, for the same reason)

Tho getting more OT, I'm surprised that Symantec would stoop to doing fake scans in the most blatant expression of scareware. They already have a very long list of suckers, they don't need to break the law to be well into the black. They had to know doing

Re:

[Midnight Thunder]

Or maybe he is using an OS with a penguin as a mascot?

Re:Who still pays for antivirus?

[Anonymous Coward]

Since you have worked at a PC shop, and are therefore are presumably a leading information security expert and well versed in the intricacies of system security auditing, please explain this process of manually checking for viruses. Given the general nature of how serious compromises actually work, this revolutionary method will be game changing. I am eagerly awaiting my subscription to your newsletter.

In all seriousness, I hope you didn't bill hours for your security expertise, although sadly I suspect you did.

Re:Who still pays for antivirus?

[ElectricTurtle]

Autoruns, Rootkit Revealer. Granted, those are technically not for commercial use (giggle), but seriously, for SOHO stuff you really don't need anything else. This isn't exactly some DoD classified network here.

Re:

[Billly Gates]

No you need a real anti virus package like Avast! or MSE if you refuse to have full shield protections.

All it takes is 1 ad with a zero day exploit in flash or javascript to get on your system. It has happened to me twice this year. No I do not click on random shit and everything is up to date. The javascript hack used an IP address therebye bypassing XSS cross domain and openDNS security. Very sneaky.

After your infected your done. I reformat my system as I do banking and student loans on it and can't risk

Re:

[dasunt]

I will agree that autoruns and a rootkit revealer are great tools.

I'm also fond of searching for other files created at the same time as any viruses found. I prefer to do this from a known-good computer, after manually pulling the drive. This will often find other suspicious files that virus scanners miss. Admittedly, a virus could come along that would change its creation/modfication time, but IME, virus writers don't bother doing this.

I would also add pstools to the list, especially for removal. Th

Re:

[ElectricTurtle]

Where 'completely ineffective' means 'able to solve all problems experienced by customers' yeah, I'm ok with that. You don't need a CISSP to be an effective bench tech at a local PC shop. The customers can't afford it and don't need it. Get off your ridiculous high horse.

Re:

[Anonymous Coward]

You just made my point for me. You wouldn't have actually solved the problems at all. If you think "lack of obvious indications that anything is still on the system" qualifies as solving the problem, you're making a living from lying to uninformed customers. Instead, you should be informing your customers of the actual risks involved related to the security of the private (frequently, including financial information) data on their systems.

Do you even try to deal honestly with your customers, or do you prefe

Re:Who still pays for antivirus?

[jackbird]

And how many billable hours is that rebuild, when the customer has actual applications installed that Ninite won't load up (say, a full Autodesk Suite, 10 years of Quickbooks versions side-by-side, originally purchased through downloading, or some horrible niche vertical business management app)?

When a new perfectly serviceable desktop runs $400, you end up incentivizing people to throw infected PCs in the trash or simply not repair infected machines. That's crazy.

Re:

[ElectricTurtle]

It's called diminishing returns, homeslice. Yeah, maybe sometimes a few other things would turn up if more time was taken or the tech had more experience, but is it worth it to the customer to pay x times more and wait y more hours to offset the potential harm that's z% likely? It's all well and good to take some kind of absolutist approach as some ideological, utopian abstract, but when the practical scenario plays out for real people, they don't care to spend tons of money and time on some decade old piec

Re:Who still pays for antivirus?

[somersault]

The vast majority of malware isn't that clever or "serious" in the sense that it's written to specifically target you or a company you work for - so you could check running tasks and a few places in the registry for any dubious executables. You could check if the machine has any unexplained network activity. You might not be able to completely remove the malware just by looking in those places, but you have a good chance of detecting symptoms.

I don't think your sarcasm was particularly warranted in this situation.

Re:

[justforgetme]

I might be wrong here but I think looking for bad files isn't actually rocket science.
Dismantling them, analyzing and countermeasuring them usually is the trickier part.

If I would have to go that route I probably would run checksum comparisons to accepted values for each file in the system.
All files that turn up in that list and are not logs/media/cache are candidates.
Then check all locations that contain files with autoexecution scripts and screen them for behavior I don't like.

After that you probably will

Re:

[Bengie]

Since Windows is actually secure now-a-days and malware can't just install itself without the user running it, I use the Linux approach. If you know what you're running, you don't need a virus scanner.

