At this point I'm convinced that the entire antivirus industry is a scam scheme for the most part. They make everyone suffer for their own profit.
Users are scared into installing this crap and paying recurring payments for it, and then the performance of their computer goes to shit. Developers are given nightmares by having their software misdetected as a virus or broken by the antivirus changing the OS behavior in unexpected ways.
A while ago I caved in and purchased and installed Bitdefender, which I knew was all right.
It wasn't. I didn't renew the license and uninstalled it.
FFWD a couple years and my best friend upgrades his PC. Threadripper Zen 2, 128GB RAM, 2x NVME RAID 0 for the system, another NVME for stuff and HDDs for backups. System was incredibly sluggish and unresponsive and his extra NVME was sometimes dropping from the list of drives shown by explorer. Uninstalled his Bitdefender and all the issues disappeared.
It's just complete robbery at this point. Malwarebytes is a good product for example and Windows Defender is enough. But the best stuff is disabling all of these and just use script blockers and safe browsing practices and you get to keep all the processing power you paid for.
BitDefender is one of the bigger scams out there. I wholly believe that they operate based on a "blacklist everything first" policy, because that lets them tout their 99,99% detection rate.
I run a big open source project and the amount of people that complain to us about BitDefender deleting our software is staggering.
Ransomware is a real problem. I despise malware disguised as mainstream antivirus solutions, but we need to protect users from ransomware and that’s a tough problem. I am working in that space.
Ransomware is still malware IMO. Put the conflict of interest aside, if current approach to detect malware does not change, no matter how hard we try, we will still be one step behind.
If we can keep the system up to date, configure the user privileges to lowest possible and grant access only when necessary, take backups as frequently as possible, segregate sensitive networks and most importantly educate the users not to run programs from suspicious sources, most if not all ransomware incident will not happen at all.
The approach I am taking is background sync of all user-created data into git with automatic one-way replication not accessible through SMB. Git has plenty of tools to manage that and I simply automate all this without exposing the user to the commit process. That way I can just reimage the machine and replicate undamaged data back onto it. The problem is detecting data exfiltration and I don't have a solution for that yet.
You were probably right. But I got that from my interactions with one of the AV vendors over a decade ago. Since then, the only AV on my machine is Windows Defender. It's not because I need it or trust it, but rather it cannot be easily removed. I always disable it but it will become active might be after a major update, which was quite annoying.
You can disable with local group policy, in gpedit.msc which is the policy editor. Search for the exact path, it's just 5 clicks away, doesn't come back up.
At this point windows defender is the principal threat to the normal functioning of my computer. It takes 100% CPU frequently, blocks my own programs based on some obscure ML rules, it re-enables itself when you disable it. It is indistinguishable from a virus.
I have had the opposite experience. I've found windows defender to be basically the only AV you really need. I had a single occurrence where it flagged software I was writing as potentially malicious, but I was able to add an exception for my project and not think about it again. I've never noticed it clocking my CPU at any noticeable levels. For comparison, my work computer requires McAfee and at least once a day it clocks my CPU at 65% or more.
Windows Defender is the only antivirus I have used on my personal machines since it first launch and I have never had an issue, though I suspect most of my good fortune is good internet habits.
I wonder how much modern windows really requires an anti-virus. During the Windows XP days it felt vital, but since then it has felt more like something everyone just does out of caution.
A few months ago, I was playing with msfvenom and wanted to experiment with making a payload designed to bypass the antivirus of both Windows Defender and an antivirus that my work uses(with my boss's permission). I worked on it all day, but I could not get around internet-connected Windows Defender. Any time a port was bound or web connection was attempted, it shut me down.
It made way more impressed with Defender. I was always told it's inferior, but its sandboxing and heuristics scanning are quite good.
I've been relying exclusively on Windows Defender since before it was called Windows Defender. I view third-party antivirus software as pointless at best, and actively harmful at worst.
Not infrequently I have a client bring in a system without aftermarket antivirus that got hacked. It is ten times rarer that I get a hacked system with an aftermarket antivirus. I still recommend people use an aftermarket antivirus.
Regarding you being required to use McAfee, I've found it no better than Windows Defender, so I don't know why people pay for it. It doesn't even rate well in detection tests like av-test or av-comparatives.
I'm not making excuses for it, just trying to help. Try and infer what it's scanning. If you're coding, then that directory. If you're doing video editing, then that program. Set up exclusions for things that your PC should be doing.
Heuristics could be used to infer that stuff, so it's not ideal that we have to do it manually.
Oh I know what it is doing. My deployment mechanism on my home computers is that when it launches one of my apps, it checks first if there isn’t a new version stored on a private cloud repository, and if there is, downloads it, and runs it. The apps aren’t signed. And I am pretty sure that triggers defender’s malware downloading binaries from c&c network logic, so it randomly deletes the executable.
Also when I want to scan all the video files in a folder I run ffprobe hundreds of times pretty much in parallel and defender will want to inspect each instance of the same ffprobe exe independently, resulting in a 100% cpu usage and slow scan.
I solved the issue by defining folders exclusions but I don’t believe it can be scripted and it is a pain in the ass. All of the above is unwanted behaviour of an antivirus working against me.
Move most of the things(programs, data) on other drive and exclude whole drive.
EDIT: I have 4 drives on my C machine:
Every disk but C is excluded.
- C - as little stuff as possible, does not exclude
- D - programming and misc utilities (everything from browsers to total commander, editors, programming languges is here)
- E - Gaming
- F - network share - media
That said my primary workstation is linux, htat just backup/gaming/windows programming one
I don't think there is a concept of "main executable". There may be an executable that shows a GUI for the user, but most of the antivirus is probably implemented in the kernel, file system filter drivers, etc.
MsMpEng.exe is the core component, not sure if you can just delete it. There's group policy setting for disabling it (and corresponding registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware), but I think it only sticks in Enterprise versions.
Even then, I doubt it's statically linked into the kernel or any other core component. It still must be some kind of separate loadable module that would most probably be stored as a separate file.
You got downvoted for the overly simplistic reduction. But many of the new "features" of modern Windows are exactly what we used to call "spyware" and "adware" in the 2000s: Barely useful tools, if at all, that tried their best to promote other tools from the manufacturer, tried to dark-pattern their way out of being uninstalled and for which we had to use specialized tools for their detection & removal.
With that era acting as hindsight, and specially taking into account the anti-trust suit they lost for bundling IE, the fact that Windows ships with such software now feels like very lazy satire.
> At this point I'm convinced that the entire antivirus industry is a scam scheme for the most part.
