So did I read correctly that Avira, Norton and Avast have been/will be bought by the same company (Symantec, but rebranded), with the sole intention of getting their existing userbases to mine crypto for Symantec?
This is absolutely bonkers. Most users are unlikely to even make back their electricity cost (arguments for space heating can be made, but not in summer), and paying out the minuscule sums is impossible due to transaction fees.
Hoping that somebody will sue this endeavor into oblivion.
If this is what a antivirus giant like Symantec has to do increase profits it sounds like a good time to start thinking shorting some stock. Being facetious but not by much, it sounds like some kind of bad joke.
Saying you haven't encountered malware seems like a weak argument; a tech-savvy person (which you are, since you're here) will know not to download dodgy stuff and not to click dodgy links on emails or porn websites.
A less technically-inclined person won't know, and will definitely end up exposed to malware. That's just reality for Windows users.
The key argument is that Windows's built-in antivirus is quite solid now. I don't know if (and I don't think that) a modern antivirus provides any -significant- additional protection over what comes with Windows by default.
For enterprises they provide additional compliance and reporting functionality and since people aren't admins on their machines infecting machines can be quite hard, probably limited in time to one user session.
If the home is powered by nuclear power and heated by gas then the extra heat generated from the computer could decrease the usage of gas. It would be a small net positive.
You mean the computer would work as an auxiliary heater? Is it reasonable to expect that to work? How much would the processor have to heat for that to be feasible, how fast would it go to the trash bin after that, and where should one even locate the pc for that to work?
When I let my current computer run Seti@Home unthrottled with the original hardware (overclocked 6 core i7, 64 GB RAM, 4x Geforce 690s), the temperature in my airconditioned home office would quickly rise from the 72 on the thermostat in the living room, to around 90 in my office. I had to throttle Seti@Home to about 25% max resources to avoid destroying my AC bill. This was in a relatively large 1 Bed + Den apartment.
As for longevity? Well, I don't run it at full capacity like that normally. The CPU is still going strong, 8 years in. I replaced the original 690s with a newer card because, better graphics, not that the cards went bad or anything. I have had issues with thermal shutdown due to bad liquid coolers, but no damage to the chips. But, replacing the cooler gets everything back and running again. I'm on my 3rd cooler.
Most of the heat isn't coming out of the CPU itself, but the power supply & the graphics card(s).
If your PC consumes 500 W, it's gonna heat the room it is in exactly as much as a 500 W space heater. That's what I alluded to with the "space heater" parenthetical.
There are people who reduce their overall bills by mining for both cryptocurrency and heating with the waste heat (instead of only one or the other). But it needs specific circumstances for that to be worth it, and I'm very sure Symantec is not advertising this concept in the first place.
Agreed with your point, but that requires significantly more setup than plugging something into a wall (and significantly more effort than installing a software update). And heat pumps work worst when you need them the most.
None of this justifies making tech-illiterate people mine bitcoin for your own gain, of course.
You’re talking about a standard PC but my roommate and many others who mined crypto with crates of gpus literally used them instead of heaters. My roommate had to setup fans to push hot air out and bring cold air in it was so hot.
NortonLifeLock (the name of what used to be Symantec's consumer security divison) acquired Avira in December 2020.[1]
NortonLifeLock merged with Avast PLC in August 2021, with the combined company retaining the NortonLifeLock name.[2]
The Verge tried out Norton Crypto and found its 15% fee to be much higher than the 1-2% fee typically taken by mining pool operators. The tester broke even after (off-peak) electricity expenses, with NortonLifeLock capturing all of the profits.[3]
I think its an excellent idea, because some of their products are free so this is a way for them to get paid for their free products and the user doesn't have to have privacy intrusive profiled advertising thrust in their face when using a free product.
Crypto is also a hedge against local currencies as various country's, even the greatest nations can become unstable govt's very quickly.
Edit. It makes me wonder as the above has been downvoted, if this is why US cpu/gpu manufacturers are now disabling things that make mining crypto harder like Intel's AVX-512 and nVidia's changes to prevent GPU crypto mining, whilst using global warming as a straw puppet.
This is almost beyond funny. I googled "Avira antivirus cryptomining" to see if I could find any other sources, and quite a few results [0][1][2] are from Aviras own blog warning about crypto mining viruses. One of the solutions mentioned are actually to install Avira. Yes, these are written a few years ago, but the irony is just incredible.
Super funny was my first thought but also pretty alarming that they thought they could get away with this. The amount of government contracts they have is probably enormous. Here's something to add to the jokes: A fun example I just found of one of their contracts with the US Secret Service, who they presumably just hijacked the computers of to cryptomine. [1] Hahaha isn't this like how you get a congressional hearing?