Since ALL of my applications fall under the Microsoft, Open Source, Steam, Blizzard, and Chrome category, and nearly all of my visited websites are a small group of known websites that I have been using for the past decade, I'm not too concerned about malware getting installed.

Re:

[elsurexiste]

Not hard at all in most cases. Check the list of running processes for strange names. Run msconfig and check for weird programs starting up. Boot with a pen drive linux distribution, let's say Backtrack. Delete the offending files and clean those scripts. Rinse and repeat.

Re:

[nigelo]

So, once you finally detect that you have some malware (how do you do that, again?) you are ready to go back to some backup that doesn't have the malware (how do you know which backup saveset to pick?) that may be months or years-old.

It sounds to me like you just lost months or years of data and code updates, even if you can guarantee the backup you chose to restore from was good (no malware).

Re:

[fuzzyfuzzyfungus]

This doesn't help if you need a gigabit link to your switch, or only have one PC,(or, most likely, if you just don't look good in a tinfoil hat); but constructing a passive tap for 10/100 ethernet is trivial [luc.edu] and allows you to sample the ether between your system and the hostile world of the internet from a second host.

If you need gigabit, or want to be all classy about it, you'll need a switch with port mirroring; but this is the easy and cheap way to slip an almost-certainly-OK-because-it-was-just-boote

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Who still pays for antivirus?

[RogueyWon]

I'm by no means anti-MS (Windows 7 is the only OS on both of my home PCs these days), but I'd take issue with the blanket statement that "Windows is also secure now a days".

I went through endless fun thanks to the parents just before Christmas. They fell for one of those fake-DHL-shipping-notice spam e-mails (as they were actually expecting a Christmas-related DHL delivery) and, with a single click, landed their (3 month old, Norton-"protected", UAC-enabled) PC with one of the most vicious and persistent pieces of malware I've ever seen. One of those fake-AV-software ransomware jobbies. It disabled Norton, blocked Windows from accessing DVD and USB drives, did a dns redirect so that browsers could only access the ransomware page and all kinds of crap. I've sorted these before by doing a system restore from a backup point in safe-mode, but even though the restore allegedly worked in this case, the malware persisted through it quite happily. Ended up doing a full format and reinstall of Windows.

Now, there are a lot of failures in this story; my parents for clicking the link, Norton for being completely (and predictably) useless and so on. But I still have problems with describing an OS where a single click can land you in that kind of mess as "secure".

Personally, I use AVG, on the grounds that it provides some basic protection and makes my system chug less than most of its rivals. But it's by no means infallible, throws up a depressing number of false positives and the only way to avoid infection does appear to be abject paranoia (which is now my default policy).

Re:

[DCTech]

I'm by no means anti-MS (Windows 7 is the only OS on both of my home PCs these days), but I'd take issue with the blanket statement that "Windows is also secure now a days".

I went through endless fun thanks to the parents just before Christmas. They fell for one of those fake-DHL-shipping-notice spam e-mails (as they were actually expecting a Christmas-related DHL delivery) and, with a single click, landed their (3 month old, Norton-"protected", UAC-enabled) PC with one of the most vicious and persistent pieces of malware I've ever seen.

So in reality, it isn't Windows problem, it's user problem. Unless you run walled garden like iOS on your PC, there will always be malware that will try to trick user, regardless of OS. It works in Windows, it works in OSX and it works in Linux.

Re:

[cduffy]

So in reality, it isn't Windows problem, it's user problem. Unless you run walled garden like iOS on your PC, there will always be malware that will try to trick user, regardless of OS. It works in Windows, it works in OSX and it works in Linux.

Infecting the whole system (not just that one account) with a single click (no UAC, no gksudo/sudo, etc)? Not so much.

Privilege escalation bugs are certainly easier to come by than remote exploits, for any OS, but that's not to say that everyone has known ones runnin

Re:Who still pays for antivirus?

[RogueyWon]

No, I think there's a problem with an OS that allows for that degree of fundamental OS modification on the basis of a single click with no user confirmation prompts and no recovery path.

Re:

[jimicus]

No, I think there's a problem with an OS that allows for that degree of fundamental OS modification on the basis of a single click with no user confirmation prompts and no recovery path.

I'd like to know how you'd propose getting around that in general terms with any modern OS.

gksudo and the prompt on OS X - once you've persuaded the person to enter their password, you're away. You've got root access, you can do literally anything you like. Up to and including patching the kernel so that you are more-or-less impossible to remove.

Re:

[Rob the Bold]

No, I think there's a problem with an OS that allows for that degree of fundamental OS modification on the basis of a single click with no user confirmation prompts and no recovery path.

I'd like to know how you'd propose getting around that in general terms with any modern OS.

gksudo and the prompt on OS X - once you've persuaded the person to enter their password, you're away. You've got root access, you can do literally anything you like. Up to and including patching the kernel so that you are more-or-less impossible to remove.

I guess it means no root access or sudo privilege for the user.

Unfortunately, the user and admin of a home PC are usually one and the same.

Re:Who still pays for antivirus?

[Anonymous Coward]

Do you run your linux box as root? No??? Then why run all your Windows 7 executeables as administrator? Either you secured your parents box, or they were logged in with an administrator account and clicked through the UAC pop up without reading or without understanding.

Even if you're logged in as an administrator, that UAC pop up is the "user confirmation prompt" that you were just screaming about not having. And no recovery path? How do you think you'd recover from an rm -rf if you were logged into your term as root?

The fact of the matter is, there was a failure to secure the computer. Judging by how you described the situation and the support structure, that failure was yours.

Re:

[Rob the Bold]

Then don't give your parents administrative privileges. It's that simple.

Linux can be just as hosed if you give everyone access to sudo, which is exactly what the UAC is.

The personal dynamics of the situation aside, you've got to weigh getting called frequently for minor issues like application installs and config changes against getting called occasionally for complete system wipe and re-install.

Re:

[icebraining]

rm: it is dangerous to operate recursively on `/'
rm: use --no-preserve-root to override this failsafe

Re:

[Kjella]

Either it was more than a single click, or your story is missing a remote code execution exploit in the browser/plugins they were using. You're in trouble on any OS if you have hostile code running, even if it's just under a normal user account.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Who still pays for antivirus?

[CastrTroy]

Well, I guess it all depends on whether or not we want to be running general purpose computers or not. You don't see many people complaining about viruses on the XBox or other game consoles. You don't see people getting viruses on the iPhone/iPad. But then, you can't run whichever program you want on these platforms. You can only run MS (or Apple, or whoever) approved software, unless you take some huge steps to go around the protections. The computer can either be designed to run whatever program the user tells it to run, or it can be made secure so that it only runs signed software. You can't have it both ways. Sadly, I think for this reason, that the majority of the population will go to appliance type computers in the next decade, where the downside is that they can only run signed software from specific markets, but with the upside that they will never get a virus. Those of us who know what we are doing can run general purpose computers, possibly without even having virus scanners, because we are smart enough to not even run the virus in the first place. I have MS Security Essentials, and if it wasn't so lean, I wouldn't run it, because it hasn't detected a single thing in the 2 years I've been using it. Because I know not to download and run crap off the internet.

Re:

[fast turtle]

Personally, I like MS Security Essentials as it's about as effective as AVG was. The nice thing is, it ties into Windows Update and does get an update once a month. In fact, I was able to convince a senior friend to pull McAffee from her system (caused to many slowdowns) and installed it. Much better performance for her and it doesn't get in the damn way.

As part of my system security settings, I've enabled DEP for all processes instead of the limited subset that MS enables by default. The interesting thing

Re:

[hawkinspeter]

It's more like Toyota selling a car that can have all it's controls and engine reconfigured from a panel stuck on the outside of the car.

Knowledgeable drivers would set up the engine and pedals how they want and then fit a lock on the panel so that random strangers can't alter their car's behaviour. However, the average Joe sometimes has problems driving his car when some joker has configured the brake pedal to be full acceleration.

I'd blame the car first for having such a stupid feature and the driver

Re:Who still pays for antivirus?

[Anonymous Coward]

You don't have to "willingly" download applications/.exe's to get malware, trojans, etc. There's a lot more out there then you think....

Re:Who still pays for antivirus?

[Joce640k]

I haven't had a single malware in like 10 years.

How do you know? It's not like they pop up a window to let you know if the installation was successful.

Re:

[ifrag]

How do you know? It's not like they pop up a window to let you know if the installation was successful.

No, some of them do. The popup that warns you it's time to purchase the full version of their virus scanner with cleaning capability, because--surprise--you are infected now.

Seriously though, this is how I identified one of my old XP boxes was infected. Also around the time I switched from Avast to MSE.

Well, here's my metric

[Moraelin]

Well, dunno about him, but before I gave in and tried an antivirus again around Christmas, I can say that everything loaded much faster, there was no suspicious modem activity, there were no popups telling me to pay X dollars or else, and haven't had any funny charges on my credit card either.

