Rogue Security Software – “Scareware”

One of the more common viral or spyware infections I see more of is the installation of rogue or fake anti-virus or anti-spyware programs. These have been called “scareware” programs by some, because they work by “scaring” you into purchasing their security “solution.” They generally start out as an e-mailed invitation (SPAM) to run a free security scan, with a link that takes you to a web site. When you go to this web site and run the scan, of course they find all kinds of “infections.” While scanning your machine, a small program that creates fake pop-up or balloon style warnings will be installed. These warnings will generally continue to nag the computer owner until they purchase the recommended program. These programs are poorly written, doesn’t work as advertised, install other backdoor Trojan horse programs or adware, and interfere with or disable the legitimate security programs you already have installed. The best course of action: do not accept any free on-line security scans, or purchase unknown brands of security products. Also, when in doubt, Google the name of any software you are planning to install, to verify if it is legitimate or a scam.

Another thing to remember: You should uninstall your older security product before installing a new one. This includes upgrades within the same manufacturer. It is permissible, but not necessary, to have more than one anti-spyware product. But you can only have ONE ANTI-VIRUS PROGRAM. If you install a second, they will fight each other.

Definitions
· Adware – malicious or unwanted software that is installed, usually along with another product, that serves up advertising, or tracks your web browsing habits in order to send you target email offers or other kinds of SPAM.
· Spyware – malicious programs such as keystroke loggers or backdoor remote access programs that allow others to read what you have typed (credit card numbers, passwords, social security numbers), or allow them remote access to install other software items, like automatic SPAM mailing programs.
· Crapware – programs that don’t work well, and are designed simply to separate you from your money. The usually price is about $20. This can be games, spyware removers, registry cleaners, and other useless trash.
· Scareware – rogue security programs that scare you into a purchase.

Recommended Security Products
· AVG Internet Security
· Zone Alarm Products
· PC Tools Spyware Doctor and Registry Mechanic
· Norton (Symantec), Trend Micro, Kaspersky,
· Ad-Aware
· Webroot SpySweeper

Legitimate Free Security Products
These are fine to download, install and use. I’ve tried them all, and there are no problems.
· AVG Free Anti-virus
· AVAST! Anti-virus
· SpyBot Search and Destroy
· Windows Defender ( from Microsoft)
Products to Avoid
These are name brand products by legitimate companies that I have found to be problematic for many users.
· McAfee – there is a reason that this one is being given away for free. Because that’s what it is worth.
· Norton 360 – once installed 360 is the number of minutes it’s going to take for your computer to boot up. It’s a serious resource hog. Never have seen the backup program actually work. On the other hand, their new product Norton Internet Security 2009 is supposed to be very good.
Malicious or Rogue Security Products
· Anti-Virus XP, Vista, 2007, 2008, or 2009
· Anti-Spyware XP, Vista, 2007, 2008, or 2009
· PC Anti-Spy
· Anything promoted in an unsolicited e-mail offer (SPAM).

Google Everything
Your safest practice is to do a Google search on any software you are thinking of installing. Even legitimate programs can have problems (Norton 360) and if there are problems with a product, you will see lots of negative commentary at the top of the search list.

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Senior Cybersecurity Engineer at Computer Integration Technologies, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment