Rogue Security Software – “Scareware”

One of the more common viral or spyware infections I see more of is the installation of rogue or fake anti-virus or anti-spyware programs. These have been called “scareware” programs by some, because they work by “scaring” you into purchasing their security “solution.” They generally start out as an e-mailed invitation (SPAM) to run a free security scan, with a link that takes you to a web site. When you go to this web site and run the scan, of course they find all kinds of “infections.” While scanning your machine, a small program that creates fake pop-up or balloon style warnings will be installed. These warnings will generally continue to nag the computer owner until they purchase the recommended program. These programs are poorly written, doesn’t work as advertised, install other backdoor Trojan horse programs or adware, and interfere with or disable the legitimate security programs you already have installed. The best course of action: do not accept any free on-line security scans, or purchase unknown brands of security products. Also, when in doubt, Google the name of any software you are planning to install, to verify if it is legitimate or a scam.

Another thing to remember: You should uninstall your older security product before installing a new one. This includes upgrades within the same manufacturer. It is permissible, but not necessary, to have more than one anti-spyware product. But you can only have ONE ANTI-VIRUS PROGRAM. If you install a second, they will fight each other.

· Adware – malicious or unwanted software that is installed, usually along with another product, that serves up advertising, or tracks your web browsing habits in order to send you target email offers or other kinds of SPAM.
· Spyware – malicious programs such as keystroke loggers or backdoor remote access programs that allow others to read what you have typed (credit card numbers, passwords, social security numbers), or allow them remote access to install other software items, like automatic SPAM mailing programs.
· Crapware – programs that don’t work well, and are designed simply to separate you from your money. The usually price is about $20. This can be games, spyware removers, registry cleaners, and other useless trash.
· Scareware – rogue security programs that scare you into a purchase.

Recommended Security Products
· AVG Internet Security
· Zone Alarm Products
· PC Tools Spyware Doctor and Registry Mechanic
· Norton (Symantec), Trend Micro, Kaspersky,
· Ad-Aware
· Webroot SpySweeper

Legitimate Free Security Products
These are fine to download, install and use. I’ve tried them all, and there are no problems.
· AVG Free Anti-virus
· AVAST! Anti-virus
· SpyBot Search and Destroy
· Windows Defender ( from Microsoft)
Products to Avoid
These are name brand products by legitimate companies that I have found to be problematic for many users.
· McAfee – there is a reason that this one is being given away for free. Because that’s what it is worth.
· Norton 360 – once installed 360 is the number of minutes it’s going to take for your computer to boot up. It’s a serious resource hog. Never have seen the backup program actually work. On the other hand, their new product Norton Internet Security 2009 is supposed to be very good.
Malicious or Rogue Security Products
· Anti-Virus XP, Vista, 2007, 2008, or 2009
· Anti-Spyware XP, Vista, 2007, 2008, or 2009
· PC Anti-Spy
· Anything promoted in an unsolicited e-mail offer (SPAM).

Google Everything
Your safest practice is to do a Google search on any software you are thinking of installing. Even legitimate programs can have problems (Norton 360) and if there are problems with a product, you will see lots of negative commentary at the top of the search list.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.