Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
The Almighty Buck Businesses Software

Norton 360 Criticized For Installing a Cryptominer (krebsonsecurity.com) 96

"Norton 360, one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers' computers," reports security researcher Brian Krebs.

The Verge follows up: The TL;DR is that yes, Norton does install a crypto miner with its software, without making that clear in the initial setup process. But it isn't going to do anything unless you specifically opt in, so it's not a situation where you'll install the security suite and instantly start seeing your computer lag as it crunches crypto in the background.

A NortonLifeLock spokesperson also told The Verge in an email that you can completely remove NCrypt.exe by temporarily turning off Norton's tamper protection feature, and then deleting the executable. We confirmed that ourselves, and it could be good news for anyone worried about Norton remotely activating the feature.

But Krebs reports the product has drawn some bad reactions — and not just because Norton is keeping 15% of the currencies mined: [M]any Norton users complain the mining program is difficult to remove, and reactions from longtime customers have ranged from unease and disbelief to, "Dude, where's my crypto...?"

According to the FAQ posted on its site, "Norton Crypto" will mine Ethereum cryptocurrency while the customer's computer is idle. The FAQ also says Norton Crypto will only run on systems that meet certain hardware and software requirements (such as an NVIDIA graphics card with at least 6 GB of memory). "Norton creates a secure digital Ethereum wallet for each user," the FAQ reads. "The key to the wallet is encrypted and stored securely in the cloud. Only you have access to the wallet." NortonLifeLock began offering the mining service in July 2021...

[M]any users have reported difficulty removing the mining program.

From reading user posts on the Norton Crypto community forum, it seems some longtime Norton customers were horrified at the prospect of their antivirus product installing coin-mining software, regardless of whether the mining service was turned off by default. "How on Earth could anyone at Norton think that adding crypto mining within a security product would be a good thing?," reads a Dec. 28 thread titled "Absolutely furious."

"Norton should be DETECTING and killing off crypto mining hijacking, not installing their own," the post reads....

"Norton is pretty much amplifying energy consumption worldwide, costing their customers more in electricity use than the customer makes on the mining, yet allowing Norton to make a ton of profit," tweeted security researcher Chris Vickery. "It's disgusting, gross, and brand-suicide."

Then there's the matter of getting paid.... "Transfers of cryptocurrencies may result in transaction fees (also known as "gas" fees) paid to the users of the cryptocurrency blockchain network who process the transaction," the FAQ explains... Which might explain why so many Norton Crypto users have taken to the community's online forum to complain they were having trouble withdrawing their earnings. Those gas fees are the same regardless of the amount of crypto being moved, so the system simply blocks withdrawals if the amount requested can't cover the transfer fees.

Thanks to Slashdot reader JustAnotherOldGuy for tipping us off to the story!
This discussion has been archived. No new comments can be posted.

Norton 360 Criticized For Installing a Cryptominer

Comments Filter:
  • by Valgrus Thunderaxe ( 8769977 ) on Sunday January 09, 2022 @03:44AM (#62156667)
    Seems fundamentally incompatible with any type of security product.
    • by Anonymous Coward
      Wrong. You agreed to it in the EULA -- https://youtu.be/NrZMdqi2D1Y?t... [youtu.be]
      • I use Norton, but had no intention of turning on mining, since I don't want to increase my energy bill by running my system at higher wattage than I normally do. I am not a crypto fan, so I agree this is not really a great idea for a security product, but then again, there are probably lots of people who appreciate having crypto mining set up for them. In the end, mining will have to be stopped or changed so that it does not waste insane amounts of energy. This is not sustainable, or positive for the planet

        • by ari_j ( 90255 )
          Wasting insane amounts of energy is not a bug in decentralized cryptocurrency. It is a feature. In fact, it might be the only feature.
          • by ceoyoyo ( 59147 )

            It's not a feature. It's a requirement.

            Features can be deprecated when you realize what a bad idea they are.

        • by Kaenneth ( 82978 )

          I have a central heat pump system now, but I used to run mining software whenever it was colder than 50f to supplement electric baseboard heat.

          (Bought the heat pump, and the house around it with my crypto profits.)

      • If some aspect of an application is only mentioned in the EULA, and not advertised in promotional material like the slick sheet, I think most people would call that a clandestine feature.

      • Yeah. And if they had you agree to botnet software in the EULA, are they even an anti-malware product?

    • So software that performs actions unknown to you, is difficult to remove, provides not benefit, and actively works against the user? Sounds like malware. I don't care how pro-crypto-coin someone is, you don't do this behind the scenes, which in the best case scenario gives you only a few cents a week.

      • So software that performs actions unknown to you, is difficult to remove, provides not benefit, and actively works against the user? Sounds like malware.

        Just sounds like Norton software ...

        • Norton software that's been weaponized.

        • by cusco ( 717999 ) <brian@bixby.gmail@com> on Sunday January 09, 2022 @11:08PM (#62158761)

          Poor Peter Norton, he must be appalled by what has happened to his once great company.