I was always under the impression that Microsoft does not fix or is extremely slow at fixing particular virus-allowing bugs due to their business model of licensing access to system features, you have to access to be able to build an antivirus software.
I don't know Windows internals but I imagine that your usual game or text editor does not have and cannot gain access to kernel, bootloader etc, that AVs have.
I don't know much about more modern Windows, but I'm fairly certain that on XP and earlier anything that ran on behalf of the administrator (the only user on most home installations) could trivially load arbitrary code into the kernel. I'm not sure how UAC affects this on Vista and newer.
These days you need to have your kernel driver signed by Microsoft or edit your boot config options to put the machine in an insecure state mostly useful for testing. To get it signed you need to pass a basic test suite which MS provides (and can be gamed).
https://docs.microsoft.com/en-us/windows-hardware/drivers/in...
> These days you need to have your kernel driver signed by Microsoft
However, this is required only for a “proper” kernel driver specifically; kernel code execution can still be accomplished without any signing at all using /dev/kmem-like mechanisms, which Microsoft explicitly does not consider a bug[1].
> or edit your boot config options to put the machine in an insecure state mostly useful for testing.
Or fiddle with undocumented registry settings (used, among other things, to support upgrades from Windows 7 installations with unsigned drivers) and suppress signing checks for your driver even outside of testing mode[2].
> To get it signed you need to pass a basic test suite which MS provides [...].
You also need to register a business entity and cough up upwards of 300 USD/yr for a Microsoft-approved EV code signing cert[3] before that, which is the biggest hurdle for me at least.
I have to say, even if this new Microsoft is not the same as old Microsoft, it sure looks very similar from some angles.
Microsoft isn't slower at fixing security vulnerabilities than other OS vendors. It turns out identifying and fixing issues in a piece of software as large as an OS is hard.
Access to system features is not restricted by licensing, although I believe there is some source code which is licensed to AV vendors. Independent companies do write their own AVs without interacting with MS much at all besides some fairly basic driver signing processes which anyone who writes a kernel driver these days has to go through.
MS does not have unique business reasons for shipping insecure code, and ships an OS which is as secure as they come these days in the form of the xbox.
I used to work for an AV vendor and then the MS security team but now work for another OS vendor.
> I was always under the impression that Microsoft does not fix or is extremely slow at fixing particular virus-allowing bugs due to their business model of licensing access to system features, you have to access to be able to build an antivirus software.
That's bollocks. Unlike Apple which requires Apple's blessing ("entitlement") to access "sensitive" APIs or to load kernel-mode drivers (and is known to randomly grant or deny them), all you need for distribution of a Windows driver is an EV Code sign certificate (from Vista and above) and additionally from Windows 10 onwards to submit the binary to Microsoft for attestation (which likely means they'll run static analysis to check for malware and that's it).
It should not take an experienced programmer more than a couple of weeks to develop the kernel-mode interface of a basic anti-virus/firewall solution that monitors process, registry, file and network access and passes the data to an user-mode analyzer (the latter are the easiest, all you need there is a simple filter driver)... the stuff where it gets tricky is when AV vendors access internal kernel APIs and data structures to check for malware modifications to hide itself. Malware doesn't care much if Microsoft updates something it needs, but AV software should not break down after a kernel upgrade, which is why the stakes for AV vendors are so much higher.
What Microsoft does sell is access to the source code via the Shared Source program [2] - while there is no official program aimed at AV vendors, you can bet that there is a separate program available for the half-dozen major AV vendors there are.
As for "MS is so slow at fixing bugs": the one thing Microsoft cares and what guarantees it the money it makes is backwards compatibility and operating stability. You can take virtually all major Windows 95-era software and it will run unmodified on a modern Windows 10 machine, well over 25 years after its publication - a promise that the Linux kernel upholds but the userland (distributions) does not give a fuck about, and Apple doesn't care much about software written for obsolete platforms at all (see e.g. dropping Rosetta and 32-bit support after the last hardware based on them went obsolete). And unlike Apple, Microsoft has to check all updates in kernel and user land against a literal shitton of hardware combinations and software to make sure no bugs are introduced.
As a user, you can load a third-party kext on macOS without Apple's blessing, even on the M1, but you have to jump through a lot of hoops to do that. I'm not even sure the thing needs to be signed with a developer ID certificate, but that would probably reduce the number of warnings to click through.
Though Apple is now moving towards more of a microkernel architecture, where entire classes of what used to be kernel extensions are now userspace processes. VPN services, network filters/firewalls, some but not all device drivers, etc.
> As a user, you can load a third-party kext on macOS without Apple's blessing, even on the M1, but you have to jump through a lot of hoops to do that.
Agreed, but that's not a reasonable way to distribute any piece of software to an audience that's not a bunch of hardcore hackers. The easiest way for "old" Intel Macs is to install OpenCore which can inject kexts before the kernel even gets execution, but for M1 I'm completely lost.
It has been this way since the 90s, sadly. As a bonus you don't even need to be scared into installing it because it was already there when you bought your prebuilt PC. Instead you'll be scared into not removing it.
I really thought antivirus software was helpful and was naively reporting samples of malwares I found on my machine to one of the vendor I trusted. Things like that went on for years until one day I found something suspicious on my machine again: self-extracted other binaries, stealthily registered auto-start on boot, listening on some port, contacting some servers etc.. The most important thing was that I did not install it not it was a part of anything I accidentally installed. So I reported again and well to my surprise, they told me nah, it's not malicious. Huh? Their response raised a bigger question mark in my head as I already spent hours trying and managed to disable it from my system and I was pretty sure it actually was malicious. I wasn't sure what was going on then, so I replied that I was not comfortable with the sample, could you test again etc. without providing evidences I found deliberately. And the feedback from them was: we've tested it and it was not malicious.
Okay, so I was convinced that: either they were lousy enough and unable to figure out what was going on or it was created by them. The behaviors were so obvious and thus it's very unlikely the could not find it out, I was inclined to believe they were the one created it.
So I immediately uninstalled their products from all my machines and now the very first thing I do when I receive a new machine is to remove pre-installed antivirus software and disable the damn Windows Defender. M$ now makes it really hard to disable Windows Defender completely...
I agree it largely is a scam but I still find a few avs to be better than Windows Defender. Perhaps if more people did some real research, instead of asking their friend who has no better idea than they have, before purchasing, it would knock some of the bad apples off the tree and boost the better ones, hopefully encouraging them to get better.
Of course, the concept of av is flawed because it takes them a few days to get new signatures out. I'd like to see more avs implement whitelists.
