Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Computer Associates Offers Warranties

Posted by kdawson on Thu Sep 28, 2006 12:52 PM
from the you-bet-your-identity dept.
Software Privacy
Kelvin D. writes, "Computer Associates has come up with a new angle to get consumers to buy its security software — a warranty with cash benefits if you catch a virus ($1,500) or get your identity stolen ($5,000). From the article: 'Users who want the identity theft coverage need to both install and register their copies of Warranty Corporation of America's Mobile Lifeline (included). No registration, no coverage.'" Moblie Lifeline includes something that sounds like a benign Trojan: it lets you retrieve or delete files from your stolen computer if it's ever connected again to the Internet.
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Computer Associates Offers Warranties 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • question (Score:5, Insightful)

    by jimstapleton (999106) on Thursday September 28 2006, @12:55PM (#16233123) Journal
    how do we know they are secure enough to prevent others from hacking in and doing that to your NOT stolen computer that you are using? Seems a huge potential downside.

    • Re:question (Score:4, Interesting)

      by Em Adespoton (792954) <slashdotonly.1.adespoton@spamgourmet.com> on Thursday September 28 2006, @01:57PM (#16234435) Homepage Journal
      Along with this thought... how long until someone steals your identity, and contacts them to collect the money (saying that YOU are the one trying to steal their identity)? Similarly, the virus angle looks more like they're offering a bounty on new viruses... much cheaper than them having to do the work themselves (but could also generate gobs of new viruses designed to cash in on the insurance).
      • I could care less about the acceptable use. I'm more worried about their one-stop-shop for hackers who want backdoors.

  • Spelling Error (Score:1, Funny)

    by Anonymous Coward
    Moblie Lifeline includes something that sounds like a benign Trojan: it lts you retrieve or delete files off a stolen computer if it's ever connected to the Internet.
    It lets you?

  • Call me crazy but (Score:5, Insightful)

    by Ravenscall (12240) on Thursday September 28 2006, @12:56PM (#16233157)
    I predict if they honor this and publicize it well, they will be bankrupt within two years.
  • Those who do register receive up to $5,000 in the event of identity theft. The cash covers lost wages, legal fees, and fixing credit reports.
    From what I recall of the various TV segments & news artciles about ID theft, $5,000 is going to even begin covering their losses.

    IIRC, most people complain that the process takes years to resolve & tens of thousands of dollars to clean up.

    • Re:5K isn't going to be enough (Score:5, Informative)

      by RedHelix (882676) on Thursday September 28 2006, @01:00PM (#16233235)
      They've been advertising this service in the TD catalog for a couple of months. The 1,500 warranty is for HARDWARE damage. Obviously, viruses and trojans are unlikely to ever cause a physical hardware problem with the machine, and even if they do it would be impossible to prove. They're essentially promoting a software warranty that they'll never have to honor.
      • You could make a virus that brings all mechanical components (hard drive, CD/DVD drive, fans)up to maximum speed and leaves them there, or alternates starting and stopping them, or anything designed to stress the hardware. You could be sneaky and only do it overnight so no one notices the noise. In a large corporation this abuse is going to kill at least 1 machine and probably more.

        You could even be rude and set it to send 1000 completely blackened pages to every printer. Don't know if the warranty wou
      • Back when I was young, I wrote some nasty payloads -- proof on concept only. Never attached such a payload to a "virus" or "trojan".

        1 - Wait until 3am, then slam the floppy head into the backstop continuously. Also, load/unload the head. Objective: destroy the floppy drive.

        2 - Identify a model by vendor. Rewrite the saved settings 10,000 times (damage the nv memory in the modem).

        3 - Program out-of-spec settings to the monitor. Attempt to damage a monochrome monitor.

        4 - Program nv memory on video card with s
        • "I've also heard of ones that shutoff your fans causing your processor to overheat"

          As far as I know, since the introduction of the Pentium II 10 years ago, just about every BIOS will power your system down if it detects overheating. And most CPUs on the market have some variation of "SpeedStep", to clock down, and eventually halt, themselves in the case of overheating.

          These aren't really things you can tamper with in software. Especially SpeedStep.
        • That does crash a harddrive...made in 1993. Modern harddrive controllers will not let you address segments of the drive that don't exist. They just throw an error specifically because there were viruses that did this.
    • Of course 5K won't cover it all but it's a great start and will get you back on yoru feet again after identity theft. Maybe you would have them offer no coverage at all? Take it as a good thing and don't be critical just to make yourself feel better. As for the other comments. I agree that if they honor it they'll be bankrupt within 2 years. I say even less. One virus that exploits one weekness could finish them off! I expect that getting them to honor their "warranty" will be almost impossible but lets h
    • 5K isn't going to be enough

      Agreed. People are going to need at *least* 640K.
  • This new service will get people used to the idea that they can go around deleting other people's files without due process.

