Security Firms Fined Over Never-Ending Subscriptions

Barence writes "'Security firms Symantec and McAfee have both agreed to pay $375,000 to US authorities after they automatically renewed consumers' subscriptions without their consent.' The two companies were reported to the New York Attorney General after people complained that their credit cards were being charged without their consent. The investigators found that information about the auto-renewals was hidden at the bottom of long web pages or buried in the EULA."

Pathetic

[akanouras]

$375,000? That's petty change compared to how much they made out of it.

Re:

[Jaysyn]

No doubt. That is simply cost-of-business to those crap-peddlers.

If you buy from abusers, expect to be abused.

[Futurepower(R)]

If you agree with the those charges, then logically you should NEVER by something from Symantec and McAfee. If you do business with abusers, expect to be abused.

Re:If you buy from abusers, expect to be abused.

[MightyMartian]

I don't deal with either, not because of this, but because they're products suck. I use F-Prot nowadays, cheap and simple, with a dead-dog simple LAN client. I wouldn't install Symantec's garbage on my worst enemy's computer, because I'm a bastard, but not a cruel bastard.

Re:

[FishWithAHammer]

Symantec has actually improved a great deal over the last couple years. F-Prot is a lot better (I use Avast!, which is also pretty excellent), but Symantec isn't the complete shitpile it used to be.

Generally, I go by this rule of thumb: if it's branded under 'Norton', avoid; 'Symantec', at least evaluate.

Re:

[Dragonslicer]

Generally, I go by this rule of thumb: if it's branded under 'Norton', avoid; 'Symantec', at least evaluate.

Which is a real shame, because Norton was good before it became Symantec.

Re:

[pete6677]

This is pretty much what happens whenever a big software company buys a small one. All original staff are laid off, support fees are tripled, and development is handed over to an understaffed and underqualified "team". Management makes a bunch of promises for new features in the next product release, and it ends up being a huge stinking pile of crap. The large company continues to rake in ever-larger amounts of cash due to inertia.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[gnick]

This is unconscionable. AVG [avg.com] has also auto-renewed my subscription perpetually ever since I installed it. I want my bandwidth back!

Seriously though, "cost of business" is exactly right. If the return outweighs the risk*most-likely-consequence, no business would act ethically. It's like insurance companies randomly denying claims knowing that some denials will go unchallenged and they'll come out ahead. The punishment should outweigh the crime.

Re:

[jabithew]

Minor quibble; risk=outcome weighting*probability of outcome.

I'm pretty sure you understand this, but there may be others who don't.

E.g. there's a one in ten chance of losing $100, there's a 1/100 chance of losing $1000. Your total risk is your expected outcome, which is (0.1*$100)+(0.01*1000)=$20. So if you can make $40 profit (say) with estimated risk of $20 then you expect to profit (expected income>risk).

Re:Pathetic

[lavacano201014]

They still have a free version [avg.com] but they just don't advertise it.

Re:

[Arthur Grumbine]

They still have a free version [avg.com] but they just don't advertise it.

That's right, they've outsourced their advertising to WHOOSH, a small, but persistently oblivious content-writing firm with members all over the world, most commonly found posting in this thread.

Re:

[Volante3192]

Whoosh. (The link was to the free AVG version.)

Re:Pathetic

[ObsessiveMathsFreak]

In the past, when an aristocrat or lord committed a crime against a lesser citizen, they were not held to account in the same way as an ordinary man would. Instead of summary justice, they needed only to pay a small fine or make some other slight amends. This included crimes such as aggravated assault and murder.

Our society is not so different.

Re:Pathetic

[oakgrove]

However, this is good news in that despite the EULA containing info about the auto-renewal, that wasn't enough to justify the practise. Further proof that, in the eyes of the law, the EULA is anything but iron-clad.

Re:

[NovaHorizon]

that was the first thought that ran through my mind when I read the summary..

