Monday, July 25, 2016

PCMatic - Scam or Legit?


PCMatic.com



As soon as I saw this commercial, I was instantly reminded of the MyCleanPC and/or MaxMySpeed programs. I wrote a blog entry about it awhile back and it has actually gotten quite a few hits: http://mooreithelp.blogspot.com/2012/07/mycleanpccom-scam-or-legit.html

I’ve been meaning to write something regarding all these programs which claim to magically and quickly fix all your computer problems. Not only do these programs usually cost half of what real Internet Security programs cost, they claim that they will even make repairs and tune up a computer, making it run faster than ever. Many of them, including PC Pitstop PC Matic, claim that you will “never get a virus again” which is impossible. These registry cleaners and optimizers claim to speed up your computer by finding and removing orphaned and corrupt registry entries that are responsible for slowing down system performance. Unfortunately, the fact is that there is no statistical evidence to back such claims. These advertisements are borderline scams intended to goad users into using an unnecessary and potential dangerous product. I would not trust any results such programs detect as problematic or needing repair nor recommend using the options to fix them.

The registry is a crucial component of Windows, storing information and settings for all hardware, software, users, and preferences - basically the makeup of the Windows Operating System, to a degree. So, these programs which can aggressively scan and make violent changes to this system can render the system inoperable. Some may argue that these registry cleaners are required for specific types of infections, and that is true. However, improperly removing registry entries can make the removal process more difficult if your computer becomes infected. Removing malware related registry entries before the infection is properly identified (and steps taken to remove said infection) can contribute to system instability and even make the malware undetectable to removal tools.

I could delve into benchmark testing and detailed explanations as to how PCMatic and programs like it are basically advertising bold faced lies, and how its promises and "features" are borderline impossible, but to be frank - its not worth it. This program is just like all the other magic wands. Quickly, if you are willing to dig around the PC Matic web site, you will eventually find information about Super Shield, the proprietary real-time technology component to PC Matic. That page goes into a little detail about their use of a "white list" approach in addition to a "black list". Not mentioned is the company's use and explanation of its heuristic and behavioral detection technology. Aside from the numerous complaints filed against the company, the vendor's website doesn't specifically say how the product “protects against modern security threats”. They also fail to tell customers that their product has high false positive rates.

Expecting results similar to the MyCleanPC.com scams, I didn’t bother to do a scan on a test system like I did in MyCleanPC.com - Scam or Legit. I did, however, find that someone did it for me and it was exactly as I expected. Joe53 of SpywareHammer.com reported that the program found hundreds of "bad" registry entries on his system (which was working perfectly well), that his system had TCP connection problems (when he had no internet connection problems), extreme fragmentation of his hard drive (despite his regular use of Diskeeper), identified his System Restore files as "junk files", and suggested he delete them and identified that all his internet settings (HTTP, TCP, DNS et.al.) as needing to be optimized (despite the fact that SpeedTest measurements showed his connection and ping times to be well within parameters.)

Now,
Many people are starting to say that most of the negative press is from several years ago and that PCMatic has been perfecting itself over the past 4 years or so. To that, I respond with this very same article. The fact remains that this is a PRODUCT that claims to fix all your computer problems! It's half the price of a traditional, reputable AV and yet claims that it will not only REPLACE your Antivirus program, but that you will never get a virus again! The features and claims are so ridiculously silly, its not even worth a detailed examination. 

Saturday, July 2, 2016

Symantec Norton presents Security Vulnerabilities to your Computer


For some time now, I have recommended users to steer clear of Symantec products, namely Norton.
I remind clients that though no antivirus or internet security program is completely infallible, I have encountered literately dozens of computers which were riddled with infections whilst a fully updated, paid version of Norton sat there with a great big green check mark reassuring the user that everything is just peachy!

Well, recently my claims have been further justified when security researcher Tavis Ormandy of Google's Project Zero Security discovered major security flaws within several internet security programs including Symantec Norton and Symantec Endpoint Security - the security solution most major industries use such as United Bank of Switzerland, Walmart and the Home Depot.

Project Zero security researcher Tavis Ormandy said:
"These vulnerabilities are as bad as it gets. They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible.

In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption."

No user interaction is required to exploit this issue as just "emailing a file to a victim or sending them a link to an exploit is enough to trigger it," according to Ormandy. Ormandy also reports that "A quick look at the decomposer library shipped by Symantec showed that they were using code derived from open source libraries like libmspack and unrarsrc, but hadn't updated them in at least seven years."

The problems mentioned in the article (as well as others referencing the discoveries) are not isolated to Symantec products. While I was working at Staples back when I was still learning the trade, I remember management pushing us Electronics Associates to sell versions of Panda Antivirus - one of the many reasons I quit as I knew Panda was absolute trash. In March of this year, both the free and enterprise versions of Panda Antivirus would report files from the System32 folder as malware, leaving computers inoperable after reboot.This would often result in systems loosing the networking functions (among other things) so Panda, in its infinite wisdom, released an update to fix the problem to be deployed....over the network. Yeah.

Several issues with the popular Comodo Antivirus program were discovered this year, which included the bundling of the program "GeekBuddy". This program installs and starts a poorly protected VNC server. This disclosure is actually the "fixed" version of this program, as disclosures made in 2015 noted that the VNC server had no password at all.

Trend Micro, another popular antivirus program, bundled a password manager which would launch a local web server that listens for API commands from the internet, without a whitelist or same origin policy—effectively allowing remote code execution. In a message to Trend Micro, Ormandy stated that "Anyone on the internet can steal all of your passwords completely silently, as well as execute arbitrary code with zero user interaction. I really hope the gravity of this is clear to you, because I'm astonished about this."

Several other programs have been found to have similarly major vulnerabilities. If you are interested, you can check out the full article HERE. My point with all of this information is that, as with most technical decisions, it is critical to have someone by your side with the knowledge and skill to both help to prevent these things from happening to you and to take action when things go awry.
Check out my reviews HERE and please do not hesitate to contact MooreITHelp.com at Help@MooreITHelp.com.