At this point an AV with real-time scanning is only useful to a computer user who doesn't know or care about operational security and plugs in random flash drives (or) clicks on everything they see; And since they form the average customer profile of these AV makers they continue to thrive.
For the rest, AV software results in diminishing returns.
That could be a valid question, But I haven't used Windows for over a decade as the main OS but I presume there could be many who would click 'MakeMoneyFromCrypto.exe' on their flash drive without thinking where it came from twice.
Yet incidents of viruses/ransomware infecting PCs after clicking attachments/links exist so we need at least a purely functional (file/link in - risk guess out) antiviruses. I generally use VirusTotal but I it doesn't seem reasonable to use it for checking potentially confidential files.
Except when something says "please disable your antivirus before opening this", many people would gladly do so. IMO at this point, it's a social problem, not a technical one. People need to be taught about this stuff.
> Except when something says "please disable your antivirus before opening this", many people would gladly do so.
Unless you plug it right into your company e-mail server or just hide it well enough to keep vulnerably-unadvanced users away - e.g. my elderly mother would hardly disable her antivirus if that required editing the registry or entering a long terminal command.
> Norton Crypto is included as part of Norton 360 subscriptions. However, there are coin mining fees as well as transaction costs to transfer Ethereum.
The coin mining fee is currently 15% of the crypto allocated to the miner.
So I have to pay money to subscribe to mine Norton Crypto and then pay a mining fee on top of that? That's amazing. Are they going to partner with QuickBooks so that I can subscribe to that as well and for a low 15% transaction fee they'll handling filing the taxes for me?
If it's installed without warning, I'm sure you'll also get a lovely surprise on your electricity bill when it turns out your laptop has been mining crypto when you thought it was sleeping.
They're basically turning their installed user base into a botnet and charging customers money for the pleasure. I hope they get taken to court over it.
It is installed but not activated without warning AFAIK. According to https://support.norton.com/sp/en/us/home/current/solutions/v... the user must first agree to a Norton Crypto License and Services Agreement and then explicitly activate the miner before anything will happen.
It could be used for that obviously, though do we have any evidence? Who would the AV vendors sell the secrets to, and how? (I guess it's not a surprise I wouldn't be in those meetings, but you'd think there be a whistleblower somewhere?)
The feature that automatically submits samples for further analysis has been known to catch proprietary executable code, send it to the AV manufacturer's sandbox where it was promptly executed and leaked data from inside that infrastructure (MS), or give away some complex hacking campaign before the attackers have the chance to use the tools (Kaspersky).
I don't know why you didn't make any money from the SETI search. It worked out nice for me once I'd established contact; I'm now get 20 DogeCoin for every anal probe they administer.
It does remind me of the Shoe Event Horizon. Except, what we have constructed with Proof of Work is probably more like The Paperclip Game, at the end of this we will be converting matter to energy to coins.
Since China banned crypto mining is there a sort of accidental arms race to find which civilization depleds its energy resources? Let's see who gets burned first?
Nah I'm convinced that all the nations should get together, build a big quantum CPU and mine the rest of the bitcoin in one shot - that will help save the planet
Norton has outright been a malware company for a long time
I'd love to see the feds arrest a few people there and destroy the company.
Just remember. Don't ever hire someone with recent Norton experience I their resume. I'd sooner fill that gap in with the explanation that I was selling fentanyl laced products on the dark web
> Don't ever hire someone with recent Norton experience I their resume.
This is pretty ridiculous. I worked there and and there is much more going on internally than writing malware-like software. By the time I left they still had pretty decent engineers just trying to find a job in a better company, like me.
These sort of decisions don't come from Software Engineers and management there is known to be pretty shitty.
Also, it's not like they maliciously inserted this thing to mine crypto for Norton itself. Whatever your computer mines is yours (still a bad idea though IMO)
> it's not like they maliciously inserted this thing to mine crypto for Norton itself. Whatever your computer mines is yours
It says you're joined to a mining pool. Is this a Norton 360-only mining pool? If so, I'm guessing they have their own hardware participating in the pool as well. And if that's the case, you're helping them mine for blocks just as much as you're helping yourself. But they don't say that anywhere so who knows.
edit: and it also appears that they're taking 15% of whatever you mine.
So they've apparently:
* Set up a Norton-only pool
* Joined all their customers computers to it
* Collect 360 subscription fees to participate
* Collect 15% of everything their customers mine
* Participate in the pool themselves, further benefiting from their customers mining activity
And what happens to the unclaimed/unused wallets that they're holding for their oblivious customers in "the cloud"? If I cared enough about this to read the fine print I bet I'll find that they're reserving the right to empty those after a certain period of inactivity.
Users must explicitly agree to a Norton Crypto License and Services Agreement and activate mining before the software starts mining Ethereum. It is unlikely there would be any oblivious customers.
Bundling software like this is a malware move. I don't care if they give you the option to not install it, it's no better than the installers that add malware toolbars to your browser if you don't catch the 8th level of dropdowns you need to navigate to not install it.
When I install a pdf reader, I expect a pdf reader and nothing else. When I install anti virus software, that's the only thing I want.
This is key. I'm going to install Norton 360 on my other PC tonight and see what the process is. My concern is that they're counting on all of the senior citizens (I'm assuming that's their near exclusive user base at this point) who have been using Norton for years will accidentally install this thinking they're simply updating the program. The installation process will be very telling.
>and there is much more going on internally than writing malware-like software
that sentence doesn't exactly inspire confidence lol. So you're saying people are aware of the fact that they're partially writing malware like software and that's.. accepted? That's like an accounting firm saying "don't judge us like that, there's much more going on here than the money laundering"
I'm saying no such thing. What I am saying is that I find this 'we're just code monkeys, we don't enact policy' retort I see so frequently here incredibly annoying, because it acts like programmers are not human beings with agency in a market with typically extreme mobility.
If they're trying to leave and can't leave because nobody will hire them because they work(ed) somewhere bad (that's the original comment in this thread; never trusting a Norton employee's resume) and you're also criticising them for "choosing" to continue working there, what chance does that give them? That isn't having agency in a market.
If "the decision to work and continue working there" is a bad one, that makes the decision to leave a better decision, yes? And the person who makes such a decision, a better person. And if you want to hire people who have agency and act with integrity, someone who left Norton is a slightly higher signal than someone who never heard of Norton, isn't it?
You can't just keep repeating "saying no such thing" when you (they) are saying such a thing.
They joined in to a root comment reminding people to reject Norton employee resumes, by saying that Norton people who don't get other jobs are morally bad people and programmers are free agents who could get other jobs (by implication they would do so if they were morally good people). Under this worldview, leaving shows moral goodness so hiring them should be encouraged more than hiring a random person. Saying "nuh uh" isn't enough to wriggle out of it.
That's ridiculous. You also joined the discussion; by your own flawed logic, shouldn't we also determine everything everything you have said in this thread as being in support of the argument put forth in the root comment?
What specifically do you disagree with, or consider flawed logic, or ridiculous?
1. Pick a human at random, you have no information
about their character.
2. Hurting people is bad.
3. It is possible to unknowingly hurt people, which does
not reflect on moral character.
4. Learning that you are hurting people, and then continuing
to do so is morally bad.
5. Learning that you are hurting people, and then stopping
is morally better.
6. Therefore you have more information of good moral character
about someone who has learned that they are hurting people and stopped,
than about the unknown person in 1.
7. It is not reasonable to expect every job seeking person to know
about every company reputation, or the crypto miner management might
ask them to work on at some point in future.
8. Working at a company involves learning a lot more about what they do.
9. Learning that what they do is hurting people, and leaving,
is more evidence of moral goodness than you know about
an unknown random job applicant from an unknown previous employer.
Or, alternately if you don't disagree with any of those, perhaps you disagree with the idea that someone could work for Norton not knowing in advance they would be harming people, so that counts as morally bad. Then you either think "hire morally bad people" or you agree with the root claim "remember don't hire Norton programmers".
If so, then you disagree with the parent commenter's "everyone has the freedom to get another job" because if nobody should hire them, they don't have said freedom.
>Also, it's not like they maliciously inserted this thing to mine crypto for Norton itself.
No, but it is still malicious in the sense that it:
(1) does not inform the user or ask for consent
(2) seemingly does not offer an option to disable it
While I want to apply Occam's razor here, you'd have to assume all of the people that worked on this were negligent or unqualified... when sadly the more likely scenario is that these decisions were most likely intentional.
> (2) seemingly does not offer an option to disable it
Where do you see this? As far as I can tell, it is off by default, and the user must explicitly enable it (consent) to use the miner.
See e.g. https://support.norton.com/sp/en/us/home/current/solutions/v... which mentions a License and Services Agreement that must be accepted before the miner can be used at all, and clearly says the mining status can be toggled between Active and Paused.
>Just remember. Don't ever hire someone with recent Norton experience I their resume.
I completely understand this sentiment and why you're approaching it this way, but I have to ask - what if the person with recent Norton experience is trying to get away, or got away, from them because they share your views about Norton? Would you just throw away the resume without a second thought, or would you at least be open to hearing about their thoughts working there?
Norton Employee: "I strongly disagree with how Norton operates and the kind of software we are installing. I feel shame. Here's why I would be a strong candidate for your company."
You: "I'd rather not even hear about it. Get rekt."
I understand where you're going with this, and while I don't really "disagree", I think it's a bit of a stretch to go from Nuremberg justifications of murder to "installing some stuff that makes your computer slow because someone asked you to". Should "just following orders" fully absolve you of guilt, even on a small scale? No, definitely not, but I feel like the language you used is loaded.
Most engineers on HN aren't solely developing for non-profits and charities, we're writing software for for-profit entities, and most of the really big for-profit entities are pretty evil (e.g. Google, Facebook, Apple, Microsoft, etc). It's not unreasonable to condemn people for working for these companies, but I think it's important to put into perspective the scale and intent of most of the people working there.
It doesn't just make your computer slow, which is bad enough, it's actively stealing your electricity and converting it into their money. How can that possibly be justified?
It’s not justified, I don’t claim it is. It should be condemned, I just feel like the term “just following orders” has a bit of a loaded Nuremberg connotation to it.
I guess I’m accusing the parent comment of hyperbole more than being “wrong”.
"Just following orders" is a loaded expression. You're implying that they're committing genocide, when really all they're doing is helping some company make a product you don't think is particularly good. It's definitely not worth such harsh words.
I've never understood this argument. It is clear that nobody is implying a genocide is underway, they are simply alluding to an extreme example of ignoring or justifying negative actions, to show that each of us has agency and should be held to account for their actions.
I always think it's an interesting juxtaposition because although the actions (in this case working for an AV company) are always so far removed from the extreme example, so too are the repercussions.
The "just following orders" soldier, had he refused to carry out his orders, or attempted to flee, would have been shot in the back for desertion. The penalty for following orders, or not following orders, is the same: death (at least in the canonical example).
Whereas with the situation being discussed here, it results in what? Maybe holding out for another job.
In the extreme we expect people to pay the ultimate price to prevent atrocities, which should serve to remind us that, in the everyday, we should engage our moral compass, endure a small hardship, and through that hardship, prevent a small amount injury from being inflicted on the world.
From the first picture here[1] it says "Turn your PC's idle time into cash: show me how"
That appears to be opt-in. It's quite plausibly something people interested in crypto might actively want, namely a company they already do business with offering to make all the decisions about coins and wallets and stuff for a small fee. If a YC startup offered this, or it was added to the Dropbox client as an opt-in "let Dropbox make you some cash", people would love it. If Windows 11 or Edge included it, people would hate it. As an opt-in thing it's not a bad idea; not quit-your-job bad and certainly not "just following orders" Nazi trolling bad. It's Norton and AntiVirus's reputation which taint it.
"It is clear that nobody is implying a genocide is underway" - it at least implies that something strongly and obviously bad is underway that anyone with integrity should avoid. And that's not obviously the case either.
No, it absolutely does not imply committing genocide. It implies that following orders of a superior does not absolve you of guilt when committing any crime.
Even if this was not currently criminal, this behavior appears inexcusable. The software engineers building this software lacked the ethical stamina to stand up and say "no" to their masters. They deserve an equal share of the condemnation and consequences for their participation.
If I worked at Norton and this happened I'd be handing in my resignation on the same day because I wouldn't want to be associated with these practices and for anyone, including future employers, to assume that I was involved in them.
Or rather, I would if this wasn't mostly FUD and blown out of proportion. According to other comments it's entirely opt-in.
Talk is cheap on this. Pretty much every government on earth has committed at least one atrocity, and usually many. Would you condemn a public defender for working for the US government, because the US government murdered millions of Native Americans?
I mean, that's a valid enough position to have, but I don't feel like you have really thought it through.
Talk is cheap, but so is switching jobs. The broader you go on this the harder it is to avoid, I still pay my taxes even though my government does terrible things with the money, but I don't have much of a choice. I have refused job offers from companies that do things I don't like though because it's not really that much of a loss.