          I find it appalling that anyone uses software from Symantec, there doesn't seem to be a program that they can't ruin and still make a profit on. Norton Utilities, Delrina WinFax, Backup Exec, PowerQuest Drive Image, you name it, if Symantec bought it they removed features, mangled the interface, hosed up the functionality, and to add insult to injury jacked up the price.

    • Why would anyone wish to install a program that tries to sneak in the back door a program designed to use your computer tics without your knowledge? Norton has been shit for decades and keeps getting worse!
  • and creepy .. nope, nope, nope.
  • by IdanceNmyCar ( 7335658 ) on Sunday January 09, 2022 @03:46AM (#62156671)

    It is but then again this is the age of people who love to eat the dog food.

    The fees are an interesting addendum. Basically all Norton's cryptography gets pooled to a single wallet. So they are probably doing little more than robbing people. It would be brilliant to see someone give a breakdown of how much profit Norton makes from this. It has to be in their filings somewhere.

    I am relatively pro cryptocurrency and I think it has good use cases but it's shit like this that gives the whole community flak as a bunch of grifters.

    • Branding? Nobody chooses to put this on their machines. It's bundled predatory crap ware designed to take advantage of people who don't know any better.
    • Or more fundamentally, can a corpse commit suicide? Even without cryptomining, Norton 360 is effectively malware with the amount of resources it hogs on the system. Combine that with the fact that Norton pays for the installation sideloaded with other software (which windows defender flags a "Potentially Unwanted Software") it has more in common with malware than software which removes malware.

  • IANAL. But installing software behind the users back is probably a criminal act here in New Zealand. It hasn't been tested in a court yet, and lawyers disagree. The Norton Ts&Cs may try to fudge this issue, but you cannot contract out of an Act. Regardless, this is an act of considerable arrogance, and I hope Norton pays the price. Who owns the computer?
    • Who owns the computer?

      You still own your computer, bought & paid for & you're responsible for paying to maintain it. But that doesn't matter. As Microsoft & Apple have shown is that what's really important is who *controls* your computer, what software you can & can't install or uninstall, which settings you can change, etc..

      Norton have simply decided to take a little more control over your computer because their profits are more important than your electricity bill. It's just another (very inefficient) way to ch

    • If it's in the EULA then it technically isn't "behind their backs". Unless EULAs are also illegal.

      • by Kaenneth ( 82978 )

        I'm fortunate to be able to read 1200 words per minute.

        Before Steam had a return policy I purchased, and before installing, read the EULA for Sid Meir's Civ 5. I noticed two things. They said that by accepting I was agreeing to let the company send messages to people on my contact lists. And If I don't accept the terms of the EULA to return to place of purchase.

        Pointing out to Valve that their own UI was presenting that return policy, I got a refund because the first portion was unacceptable (since I also d

    • TFS says the feature is opt-in and you surely agree at some point in the install process to install their cryptominer. I'm against the whole fucking thing on the basis of sustainability but frankly they don't seem to be turning the feature on by default so where's the harm done directly by Norton? If harm is done it's only after the user enables the feature, so arguably the user is doing the actual deed.

      This assumes TFS is correct (ha ha ha) and that it's not actually opt-out.

      • by cusco ( 717999 )

        they don't seem to be turning the feature on by default

        YET. When you install an update six months from now and it mentions on Page 47 of the EULA that no one ever reads that you agree to allow the update to enable the service, a lot of people will of course blame Microsoft for slowing their computer down.

  • Wasn't that already a problem in June? Also by this point, I doubt anybody expects anything from those "Security in a box" products other than wasting CPU cycles.

  • by gweihir ( 88907 ) on Sunday January 09, 2022 @03:53AM (#62156685)

    Whoever is responsible should be fired immediately. Security needs simplicity. Security software needs to be free of any bloat or non-security related features. This is a really, really bad misconduct by the manufacturer. If they had offered this as a separate product, it would have been in bad taste but otherwise acceptable. But to install it as part of a security product is utterly wring, no matter whether it runs afterwards or not.

    • Aww, that's cute. You think antivirus software's about security? To quote the Conjoined Triangles of Success, the software isn't the product, the share price is. You can't make that stuff up. They teach it at Harvard.
      • by gweihir ( 88907 )

        You have any better solution than AV in the mess that the MS eco-system is? No? Then do not presume you have the right to mock anybody.

        That said, yes, business "ethics" and solid engineering are incompatible. That is why in other engineering disciplines, the share price is very much not the product. For the effects of violating that, see, e.g. Boeing for a recent example. If they were not that deep in bed with the military, they would probably have ceased to exist after the mass-manslaughter they did and th

        • by cusco ( 717999 )

          I have yet to see a single issue that Norton AntiVirus can handle that Windows Defender hasn't also been able to clean, but I have seen things that Defender could take care of that Norton didn't even acknowledge.