Re:

[Samah]

...and yet Jamster et. al get away with their scams because the "SMS STOP" etc. is in 4pt font at the bottom of your screen and is only visible for about 2 seconds.
Some of the recent adverts I've seen they actually "say" it now. "3 year subscription service, $10 per week". Yes I'm serious, they rip you off ~$1500 if you're stupid enough to fall for it (or even use those services), in which case you shouldn't even have a mobile phone. :)

Re:

[mpe]

$375,000? That's petty change compared to how much they made out of it.

Exactly, should not this fine be in addition to repaying all the disputed amounts?

Humph...

[fuzzyfuzzyfungus]

Anybody who is Anti-Symantec is objectively Pro-Virus.

Re:Humph...

[sakdoctor]

Synamic products = Virus
Anti-Synantec = Anti-Virus

Re:

[legirons]

Anybody who is Anti-Symantec is objectively Pro-Virus.

try buying a PC with kubuntu preloaded and having the vendor tell you you're an irresponsible fool for not buying Symantec or Mcaffee with it...

sadly, some government departments institutionalise this ("all PCs must have anti-virus") which led to a spate of pointless "virus scanner" programs for gnu/linux with virus-signatures from the 1980's.

ClamAV

[tepples]

sadly, some government departments institutionalise this ("all PCs must have anti-virus") which led to a spate of pointless "virus scanner" programs for gnu/linux with virus-signatures from the 1980's.

If mail is going through your Linux box, wouldn't you want to run ClamAV on the attachments?

Re:

[Thinboy00]

You sure about that? [untangle.com]

Re:

[petermgreen]

ClamAV has terrible detection rates
It's good enough that I have seen virtually no emailed viruses get into my mailbox since i set up clamav/procmail to route them to the bit bucket.

Re:

[jimbudncl]

Anybody who is anti-Semitic deserves to get a virus? I'm confused.

Re:

[Runaway1956]

The enterprise product from Symantec is great, from all accounts. What about their cheap junk? Resource hogging, ineffective crap, designed to make you feel good about giving away your money - and little else.

Install the consumer version of Symantec's internet safety suite, then go looking at bad sites. Then come back and tell us how great Symantec is. I have watched Symantec products self destruct when they come face to face with some of the really bad infections.

Keep in mind that the same is true of mo

Re:

[Alethes]

Isn't that the same thing? :)

Fine

[Hatta]

Security firms Symantec and McAfee have both agreed to pay $375,000 to US authorities

And how much are they going to pay to the people they defrauded?

Re:

[Random2]

Were the people technically defrauded? They did agree to the service via EULA after all...

Re:Fine

[TheRealMindChild]

I'm sorry. While I agree that reading a contract of any merit is important before agreeing to it, some EULA's are DOZENS of pages. I have two colleagues who's whole job is solely to read and interpret EULA's for software that has potential of being purchased. Combine these two things, with the affirmation that you can screw end users by hiding fees in the EULA and you are asking for absolute disaster. It shouldn't be allowed at all.

EULA not binding

[Comboman]

In a court of law, clicking OK on a EULA does not carry the same weight as signing a contract.

Re:

[tsstahl]

Hmm, there is case law contradicting your statement.

Re:EULA not binding

[Anonymous Coward]

Hmm, there is no case law contradicting his statement.

see how easy that is without proof?

Re:

[Fulcrum of Evil]

so post a link, why don't you?

Re:

[TheLink]

So why were those firms fined?

Re:Fine

[snowraver1]

It's hard to say. As gets brought up on /. quite frequently, EULAs have never really been tested in court. I personally feel that they should be unenforcable because no one reads them, and they are too complicated for the average person. If they are enforceable, it makes it too easy for entities to slip in one-sided terms.

As a consumer, I would expect that any rebill stuff should be clearly presented to the customer to prevent any confusion, at the time of checkout. It should be in bold, and might include a checkbox to check representing that you understand that this will be rebilled.

