Norton Anti-Virus can now hijack your computer for cryptomining

Originally published at: Norton Anti-Virus can now hijack your computer for cryptomining | Boing Boing

…

Probably still more productive than what it was using those CPU cycles for before… what a useless PoS.

I’d never install norton b/c yeah it’s bloatware, but if they’re skimming a fee does that mean they’re actually paying the user? I shocked it’s just hoisted on the user as part of the “cost” of using their software.

First thing I do when I’m setting up a new device for a friend or relative is wipe any bloatware app from Norton or Mcaffee or Intuit or Adobe (I’d block Facebook-owned apps and Twitter too, if I could). These shady brands are poison.

The user is paying the subscription fee for the anti-virus service and the “gas”/transaction vig, plus an addition to their energy bill in exchange for whatever paltry amount of Ethereum they’re realising. Funny how the corporations insist that the user ends up paying in fiat currency, all the while touting the exciting benefits of being rewarded with math Beanie Babies.

What’s particularly worrisome is that isn’t a new thing. It’s been in place since July, 2021. It seems the only reason people are talking about it now is that Cory Doctorow noticed. Who knows how long this would have gone unnoticed if he hadn’t.

It should either remove the “anti” part in its name or self-uninstall on startup.

Let’s not lose sight of the fact that the crypto mining is opt-in:

Will Norton 360 mine my device without my permission?
No. In addition to having a device that meets system requirements, you must also turn on Norton Crypto on your device. If you have turned on Norton Crypto, but you no longer want to use the feature, you can disable it through your Norton Crypto dashboard.

The best part is that you pay for all the electricity, which will likely be more than the worth of the mined crypto, and Norton skims 15%. Nice deal if you are Norton. Not so much if you are a Norton “customer”.

It’s an anti-feature. It shouldn’t be there at all in a program designed to detect and remove malicious programs.

I agree with that of course, but the outrage in Cory’s writeup leaves the reader with the impression that it is opt-out. See: “Hijack” verbiage.

It has not escaped the notice of a lot of forum posters here that Cory articles are a little more click-baity than they used to be.

Management is pretty strict about criticism of the authors here, but OTH, Cory has been completely removed from the BoingBoing masthead. Before he left there were a number of post headlines that were counterfactual, and never corrected, even though they were sometimes contradicted the the body of the post, let alone by outside sources.

Regardless, Norton should not be adding the functionality of a PUP (polite speak for corporate malware) to it’s “security” software.

I suppose I have unfairly attributed it to to Cory just based on his twitter post in the article. Another author is using “Hijack” to describe a (bad, unnecessary) opt-in feature.

Perhaps an oversight. They can of course speak to it if they like.

… Who still uses Norton? I’ve not used it in over a decade, not even the corporate version. (which was it’s own separate trash fire, but not the raging dumpster fire the consumer/retail version is.)

From what I’ve read, it was opt-out until Cory noticed and they back-peddled after he called them out. I’m not sure how accurate that it is, but that’s what I’ve seen on infosec Twitter.

Now that is a different story. I am going to try and chase that down.

As I said, I’m not sure how accurate it is, but that’s one of the things I’ve seen people saying.

The truth of it appears to be a mix.

Based on the wayback machine, they added the opt-in wording after getting all that attention from Cory/twitter/etc. It is not in the FAQ which was written back in July.

However, it is unlikely that it was opt-put prior and they switched it in a day. Indeed yesterday morning the FAQ had not yet been edited from its original July format (latest timestamp is today). Feature flags are a thing, so not impossible on a technical level. However, the wording of the FAQ still reads like opt-in (just is not explicit on that count).

That makes sense. It can be hard to follow the thread sometimes when Twitter gets all fired up about something

Or in other words, “always”.

I wouldn’t be surprised if it was an “opt-in” that was by default, with the box pre-checked and a misleading description, like “Install Full Norton Feature Set” or some other trick to make it technically “opt in” but functionally opt out.

Norton and McAfee are pioneers in dark patterns UI/UX design.