    That'll later come back to bite us on the hiney when the RIAA demands this right - which they've done before.

    Due process.
    Due process.
    Due process!

    It's slow, it's agonizing, but the alternatives are cutting corners to achieve one's own definition of justice. I don't need to go into detail about the dangers of that...
    • I don't see the legal downside of deleting files from your own hardware, even if it happens to be in the possession of a theif.

      It's quite the inverse of what the **AA want, which is to be able to delete files on hardware that they do NOT own, as long as they claim "ownership" of the contents.

      In this case, the due process is surely that you

      • Own the hardware, legally
      • Know the password
      • Deserve to be able to delete your own files from your own hard drive.

      This is no different to deleting files from your

      • True, but part of my concern was that discerning that it is your own hardware is not always so cut and dry as it sounds in theory. When you get the cops to seize the machine, theoretically speaking, you know for sure.

        But the flip side is, the cops are sofa king slow at pursuing these things.
  • My work computer got infected by a trojan yesterday. I was browsing a BBS where some malicious user had posted a SWF that opened up some other page on an IP, I'm not sure but I think it could have been the most recent MS IE critical vunerability. My boss spent from 9am to 2pm trying to get rid of a trojan. The antivirus the PC already had was Symantec, which was what first alerted us to it this morning. It couldn't remove it, so we tried AVG and Pandasoft as well as House Call. Nothing would shift the
    • Smile, you deserved it...

    • Re: (Score:3, Interesting)

      by GotenXiao (863190)
      Stick a Linux LiveCD with AVG for Linux on it in the PC. Watch as AVG eradicates virus. Reboot.

      Worked for me at i28 when I got a worm that would not die; AVG had blocked it from actually running, but something was keeping it there. Rebooted to my Linux partition, downloaded/installed AVG, worked a treat.

      • Stick a Linux LiveCD with AVG for Linux on it in the PC.

        A friend is having problems with viruses on her machine, and I'm trying to do this, but I have not found a LiveCD distribution with AVG. I've used Knoppix and Mepis, but they have ClamAV instead. I've seen some recommendations for LinuxDefender from bitdefender.com, but it looks like it was last updated in 2004. I'm probably going to use ClamAV from either Knoppix or Mepis, but I'm open to suggestions. Do you have any recommendations?

  • This is merely a marketing ploy. Lets be realistic, the fine print will actually keep this occuring in almost any instance.

    I am also betting that there will be additional fine print about the identity theft... as it occurs so frequently. Plus, you will have to follow their guidelines. Which will probably include industry best practice information... which if you were willing to follow that, in most instances you wouldn't have a problem with identity theft anyways.

    • Re: (Score:2, Insightful)

      by Daemonstar (84116)
      This is merely a marketing ploy. Lets be realistic, the fine print will actually keep this occuring in almost any instance.

      I agree.

      Since we're not informed as to what the "fine print" says, it is conceivable that it could include shipping the infected PC to CA or taking it to a "CA Authorized Repair Center", for inspection. If that is so, then there's not telling how long it could be before you get your computer back.
    • It is still far better than a warranty that just offers a refund on the price of the software. The point is with a penalty in place, the company has a powerfull incentive to ensure the quality of their software. Other companies treat software quality like a joke, with warranties that could not legally be used on any other kind of product. This is at least a step in the right direction. Given a choice between a conpany that can't warrant the program itself being free of software viruses and another company w
  • FTFA

    Those who do register receive up to $5,000 in the event of identity theft. The cash covers lost wages, legal fees, and fixing credit reports.

    The virus protection program offers up to $1,500 to replace up to three PCs, but only if those machines have "failed" due to the virus (spyware and adware aren't covered). Obviously, this is only a possibility if CA's security software cannot clean the infection.

    blod is mine.

    5K to fix all the crap you have to deal with if your personal information is ussed maliciou

  • This makes no sense at all (Score:5, Insightful)

    by finkployd (12902) * on Thursday September 28 2006, @01:03PM (#16233313) Homepage
    So, I am to believe that my identity will be stolen because my laptop is not secure enough.

    NOT, mind you, because dozens (hundreds? Impossible for me to find out) of companies consider my personal and financial information to be their intellectual property to be sold to other companies.

    NOT, mind you, because these companies have basically no interest in protecting the data in that losing it does not hurt them any (maybe a token fine tops). So they don't encrypt it, lose backup tapes, let employees take it home on laptops, etc.

    NOT, mind you, because the banking and finance industry, against all common sense, believes my social security number to be not only a positive identifier, but an authentication token that obviously only I could ever know. And since we all need same minute loans, any credit apps must go through ASAP, no wasting time to take any steps to actually identify the person making the request.

