From: Juan Castro (SAL-LA)
Sent: Thursday, April 01, 2010 8:01:52 AM
Subject: NEWSBANK :: Hey, Norton: why does Security Scan behave so much like the malware I remove?
Auto forwarded by a Rule
Don't get me wrong. I don't hate Symantec by any stretch. In fact, I rather like Norton Antivirus 2010 -- it's their second really solid effort in a row after a string of releases I was less than enthusiastic about. What I don't like, however, is their free Security Scan.
Why? Because it behaves very much like the fake alert malware which causes my customers so much grief.
For starters, it piggybacks on the installers for other programs. Sure, it's usually opt-out, but since it's also checked off for installation by default it usually ends up coming along for the ride. If this really is worth installing, leaving the checkbox blank and let customers opt-in instead (as Chrome does during the Avast! installer).
Once it goes to "work," Security Scan tells me my son's system doesn't have a security product installed. That's untrue, of course, and the same thing fake alert programs do. NSS might not recognize Immunet Antivirus, but it's been doing a great job protecting the laptop from threats.
And then there's that big, nasty threat count. However, apart from Super Mario Forever (hey, my son's 5 and he loves it) being noted as a trust risk, nearly all of the 131 "threats" were actually cookies. No trojans. No keyloggers. No rootkits. But Security Scan doesn't make that distinction -- it just shows me a giant red circle with an X in the middle and tells me Your Computer is at Risk! Just like fake alert malware.
When I click the fix now button, what happens? I'm whisked away to a page where I can purchase Norton instantly -- very similar to the way rogues ask you to activate protection now to remove "infections." To make it worse, there's loud audio as some woman tells me their scan "may have uncovered some problems with [my] PC." Highly annoying.
When you launch Security Scan, there's a big ad offering full protection from Norton 360 since NSS offers detection only. Just like fake alert malware. Security Scan also seems to pop up throughout the day to repeatedly remind me about all these threats -- again, just like fake alert malware does.
When I exit Security Scan, I'm reminded that there are still "threats" on my computer. That I'm at risk. I'm asked if I'd like to get protected (on a nice, shiny button) or say no thanks (in unattractive plain text). Once again, just like fake alert malware.
The image above is from an actual rogue antivirus program (one which has been around for ages). It's real, bona fide malware -- and Norton Security Scan sure appears to use similar tactics to encourage purchases.
Other antivirus providers -- Avast!, AVG, Avira, Immunet, and even Microsoft -- have found that providing actual protection for free is a great way to do business. Norton Security Scan might, in fact, do something useful, but it's nothing more than a bothersome scare tactic as far as I'm concerned.