Top  
Newsletter 01/09/2022 Back to Contents

You know what I hate...
IT Products that charge for its use, but what the product does is the opposite
of what the Product was designed to do.

When a computer user purchases and installs antivirus software, the user is correct to assume that the antimalware software will prevent attackers from entering the buyer's computer.  Computer users who have recently purchased and installed the Norton 360 antivirus suite have discovered that crypto currency mining software was also installed.  Norton antivirus will now use its customers idle computer time to mine the Ethereum crypto currency and the software will take a 15% commission of any monies, thank you very much.  As PC Magazine reported:

The company announced the cryptocurrency miner in June as a useful way for Norton 360 users to earn extra cash from their idle graphics card. The tool, dubbed Norton Crypto, mines Ethereum and gives users an 85% cut. The rest goes to NortonLifeLock.   However, the cryptocurrency miner is now facing backlash after a few Twitter users noticed that the Norton 360 software force-installs the mining tool on PCs through a program called NCrypt.exe, which is difficult to uninstall.

Not only is Norton antimalware now bloated with crypto mining software, as Brian Krebs reports:

But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which has built a base of 500 million users worldwide largely by making the product free — was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Some things are oxymoronic and maybe so silly as to be amusing.  Crypto mining software as a component of antimalware software is just down right stupid.  Antimalware vendor, TrendMicro, made an in depth analysis of the impact crypto mining software has on system performance and security.  It's conclusions were:

Cryptocurrency-mining malware steal the resources of infected machines, significantly affecting their performance and increasing their wear and tear. An infection also involves other costs, like increased power consumption.

But we’ve also found that their impact goes beyond performance issues. From January 1 to June 24, 2017, our sensors detected 4,894 bitcoin miners that triggered over 460,259 bitcoin-mining activities, and found that more than 20% of these miners also triggered web and network-based attacks. We even found intrusion attempts linked to a ransomware’s attack vector. The most prevalent of these attacks we saw were:

  • Cross-site scripting Exploiting a remote code execution vulnerability in Microsoft’s Internet Information Server (IIS)

  • Brute force and default password logins/attacks

  • Command buffer overflow exploits

  • Hypertext Preprocessor (PHP) arbitrary code injection

  • SQL injection

  • BlackNurse denial of service attack

Although the TrendMicro report cited above is from 2017, nothing has really changed.  In fact, many of those leaving comments on the recent Brian Krebs blog cited similar concerns.  The attacks on crytominers are too numerous too list here.  Let me simply cite the most recent report.  The Hacker News reports today, January 10, 2022:  "New research into the infrastructure behind an emerging DDoS botnet named Abcbot has uncovered links with a cryptocurrency-mining botnet attack that came to light in December 2020."

Also, this is all so pointless. Many recent studies have shown that the Windows Defender antimalware application already included in the Windows operating system is as effective at stopping known attacks as does any of the third party applications.  Windows Defender has far less impact on system performance than third party applications. It is part of the Windows operating system. 

Two commenters to the Krebs blog put it best, I think.

Mike Jackson, January 9, 2022:  Thank you Brian. Norton 360/LifeLock is offered as an employee benefit by my employer. The VPN feature has been “recommended” yet slows my laptop’s speed during boot-up and browsing. Your reply above to CyberCPA is to “Remove them” (Norton 360?) “and turn on Windows Defender”. I hope that your trust in Windows Defender is strong enough for me (or anyone) to remove Norton 360 and just get on with our lives. Thank you!

Max, January 9, 2022:  If Microsoft Defender is good enough to be trusted by Huntress Labs, it’s good enough for me.

Indeed, Huntress Labs employs Windows Defender as the engine that drives their enterprise Managed Antivirus.

Managed Antivirus enables you to maximize the value of Microsoft Defender Antivirus — a built-in and often untapped Windows OS security solution—so you can strengthen frontline virus protection and improve your margins.

And, if Windows Defender is good enough for Max, Huntress Labs, and Brian Krebs, then Windows Defender is good enough for me, and should be good enough for you, too. 

Back to Top previous post