I feel that at best, it was underhanded and deceiving, and at worst downright fraudulant.

Re:Fine

[TheRealMindChild]

What is really sad is the increasing trend of LEGAL business models being dependent on misleading the customers.

You ever see that crap on TV "Try your free sample now! 30 day sample, FREE!!!". They tell you to verify you are over 18, you need a credit card. What they don't tell you, and what most people find out the hard way, is tucked away in your free samples informational booklet that you will never read is that when you ordered this free sample, you agreed to a monthly, recurring renewal of this product.

Ever want to try out a gym like Bally's? You know, where they offer you an introductory rate at almost nothing for a month? Yeah, about that. If you don't pay attention, then you forfeit your trial status if you don't appear at the gym something like 5x a week for that month, or you automatically become a "standard member" with all fee's and penalties applicable.

Ever seen a Cici's pizza, where they advertise their buffet for "Five Dollars and some change"? That is actually $5.99, without a drink, and if you are using anything but cash, you get nailed by a $1 "fee" for using their debit/credit machine. By the time you figure this out, you already have your family at the register, ready to eat. A little hard to back out then.

Some of these are more obvious than others, but the point is, we gave them an inch, and they took more than a mile. It is total bullshit and it is only getting worse.

Re:

[The_mad_linguist]

Must be just your Cici's - the one near me doesn't charge a fee for credit cards.

Re:

[Culture20]

Is it even legal to charge a fee for credit-card use? Debit-card, maybe (like a withdrawal from an ATM).

Re:

[Lost Engineer]

Oh yeah it is. It's usually against the merchant agreement with the CC companies, but it's not illegal in the sense that theft is illegal, and it's pretty commonly done. Seems fair to me , too. It's a cost of doing business that, in part, lines my pockets when I use a CC. As long as they're upfront about it I don't mind.

Re:

[Grimbleton]

Yes, how dare the customer pay for the transaction fees in a transaction they start.

Re:

[WNight]

Great. I generally dislike Visa and your action will force them to remove the machine or otherwise punish the merchant, thus encouraging adoption of other payment methods (or at least keeping cash viable). In the end it'll hurt only Visa, MC, etc.

Maybe, maybe not

[KingAlanI]

It may or may not be illegal, but I suspect it goes against the contracts with the credit card companies in some form.

Cici's pizza food sucks and they are brakeing the

[Joe The Dragon]

Cici's pizza food sucks and they are braking the CC rules with that $1 fee

Credit card fee$

[KingAlanI]

I can't comment on the quality of Cici's food, but I must say that $1 goes overboard. PayPal would ding me for 47 cents on a $5.99 payment [$0.30 plus (2.9% * payment_size)], and a large business probably gets better rates. [Paypal almost certainly has the leverage to be paying much less than 2.9%, that's where their profit comes from. :)]

So while I approve of (in principle) extending the credit card charge to customers *, Cici's is definitely ripping people off with the amount of the charge.

*
Hiding costs l

Re:

[VGPowerlord]

IANAL

If they are enforceable, it makes it too easy for entities to slip in one-sided terms.

All terms in a EULA are one-sided, as US Copyright law already gives you all the rights you need to install it. Title 17 117 [copyright.gov] a 1 specifically.

Re:

[dissy]

Just create your own EULA on your PC, and at the top in cap letters be sure to type "By allowing your companies software to be installed on this computer, you agree to this ECLA, and any/all updates made in the future" then just email a copy to the company you got the software from.

ECLA = End company license agreement.

Should be equally as legally sound, since all the agreement terms are the same (You don't have to do anything to agree, nor read or understand it)

Or for companies who think clicking OK is agr

Re:

[snowraver1]

I feel the GPL is a good example of what an EULA should be. A standardized license agreement. If you understand the agreement, than you don't have to read every GPL agreement, because they are all the same. It is reasonable to expect the consumer to understand one/two documents about software usage, but to have them read/understand a different EULA for each and every piece of software (and then read them again when they change) is unreasonable.

