Tuesday, November 1, 2011

Asinine AV "Alerts"

Being the "go-to" guy for most of my friends and family when they have a problem with their computer, I have seen some machines in terrible states. On the odd occasion I've had to open up the computer, they are usually filled with dust that clogs fans, heat sinks and exhaust ports. However, most of the time, the problem is software based, specifically the operating system.

Given the amount of malware that exists in the wild, it seems almost inevitable that the average consumer will eventually fall prey to some form of malicious software, whether delivered via a link in an email from a "friend", clicking a tempting ad on a torrent site, or even simply being unfortunate enough to navigate to a page containing an xss exploit. Some of the pop-ups masquerading as messages generated by the OS can be very convincing as well and scare users into clicking them by suggesting that their machine is "at risk".

While I despair at the number of ways a user can be trick into infecting their machine, I also find myself frustrated at the anti-virus companies themselves, for I have found they too can be responsible for helping a user compromise their machine. I'm talking about the stream of alerts and warnings that are generated by free security products, designed to coax a user away from the free product and onto a subscription-based version.

Obviously, it's in the AV companies interest to have more customers paying for their security tools and suites, so I understand the motive for embedding such messages into a free product. However, in my experience, once an AV suite's free trial expires the user will rarely fork out money to continue with the subscription. This is also an issue for free trials of AV suites that are bundled with machines. Essentially, the user continually ignores the warnings that their free trial has expired, which prevents them from downloading any additonal virus signatures or upgrades. The longer the user leaves it, the greater the risk of infection as their AV suite becomes more out of date.

I think what I find most disturbing about this trend is the wording used in these messages seem geared towards scaring users into upgrading. With phrases like "your PC is not fully protected" being presented to the user, alongside exclamation point warning signs, it's easy to become convinced that your machine is unsafe. This seems rather too close to the same tactics employed by FakeAV virus writers.

In my opinion, I think AV vendors should take two courses of action:
  1. If they are going to advertise their subscription-based product in the free application, then they should make it clearer that this is an advert and warn the user that agreeing to switch product will eventually require them to part with some money.
  2. If an upgrade does occur, it shouldn't have to be a manual process to re-install the free version of the product. Instead of preventing the software from receiving new virus definitions and attempting to warn the user if the danger, wouldn't it be easier to disable the components that make it a paid-for product?
I regularly recommend (and install) free security products, but I find it difficult explaining to people what alerts they should pay attention to and those they should ignore. As it stands currently, I tend towards ZoneAlarm (free edition) for the firewall and recently I switched my allegiance from AVG to Antivir, because of two events (coincidently, the same two events that spurred me onto getting this post published):

The first was a system tray alert from AVG informing me that it had protected me from over 400 threats this month, which I found rather alarming; both myself and my partner are careful users of the web and both of us tend to discuss any strange incidents that may occur during our day-to-day computer usage. I was fairly sure that with over 400 threats having been eliminated over the past month, there should have been some alerts from the AV software, and so I checked the application's event log to see when the system had been protected - nothing. There were no virus alerts that I could see, nor were there any viruses in the "Vault"; a quarantine area for suspicious files.

The final straw was during an upgrade to AVG Free 2012, I was prompted by the following dialog box to choose which version of the application to install:

First, if I had wanted to opt for the "full" version, I would have downloaded the relevant installer/paid for the product! However, I decided to investigate their claim that "you can always switch to basic protection later", in case it actually met my expectations as set out above. As I suspected; the only course of action was to completely un-install and re-install! I'm now keeping my fingers crossed that I don't have a similar experience with Antivir; otherwise I'll have to find another AV product to switch to!