True - but since the tool is strictly opt-in only, are we a bit too critical of the tool? Personally I don't use any such av tools or have any stakes in cryptocurrencies. But in a way they are providing an option for less tech savvy people to mine cryptocurrency right? Would've been better if the crypto component was not installed by default, but still. As many mentioned, there's also the question of the education component to the users - how much good a job the tool does in providing proper awareness to people who go opt-in to the tool, on what they're getting into. Personally if I were to use such a tool, I'd prefer that.
I think what is wrong is telling people they will earn cash while the electricity bill will make so that only Norton will get money instead. All this while increasing global warming and energy waste.
It may be opt-in but there is just nothing good in it.
Cannot agree more. We don't need the malware but AV venders do: if there were no malwares, AV software would be useless.
So why should we install something from someone with conflict interest in the first place?
A corollary to the Gibson quote is "The past is still here - it's just not evenly distributed". I can't help but think of this any time I see talk of "antivirus software" in 2022 (among other things).
If you're reading this article and thinking that antivirus software is a sensible thing to be running and thus wondering how they could betray users, you need to seriously revamp your computing environment. For most tasks that you need a trustable environment for, you want a modern OS that isn't based around agglomerating random binaries from arbitrary sources, whether that's something Free or just proprietary+curated+isolated (eg Apple/Android). And sure you can still keep MS Windows around for whatever purposes, but since it's no longer handling your sensitive activities you don't have to be hyperactive about the Sisyphean task of "securing" it.
Yes of course you can transplant bad ideas over to Linux or anywhere else (another example: flashing your phone with rando "ROMs" from xda-developers). If you're doing these type of things then what I said applies to you as well, and you should obtain another device where you don't do such things for your trustable environment. But even if you are doing such things, you still won't be liable to add to your problems with "antivirus" software. That's a particular idea arising out of the longstanding binary potluck culture of DOS/Windows.
> It looks like you’re running macOS, Linux, or another Unix-like OS. To download Rustup and install Rust, run the following in your terminal, then follow the on-screen instructions. See "Other Installation Methods" if you are on Windows.
It is terrible that this garbage has taken over the "open source" community - "just pipe this web page into your all-powerful command shell. Don't worry it's 'secure' because it uses HTTPS.". Even in the best case, it splays unreproducible junk all throughout your filesystem. Of course that doesn't matter because your Linux machine is a temporary "cattle" that you're just renting and accessing from your shiny iChromebook amirite?
Not having looked at it in a while, it is highly disappointing that Rust specifically has gone down this path on their main fucking page. "Old man yells at cloud", and all that.
IMO I think the future is distributed reproducible builds through Guix/Nix. I've never run Gentoo, but Guix/Nix feel like the best manifestation of software freedom that I've experienced. Mind expanding in the same way as functional programming or Lisp.
And of course none of that addresses the whole issue of source auditing and provenance. Immutable logs like git get us 90% of a foundation, but obviously there is a lot of unexplored territory required to provide actual security guarantees.
Unlike guix nix does not even have a way to verify package signatures because "it would hurt the workflow of these using the github webui to push stuff to nixpkgs"
That's what I get for trying to be constructive. The cancer is everywhere. The real rebuttal is just because a project's page tells you to do stupid things, does not mean you should do them (of course advocating that crap at all makes one question their general security competence)
I agree Guix has a much better story on foundational security (cf guix challenge). Nix seems to have more activity. Unfortunately, cancer spreads because it's good at multiplication.
But really my greater point is they're both source distributions revolving around persistent package/system management, which allow one to obtain software while managing the provenance of its code.
I personally would not and I do not put any sensitive information on my phone.
I know that many people disagree, and live their entire life on there, but for the same reason most hackers and governments and various "scurity" companies are gathering and hoarding exploits for them.
Sticking to good old desktop almost makes you invisible now days.
So basically now thousands of system administrators across the world can embezzle from their employers by arbitraging free electricity for crypto at 1% efficiency (less NortonLifeLock fees).
These are all consumer products. The issue isn't sysadmins, it's mum and dad that saw the advertisements currently running on Facebook and clicked "buy".
They charge for defender ATP and they will lose magnitudes more money than what they can gain from mining. Like, I expect the CEO to resign and stock drop of >15% if they did that
You’d think CEO would resign after Windows(which they charge for) started showing ads. It’s not inconceivable that they’re going to offer mining or NFTs in the next couple of years. Especially considering there’re loads of people who think they can get rich from it.