Re:

[JesseMcDonald]

I feel the GPL is a good example of what an EULA should be.

Great. Except that the GPL isn't an EULA. It's a distribution license, and explicitly does not apply to end-users.

Still, standardized write-once-sign-many contracts would indeed be a significant improvement.

Re:Fine

[david_thornley]

Precisely where it is now.

The typical EULA either denies certain rights to the user, or requires the user to do something, or establishes a potentially unwanted continuing obligation. Since the user is giving something up, this requires some sort of contract. Whether, and under what conditions, a EULA constitutes a valid contract is still heavily debated, and will be until either Congress does something about it (most EULAs cross state boundaries), or there's enough generally accepted case law.

The GPL does not deny you any rights you already had, or obligate you to do something. It establishes conditions on how you can do certain things that would otherwise be illegal. The user is giving nothing up, but if the user wants to do something beyond use the software, the user must comply with the license. This does not require any sort of contract.

Re:

[rdnetto]

most EULAs cross national boundaries

There, fixed that for you.

Oblig XKCD

[Falconhell]

http://xkcd.com/501/ [xkcd.com]

Re:Fine

[Hope Thelps]

Were the people technically defrauded? They did agree to the service via EULA after all...

That's the nature of fraud. Theft is when you take something that belongs to someone else without their permission. Fraud is when you trick someone into agreeing that you can have something. Some cases are very clear cut when the poor frail old lady is tricked into signing away everything she had, some are more mundane like this. There are a LOT of grey areas but getting someone to 'agree' to terms they haven't read or haven't understood is a common tool of fraud.

Re:

[osgeek]

Yeah, and if the EULA had some obscure legalese stating that the people were signing giving their homes to Symantec, would that be okay?

EULAs that try to enforce recurring payments when you're just buying desktop utility software are a bit of a surprise. Judges don't like corporations that hide surprises for consumers in their legalese. You shouldn't either. The more companies get away with burying surprises in their EULAs, the more commonplace it will be. You don't want to be pitted against a team of c

Re:

[JesseMcDonald]

Judges don't like corporations that hide surprises for consumers in their legalese.

I don't blame them. Nevertheless, which side wins a lawsuit shouldn't have anything to do with how much the judge may or may not like them. I have my own doubts about EULAs*, but users should not assert that they have read and understood and agree with a license without actually reading and understanding its terms. Blind agreement is what got us into this mess in the first place; if people would simply refuse to agree to licenses too long and/or too complicated for them to understand, companies would be for

Re:

[osgeek]

Um, by "like", I meant in the "judges don't like things that aren't legal" sense.

Anyhow... someone reads EULAs? You've already paid for the software before you even loaded it to be able to read the EULA. It's too late for them to make unreasonable demands that you have to comply to; hence the reason that the DA went after them and they folded. They knew that they didn't want to try to push this crap past a judge.

Re:

[harlows_monkeys]

They got in trouble because it wasn't readily apparent that customers would were buying a recurring subscription.

Where I work, we too sell a subscription service, but we make it obvious. I just went to our page, hit the "buy now" link, and here's what we show. There is a section with four offers, and radio buttons to select which offer you want. The row for each offer has the price on the left, next to the radio button. In the middle column of each row, it describes what you get and how it bills. The right

Re:Fine

[hurfy]

Don't rely on the CC expiring. Sony managed to bill my expired Visa debit card for a Stars Wars subscription once. Turbine didn't for similar services. Not sure how that works but naturally i would have wanted it to be the opposite :( Got the bank to reverse after convincing them they couldn't explain it to my satisfaction why they let them bill an expired card.