Honestly, if I had any malware, it was far better behaved than any antivirus I've ever seen. From a simple pragmatic point of view, I should have stuck with that.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Anonymous Coward]

Actually -

Microsoft Security Essentials is available for small businesses with up to 10 PCs. If your business has more than 10 PCs, you can protect them with Microsoft Forefront Endpoint Protection.

Since you mention "Enterprise versions of Windows 7" you likely are in an environment that is some order of magnitude larger but many small businesses run it.

Re:

[dkleinsc]

There's also the GPL-licensed ClamAV [clamav.net], which has a Windows version called Immunet which isn't half-bad.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[GameboyRMH]

Maybe you're a shill after all, who modded this shit up? You work for Waggener Edstrom?

Re:

[hoboroadie]

I haven't run anti-virus since '99 or so, and once I trained the kid how not to click pop-ups and stuff when he's surfing porn, I quit having to format and re-install the OS. It's all about which sites one visits.

Re:

[default luser]

Who still pays for antivirus?

People who buy cheap machines from OEMs that come laden with crapware. After the 6 month "free trial" the software pops-up a big glaring "you're not protected anymore please pay" sign, and most people probably give in.

I just encountered TWO different "free trial" antivirus programs installed on a family member's cheap E-Machines POS (they really cashed-in there). I removed both and replaced it with MSE.

The sad thing is, you can get a crapware-free PC [microsoft.com], but the price premium is

Re:Who still pays for antivirus?

[PenquinCoder]

I'm not exactly pro-MS but DTech is correct. MSE is actually one of the better anti-virus programs for windows these days. You can't fault MS for snapping up a company/product that worked well and then including it for free in their (buggy and insecure) OS. It's at least one thing they did right.

Re:

[GameboyRMH]

Yeah it's decent, if DCTech is a shill then MS is hurting MSSE's reputation with this shit. Good tools don't need to be advertised by shills.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Who still pays for antivirus?

[Anonymous Coward]

Depending on the specific situation you may be violating the EULA for those clients. MSE is only for use in a business with up to 10 PCs. After that you need to use and pay for Forefront.

Re:Who still pays for antivirus?

[kvvbassboy]

But MSE is the best free antivirus software.

Re:

[jank1887]

true. I had Symantec corp. edition at home via the office's home use license. bogged down my older pc, older laptop, and netbook. switched all to MSE, and now rarely see Process Explorer showing the AV chewing up 25-50% of the cpu for extended periods of time.

I fear, however, that part of this is the usual Windows integration problem. Office suites that can't access the same undocumented API's as MS Office, running slower as a result, etc. So, once again MS offers a free version of something to undermine an

Re:Who still pays for antivirus?

[tnk1]

Why would MS work to put AV companies out of business? The reason for MSE is plain: they're embarrassed about the (deserved) reputation of their past OSes in terms of security and needed to address it. These bloated AV programs like Symantec's suite were also bogging down the systems of people who use Windows, which makes Windows seem slow as well. In the end, it was a smart move to get in there and provide an AV that was both useful and mostly unobtrusive. This isn't the browser wars where MS was working to elbow out Netscape in a new area of software; AV companies have had years to make money and get it right and have instead written an expensive, and bloated product in almost all cases.

Re:

[Charliemopps]

Yes, I'm ashamed to say MSE works really well. I'd argue its because Microsoft has access to their own source-code and knows where they screwed up... but whatever... it's the best AV I've used, and I've used them all.

Re:Who still pays for antivirus?

[TheLink]

I'd argue its because Microsoft has access to their own source-code

I doubt that's the real reason, because both Norton and McAfee used to be good. Then they started to be bigger resource hogs than most viruses they were protecting you against (yes there's other evil stuff that viruses do but keep reading...).

I definitely recall Norton/Symantec making systems more unstable or causing problems:
1) Years ago someone had problems fetching email, turns out Norton/Symantec was intercepting the POP3 connections to scan for viruses (ok fine), but some email was causing it to _crash_ (extremely not fine- especially if it turns out to be an exploitable code-injection bug).

2) In 2007: http://www.pcworld.com/article/132050/millions_of_chinese_hit_by_symantec_foulup.html [pcworld.com]

A virus-signature update delivered automatically to users on Friday about 1:00 a.m. Beijing time to Symantec's antivirus scanning engine mistook two critical system files of the Simplified Chinese edition of Windows XP Service Pack 2 for a Trojan horse. The two files -- netapi32.dll and lsasrv.dll -- were falsely quarantined, which in turn crippled Windows. If an affected PC was rebooted, Windows failed on start-up and showed only a blue screen.