And I don't know what kind of standards public defenders in the US have, but over here it's common than an abuse of power by the police force is followed by a wave of resignations.
I think you're missing my point, I don't think I made it terribly well.
My point is that if we take a job like a public defender, I think most people agree that the action of what they're doing is a good thing. Providing representation to people who cannot afford a lawyer is (I think) nearly universally regarded as "good". However, they are paid by the US government, who has done its share of very evil things. Does that mean I should condemn a public defender because the entity that signs their paychecks does evil stuff?
Personally, I think the answer is "no". Any sufficiently large entity has its share of bullshit, and I personally do not think that every individual that has ever associated with that entity is guilty-by-association by working with them. You're welcome to disagree, of course, but I would be surprised if everyone you like passes your purity test then.
No, not everyone I like passes my purity test, you're right. I try not to judge them too much for it, they have their reasons (largely economical), and it's their call. I wouldn't do it, but I don't condemn them for it either – and I never said that I would. I merely stated my own stance on this, which is, as you say, cheap to have since I'm in a stable situation and the IT job market is abundant of well-paying jobs.
I see the point that you're getting at, and there's surely the line to be drawn here, and I think it's a question of scale – and the line is placed differently for each individual. I don't have absolutist views on this, and I probably wouldn't feel bad either, as a public defender in the example you bring up. I'd say public defenders are in the clear even if their state-employer also does bad things – since at least some of the things that they do are good and need to be done, like keeping people safe. I wouldn't say the same about Norton since they're one of many and if they went down tomorrow nothing much would really happen.
I don't think it's comparable to the IT industry though. Companies hugely care about their image, and poking holes in that image is an effective – or at least available – way to put pressure on them. Consider how much effort they're making to recruit people, and how heavily they rely on friends recommending their friends. "Your employees will leave and they'll discourage their friends from working with you" will work much better on a tech company than it would on a state that doesn't really compete with anyone else when it comes to public defense.
One's own conscience work similarly in this case. There's a long way to go from "I directly boost profits of a ruthless, replacable corporation" to the "I criticize the society and yet I participate in it" meme.
the job market (especially if you’re an engineer considering Norton) is so flush right now, you could choose a hundred other positions with similar workload and benefits. when you choose to work for a shitty company under such circumstances, it shows that you don’t care in the least for the other people with whom you coinhabit the planet. that’s antisocial behavior, and human society relies upon a certain amount of soft punishment for antisocial behaviors. yes: you should be thanking hiring managers who turn down candidates who have no regrets about past work at toxic companies, because those hiring managers are preserving our society at the margins.
The job market is still complicated and not that easy. I know quite a few people that ethically disagree with their job and have been trying to leave for over a year and the phone is just not ringing. So now they should just be banned from working anywhere else? What are the supposed to do? Quit and starve?
> you should be thanking hiring managers who turn down candidates who have no regrets about past work at toxic companies
"no regrets" is an important part of this. though it's not quite the precise word i'd like, since your friends could well not regret their choice to stay given the circumstances you outline. what i want is for our culture to fight against antisocial behavior: to encourage the everyday person to give sufficient weight to social impact when making decisions.
"sufficient" is subjective, so as a starting point replace that with "non-zero" and i think we come out ahead: the toxicly selfish (or socially ignorant) are encouraged to behave at least mildly pro-socially, and the friends you mention who tried to leave evidentially gave non-zero weight to their social impacts -- even if they failed -- and would pass such a test.
the world is gray and i don't want a purity test. but that's not a license to ignore our social responsibilities.
So a kid who got recruited out of college is somehow a bad person ?
No one is forcing you to install this stuff, I think Match is a horrible company which takes advantage of people, facilitates scams, on top of outright fraud .
I still recognize skill, if you told me you improved load times on Match.com by 60% I’d be very interested in hiring you. I wouldn’t personally work for any dating app or adult entertainment platform. But I have nothing against those who do.
Being recruited out of college (or not) doesn't really change anything in this equation. If ypu do something, find out that it's bad, and continue doing it anyway, then yes, you're being a bad person.
Can you seriously say that everything every company you've ever worked for aligns with your personal morality ?
Odds are no, I agree this is a disgusting tactic, but every company does bad things. If you work at say Starbucks, and some of the beans are being produced unethically, you're not a bad person for making lattes.
No, of course not. Personal responsibility is, well, personal. But even so, I fail to see how being freshly recruited out of college makes any difference.
There was some comment in Twitter along the lines of "I wouldn't hire anyone who had Coinbase in their resume". You could switch "Coinbase" for Meta, Palantir, Norton, or any other morally questionable company.
The fact is though that the easiest way for these companies to go bust is for them to lose all their competent employees. If someone working at Norton can't get a job anywhere else, no matter how good their qualifications, because they're on your blacklist, they're going to stick with Norton. That keeps Norton alive.
It's much better to accept that people are fallible, they make mistakes, and sometimes you join a company in good faith only for management to pivot, or the company to get acquired and questionable judgements to be made. It's important that developers and other employees at these companies are given an off-ramp when they decide the paycheck is no longer worth it.
Anecdotal, a few years back I had the opportunity to interview an engineer. Their background was in web advertising. Regardless of what I feel about ads on the internet, the candidates technical background with respect to how they handle iframes inside of iframes many levels deep and how they inject code into the page was actually quite a fascinating conversation on the technical merit of it all.
I don't know – there are acceptable (if rare) reasons to work on Norton, but I can't think of any reason that selling fentanyl-laced products would be okay.
This is so absurdly disgusting, there's nothing more to it. The whole thing boggles my mind but the FAQ is just on another level, here's one example:
Q: Will I be able to adjust the settings thresholds, or will Norton decide that?
A: For now, Norton will manage the settings. We are continuing to build capabilities and could potentially make the settings adjustable for you in the future.
Like, I know ~1.5m people still pay for AOL [1] but this is criminal.
My neighbor still pays for AOL, and has an aol.com email address. I've tried to get her off of it, but she stays because I quit working on her Windows computer a few years ago (got rid of all mine, yay!), and for $5-10/mo, she has a person to call who will walk her through problems with her computer. Not just AOL problems, like with their browser (which she also still uses), but with any problems.
Even from a pro-crypto standpoint this offering is somewhat problematic:
> Once earned, they can track their earnings in their Norton Crypto Wallet, which is stored in the cloud so it cannot be lost due to hard drive failure.
So your "earnings", meager as they likely will be, aren't even properly given to you.
