Monday, June 14, 2010

McAfee malware

Someone who sounds unusually defensive responded to my post on Security Scan Plus --the malware that McAfee and Adobe installed on my computer. I'll use the comment to explain just what the problem is.
Your blog post, and in particular the headline, is extremely misleading--and bordering on slander. You clearly have some catching up to do when it comes to the right terminology in the security world. You are linking to an article on and to the Wikipedia definition of "malware"--neither of which you seem to understand.
Side comment: someone needs to study the source of the internet phenomenon of people on the internet always jumping to the conclusion that other people on the internet are ignorant. It is a thousand times more prevalent in internet conversations than in face-to-face conversations, and I wonder why.
To quote Wikipedia, "Malware, short for malicious software, is software designed to infiltrate a computer system without the owner's informed consent."
Which is exactly what the McAfee malware does. It is deceptive in several ways which I will get to later.
If you read the article carefully, you will notice that this description does not apply in this case.
I didn't get my information from the techie-buzz article; that was just for reference so I didn't have to go into details in my post. I got my information from personal experience.
Yes, the author concludes that he would classify the McAfee software as "adware"--everyone is entitled to his opinion. However, nowhere does he talk about "malware" (or "DISHONEST adware," which is included in the definition of malware).
The author of the article is obviously a lot more circumspect than I am. Most people are.
Plus, you actually DID give your consent to install the software. A word to the wise: Read what you sign!
I did not give my "informed consent" and this is because of a deliberate and dishonest ploy by Adobe and McAfee.

Here are the ways that the McAfee malware is dishonest:

(1) The name is intended to mislead people into thinking that it is a virus scanner. It is not a virus scanner; it is an advertisement. If people knew that it was an advertisement, they would ignore it.

(2) The software misleadingly claims that it is providing a service for the user but it is not. It is providing a service for McAfee. Not only is this dishonest, it is arguably criminal. McAfee is using misdirection in order to appropriate my computer resources for their own purposes.

(3) My "consent" to download and install the software was obtained via subterfuge. I asked to download the Adobe update and nothing else. In order to avoid installing the McAfee malware, I would have had to read all of the garbage that the Adobe installer spewed out and take a specific action to avoid the malware. McAfee and Adobe intend that people do not read all of the crap --otherwise they would make it an opt-in rather than an opt-out. Unfortunately, although I know from experience that Adobe is not a trustworthy company, I was in a hurry at the time.

So, you see that it does meet one of the definitions of malware: "dishonest adware". In fact, this is exactly what dishonest adware is: adware that is installed on your computer without your informed consent. Adobe circumvents the "informed" part by burying the "consent" in another operation and McAfee circumvents the "informed" part by misleading you about what the software does.

Sunday, June 13, 2010

Adobe and McAfee are installing malware

The Adobe update to my computer installed malware on my system.

A few days after I did a regular Microsoft security update, a dialog box popped up to tell me that "the security update" had installed McAfee Security Scan Plus which would do a "security scan" of my computer. I thought, "Really? Microsoft is giving away a free McAfee virus scanner with updates? That's a pretty impressive addition to the operating system."

It wasn't a virus scanner. Security Scan Plus is a malware program that checks if you have the entire McAfee security suite installed. If you don't then it gives you a big scary warning message "COMPUTER AT RISK" and tells you to fix it right away. I didn't push the button that said I want to "fix" my non-existent security problem, but I'll bet that if I had, it would have sent me to the McAfee sales web site. This program is malware because it is of zero value for the customer; it is nothing but an advertisement for McAfee.

I was pretty angry that Microsoft had installed this malware on my system as part of a security update, but apparently, it wasn't Microsoft. Just before I did the Microsoft update, I did an update to Firefox, and the Firefox update recommend I do an Adobe update. So I did. According to this web page, there was a check box in the Adobe update that installed the McAfee malware. It must have been checked by default, because I did not chose to install it.

So here's the scoop: Adobe and McAfee are installing malware as part of an Adobe "update". I wonder how much Adobe was paid to risk their corporate reputation on this. I also wonder why a security company like McAfee is willing to advertise via malware. They have to know that a lot of security-conscious people will never use their software again. I know I won't.

I also would like to say that I'll stop using Adobe products, but I already avoid them as much as possible because they have have a history of disrespecting their customers. McAfee didn't have that reputation before, but they will now.