Microsoft Takes on the Scammers

Starting March 1, 2018, programs that attempt to coerce users into paying for dubious protection or PC performance “optimization” will be removed automatically by Microsoft Windows Defender Antivirus and other Microsoft security products. I can think of several rogues that will be hopefully out of business soon. Here’s what you need to know…

Bringing Down the Hammer on Scammers

Microsoft has announced they are taking aim against programs like TotalAV, ScanGuard, PC Protect, and other “free security/performance checkup” scams.. Hallelujah! These programs are legion on the Internet, and like the three named above, many are often owned by the same devious company.

They dominate the top spots in search results by paying the most to place their ads there. (I wish Google would do more to police this.) Every day, thousands of people who are trying to find free help for real PC problems instead get sucked into vortexes of FUD – “Fear, Uncertainty, and Doubt” – and jerked around in expensive circles by con artists who follow a time-tested formula:
  1. Offer a free “checkup” of a PC to find malware or causes of sluggish PC performance.
  2. Display a spinning circle or “Please wait, finding problems that could cause disaster” messages
  3. Show the victim screen after screen of alarming “warnings” about “infections” and “vulnerabilities” that actually don’t exist; the step above is just drama.
  4. Pressure the victim to pay for the “premium” version of the useless software, which does not exist.
  5. If the victim buys, tell him the problem that doesn’t exist is “fixed” but more problems remain.
  6. Pressure the victim again for even more money for a bogus “fix” to problems that don’t exist.
  7. Repeat steps 5 & 6 as long as they work.

    Optimizing The Anti-Optimizer Strategy

    Microsoft first set some mild standards for “cleaner and optimizer” programs in February, 2016. All such programs had to do was tell a user specifically what problems it proposed to fix, and the program got a pass from Microsoft security products. Look how well that “honor system” approach worked for everyone! But now, Microsoft is getting serious, and dropping the hammer on these scam programs.

    Microsoft’s evaluation criteria is a document specifying unacceptable characteristics of programs scanned by Windows Defender and other Microsoft security programs. A new section spells out “Unwanted behaviors: coercive messaging” that will cause a program that exhibits it to be removed automatically from the user’s machine.

    Even when victims say, “No, I won’t pay,” a fake cleaner/optimizer can still try to wring some money out of them by persuading or scaring them into answering a “short survey.” Ostensibly, the victim’s answers will only be used to help improve the “free” program.

    But the deeper a victim goes into such surveys, the more personal and sensitive the questions become. You can easily be suckered into giving up bits of personal data that enable identity thieves to figure out the answers to your “secret” password recovery questions, or the actual passwords that you use, or the name of your bank, and other tools of ID theft.

    Microsoft’s new “unwanted behaviors” include this sort of con, too. Programs that use such slimy tricks will be removed from PCs defended by Windows Defender beginning March 1.

    Also on the “unwanted behaviors” list are programs that suggest they are the only way to fix a problem; programs that set a deadline for the user to take action; programs that require the victim to download a file (which is probably a Trojan or virus); or sign up for a newsletter (so your email address can be sold to spammers). Such programs will be deleted automatically starting March 1.

    Have You Encountered Rogue Software?

    You can help in this fight against the scammers. If you encounter what you think may be rogue software, report the problem to Microsoft. You can anonymously submit a program to Microsoft for analysis, and security researchers will analyze the file(s) to determine if they should be classified as malware. (Hmmm, this alone might be a good reason to download TotalAV.)

    If you are running Windows 10, Windows Defender is included and enabled, unless you’ve installed a third-party security tool. I’ve been critical of Defender in the past, but it seems to have improved greatly, and has some compelling new features. (See UPDATE: Is Windows Defender Enough Security?)

    Microsoft’s announcement says that the “rogue removal” feature will be included in “Windows Defender and other Microsoft security products,” but they didn’t go into any detail about what those other products are, or if this protection will be extended beyond Windows 10. As more information becomes available, I’ll update you.

    I applaud Microsoft for taking direct action to protect Windows users from one of the most widespread threats online. I just wish they’d done it back in February, 2016, instead of setting easily circumvented, toothless rules.

    Have A Great Week!