3) On 28 January 2010, Symantec's antivirus software marked Spotify as a Trojan horse, disabling the software across millions of computers

Nowadays depending on the situation I use Avira, MSE or "no antivirus". My personal home machine has no AV installed. My browser runs as a different user process. If I have something that I think is suspicious, I check it with VirusTotal ( https://www.virustotal.com/ [virustotal.com] ). So far I have had no problems doing things this way, so I don't see the point of constantly incurring the extra CPU/resource costs by installing a real-time virus scanner on my machine. For the past few decades my personal machines have never been infected by a virus. I may have downloaded viruses or malware, but I have not been infected by them. And yes I do know how to check.

A dedicated attacker might be able to put malware on my machine, but they'd know how to use virustotal or similar too, and still be able to plant malware on my machine even if I was running AV software (and wasting resources).

The machine my parents use on the other hand has AV software installed (not Symantec, nor McAfee).

AV software is not needed everywhere and in some cases if installed, it indicates someone is doing something wrong: http://xkcd.com/463/ [xkcd.com]

Given my track record vs Symantec's track record, I would prefer to take the bet that Symantec is more likely to screw up my system than a virus. There have been other antivirus vendors with similar screw ups too.

On a related note, Trend screwed up notoriously - albeit with its antispam product, blocking the letter "p".

For these reasons production servers and other important machines that are well secured and managed should NOT have antivirus software installed.

If they are so poorly managed that the operators are much more likely to screw up than the AV vendors, then sure, install AV, but that means you are doing something wrong.

MSE vs. Avast

[tepples]

What makes Microsoft Security Essentials better than Avast [slashdot.org]?

Re:MSE vs. Avast

[lgarner]

Avast has started popping up "alerts" trying to get you to buy their paid product. Of course, the product is free and they're allowed to try to convert some of the free users to paid ones, but I'm also allowed to switch AV products. The Avast popups just got too annoying.

Re:

[Khyber]

MSE doesn't have that shitty announcer that Avast has.

Re:Who still pays for antivirus?

[Anonymous Coward]

I'm sorry you got infected. However you are spreading FUD. MSE is, of course, a real time scanner. Anything that is written to the file system is scanned first; just like with other real time scanners. Now, there probably wasn't a definition for the particular nasty you got infected with at the time. Either that, or you turned off real time - which MSE warns you not to do.

Re:Who still pays for antivirus?

[pclminion]

"Full shielding?" what's with the dorky sci-fi talk? Invert the phase polarity and reroute power to the weapons array! Do you call your car the Starship Enterprise as well?

Re:Who still pays for antivirus?

[default luser]

Nope, Common Sense 2012 Platinum here. Haven't had any infection in well over half a decade.

You and I used to be on the same page. I was smart and never got infected for years despite having no running virus scanner. I would verify every few months by running an online virus check, and that was that.

But two years ago I started reading about hackers compromising websites and ad networks and injecting their own exploits into an otherwise trusted webpage. Even tools like Noscript couldn't keep you %100 safe because of potential exploits in Javascript and PDF (unless you wanted to live in the dark ages of the web).

No amount of Common Sense could save you from this attack, and you had no idea when it could strike. I installed Microsoft Security Essentials, and I'm glad now that I did: a few months ago it caught a drive-by download exploit from a website I trusted. I'm very happy to have that level of protection on the Wild Wild Web.

Re:Who still pays for antivirus?

[gman003]

Dude, no, seriously. MSE actually works, and well. From personal experience, I can say that it's faster and more effective than AVG; I've heard from others that they switched to it from Avast, Comodo and Kaspersky.

Everything else Microsoft makes is pretty crap - Windows, Office, IIS, MSN - but apparently even Microsoft crap is better than every other antivirus' crap.

Re:Who still pays for antivirus?

[L4t3r4lu5]

I've found that Microsoft Security Essentials is no better than ESET NOD32 for anti-virus protection.

Then again, against anything but zero-day exploits, a properly configured OS and good browsing practices would make a potato a good AV solution.

Re:Who still pays for antivirus?

[Lehk228]

NOD32 is a pretty damned good bar to be "no better than"

for my own home use i use MSE now, back when i was in college and had to connect to the campus network i did run NOD32 and it's damned good, but i can't justify spending money on antivirus when i haven't gotten a virus in years since i am somehow resistant to the urge to download and run OMGPONIESALSONAKEDLADIES.AVI.EXE

Re:Who still pays for antivirus?

[L4t3r4lu5]

That is exactly what I meant. It's no better than NOD32, and NOD32 is, as far as I'm concerned, the best.

I was almost sad when I stopped sending them my £40 per year for Smart Security.

Re:

[L4t3r4lu5]

For clarity; IMHO, NOD32 > MSE > Everything else.

Re:Who still pays for antivirus?

[ArsenneLupin]

... would make a potato a good AV solution.

Yes, my pet potato is my best friend and protector. I call him Balthazar...

Re:

[antdude]

Office is crap?

Re:

[director_mr]

Everything else Microsoft makes is pretty crap? Your examples are Windows (7 I presume) and Microsoft Office I'd have to disagree with you about, because I haven't found a better alternative. Windows 7 I find on par with OS X Lion, either can be better than the other depending on what you are doing. And Microsoft Office is tons better than any alternative I know of.

Re:

[fuzzyfuzzyfungus]

In this case, his advice is probably correct for those running Windows at home, fluff about his decade-long record of having no viruses he has noticed aside. Security Essentials is 'free' as in 'bundled with your Windows license'; but if you've got a Windows license already, that makes it cheaper than anything that costs additional money and the products that do make a very, very, very, tepid case for why you should purchase them.

In corporate use, it isn't as clear; because ForeFront sure as hell isn't f

Re:

[ledow]

Or his browser and security settings don't let him run random malware served from a bog-standard compromised website.

I run Opera, I've yet to see it run a program from the net without my permission. Hell, I have to press play just to make Java/Flash things load because I switched on the option to do so.

Just because *you* are an arse that lets their computer auto-execute anything in a browser (and is subject to lots of known attack vectors over things like Javascript, etc.) doesn't mean the rest of us are.

A

Re:

[Anonymous Coward]

Just because *you* are an arse that lets their computer auto-execute anything in a browser

While this guy phrased it somewhat abrasively, his point is valid. Damn close to 100% of infections are the result of requesting that some untrustworthy code run on your machine. Letting any random sites you surf to run even purportedly 'sandboxed' code on your machine is simply idiotic - the last few decades have proven that - and anyone who hasn't learned that by 2012 deserves what they get. It's like living in the slums with and letting crack gangs into your house just because they ask. You might be

Re:

[Lonewolf666]

I agree, if you know what you are doing, it helps a lot. In over 10 years on the Internet, mostly without AV software, I had one infection and that was from a remote execution exploit (MSBLAST on Windows 2000).
Even that one could have been avoided, I simply forgot to install the post-SP4 hotfixes after reinstalling the PC due to a non-virus related issue.

My safety measures at the moment consist of

- a DSL router with "lightweight" firewall and NAT - while not a 100% solution, it is better than nothing.

- not

Re:Who still pays for antivirus?

[Riceballsan]

Noscript, adblock etc... there are dozens of ways to dodge things and reduce the chance of infection to .0000001% (there is always the hypothetical possibility of some rogue worm that breaks past a firewall/router, or heck someone breaking into your house and manually running a virus on your system with physical access). If this guy was endorsing or recommending the average joe to use no AV you would have valid reason to insult him, he isn't. Plenty of very tech savy people can safely use a computer with no AV with little to no risk, while many tech unsavy people will fill a computer with virus no matter what protection they use.

Re:

[Kjella]

Plenty of very tech savy people can safely use a computer with no AV with little to no risk,

Possibly, but how could you tell? I'd say even the tech savvy should run anti-virus for verification, not for prevention. Of course there's the "trash my computer" or "hold it hostage" viruses that you'd know pretty fast after the fact, but there's also the "use as spambot", "steal my identity", "use as DDoS bot", "steal game accounts and CC info", "empty online bank account", "turn into illegal dumpsite", "use as platform for hacking" and probably some more varieties that won't announce themselves.

I know m

Re:

[Kjella]

Just format and reinstall every 3 or 4 months. Why wait until you are sure your system has been compromised before you do it?