Ads are one thing, if they do it only on home PCs it might not be as big of a deal but Guaranteed huge backlash if any enterprise PC starts mining. As in classaction lawsuits.
Enterprise customers are more likely to file large direct action lawsuits than class action. Class actions are mostly a tool to aggregate individually-small claims.
Is antivirus software really still necessary on windows for technical users? Do you really need it if you're not downloading questionable torrents or visiting shady websites?
I'm not sure what non-technical users are downloading but I suspect Adblock is going to be far better at preventing non-technical users from downloading a virus than antivirus software.
What criminal charge, exactly? As long as it's in the fine print, hard to see how it's criminal. Shitty, possibly (hopefully) civilly actionable, but criminal seems like a stretch, at least in the US. Not that I don't think that people who think this sort of thing is an acceptable business practice shouldn't be frogmarched out back and strung up in the nearest tree...
The same charge that would apply for other malware mining operations.
In the US, CFAA? I'm pretty sure that if I put in the fine print "I get to encrypt your files and hold them for ransom" I'd be going to jail too if I did it, fine print or not.
In Germany, I'd consider "theft of electrical energy" and § 263a "computer fraud".
I'm not familiar with German laws, so out of my depth and won't presume.
But I really don't think CFAA would apply. They aren't holding anything hostage as far as I can tell. They're just saying something like "yo...since you aren't using your compute cycles we'll put them to work". Shitty and unethical, but still looking for the criminal v. civil part.
Wikipedia says "The law prohibits accessing a computer without authorization, or in excess of authorization."
The law itself: "knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period"
Since it explicitly mentions the value of the use of a computer as something that can be illegal to take, the main open question would be whether the $5000 of such use is per computer, or per crime.
Another option would be "(C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss." if the electricity cost can count as "damage and loss".
Um...did you miss the part where you 'agree' to this nonsense when you install the software, at least in the fine print. So thanks for trying to out-google me I guess, but I don't think you've made any useful point.
> Is NortonLifelock whatever charging a fee? Or does this refer to gas?
It seems that NortonLifeLock takes about 15% of whatever gets mined. In addition to that, you'd probably have to use and external service to sell your ETH (an other article I saw mentioned Coinbase as the only place where you can move your ETH from Norton) which Will charge its own fees and then there is the gas fee.
Lol. I'm more inclined to believe they're just incompetent. We're talking thousands upon thousands of people who would have to be simultaneously covering this up. It just wouldn't happen.
> “Norton should be DETECTING and killing off crypto mining hijacking, not installing their own,” reads a Dec. 28 thread on Norton’s forum titled “Absolutely furious.”
That is fucking infuriating. Imagine if the "my body, my choice" redirected to a "my computer, my choice" idea.
I was going to say that you can choose to not install the antivirus but unfortunately this crap and similar come installed on so many laptops. If the HW is compatible I suggest to format the whole thing and install Linux.
I do use Linux. Even so, if you were required to install (or compile) a package that is a dependency on something you don't explicitly use but do for others, where do you draw the line on their acceptable tradeoffs?
You really think the average non-technical user who leaves an AV preinstalled when they get a new system or are frightened into installing an AV is making a choice when a cryptominer is bundled with their AV even if it is opt-in to activate it?
The imperitive word that person on the forum post you quoted used is "hijacking" not intentionally and knowingly installing mining software.
But you know that it will be enabled by default by the packages they give to OEMs, or "accidentally" in every update or system restart, and will trick less informed or less technical users into enabling it and all sorts of shenanigans like that because that's how these av software companies have been operating for over a decade, at least in the home consumer space.
The only right away to treat these companies is to assume the worst about everything they say and do. Unfortunately they seem to always find a way to do worse than those assumptions. When "they will make a lot of money and/or screw over a lot of users" is the outcome of their statement being a lie, then you should assume their statement is a lie.
Computation and resistive heat are pretty much the same in efficiency.
Heat pumps, which will pump outside heat inside, are a lot more efficient.
So, "computation for heat" is only useful to the point that it's replacing a space heater or other resistive heat, or is focused in a place resulting other heat use by a lot. So, my computer could be a cost-effective way to keep my feet cozy.
This also presumes that cryptomining is "useful computation".
Which can be a separate technical support nightmare in of itself. My elderly folks may not be as flexible on the reasoning and troubleshooting aspect of it than I would be and convincing them to be more progressive in their approach often leads to more "lost in translation" moments as their user experiences are significantly different than my own.
This is absolutely bonkers. Most users are unlikely to even make back their electricity cost (arguments for space heating can be made, but not in summer), and paying out the minuscule sums is impossible due to transaction fees.
Hoping that somebody will sue this endeavor into oblivion.