    Nope, it must be because my laptop is running the right CA software.

    Finkployd

    • Re: (Score:3, Interesting)

      by sgtrock (191182)

      NOT, mind you, because the banking and finance industry, against all common sense, believes my social security number to be not only a positive identifier, but an authentication token that obviously only I could ever know.

      I can't speak for every bank, but I know the one that I've worked for for 10 years finally figured out a few years ago that using a customer's SSN for anything other than necessary reporting to the Feds was a Bad Thing (tm). We've been diligently scrubbing databases every place we could e

      • Re: (Score:3, Informative)

        by finkployd (12902) *
        That is great to hear, but I suspect your bank is the minority.

        And either way, the real problem is the instant credit industry, which has no real reason to exist yet opens up all of these ID theft problems by rushing to approve any and all credit without any checking of identity. They treat SSN like a kerberos ticket when it is barely even a good ID.

        Finkployd
    • irst you said:

      NOT, mind you, because dozens (hundreds? Impossible for me to find out) of companies consider my personal and financial information to be their intellectual property to be sold to other companies.

      Then you said:

      NOT, mind you, because these companies have basically no interest in protecting the data in that losing it does not hurt them any (maybe a token fine tops). So they don't encrypt it, lose backup tapes, let employees take it home on laptops, etc.

      If the data is their IP and source of incom
      • Except it does not work that way. The people who want this data (lenders, companies doing background checks, etc) need it to be valid and accurate. Nevermind that choicepoint has a history of screwing up and having inaccurate data, they are percieved as being the best and having the most (if not most accurate) data around, so that makes them useful. Those companies are not going to do their credit/background checks using data they got from a hackerz stolen ID website. The ID brokers have really nothing to f

  • I forsee a nice way for some money on the side (Score:5, Funny)

    by Opportunist (166417) on Thursday September 28 2006, @01:04PM (#16233331)
    1. Be another Antivir company.
    2. Buy CAI's package.
    3. Infect your machines with the latest trojans that NOBODY has any signatures or heuristics for.
    4. Profit.
    • 3. Infect your machines with the latest trojans that NOBODY has any signatures or heuristics for.
      And what's more 0-day than a brand new virus? I wonder if this could set off a new wave of virus writers, who aren't just doing it to be jerks or prove concepts. Ever see a pyromaniac shop for fire insurance?

  • It's gonna suck to be CA tech support (Score:3, Insightful)

    by rsilvergun (571051) on Thursday September 28 2006, @01:04PM (#16233351)
    the $1500 dollar waranty only kicks in if they can't remove the virus. And hell, what counts as 'removing' a virus anyway. Given that most viruses use random file names and sizes, and many periodically update themselves to change their signatures (becomming 'new' viruses in the process), good luck proving that the virus wasn't fully removed. But that won't prevent the techies from taking the heat from an asshat who thinks he's due $1500.

  • "benign Trojan" (Score:3, Insightful)

    by Trillan (597339) on Thursday September 28 2006, @01:05PM (#16233371) Homepage Journal
    Wikipedia calls a Trojan "a malicious program that is disguised as or embedded within legitimate software." Given that, something that the installer knows about and isn't malicious can't really be "a benign Trojan."
      • I used wikipedia only because it was the first online reference I checked, and it lines up with the classical definition.

        And at least spell wikipedia right if you expect to be taken as an authority on it.

  • My next full time job (Score:4, Funny)

    by pHZero (790342) on Thursday September 28 2006, @01:11PM (#16233481) Homepage
    1) Write one new virus a week 2) Infect my own PC 3) Collect weekly salary of $1500 (Profit!!!)
  • So, what this seems like is it lets you connect to your stolen computer to retrieve the files. A sort of hidden, unprotected FTP server on your computer. Couldn't this possibly be used by a hacker to steal your files remotely? How does the computer know it has been stolen, and how does it identify the rightful user? And how can you ensure that someone doesn't get your files before you do?

    Seems like a potentially dangerous utility, even worse than the Sony rootkit.
    • ``How does the computer know it has been stolen''

      I think that's the key. The program could be such that it will only let you retrieve and delete files once the computer has been reported stolen. Strong cryptography should be enough to prevent spoofing this. At least, I think that's how I would design it.

  • Identity theft payouts could be interesting (Score:5, Funny)

    by !IH (33751) on Thursday September 28 2006, @01:11PM (#16233487)
    "benefits if you catch a virus ($1,500) or get your identity stolen ($5,000).