Not to mention it seems unlikely that a consumer-grade machine is going to earn enough from its share of mining to cover the energy costs. At this point you have to have some kind of extra-cheap energy source to be able to compete in mining. Although some people (e.g. me) have a flat-rate electricity bill with their apartment, so maybe some could take some advantage.
Can you transfer out the Ethereum in Ethereum? A lot of these hosted crypto wallets only let you convert it back to local currency. You can't spend it or trade it outside the corp that is holding it.
Important note, because it isn't immediately obvious: Norton is bundling an optional cryptocurrency miner that they are offering as a product. Nothing here indicates that Norton is surreptitiously adding cryptominer malware on their customers' machines (like one might assume reading the original thread.) Though they are taking a 15% cut for using their miner...[1]
is this the same way MS adds "optional" telemetry and other features, LinkedIn "optionally" adds me as a follower to everyone in my network and every website "optionally" adds me to receive all sales & marketing emails?
This is not satire. Norton actually thinks it is a good idea for anti-virus software to have a cryptocurrency miner installed too. whilst also taking a 15% mining fee off of the work!
This is beyond a scam at this point. Is that why closed-source anti-virus software is a scam as well since they can install any sort of malware when they want to or allow it to run without doing anything?
If this isn't insider hack, then someone high up in management signed off on it being a good idea. Utterly mind blowing. Guess they need to make money somehow.
Norton has been an "computer maintenance tools" package for ages. At the late 90's, people used to choose it because of the disk defrag, not the antivirus.
Is it opt-in, though? The twitter post said it’s impossible to disable and the FAQ literally does not have a single question on “how can I disable it?”.
The screenshots from [1] shows it saying "Turn your PC's idle time into cash. Show me how". Would that make sense if you had no choice in the matter? And on the second screenshot it has "Pause mining" button.
Considering they market it as "PC's idle time into cash", I don't think they're much interested in telling you that you're in fact burning through electricity to make Norton money.
Edit: It would actually be nice if the PSU (and all of the various subsystems, like the GPU) were required to measure the power usage and report it to the OS. I'm sure one of those ATX pins could be repurposed to include signalling, somehow.
I'm surprised there isn't any math in this thread on how much they stand to make with this, so I'll try with a bit of napkin math.
NortonLifeLock reported 21M customers in 2021, with 60% using Norton 360 (presumably the rest are using their identity theft products?) so let's call that 12.6 million computers (ignoring multi-computer licenses for simplicity.) You're not going to mine any Ethereum on a CPU, so let's assume we only care about GPUs. Let's say that 20% of users have a PC with a GPU suitable for mining any ETH at all, and within that 20% they have an average of 6GB graphics cards. The internet claims that a 6GB graphics card will average around 26 MH/s for Ethereum, which would have earned $38 in the last month of mining. Assuming Norton gets 25% of users to activate this (which seems high to me) we have around (25% of users activated)*($38 worth of ETH mined/month per gaming PC)*(20% of all PCs are gaming PCs)*(15% Norton pool fees)*(12.6M installed Norton copies) = 0.25*38*0.2*0.15*12.6 = $3.6 million per month, or $43.2 million in profit per year. If they enabled this for everyone I imagine they could easily get into the hundreds of millions of dollars of pure profit per year range.
However, mining on a mid-range graphics card typically isn't profitable once you factor in electricity and the decreased lifespan of the graphics card. So while this is making huge profits for Norton, it's likely costing the users money if they enable it. At $0.10/kWh and 15% pool fees, you're negative on the majority of gaming PCs, and deeply negative on every single non-gaming PC.
It's also worth mentioning that while the ETH is in 'their cloud' Norton is going to consider all of that ETH as theirs. So the total ETH based on your numbers would be 0.25*38*0.2*12.6 = $23.94 million per month or $287 million per year in accumulated ETH assets.
Norton AntiVirus now includes an Ethereum crypto miner that has several problems including deceptive rewards program and difficulty in uninstalling it.
Norton keeps 15% of all Ethereum mining proceeds and "pays" the remainder into a users "Norton Crypto Wallet" which is hosted by Norton. It should be noted that the Norton Crypto Wallet cannot be used to make Ethereum transactions, but can only be used to transfer value to a Coinbase account once a certain minimum threshold of value is accrued. The Norton crypto mining and Norton Crypto Wallet are effectively a gift card system where the money can be withdrawn, but not unless a certain balance is available. It should also be noted that the Norton Crypto mining software is reportedly very difficult to uninstall, requiring administrative level privileges, and even then reports indicate effective removal is difficult.
I wonder if any lawyers can weigh in here on whether installing crypto mining software on customer computers that have paid for an antivirus product can be considered a contract violation by Norton.
I'd imagine a machine infected with Norton isn't even a good environment to mine crypto; it's already wasting it's resources on the rest of the bloat in that product.
On top of it all they had the audacity to set the mining pool fee to 15% with no option for alternative pools. (for ref mining pool fees are generally 1-3%)
In case someone is out of context, parent is referring to John McAfee’s video on how to uninstall the infamous antivirus while doing Bath Salts[0]. Intel then proceeded to rename the product to distance themselves from the “McAfee” name[1]
wow, I just bought my fiancée a gaming laptop and it came preinstalled with Norton—I didn't uninstall it right away because I predicted it would be a pain, but now I'm going to do that first thing after work today. people like my dad still go out of their way to install Norton on every computer they get their hands on—just a few years ago I built my mom a cheap simple desktop to dump her photos onto, and one day she told me it was really slow all of the sudden, so I checked it out and lo and behold my dad had installed Norton on it and it had made everything molasses-slow. kind of sad to see this once-respected software suite stooping to these levels.
Grab the laptop's license key, download a bootable windows installer and throw out whatever comes pre-installed. Very fast and almost the only way to get rid of the bloat.
My dad had the same attitude about 10-15 years ago. The printer wasn't working. I found it didn't work because an AV product (maybe even Norton?) was slowing down the printer driver and hit some kind of timeout. I disabled AV.
A few months later they fell to a ransomware attack. The name of somebody they didn't know very well but recognized the name of had shown up with an attachment. I wondered if the AV product would have caught it.
Back in the MS-Dos days Norton was the only game in town for a bunch of things... Disk defragmenting, tools for working with file system, etc. It was a swiss army knife of good tools. But your point is generally correct in that for the last 20 years it has been atrociously bad.
Norton Commander was amazing; had it running on my family PCs since 1990 and up until it got upgraded to Windows 2000. Nothing good came from Norton since (that I know of).