Back on topic...

yup, that is barely a blip as a cost of doing business for them i am sure. Millions in subs vs $375k in fines is probably only a percent or 2. I don't see that they agreed to stop, nor any of the other bazillion companies doing the same. Just a feel-good deal for an Attorney General while the companies rewrite a couple lines of the EULA in CAPS....

Re:

[mybecq]

Sony managed to bill my expired Visa debit card for a Stars Wars subscription once. Turbine didn't for similar services. Not sure how that works ...

They process your credit card without sending the expiration date. The bank determines if they consider this an acceptable transaction or not.

Subscription services and auto-renewal are new?

[djh101010]

You know, I can't think of a single subscription service I have that _doesn't_ auto-renew. In fact, I would be quite annoyed if I had to explicitly tell them "Yes, please, I want the Internet / satellite TV / newspaper tomorrow as well".

Is there anyone surprised that if you sign up for a subscription, that it keeps going?

Re:Subscription services and auto-renewal are new?

[John3]

I get periodic statements for my newspaper and cable/TV/phone subscriptions. Generally speaking those subscriptions are month-to-month. If I don't send a check, the newspaper stops. These folks do offer automatic billing to your credit card, but the ones I have seen are VERY clear about this offer. They don't bury the renewal option in the fine print.

A better example to the anti-virus subscription is a magazine subscription. You know up front that you are signing up for a one year, two year, or some other subscription time period. As that time period nears an end (usually much sooner) you start to receive notices that you should renew. Even if you paid the initial subscription with a credit card, they don't automatically renew with that card.

Re:

[mlong]

A better example to the anti-virus subscription is a magazine subscription. You know up front that you are signing up for a one year, two year, or some other subscription time period. As that time period nears an end (usually much sooner) you start to receive notices that you should renew. Even if you paid the initial subscription with a credit card, they don't automatically renew with that card.

Well you are wrong there...there are a lot of magazines that automatically renew/bill your credit card without

Re:

[John3]

Guess we have different tastes in magazines. About the only time I've seen automatic renewal has been via the magazine clearinghouse and prize companies. My in-laws got suckered into one of those scams, took a month to get it straightened out. Meanwhile, my wife and I have about a dozen subscriptions that we've renewed manually every two years for the past twenty-five years at my home. None have ever charged my card until I manually renewed.

Re:

[John3]

Actually, I call them checks, but they go through via online banking EFT. Old terminology, sorry.

Re:Subscription services and auto-renewal are new?

[atfrase]

You know, I can't think of a single subscription service I have that _doesn't_ auto-renew. In fact, I would be quite annoyed if I had to explicitly tell them "Yes, please, I want the Internet / satellite TV / newspaper tomorrow as well".

Is there anyone surprised that if you sign up for a subscription, that it keeps going?

I think part of the problem is that a lot of people still don't think of computer security in general, and virus/malware/etc protection in particular, as an ongoing necessity. People's computers slow down, crash, display popups or whatever, they go out and buy some product to "fix it", and think of it as a one-time deal. They don't think of it as a "subscription" and don't expect to have to renew it.

Only if it's made clear it's a subscription.

[maillemaker]

A newspaper is not a self-renewing subscription. I'm sending a check for X dollars for X issues, after which they send me a bill and I pay for another X issues.

When people buy a piece of software, they expect they bought a piece of software. If it has an auto-renewing maintenance subscription, this should be very clear, not buried deep in a EULA as the summary states.

Re:

[Kabuthunk]

Man, sucks to be wherever you live. Myself, the only things that auto-renew are kinda needed to not die, and our internet. Rent, and electricity. Both kinda needed in winter to avoid death. And for rent I have to sign a paper every time it increases or it won't auto-renew anyway. And the internet, I simply chose that option, but certainly had the option to manually pay yearly/monthly/whatever. It was not forced on me. Same goes for electricity... it's automatic because I chose it to be.

Car insurance?

Re:

[SecurityGuy]

Ya know, the term usually isn't one day. I don't mind so much saying "Yes, I'd like all that THIS year, too." Even an auto-renew option is fine. Just not buried in the legalese that as a practical matter, anyone who isn't hopelessly naive or completely full of crap knows nobody reads. At least nobody that's not paid to (and yes, I do, when I'm paid to).

Now that I think about it, the dead-tree magazines I subscribe to stop coming if I don't say I still want them.

Re:

[QuantumRiff]

If you buy a 1 year subscription to your magazine, and they roll around and just charge you for year two, and keep going, you would probably be upset. Symantec isn't doing a "subscription", they are doing a "1 year of updates".

Sting those bastards with a charge back

[sakdoctor]

It's not immediately clear if the companies will be governed by the same rules in the UK.

The charge-back form from your bank, will most likely have this scenario as one of the generic reasons for issuing a charge back.
I caught sneaky virgin media dipping in for an extra month (before they turned super evil), but the money was back in my account within a few weeks.

They'll get a charge back fee for sure; though the companies size probably makes them immune from having their card processing facility revoked, for excessive charge backs. Shame.

Re:Sting those bastards with a charge back

[bcrowell]

Charge-backs aren't always that easy to do. I had one that I thought was super-straightforward (merchant charged me twice in a row for the same thing, and wouldn't communicate with me about the problem), but the cc company wouldn't do the chargeback because my evidence didn't convince them.

If you've got a recurring charge that you want to cancel, and you have a feeling that the company might be sleazy about it, the simplest thing to do is just cancel the cc number associated with the periodic billing, and have your cc company set you up with a new card and a new number. Same thing you'd do for any other kind of fraud, such as identity theft. If you have other recurring payments on that card, you do have to change them to the new number, but that's probably less than half an hour of work if you don't have too many of them -- that's a lot less than the amount of time you could spend banging your head against the wall trying to deal with the dishonest company that's the source of the problem.

Trying the charge-back can't hurt, of course. If the merchant is both small and sleazy, it might actually have a significant effect on them. If there are enough charge-backs, the cc company will shift them to a higher-risk category (which costs the merchant money).

The sleaziest example of abusive recurring charges I ever had to deal with was with the company that was providing me with a merchant credit card account. I canceled the account, but then a year later their charges mysteriously started showing up on my monthly cc bill again. Getting a new account number was my cc company's suggestion. Worked great.

Rebills?

[basementman]

I wonder if this means they will also begin cracking down on people promoting rebills (crap online products that start with an initial buy in price of $2 but then charge you another $60 after a month). Which they try to claim they're legal because they bury it 4 pages in on the Terms and Conditions page which is link to in fine print on the bottom of the sales page.

Could also be filed under

[Presto Vivace]

dept. of defective business models. Also the customer relations from hell.

Malware

[Mr_eX9]

Antivirus companies: The world's only legitimate malware vendors.

Re:

[kimvette]

Windows Me and Windows Vista are also considered malware by many users so I think Microsoft would qualify there as well! ;)

Do I get some of that fine money?

[charleste]

<rant>About two years ago, I noticed this after I actually went to their website AND called to cancel prior to renewal. It still renewed, and the "customer service" rep had the balls to tell me that they couldn't refund my money when I called about it. I took that one as far up the food chain as I could - including writing an email to the president or whatever, and got the "immediate" response that they wouldn't auto-renew NEXT time. It took approximately 3 months to get my money back. ONLY because I had documented my cancellation with workers numbers and crap. I figure they owe me about $600 in time. </rant>

Re:

[Swanktastic]

One nice thing about credit cards- they are not really that picky about disputing payments. They don't exactly go out of their way to promote the service, though.

Re:

[kybred]

One nice thing about credit cards- they are not really that picky about disputing payments. They don't exactly go out of their way to promote the service, though.

I like the 'one-time' credit cards that you can use online. You specify the amount and expiration for them, but you can go in and cancel them as soon as the initial payment has gone through. So when they try to 'renew' for you the charge won't be accepted.