    "Well, Mr. Smith, our records do show that this identity was proven to be stolen. Of course we paid out according to our warrenty. Our records show the $5,000 was paid out on X date. You didn't receive it? Well, we sent it to Y address. That's not you? Oh, it seems to have been paid to the wrong person, but unfortunately we can't do anything about that, as it appears you've been the victim of identity theft. Want to buy a warrenty to protect you against this in the future? No? Well, have a nice day.

  • If your laptop or personal computer (collectively "PC" and "PC's") fails due to a virus infection after the CA Anti-Virus 2007 software is properly installed and registered, you can receive up to $1,500.00 in technical service and hardware replacement under the limited warranty associated with the CA Anti-Virus 2007 software. Covered malfunctions include:
    * Your PC will not boot or start up; or
    * Your PC will boot and the hard drive is accessible, but the operating system is malfunctioning, causin

    • Also note "up to $1,500.00 in technical service and hardware replacement". That is no cash and at most 1500 USD.
    • Nothing in this warranty shall cause us to be liable in any way shape or form.
      We reserve the right to change the wording the moment you make a claim.
      We are an insurance company now, and boy are we gonna act like one !

  • You have to wonder... (Score:3, Insightful)

    by WhiteWolf666 (145211) <moornblade at gmail.com> on Thursday September 28 2006, @01:25PM (#16233717) Homepage Journal
    Why the *HELL* Microsoft doesn't offer Warranty protection like this.

    This is a great product, IMHO. This is CA putting their money where their mouth is. I don't know anything about their actual coding abilities, but I really like it from the actual business angle.

    As for me, I run OS X & Linux, and have not yet had the need for an anti-virus product, even though an up to date ClamAV does reside on my systems.
    • Why the *HELL* Microsoft doesn't offer Warranty protection like this.

      I'm going to go out on a limb and suggest that having the lion's share of the world's virus, trojan, spyware and other such crap being targetted at your system precludes such an option. (Reasons for this left as an exercise for the reader...)
    • Or perhaps one of these "Linux is soooooooo secure" people should back up their claims with a warranty.

  • Only works if... (Score:3, Interesting)

    by Apocalypse111 (597674) on Thursday September 28 2006, @01:31PM (#16233837) Journal
    ...it lets you retrieve or delete files from your stolen computer if it's ever connected again to the Internet.

    All potential security holes aside, this presumes that the thieves didn't replace your HD after stealing it, or reformat/reinstall. What would be more useful would be a call-home email to your addy that gives you an IP address, nslookup and tracert data, as well as any other information that can be used to track it back to a physical address. Maybe a keystroke log as well, and a list of recently opened files and visited URL's?
  • I actually worked for a start up that tried this years ago. The company has been dead for 2 years now, but evidence of it still lingers. Google combinations of "Promisemark", "Virus Protection Plan", "Identity Theft Protection Plan", etc...

  • Wagon WAY before the horse... (Score:3, Insightful)

    by Vexler (127353) on Thursday September 28 2006, @02:04PM (#16234607) Journal
    What CA is doing here is complete nonsense. Several problems spring to mind immediately:

    1) Identity theft involves a lot more than just the laptop sitting in front of a user. It involves the user's total awareness of unusual requests for personal information and commitment to protect that information. Social engineering, dumpster diving, and (certainly) user stupidity can all compromise the security of the data. CA will find a good chunk of its customers who were just careless about what they wrote down or told whom, and kick itself in the pants. You can't indemnify human failure.

    2) If the laptop is compromised by a virus that sends keystrokes to a Romanian website, CA will want forensic proof. It will have to see conclusive evidence that (a) its software worked correctly and was not subject to accidental or deliberate tampering by the user, (b) any personal information obtained in this manner was used intentionally to impersonate the user and cause harm, and of course (c) that the machine in question "failed" as a direct result of the virus (although to what extent "failed" covers is unclear). Just the resources necessary to conduct proper forensics alone is daunting enough, and $5000 for theft and $1500 for virus infection seems a pittance. It's a lose-lose proposition, and CA is trying to make it sound generous.

    3) The offer to encrypt or destroy data on any stolen laptop is laughably absurd, and serves no purpose except as a way to TRY and get the last laugh in. "So you took my laptop? Well, I'll just have to think of a REAL GOOD comebacker. Oh, I know. If you are stupid enough to connect it to the Internet, I can erase what you probably already got off the drive by then. Ha, ha." The machine is gone and at the mercy of the thief, and Josephine User is up the creek with no paddles.

    4) Most frustratingly, it is misleading for a technology company to offer services that distorts what "identity theft" really involves. You are not educating the user in the process except "If I lose my laptop I get $$$". You are not providing a truly comprehensive plan to combat this problem. All this "offer" does is to try and make money. Again, clever marketing does not make a bad idea into a good one.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.