At that point you may as well skip the antivirus and go straight to a shady Russian download site. The result will be the same, but at least you won't be paying for the miner.
Norton AntiVirus now includes an Ethereum crypto miner that has several problems including deceptive rewards program and difficulty in uninstalling it.
Norton keeps 15% of all Ethereum mining proceeds and "pays" the remainder into a users "Norton Crypto Wallet" which is hosted by Norton. It should be noted that the Norton Crypto Wallet cannot be used to make Ethereum transactions, but can only be used to transfer value to a Coinbase account once a certain minimum threshold of value is accrued. The Norton crypto mining and Norton Crypto Wallet are effectively a gift card system where the money can be withdrawn, but not unless a certain balance is available. It should also be noted that the Norton Crypto mining software is reportedly very difficult to uninstall, requiring administrative level privileges, and even then reports indicate effective removal is difficult.
Not to defend this practice at all, but when I was looking into crypto mining a fair bit ago, the bar to entry was quite large even for someone in the tech space. There didn't seem to be a simple app you just download and start. You have to know a lot of stuff. I don't know why more companies haven't come out and made crypto mining easier for the masses who just use apps but don't make them. It seems like low hanging fruit. There could be something available now...I haven't really researched as I'm not really passionate about this space and seemed more trouble than it was worth to get started with the time I was willing to put in. I just thought it was odd that there wasn't something with a simple interface you could just hit "mine" with maybe a couple of radio button options and away you go. I'm sure we will see a lot more larger/mainstream companies dipping their toes in, maybe even at the OS level to capitalize on it. There is a market for it and I'm guessing it's quite large, probably larger than the current crypto market which is kind of niche, just likely not many potential customers in the HN type crowd.
There have come along "apps" that make it easier, but their cost is high. Usually in the exchange rates they offer you to cash out of it.
Kryptex.org comes to mind. The other month when BTC was at $60+k they were offering an exchange rate of low $50k. Basically a ~17% discount on the rate. That is a big fee, especially when you then ask to be cashed out to some other method they then charge 10-20% for (like USD bank transfers, etc).
Best bet is to install something like T-Rex miner, hook it to some pool and forget about it once you learn the 1 line bat file you need.
Mainly because it is impossible to do it in a profitable way without some kind of custom setup (unless you have free electricity, but please don’t do it in your uni or office…)
As if AV software doesn't slow down PCs enough as it is, they thought adding a crypto-miner would be a good idea to finish the job and turn them into fully rated space-heaters.
They charge you for the product on subscription and then take a cut of the total mined currency (I beleive 15%). If that isn't all upside not sure what is.
I'd suggest you follow the site guidelines as well and comment to add value.
"Norton gets the coin" absolutely suggests that this is nefarious mining where Norton gets 100% of the value. That's demonstrably false, and just because Norton is a horrible company with horrible products doesn't mean we need to pretend it's something it isn't.
I haven't run Windows in any serious capacity in about 11 years now, but even in 2010 or so, it was pretty rare that I ever got viruses on my computer (even with all the trips to torrent websites to download TOTALLY LEGAL STUFF).
I've been running Linux or Mac since then, and due to their lower userbase there tends to be fewer viruses (as far as I understand it), but I would have to assume that Windows has gotten more secure and less virusey than it was 11 years ago? I don't think anyone I know even uses antivirus anymore. Maybe I'm mistaken.
All that said, I've thought Norton Antivirus was a bloated piece of shit piece of software even when computer viruses were a problem for me. I guess them installing a crypto miner is just further proof of that.
> You can however "pause" the mining forever while keeping everything installed which is what support will suggest if you ask.
Just to clarify because this sentence sounds a bit misleading -- according to https://support.norton.com/sp/en/us/home/current/solutions/v... the cryptocurrency miner is off by default, so if you haven't turned it on, then there's no need to pause it if you don't want it running.
How about letting the user know how they can fucking uninstall the cryptocurrency miner that was uploaded and installed to the user's system without the user's consent?
> I wouldn't trust a support page's definition of "opt-in"
The support page doesn't have any definition of "opt-in". It simply says that users need to click under "Turn your PC's idle time to cash" and then accept a "License and Services Agreement" before they can access the "Norton Crypto dashboard" and enable "mining during idle time". I would consider that opt-in given that the user has to perform multiple steps before they can even enable the miner, and given that there isn't any suggestion to enable this by default during the installation process. If you don't consider that "opt-in", then please explain.
There seems to be a mob here that has been misled to think that the cryptocurrency miner is enabled by default and runs on every Norton user's computer in the background, whereas in reality it IS installed by default (as in the binary takes up storage space on the user's hard drive), but can only be enabled with multiple steps including agreeing to a separate services agreement that is dedicated to the Norton Crypto product.
(I still think it's dumb to bundle a crypto miner with an anti-virus product. But all this talk about it running without the user's consent is nonsense.)
I wonder what some universities and companies who still rely on Norton licenses across the board will have to say about this at the end of the month when their electricity bill comes.
A wallet and mining client that uses 100% of your GPU if "idle".
But of course mining it's opt-in, and that's good because everybody reads all the text on a prompt before they mindlessly click "Confirm".
I'm pretty ignorant about this stuff but when proof of stake comes around won't there be no need for this mining pool at all? I thought under proof of stake you're just validating transactions instead of actually finding a hash, which doesn't require a big pool of workers. Seems weird for them to focus on ETH rather than BTC or something else.
It seems proof of stake has been delayed ad infinitum for ETH, to the point people seem to be losing confidence it's ever coming out. Plus there's some real concern about it. Even if eth changes to proof of stake there will be plenty of coins to mine with proof of work.
Gonna die from irony. For years Norton and other AV vendors have been harassing Bitcoin users by falsely identifying their intentionally installed Bitcoin node software as a malicious cryptocurrency miner (and, no, it doesn't do that). Now they're installing their own miner.
Huh, Norton is still alive and selling? Wow, I was done with it in early WinXP times after I had to format drive because uninstalling Norton Security permanently crashed OS. To below the bottom we go!
This, right here, is blatant theft, and unauthorized utilization of consumer resources. I don't care if there is a clause in there about "You consent to blahblahblah."
I think there's a misunderstanding because the original thread leaves one thinking that Norton is surreptitiously installing cryptominer malware on their customer's machines (not a big fan of how that was communicated.) In reality, this is an optional cryptomining application that you can choose to run (if you are willing to let Norton keep a 15% cut.)
Nobody competent with computers is going to be using Norton. It'll show up on gram and gramps home pcs, and they'll have been running it for a year before they proudly mention: "I've been mining NortonCoin to save money on my anti-virus subscription!" Or whatever bullshit Norton sales gremlins have fed them.
Their demographic is people who don't know better, and this whole thing reeks of illegal consumer exploitation.
A lot of people's grandparents are going to earn $10 of "free money" with this utility and have no idea that it cost them $200 of electricity. Meanwhile Norton's laughing all the way to the bank with their 15% off the top.
(disclaimer: numbers totally made up, but I'm sure the average Norton user's computer isn't mining profitably)
"Norton is installing a Cryptocurrency miner" sounds like when 10-15 years back it made the news when one app or one OS installed adware or spyware. We did nothing, and now it is becoming the norm.
If that's the trend, then, ladies and gentlemen, we're screwed: every piece of software will attempt to monetize from user's hardware, no matter the cost, particularly when cost is on the users. Name one reason why they shouldn't do that, there's no law forbidding it except common sense.
Cryptocurrency is cancer. It doesn't scale, it can't scale, it's becoming a huge unsustainable environmental disgrace, and it's the #1 reason why certain hardware is harder to find and overpriced, followed by energy, of which we have plenty but decided to waste it in mining farms.
Here are some numbers, just look at the trend: from 77 TWh to 204 TWh in one single year.
Now just picture what will be like 5 years from now with possibly one PWh of miners worldwide pumping heat in the atmosphere 24/7, and energy prices skyrocketing because it will always be allocated to this task, therefore demand will always be higher than offer. Seriously, WTF!
Of course I expect downvotes from users with vested interest in cryptocurrencies, however I politely ask others to reply with "You're wrong because ..." followed by a believable explanation. I want to be proven wrong on this.
- Aggressively mining crypto consumes enough system resources that most users would notice it and uninstall the software. (Norton may have an edge here because users are used to Norton making their systems performance worse)
- Even aggressive mining produces very little on the vast majority of systems (really need gaming GPU to make any money). CPU mining hasn't been economically profitable for nearly a decade: Norton probably makes <$0.001 per day on the median machine. Managing a network of chromebooks cryptomining would probably be unprofitable for Norton even if only accounting for the cost to Nortons systems. Norton's only hope of making profits from this is from the "whales" with the best machines.
- Multiple programs mining on the same system would split the rewards, drawing down value of such a system even further (unless they use tricks to monopolize system resources in a way that would make it even more noticeable to users).
> I politely ask others to reply with "You're wrong because ..." followed by a believable explanation. I want to be proven wrong on this.
One thing you're wrong about is that cryptocurrencies are in general mined using electricity and specialized hardware. Bitcoin is the biggest outlier in that respect, with its plans to continue their mining program permanently. Ethereum has the software to end their mining program (the "beacon chain"), which is currently finalized in spec and running alongside the original chain as they finish testing it before final release later this year (the "merge" event).
I always feel the need to nitpick here, as it's a common misconception that "most" cryptocurrencies are an environmental disgrace. Bitcoin is an environmental disgrace, Ethereum you could say is an environmental disgrace until they shut off mining later this year, but since the vast majority of cryptocurrencies don't use mining at all, it makes the most sense to target the ones that do rather than throwing the entire space under the bus.
I also disagree that cryptocurrency can't scale, as I'm intimately familiar with the work being done with transaction execution verification by zero knowledge proof (especially Ethereum's zero knowledge rollups), but that's a discussion for another time.
I'm also aware that I am in a comment thread about a company doing something very scammy in regards to crypto, so please try to distance my explanation from the disapproval we share towards Norton. Obviously I am not trying to defend Norton here.
Thanks to you and cwkoss for the very constructive replies, that's what I was looking for. I was speaking broadly, the news about Norton just gave the chance to comment.
> Bitcoin is an environmental disgrace, Ethereum you could say is an environmental disgrace until they shut off mining later this year, but since the vast majority of cryptocurrencies don't use mining at all
Can you please elaborate on that? If that's the case then I've to read a bit more on the subject as I thought every cryptocurrency required powerful hardware (GPUs or ASICs) under intensive load, which of course translates in huge power demands.
The graph showing an almost 3x factor increase in power consumption in just one year looks worrying to me, however if you say there are other environment friendly means, that makes the matter interesting. What are however the chances that we can correct that factor in a immediate future?
> Can you please elaborate on that? If that's the case then I've to read a bit more on the subject as I thought every cryptocurrency required powerful hardware (GPUs or ASICs) under intensive load, which of course translates in huge power demands.
Definitely not the case. That's the case for Proof of Work cryptocurrencies, but the vast majority of cryptocurrencies now are not Proof of Work but Proof of Stake. The only real stragglers are Bitcoin and Ethereum.
With Proof of Work, the chain's energy usage has nothing to do with load. It's literally because they couldn't figure out how to get the chain to work properly without making people burn large amounts of energy as a byproduct. Even when the chain is empty and nobody is sending transactions, that energy still needs to be constantly burned to maintain a Proof of Work cryptocurrency. Proof of Stake research (an alternative consensus mechanism that doesn't require this energy burn) wouldn't be complete and ready for production systems until many years later.
> The graph showing an almost 3x factor increase in power consumption in just one year looks worrying to me, however if you say there are other environment friendly means, that makes the matter interesting.
That's a graph of Bitcoin, the only top crypto that uses Proof of Work with no plans to transition away from it. So I think environmentalists should be focused on Bitcoin, not cryptocurrency in general.
This cryptocurrency rant is offtopic. Would it make a difference if Norton would install something that shows ads?
As to your question - crypto is the new form of cash, different form every other forms we have known before. One exciting property is the relative independence from any particular economical or political system. Blockchain in general has potential to replace all middleman from lots of transactions. Think of property, fundraising, stocks, trade (especially overseas), etc. Specific implementations can be regulated by government(s), the point is to replace bookkeepers with machines.
Yeah, yeah, yeah, we've heard this like thousands of times. And yet crypto isn't being used like cash. Everyone is encouraged to "hodl" their crypto not spend it. It's being pushed as an inflation hedge like gold. Even most crypto folks don't seem to be pushing the "it's a new form of cash" narrative anymore.
The machines don’t run themselves, what is this the Matrix?
The middlemen are now the core developers and the whales that own majority of the asset. Are you voting for the ETH merge? Or are you just along for the ride? You still pay fees to transact, I hardly see a practical difference.
Users are scared into installing this crap and paying recurring payments for it, and then the performance of their computer goes to shit. Developers are given nightmares by having their software misdetected as a virus or broken by the antivirus changing the OS behavior in unexpected ways.