Re:Do I get some of that fine money?

[JSBiff]

I find it very. . . interesting, that on the McAfee website, you can turn ON the auto-renew yourself through the account management, but to get it turned OFF, you have to contact their customer service reps. What kind of BS is that? I'm getting my parents away from McAfee, and I myself left McAfee a couple years back. They used to be a good company to deal with. Now, I just don't trust them anymore. Setting up your website like that just screams out to me that they are trying to make it as hard as possible for people to get out of the auto-renew.

Re:

[WiiVault]

Which AV company was it?

Re:

[Piranhaa]

GoDaddy did something to me a few years back.

I ordered a domain for my friend with the +$30 Google advertising crap. I don't remember whether I chose if it should auto renew, or whether it's enabled by default.

So anyways, half way into it, I cancel the domain auto renewal. You'd think that everything would be fine and dandy, right? WRONG. After the domain expired, I noticed a weird charge on my credit card. I called GoDaddy up and the rep said "There is NO way to refund this charge." She didn't realize how

rtfeula tag?

[system1111]

Really??? Something such as auto-renewal charging is not EULA material. Most users have been brainwashed into clicking yes through these things. Sounds like I should make 40 page EULA on my next app that states "LULz if accepted you agree to the additional BS fee of 1 million dollars". I don't see why they couldn't do anything as mentioned here as per magazine/utilities models. (Yes utilities have auto renew but all that I've come across force you to sign up and hit at least 3 "Are you sure you want to tur

Re:

[Cheech Wizard]

PC Pitstop included a clause in one of its EULAs that promised anyone who read it, a "consideration" including money if they sent a note to an email address listed in the EULA. After four months and more than 3,000 downloads, one person finally wrote in. That person, by the way, got a check for $1,000 proving, at least for one person, that it really does pay to read EULAs.

http://www.pcpitstop.com/spycheck/eula.asp [pcpitstop.com]

But read that EULA first

[TheLink]

The EULA said "_may_ include financial compensation" (emphasis mine) if you send an email to consideration@pcpitstop.com and it didn't even say how much, or what the terms were.

The sort of people who bother to read the EULA are also more likely to think "hmm yet more email address harvesting, fuck that." when they read that.

FWIW, Professor Charles C. Soludo in Nigeria also said you may get financial compensation if you send an email to him.

retunds?

[n30na]

Customers will also be allowed to apply for refunds for up to 60 days after being charged.

Law enforcement

[FlyingBishop]

It's getting to the point where law enforcement really needs to handle PC security. We have strict laws on what a car needs to go on the road, we really need equivalent rules about what a PC needs to connect to the Internet. I'd put something like Symantec or Mcafee as the equivalent of auto insurance, in terms of the damage it prevents to other computers on the internet. And like auto insurance, it needs to be mandatory (in addition to keeping things up to date against security threats, much like cars must

Re:

[zippthorne]

Car insurance costs less if you have a car that statistically is less likely to get in an accident and cause costly damage, or you yourself are less likely to do so, based on a few metrics.

Where's your equivalent functionality in antivirus?

Re:

[FudRucker]

even better would be to make OSs impervious to viruses & malware, and if the OS does not pass it is not legal to sell, or download or even be run on a networked PC (you hear that microsoft?) your OS would be deemed illegal because it is a vulnerable piece of crap, the only OSs that would pass today would be the BSDs'/Linuxes & Solaris

Re:

[Khyber]

"whereas an 'unsafe' computer isn't going to kill anyone."

You didn't pay attention to the story a few years back where a group of researchers pretty much found out they could hack into and take control of a nuclear reactor from the outside relatively easily?

OHAI, I'm just gong to shut off all of your cooling towers, nao. This is what you get for not securing your computers and ensuring they are 'safe!'

*KABOOM*

Ah yes...

[binaryseraph]

Nothing like taking pages from the porno industry M.O. Beautiful.