If you reinstall your OS every 3-4 months, then <shatner>Get. A. Life.</shatner>, besides if you don't know what of your software is clean what does installing the same virus going to do? It's like the IT admins that clean someone's PC and they go right back and install weatherbug and bonzai buddy. And that doesn't count the types I mentioned that are an immediate risk no matter how short they're installed, like password stealers. And all that to avoid running a free AV? I'll take my machine tha

Re:

[spire3661]

Noscript and adblock only work for advanced users and can be quite annoying to even that group, not to mention you rob your favorite sites of revenue. I cannot in good conscience use them.

Re:

[Tim C]

He didn't say he doesn't have a firewall, he said he doesn't run AV software.

Re:

[CastrTroy]

Which version of Windows? I know previous versions of Windows have had this problem, I think all the way up to the initial releases of XP. But I'm pretty sure that it's been fixed in Windows Vista and 7.

Not mine; but apropos...

[fuzzyfuzzyfungus]

They are merely respectable businessmen, offering you their protection... [flickr.com]

Antivirus?

[SuricouRaven]

We used to use Symantic antivirus at my workplace. Then we had a virus outbreak. Not a cutting-edge virus, just an old USB-stick-infector that symantic was powerless against. Didn't even detect it half the time, and when it did failed to do anything. So we use Sophos now.

Re:Antivirus?

[ledow]

Unfortunately, I can tell you the same story about any AV product out there, from personal experience.

Go to virustotal.com and upload any "known" virus you encounter and see how many big-name AV vendors don't recognise it at all.

Then make yourself a utility that crashes your system or takes over your startup entries, or does exactly what any virus will do and see how it fares against the same tests. I'd be very surprised if *any* of them picked it up, even with "heuristics" turned on.

Re:

[Joce640k]

I often respond to obviously-a-virus emails inside Virtual PC just to see what happens. The antivirus usually doesn't start protecting me until a week or more after the email arrives.

A week is an awfully long window for infection in the internet age. It makes antivirus programs next-to-useless IMHO.

The single best thing a Windows user can do to protect themself is not run as administrator.

{Cue all the "Or not run windows!" replies...}

Re:

[tchuladdiass]

{Cue all the "Or not run windows!" replies...}

Or, as an alternative, run any infection vector program inside a VM, and access it from your main Windows host via RDP (if running a copy of Windows in the VM) or X (for Linux VMs). With my setup, I have Internet Explorer set to not run any scripts or plugins, and the Firefox icon points to a Cygwin script that launches Firefox on a remote Linux box. Same with IM clients, etc. Went from having to rebuild the Windows box that the kids used on a weekly basis to hardly having to touch it at all.

Re:

[Spad]

This is true, however, Symantec's corporate AV/Endpoint is still pretty terrible and has been for a while, even if you ignore the ludicrously unreliable uninstall mechanism.

Personally I tend to shill for Sophos in these situations, but that's mostly because I've had very good experiences with their products; I'm sure there are lots of other AV solutions that are just as good for the Windows workplace depending on your needs.

Re:Antivirus?

[jimicus]

Then make yourself a utility that crashes your system or takes over your startup entries, or does exactly what any virus will do and see how it fares against the same tests. I'd be very surprised if *any* of them picked it up, even with "heuristics" turned on.

Contrariwise, I'm a big fan of scripting away work for efficiency gains - and I've noticed some heuristic scanners have a tendency to block a lot of functionality in many scripts. You're buggered either way.

Re:

[L4t3r4lu5]

Dump it and get ESET's enterprise protection. 1/3 the memory footprint, and significantly faster scanning time. If I had the option, I'd drop Sophos like a ginger stepchi... uhhh... A bad case of the cla.... errr... A hot potato. Unfortunately, due to bulk licensing, they come out around 50% cheaper than competitors, and bean counters are tight-fisted nowadays.

Re:

[SuricouRaven]

For all those curious people replying, I should have identified the virus. The Sophos identified it as Ramnit/A, and it certainly looks like Ramnit in the way it infects HTML files. It also infects removeable drives, hideing files in the recycle bin folder and using an autorun file to launch them, and places itsself in start menu startup. We believe it came in via USB, and suspect Patient Zero to be a user who brought in a copy of Grand Theft Auto 2 he torrented.

Not totally fake in a way

[hcs_$reboot]

A number of users reported that after installing Symantec anti-viruses their system was slower, could detect false-positives, or worse, hang.
So in a way, the "scareware" is not totally wrong, as it warns about a degraded system - which may well be the case after the full product is installed.

