Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Symantec employs scareware sales tactics, lawsuit charges

Accused of selling diagnostic software using same practices employed by crooks

A Washington man on Tuesday sued Symantec in federal court, accusing it of using the same tactics as fake "scareware" software to sell its PC cleanup utilities.

Symantec said the lawsuit was without merit, and promised to defend its practices.

The lawsuit, which was filed in a California federal court by lawyers representing Washington State resident James Gross, charged Symantec with deceptive business practices, fraud and other violations of state and federal laws.

Gross took exception to the way Symantec promotes a trio of tools: PC Tools Registry Mechanic, PC Tools Performance Toolkit and Norton Utilities. According to Gross, Symantec pitches those programs with a free diagnostic scan that consistently posts menacing warnings that the customer's PC needs maintenance. To fix the all the problems, however, the user must pay for the software.

Those are the same schemes used by "scareware" makers to con customers into forking over money for essentially worthless security software, said Gross.

The paradox wasn't lost on Gross, who cited research on scareware programs from Symantec's own security research arm.

"In what can only be described as supreme irony, or a clever attempt by Defendant to persuade customers to choose its own 'legitimate' computer utility software, the results of Symantec's research succinctly capture the fraud at issue in this lawsuit," said Gross' complaint.

Scareware, also called "rogueware" by some experts, has been an extremely lucrative marketing strategy for cyber criminals, who have made millions off the practice of faking infection claims and then selling bogus software that does nothing to alleviate the imagined problems.

Both Windows and Mac users have been targeted by scareware authors.

Citing unnamed computer forensics experts that Gross claimed to have hired, the complaint said Symantec's for-free diagnostic scan "always reports that the user's computer's 'System Health" is 'LOW,' that 'High Priority' errors exist on the system, and that the user's 'Privacy Health' and 'Disk Health' are 'LOW."

Gross said that his experts determined that, "By any stretch of the imagination, the errors detected as 'High Priority' are not credible threats [Emphasis in original] to a computer's functionality."

That practice -- where problems are always found -- is also a classic strategy used by scareware distributors.

Gross wasn't above dubbing Symantec's diagnostic and utilities software as scareware, repeatedly using the term in place of the products' actual names.

"Symantec intentionally designed its Scareware to invariably report, in an extremely ominous manner, that harmful errors, privacy risks, and other computer problems exist on the user's PC, regardless of the actual conditions of the consumer's computer."

Gross also alleged that the for-a-fee software doesn't actually conduct any diagnostic testing of the computer, and thus dupes users into "purchasing software that does not function as advertised, and in fact, has very little (if any) utility."

The complaint asked for class-action status, which if approved by the court would open the lawsuit to all U.S. buyers of the three Symantec programs.

Gross requested damages, both actual and punitive, and asked the court to bar Symantec from using the alleged practices to sell the software.

In a statement today, Symantec countered Gross' claims.

"Symantec does not believe the lawsuit has merit and will vigorously defend the case," the company said. "Several independent third parties have tested and reviewed these products very favorably, verifying the effectiveness of their functionality."

A free scan using Symantec's PC Tools Registry Mechanic reported that a little-used Windows 7 machine had hundreds of problems and was in extremely poor 'system health.'

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , on Google+ or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@computerworld.com .

See more articles by Gregg Keizer .

Read more about drm and legal issues in Computerworld's DRM and Legal Issues Topic Center.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Apple, Google, Microsoft, Norton, PC Tools, Symantec, Toolkit, Topic
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: DRM and Legal Issues, legal, Malware and Vulnerabilities, pc tools, security, Security Hardware and Software, symantec
Latest Blog Posts
Whitepapers
  • Top 10 Mistakes in Data Centre Operations: Operating Efficient and Effective Data Centers
    For years, the data centre industry has accepted that human operational error, not poor data centre design or engineering, is the number one cause of data centre downtime. Now is the time for companies to evaluate their data centre operations programs. They must be able to clearly articulate operational requirements and design an operations program based on the risk profile of the data centre. However, the road to creating an industry-best operations program will not be easy, especially for those companies whose core expertise is not in business critical facilities. Read on.
    Learn more »
  • So Long, Silos: Why Multi-Domain MDM Is Better For Your Business
    Say “so long” to silos. This white paper explains why a multi-domain MDM solution is far better than single-domain, single-focused point solutions. You’ll learn what to look for in a multi-domain solution so you don’t outgrow it or are forced to purchase multiple products down the road. You’ll also get tips on how to select a multi-domain solution that can lead to multiple benefits over many years. The age of multi-domain MDM is here. See why you should say “hello” to it!
    Learn more »
  • Oracle Business Process Analysis Suite
    Careful analysis and continuous optimization of business processes delivers real competitive advantage. Conversely, a random approach to process design negatively impacts a company’s bottom line. This insight is one reason successful companies adopt business process management (BPM) as a way of aligning their business processes with business and customer requirements. Success with BPM eliminates the gap between business strategy and implementation. Business users are empowered to participate in all stages of the business process lifecycle. Closed-loop integration between modeling, execution, and monitoring enables continuous and holistic business process improvement.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.