Home users shouldn't pay for Antivirus

[pdragon04]

I run my own home computer repair company (but don't have enough bandwidth to post my URL here). I give all my customers the free versions of AVG, Avast, or Clamwin, depending on their needs/preferences. Usually throw on Spybot and show them how to use the Immunize feature as well. My advice to them is to never, EVER pay for Antivirus/Antispyware software ever again. It's doesn't prevent infections and they end up just having to pay someone to fix it for them anyway. The free stuff is plenty good enough for notifying them when an infection has occurred. My customers thank me for my honesty, for saving them money, and I get plenty more business than I ever would shelling out subscriptions to crap like this.

Read the fine print. . .

[JSBiff]

Those "Free" versions (AVG, Avast, maybe others) are often restricted in the fine print so that you can do no commercial activity whatsoever on your computer. It's ambiguously enough stated that even just using a remote access program to access your computer at your job to do work from home might be violating the EULA. Granted, it's not likely that they'll actually catch you, but the point still remains that if you do anything that might be construed as generating income now or in the future, you might be a fly in their web.

Not an issue as much with ClamWin, but ClamWin has no real-time scanner, which despite the parent post's assertion, do sometimes stop infections before they happen (not always, it's true, but enough of the time that it's definitely worth having anti-virus software of some sort). The On-access scanner isn't *required*, but most users will not remember to manually scan stuff 100 percent of the time. The On-access scanners, will provide much more consistent protection against infection than a manual scanner, for most users.

Personally, I've been using the AVG Free edition, and if I need to upgrade to a 'commercial use' license in the future, AVG seems to have slightly better prices than most of the others out there.

Re:

[pdragon04]

Like I said, I service home users. I tell my users the limits to the free use and explicitly state on my website where I have links to download this software that it is free ONLY for personal home use. And for an example where I advise Clamwin for home use is mostly for gaming systems or situations where they need more performance from their computer than a typical user. Most people that are in that class of user are very receptive to additional advice and I set them up with Firefox. I install the plugins

Re:

[ACMENEWSLLC]

This is something that should seriously be open sourced. Sure, there are open source projects out there, but they are poorly updated.

Of all the work done on all the open source projects, it would be nice to see this going. Once you get the engine working, I'm sure there are enough viruses which the community would submit.

For the record, I do use Clamwin among others. I am aware the parent company that recently bought ClamAV is working on a real time scanner. And also that it misses things that my Nod3

Uh huh...

[interval1066]

I hate to be an "I told you so..."

No I don't. I told all my family and friends, geek and non-geek alike, to opt-out of bundleware, especially Symantec and MacAfee. There are a number of free offerings out there that are less annoying, just as or more effective, and by that are less likely to steal from you.

Free Alternatives

[the_denman]

There are plenty of free alternatives out there, I personally prefer AVG. Here [upeke.net] is an article laying the free options out for you.

Standard here in NL

[tsa]

Here in the Netherlands automatic renewal of subscriptions to anything is standard. You have to call or write to the organization to stop your subscription by the next renewal period. This is extremely annoying and tedious of course. I'm so glad I have an American provider for my websites and email! Every year I get an email from them, in which they ask me in a friendly way to renew my subscription. That's the way I like it!

Re:

[n30na]

Are you saying you read the EULA for every piece of software you use? For most of us with jobs and limited time, that's not a reasonable reality.

Re:

[kimvette]

I amend each one with a post-it note now, just as you would amend a two-sided contract, sign it, and send it back and if they counter-sign they accept the modified terms (such as you would on a commercial lease). I modify the terms ("right of first sale applies to this product") and click Accept/Yes, and they accept that amendment by proceeding with the installation. I got this idea here on /.

Re:

[relguj9]

FALSE - My Xbox live account does not auto-renew. I only know it expired when I can't login to ranked Halo 3 games anymore because it says my account is invalid.