General discussion

Locked

Clueless

By DracNoc ·
Tags: Off Topic
blog root

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

webroot.com scare-mongering? maybe.... maybe not.

by DracNoc In reply to Clueless

Apparently, I've got spyware. <br /><br />Now, we've all seen the adverts on websites

"Spyware was found on your computer! Click here!"

or, if you've ever bothered to read those unsolicited messages zipping across the 'net:

"STOP! Windows has found 55 critical errors on your system! Go to www.con-me.com and download now!"

Blah, blah, blah. Seen it all. <br /><br />Yesterday though, I got one from a legitimate company - and I don't think they know they'e doing it.

webroot.com are offering a free spyware sweep on your system. All you have to do it to download a small piece of software and click on the "Get Results" button from the download site when it's done. Anyone can do this, here's the link<br /><a href="http://www.webroot.com/services/entaudit/auditbegin.php"><br />www.webroot.com/services/entaudit/auditbegin.php</a>

<br /><br />This is where the problems began for me. It's a Windows download, not the best thing for a Linux box, so I decided to not bother, but the "Get Results" box was still looking at me. With it's bright orange sheen and cheerful curves it tempted me into clicking..... and I was a little surprised.

Apparently, I have spyware. It's only on "low", but "Spyware was found within your Enterprise" was a little surprising. <br /><br />I haven't got all the certs to make me an IT pro, and you won't find a Cisco cert hanging up on my office wall, but I know that don't make for an accurate result on ANY computer. I've emailed webroot.com for a possible explanation as to why this happens. Hopefully, it's a minor oversight which will be easily corrected. <br /><br />I'm just glad I'm not a company boss who hasn't got a clue about computers, and would probably scream at the fact I've spent perfectly good money on a security package that now appears not to work!

If this is an example of bad design, then it's very bad. <br /><br />By being able to click the "Get Result" button and get a result without the need to run the software, I've shown that their own systems point out a method of getting spyware onto your system in the first instance - what our team call "blinkered selection". This is where someone will repeatedly do the same action to get a result, without regard to other consequences. In computer terms, this normally involves ageeing to the EULA without actually reading it. Did you check to see what else was installed along with the freeware? No? Didn't think so....

<br /><br />The webroot.com audit webpage shows exactly what can go wrong when basic checks are not put in place. In this instance, it doesn't even bother checking to see if the software was actually run. Next time you boot your computer, don't bother checking to see if your AV and firewall booted up with it..... yeah, seriously, like any of us are going to do that.

<br /><br />Hopefully webroot.com will get back to me with a good reason, but at the moment their exam paper is gonna get a big, fat, red "F" stamped on it. I'll keep you all posted.

Collapse -

webroot.com scare-mongering? maybe.... maybe not.

by DracNoc In reply to webroot.com scare-mongeri ...

OK, I got a reply back to day from webroot.com...<br /><br /><br />    "Thank you for bringing this item to our attention.  We rely on feedback
from our customers to improve our products and service. Thank you for
taking the time to share your findings with us."<br /><br /><br />Yep, that's it! I almost feel sorry for disturbing their coffee break on this little oversight. Mind you, the whole email reads like an automated response, so I suspect nobody in their Customer Service office actually lost any sleep on this.<br /><br />Like I said in my original blog, some people could see this test as a flaw in their security setup and make an expensive mistake. It's still there, I tried it about five minutes before writing this blog, so this hasn't improved - or do they want it to stay stagnant? Is this real proof that companies are misleading less-than-knowledgable users into believing their systems are infected? Personally, I don't think that is the case, but there's nothing there to prove they're innocent either. If this was a genuine mistake, then they've wasted five days to correct a relatively simple problem. This sort of thing can make or break the reputation of a company, I would have jumped on it within the first 24 hours.<br /><br /><br />So, their "F" grade had been changed to a "See Me After Class". <br />

Back to After Hours Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums