[SOLVED] How can I prove to a customer that AV doesn't typically pick up adware and that it's intentional?

[Eagle21]

... I also use CryptoPrevent because it can detect malicious behavior in programs.

I don't think that CryptoPrevent can detect any malicious behavior whatsoever! Instead it blocks executables. It is not an active process which detects malicious behavior, like an anti-virus. CryptoPrevent's protection does not utilize any system resources, it is passive. It uses the built-in Windows SRP mechanism to prevent executables running from certain directories.

CryptoPrevent is an SRP frontend, and an anti-executable.

 

[cypress]

Great responses in this thread, I can't really add too much more to it lol. Just want to echo the sentiments of the other posts that you want to go with a layered approach and implement the software suggested. Proper education to the client and standing behind your work is what matters the most. You will run across clients that just don't listen sometimes and will call you every 4-6 months for a tune up or clean up. Just keep on charging and you will keep on paying.

"You can lead a horse to water, but you can't make it drink."

 

[frostbyte5014]

I don't think that CryptoPrevent can detect any malicious behavior whatsoever! Instead it blocks executables. It is not an active process which detects malicious behavior, like an anti-virus. CryptoPrevent's protection does not utilize any system resources, it is passive. It uses the built-in Windows SRP mechanism to prevent executables running from certain directories.

CryptoPrevent is an SRP frontend, and an anti-executable.

You are correct. I said that wrong. It does not detect. But it does indeed help prevent some viruses and malware by blocking the executables access to know directories that are commonly used.

 

[Altster]

This is kind of like trying to explain things to a customer that thinks antivirus companies and virus writers are working together. If they've got their tinfoil hat on, there isn't much use trying to reason with them. It's frustrating, but out of your control.

I've got my tinfoil hat on! LOL

And I've often wondered if the virus/malware writers and the AV software writers weren't one in the same.

 

[Markverhyden]

I've got my tinfoil hat on! LOL

And I've often wondered if the virus/malware writers and the AV software writers weren't one in the same.

You mean it's not just a coincidence that so many anti-malware software companies are in the FSU/Eastern Europe? LOL!!!

 

[ComputerRepairTech]

And I've often wondered if the virus/malware writers and the AV software writers weren't one in the same.

Well I was going to say no but there is this malware known as mcafee thats just showing up on new computers lowering the security in comparison to the default protection provided by windows 10, runs on startup, causes ads to popup, tries to get your credit card, slows the system down and hinders you from installing a real AV.

 

[eikelein]

Well I was going to say no but there is this malware known as mcafee ... slows the system down ...

I second that motion!
See it every week several times.
McAfee, Norton et al get removed, no questions asked and no pardon given.

I tell the customer Viruses and modern malware are technically very different things. That's why an AV program mostly can not even detect malware but good anti malware programs (like MBAM!) can detect and remove both!

And if a customer doesn't believe me: I can't make him drink, I don't even try to make him...
If he had my experience then he wouldn't have called me in the first place.

 

[brandonkick]

If your customer want's you to spend hours educating them on the
deeper levels of how a computer works, how they are getting infected (or PUPs)
and what they can do to avoid it... then book an hour or two worth of time
and teach them at your hourly rate.

When your car dies, and you take it to the garage... it's fair to ask what was wrong
and what they did to fix it. It's not reasonable to have a mechanic teach you to
the level that you understand the mechanics of what happened, why and then
justify their repair. No mechanic in the world is going to entertain that. They might
have a little back and forth with someone who seems reasonably knowledgeable
but there is a difference.

They don't understand why they get this crapware. No antivirus/malware/whatever
is a 100% catch all. Things slip through, customers install toolbars and whatever else
because they keep clicking next without looking to see what they're agreeing too. They
don't look for this stuff, and often times it's not painfully easy to spot anymore either.

Wanting to know why Avast didn't remove your coupon toolbar, and causing a huge ruckus
over it is a waste of time. If this is the way that client is with everything, do yourself a favor
and fire that client. In the time you waste with them, you'll be able to service a few other
better customers. If they're willing to listen to reason, educate them on how most PUP's
find their way into the computer, and show them a few of the many available quality tools
that easily and quickly remove them.

Needing a tool in addition to avast isn't mind blowing. Carpenters don't walk around with only
a hammer in their toolbelts.

 

[carrcomp]

I think I'm kicking the horse here along with @allstarit

No Anti-virus can 100% guarentee to protect against what they are supposed to protect against, let alone PUPs.

These clients are usually a pretty easy sale on a service plan that comes with unlimited removals.

Adding Unchecky is a bonus too.

 

[TechLady]

Viruses are very malicious and get in without any user permission whatsoever. Basically like robbing your house. Malware/adware gets in with inattentive permission; it's the guy next door stealing your newspaper ("well, you left it in the driveway!"). They're different kinds of trickery and different kinds of damage. One kind is hidden and the other not-so-hidden...if you pay attention. But the trouble with the newspaper stealing is it weakens your system and makes it more vulnerable for the house robbers. That's why antivirus and companion programs like Malwarebytes and Unchecky working together are a must.

 

[Krynn72]

This is a good link to show people to explain what a PUP and will help them understand that because they're not specifically malicious, they're not going to be considered malware by most AVs. Its also a good way to get people off free antiviruses, since it slams them pretty good, so a easy upsell to your paid AV solution.

http://blog.emsisoft.com/2015/01/17/has-the-antivirus-industry-gone-mad/

Theres also this quote from an Emsisoft employee who made a comment in that article in response who why Eset doesn't by default stop PUPs:

Monika (Emsisoft) Mod JBeemac • a year ago


Unfortunately, PUPs are not officially considered malware (yet), so we kind of had to give the user the option to "opt-in" on the detection rather than remove another vendor's software from the system. Trust me, we'd love nothing more than to kill 'em all right from the start...

 

[glennd]

Unchecky is a MUST in my opinion.

Until somebody gets wise and produces an installation dialog with a checkbox that says "Don't install my crapware"