Antivirus: it's as bad as malware itself

Send to a friend Print

Help more people find out about this story
Del.icio.us StumbleUpon

APC administrator24 July 2006, 10:16 AM

When I got my new Dell the other day I was staggered to discover that it was seemingly impossible to uninstall the bundled anti-virus package. This software was so deeply rooted into the PC that after a concerted effort, I had to reboot into safe mode. In my opinion, this is as bad as malware itself.

One of the things that I hate about Dell computers is the pre-installed software. Every Dell that ships is stacked with all sorts of garbage, from media players to broadband trial offers.

Unfortunately, I've never had the heart to tell Dell this, because allowing every vendor and their dog to stack trial software onto new systems no doubt helps put some money in Dell's pocket to allow them to provide the aspect of Dells that I really love - the low, low price.

So it was with some trepidation that I booted my new notebook for the first time. Entering Windows XP, I was greeted with a sight that looked astoundingly like when Homer Simpson makes a web page, and just stacks it with blink tags and animated gifs.

After some coaxing, I managed to remove almost all the unwanted applications. Except for the worst of the bunch: the all-encompassing security and antivirus package installed on the PC.

It's a personal computer, and personally I'd rather use Zonealarm and AVG Antivirus to protect it than go totally overboard with this whopping great big-brand package.

So, I hear you say, just uninstall it, and put Zonealarm and AVG on instead. Would that I could, gentle readers.

Attempts to uninstall the suite via the add/remove dialogue in the Windows control panel failed, with the system indicating that an executable belonging to it was still in memory and couldn't be deleted.

Okay. So I right click the system tray control and open the control centre of this suite. I disable all components of the suite, then run the uninstaller.

Same error.

Fine. CTRL + ALT + DEL, terminate process tree, run the uninstaller.

Same error.

A quick browse online, and I discovered many people in the same boat. The only solution available to the problem is to boot your PC into safe mode, and then run the uninstaller.

I contend that this is entirely unreasonable. How dare a program, which I didn't ask to have installed in the first place, embed itself so deeply into my system that it requires safe mode to uninstall?

Isn't that the definition of malware?

Someone seems to think so. Recently, a second class-action has been started against Microsoft because of WGA, and the primary claim of the complainants revolves around the idea that, regardless of what it is used for, the phoning home aspect of WGA makes it spyware. Interestingly, it's a claim that appears to be gaining traction around the web.

It's a good point. Go to the FAQ page for Windows Defender, and you'll find this definition (bolding added for drama):

"Spyware is software that can display advertisements (such as pop-up ads), collect information about you, or change settings on your computer, generally without appropriately obtaining your consent."

So according to Microsoft, WGA is spyware. That page may need to be removed before the lawyers find it, especially as the question of whether WGA is spyware is arguably the fact upon which the case will be decided.

Forgetting all of that for a second, the question I have is: why do vendors feel the need to do this?

I'm primarily a Linux user, and I've honestly never come across a program that can monopolise my system the way that Windows applications can. Install Aptitude, YaST, RPM and YUM all at once if you want, and they're complete software management solutions in themselves.

In the case of the vendor of this trial internet security suite, I can't help thinking the difficulty in uninstalling it was an attempt to push me into buying a subscription from them. Putting aside the fact that I think it's immoral to charge people for updates which they require in order for your software to remain effective, those kind of strong-arm tactics usually result in me boycotting any and all of a company's products.

Sure, it's a dog-eat-dog world in internet security: it's such a crowded market, and there's only so much FUD people can bear before the become suspicious of what you're up to.
Hopefully Vista will help. LUA should mean that applications are never operating in a place where they can take such an unwelcome level of control over your OS. However, with Microsoft jumping on the malware-creation bandwagon themselves, it may be a case of one step forward and two steps back.

And of course, no amount of LUA controls are going to stop mass-market PC builders from loading up their system images with all sorts of preinstalled crap.

Dear Big Vendor, it's a personal computer. Let me make it clearer for you. That means it's mine, not yours.