Re:

[fuzzyfuzzyfungus]

Symantec has a well-deserved reputation for being atrocious; but pretty much any AV mechanism that does on-access scanning(which is most of them by default, though it can generally be turned off somewhere, if you feel particularly lucky) is going to tank your apparent disk access speeds, since the AV process has to chew on the data before handing them over to the program requesting them. Unless you have an SSD or a fairly punchy RAID setup, lousy disk access speeds are one of the best ways to make a system

It's not AV at the heart of this complaint.

[jimicus]

This isn't Symantec AV we all know and love(!) at the heart of these complaints. It's one of those "sooper-registry-optimizer!!11" programs that Symantec apparently offer.

Now, these strike me as somewhat odd. I've been dealing with Windows in one form or another since before the registry even existed - and I've never yet seen one of these tools do the slightest bit of good. Sure, if there's a specific problem (eg. malware) then a specific tool to deal with it may well help - but every single generic registry optimiser I've ever seen seems to be optimised to suck £20-30 from the customer's bank account rather than actually help them in any way.

Re:

[Spad]

Registry "bloat" is a bit like encumberence in RPGs; there's very little difference between a new "clean" registry and one that's full of leftover crap from old apps and the like (as opposed to actual issues that may be present, but no automated system can reliably resolve those) right up you hit the limit and slow to a crawl. These days you'd have to be going some to reach that point, so it's just not worth the risk of knackering your system for some negligible performance gain.

Re:

[Lehk228]

there are scans that are worth running, but i am pretty sure there are free tools that do what need to be done, scans that look for dead references, which cause the system to attempt and fail to load files or libraries that no longer exist on the filesystem can speed up installs, however installers / uninstallers have gotten a lot better about that kind of crap so there are not nearly as many dangling references left in the registry by common software

Re:

[DavidTC]

CCleaner does what you're talking about, and is of course, free. (And you should have it anyway because of the actual functionality of it.)

All registry cleaners are essentially scams. Deleting paths to hundreds of files that don't exist anymore might speed up windows by 1 second during boot. None of it's worth paying any money for. Although if you have CCleaner you might was well run the registry scanner everyone once in a while, it won't hurt.

User's choice dyslexia from hell.

[sgt scrub]

I think it is ironic that Microsoft fights like hell to make sure the customer is using their browser but leaves the security of the system "up to the user". As far as being scary: Is it any more frightning than the OS itself telling you, "Your unprotected! Get AV now!"? Why the hell would they want to frighten customers about the security of the system instead of just adding it to the OS?!? Insanity!

Hmm.

[slasho81]

Symantec is scaring people to get what they want. So by definition, Symantec are terrorists.

Not a problem on Linux

[archlinuxftw]

I have an elderly (85) neighbor who just wants to be able to read his email and look at the pictures of his grandchildren that their parents send. He was constantly being confused and alarmed by scareware and Windows security announcements, offers to upgrade Hotmail, etc, which occured practically every time he turned on his machine. I put him on Ubuntu, set it up to go straight to his Gmail when he powered on, and to never announce upgrades (he's happy with status quo as long as he has a working machine)

Re:

[OhHellWithIt]

Not entirely. I've occasionally hit web sites that purport to run a scan and find a boatload of viruses on my computer. Since I don't use an antivirus program, it might be credible, except that I'm running Linux and the files "found" by the "scan" are things like Windows DLLs which are not, in fact, anywhere on it. I'm not sure if the web sites where I've seen this have any connection to Symantec. I hope the plaintiff takes them to the cleaners!

Is this legally provable?

[JThaddeus]

I'm wondering if this charge is legally provable. I would think the complainant would have to do some reverse engineering of Symantec's software and reverse engineering is most likely forbidden by Symantec's EULA. Without this, how can it be proven what Symantec did or did not find on the computer? Even then, does anyone think it can be made understandable to a judge or 12 jurors?

Their product sucks, but their blog...

[virgnarus]

While I agree Symantec products are awful bloatware that infect many OEM and the PCs of other less educated souls, I do enjoy their malware analysis blog. Being someone who's studying reverse engineering, kernel debugging, and advanced PC troubleshooting (investigating BSODs, hangs, etc.), I enjoy reading about the dissection of malware and their approach in doing so. Indeed, there are many malware analysis blogs out there that offer the same, but I can't see how someone wouldn't appreciate more, regardless of whoever it is that's providing it.

Re:

[ledow]

Measuring an antivirus (actually, "security suite") package by the performance of its runtime is kinda like measuring the effectiveness of a crane by its top-speed on the road, regardless of it only being able to life 1kg.