Monday, June 14, 2010

McAfee malware

Someone who sounds unusually defensive responded to my post on Security Scan Plus --the malware that McAfee and Adobe installed on my computer. I'll use the comment to explain just what the problem is.
Your blog post, and in particular the headline, is extremely misleading--and bordering on slander. You clearly have some catching up to do when it comes to the right terminology in the security world. You are linking to an article on techie-buzz.com and to the Wikipedia definition of "malware"--neither of which you seem to understand.
Side comment: someone needs to study the source of the internet phenomenon of people on the internet always jumping to the conclusion that other people on the internet are ignorant. It is a thousand times more prevalent in internet conversations than in face-to-face conversations, and I wonder why.
To quote Wikipedia, "Malware, short for malicious software, is software designed to infiltrate a computer system without the owner's informed consent."
Which is exactly what the McAfee malware does. It is deceptive in several ways which I will get to later.
If you read the techie-buzz.com article carefully, you will notice that this description does not apply in this case.
I didn't get my information from the techie-buzz article; that was just for reference so I didn't have to go into details in my post. I got my information from personal experience.
Yes, the author concludes that he would classify the McAfee software as "adware"--everyone is entitled to his opinion. However, nowhere does he talk about "malware" (or "DISHONEST adware," which is included in the definition of malware).
The author of the article is obviously a lot more circumspect than I am. Most people are.
Plus, you actually DID give your consent to install the software. A word to the wise: Read what you sign!
I did not give my "informed consent" and this is because of a deliberate and dishonest ploy by Adobe and McAfee.

Here are the ways that the McAfee malware is dishonest:

(1) The name is intended to mislead people into thinking that it is a virus scanner. It is not a virus scanner; it is an advertisement. If people knew that it was an advertisement, they would ignore it.

(2) The software misleadingly claims that it is providing a service for the user but it is not. It is providing a service for McAfee. Not only is this dishonest, it is arguably criminal. McAfee is using misdirection in order to appropriate my computer resources for their own purposes.

(3) My "consent" to download and install the software was obtained via subterfuge. I asked to download the Adobe update and nothing else. In order to avoid installing the McAfee malware, I would have had to read all of the garbage that the Adobe installer spewed out and take a specific action to avoid the malware. McAfee and Adobe intend that people do not read all of the crap --otherwise they would make it an opt-in rather than an opt-out. Unfortunately, although I know from experience that Adobe is not a trustworthy company, I was in a hurry at the time.

So, you see that it does meet one of the definitions of malware: "dishonest adware". In fact, this is exactly what dishonest adware is: adware that is installed on your computer without your informed consent. Adobe circumvents the "informed" part by burying the "consent" in another operation and McAfee circumvents the "informed" part by misleading you about what the software does.

No comments: