A few weeks ago I wrote about the Adobe/McAfee Security Scan Plus Scareware debacle. Well, Symantec’s faux pas isn’t nearly as bad but I still think they need a slap on the wrist. If you run their free web-based Symantec Security Check (SSC) on a system that has Microsoft Security Essentials (MSE) installed SSC reports you are at risk with an explanation of “WARNING! No known virus protection software found.” And of course they then want to show you Symantec’s Norton products that you can buy to address this problem. This is pretty low.
Let’s contrast Symantec’s approach with that of Microsoft. SSC reports no Anti-Virus software installed when MSE is actually installed. Microsoft/Windows Update only offers to install MSE when no other Anti-Virus product is installed. And both Microsoft/Windows Update and the Windows 7 Action Center (Security Center in earlier Windows versions) consider Norton AV as a valid Anti-Virus product.
I consider what Symantec has done with the Symantec Security Check borderline Scareware. Claiming that MSE is inferior to their offering and trying to sell you a Norton product would be perfectly valid, but denying that MSE is even a valid Anti-Virus product is not.
There are many times I wish Microsoft would “grow a pair” and go on the offensive against vendors like Symantec. Microsoft could simply respond to SSC by removing Symantec products from the web page of Anti-Virus products it displays when you click on the Action Center link for finding an AV product for your unprotected PC. The press will love the controversy and make a huge deal out of it, and Symantec will no doubt try to paint Microsoft’s action with the Monopoly brush. But Symantec will be the ones wearing no clothes. More aggressive moves like having Microsoft/Windows Update offer to replace Norton AV with MSE are also possible (and would no doubt be the chosen tactic if we were talking about unapologetically aggressive Oracle rather than relatively timid Microsoft) but those have much more legal risk.
Sadly Symantec’s behavior with SSC strains its credibility. Legitimate security firms should not be using Scareware-like tactics to sell their products. They shouldn’t need to as their products must have legitimate customer benefits they can tout. Or don’t they?