When Antivirus Vendors Become Too Overprotective

Don't get me wrong.  I am all for protection of computer systems.  Anyone running a computer nowadays without a firewall, virus scanning software, spyware remover and pop-up blocker is just asking for trouble.  But when do the companies that make this software go to far?  Is it really their job to act as the police force for the DMCA?

My initial problem began when one of my all time favorite free monitoring and testing applications Cain & Abel was stripped from my system by Norton.  I was not warned that it could be potentially bad stuff.  It was just removed without prompting me if I had a legitimate use for it.  Because Cain & Abel (available from http://www.oxid.it) can recover lost passwords from a local hard drive, can examine and process hashes of windows passwords and can function as a sniffer on your network, it is now considered malware by Symantec.

Does that mean that any software that performs these functions is malware?  Apparently not.  In its buying frenzy, Symantec snatched up the company @stake (http://www.eweek.com/article2/0,1895,1646974,00.asp) which was a pioneer in the security industry.  With this purchase in September 2004, Symantec inherited the product l0phtcrack which is used to acquire and crack Windows passwords.  Oddly, this software is not even detected as being a security risk even if it is running  in the background and invisible to the user of the machine.

I tried on several occassions to contact Symantec to discuss this matter or to figure out how to allow software of my choosing to run on my system.  No third party should be able to counteract my decision and block access to my software arbitrarily.  Every phone call ended in India and every email was replied to (from India) with a sales pitch for me to buy more Symantec products.  They never addressed my inquiry as to how to allow my software to work.

I figured a switch to McAfee was in order.  Since my internet provider offers McAfee software products as no cost (translated as apparently already built into my monthly bill), I figured, "what the heck."  I called McAfee ahead of time to see if they followed the same principals as Symantec and was put in touch with a very friendly and helpful person in Texas.  I was assured that their support is all in Texas and not located is some fringe third world country where the employees were paid 25 cents a week and all named Bob or Sue.

Cain & Abel made it through.  At last I was able to use my software again.  But alas, there were issues with this software as well. McAfee has a new designation for malware known as PUP.  Sounds cute, but what is it?  PUP stands for Potentially Unwanted Program.  If you download software to open up the trial period on a piece of software that you are testing in order to buy, watch out.  McAfee will try to stop you.  Their virus scan software has moved out of the realm of protecting against viruses and into the area of protecting copyrights from potential violators of the DMCA.  I don't know about you, but I think that is overstepping outside of the advertised use of their product.

Suppose I had downloaded a software product for testing on my network.  I just want to test it and see if there is a business case for using it.  The software trial ends, but management wants to see a demonstration before they foot the bill to buy it.  Can I reactivate the software on the same machine so that they can see it in action?  No.  Not generally without reformatting the machine to remove the software and all of the associated registry keys and other protections that the trialware had installed.  To save time, I would have to look for a crack or license key so that I can quickly do the demo of the software, get the approval and make the purchase.

But it is okay that these software companies have decided to go into the business of protecting other software companies.  Where I have the problem is that they either do this without warning the user of the full functionality of their products, or they prohibit competitor products from doing what their company offers in other areas.  To be fair, McAfee gives an option to run the program or block it.  Though annoying, this is entirely acceptable behavior.  I am after all paying for their software to protect me.  If Symantec does not quickly change their ways, I smell an Antitrust suit in their immediate future.

Bottom line, stick with McAfee since it will at least warn you about the software and give you a choice to continue or not.  Symantec does not even give you the choice.  It immediately quarantines the software every time you try to access it even when the folder containing it is excluded from search.  To date, McAfee has not been revealed as using nefarious technologies for their software to work.  Symantec admittedly uses rootkits to hide aspects of itself from users.  Weigh them out for yourselves and see which fits your needs better.