    • More fundamentally, security products need trust.

      • by gweihir ( 88907 )

        Indeed, they do. They may get some trust upfront, but once they fail to justify that, it is basically game over.

    • Well, I could see one reason for embedding a cryptominer: make the Norton subscription free/keep Norton active when the subscription expires.

      Something like: "Your subscription has ended. Norton will continue working but will now mine crypto during idle time to pay for the subscription. Decline/Accept".

      That could make some sense to me. But obviously not what they did, which I agree was a dubious direction.

  • Norton is malware (Score:5, Insightful)

    by TheNameOfNick ( 7286618 ) on Sunday January 09, 2022 @04:08AM (#62156707)

    Like most other anti-malware outfits, Norton stared into the abyss for too long and became what it was supposed to fight. Uninstall as long as you still can.

    • Ethical AV companies should flag this software and remove it but they don't have the intestinal fortitude to actually do this.
    • by cusco ( 717999 )

      I'm reminded of the version of Symantec WinFax that would ask you four times "ARE YOU SURE?" when you tried to uninstall, and in the end would just delete the link to the interface and leave everything in place. We found it faster to just reimage the hard drive than to try to remove WinFax.

      That product gave me the one and only pleasant experience with Symantec tech support. When I called their music-on-hold machine had broken so someone had grabbed their Discman out of the car and plugged it into the phon

  • by splutty ( 43475 ) on Sunday January 09, 2022 @04:20AM (#62156721)

    I mean. Norton was always a resource hog, so how much more of one will it be now?

    (Yes that was sarcasm before people start going hurr durr...)

    • Maybe it's a conspiracy with Dell and other computer makers, to give people a reason to upgrade their old computers which suddenly seem so much slower than they did before!

  • When does Windows start doing this by default?
  • Instead of advertising, let the program mine bitcoin. This could be done for websites, programs, apps, ... Of course the user needs to know that this is happening and that is one of the conditions to use the program. With some basic rules of conduct, this could work. I.e. keep the workload balanced, ... Cores galore.
    • Ìn most cases, mining (especially on an average PC) isn't worth the cost of electricity. You're spending $1 on juice for $0.50 worth of crypto (of which $0.075 goes to Norton). Seems like a rather wasteful business model.
      • Yes, but see, if *someone else pays for the electricity*.
        As Fons De Spons there said, if miners are imbedded into apps and websites, and use your electricity to earn $.25 worth of crypto for the owner of the site, or app designer, ad’s could go away.
        Personally, despite hating how ad flooded the web has become, I’m not sure the wasted electricity is a worthy tradeoff. Adblockers still work.
        • One of the reason mining in Kosovo was so popular. Subsidized cheap juice. Coal mainly of all things.
        • by ceoyoyo ( 59147 )

          Both you and the website would be better off if you just paid them not to mine *or* bother you with ads.

          Ads let people trade a service for something non-monetary: an attempt at psychological manipulation. Allowing mining is just trading giving the website a quarter for giving the website a quarter and destroying another.

    • This might be true, if the greedy bastards weren't doing both.
  • You install Norton, a well known piece of malware; and it installs a crypto miner. This seems entirely expected, what am I missing?
    • I remember using Norton Utilities in the late 80's but when it became the Symantec the product became bloated and worthless and I have not touched it in over 30 years.

      • by cusco ( 717999 )

        Norton Utilities, good product. Symantec buys it, product becomes crap.
        Delrina WinFax, good product. Symantec buys it, product becomes crap.
        BackupExec, good product. Symantec buys it, product becomes crap.
        Drive Image, good product. Symantec buys it, product becomes crap.
        Etc. Etc. Etc.

        Why does anyone ever buy software from Symantec? The pattern seems obvious to me, why isn't it to others?

  • So here we have an antimalware software provider, providing the added benefit of additionally installing optional malware, head spins.

  • I rarely have issues, haven't used an Anti-virus software since 2007.

    Most anti-virus software today is kind of like a virus in itself, and Northon just went out of their way proving that.
    Other cases is who do you really trust? Remember, when you install an Anti-Virus free or not, you're essentially giving up all your data to the company behind the antivirus software.

  • ... chinese these days?

  • by eneville ( 745111 ) on Sunday January 09, 2022 @05:46AM (#62156787) Homepage

    A reason that people use AV products is so that their computer isn't burning electricity for a third party and so that processor resource is there when needed. Personally I like my computer cores scaling down when idle.

    What is the point of this, it almost guarantees that you'll burn the planet with no real benefit.

    • by fazig ( 2909523 )
      It's especially detrimental for mobile devices where this crap contributes to battery wear by draining it a lot faster, increasing cost on the user side and contributing to e-waste where we still haven't found a good enough solution for recycling.

      Norton can fuck right off with that shit.
    • Since when has any anti-virus been light on system resources? For over 20 years, these products have always caused more problems then they solved.

  • by JoeyRox ( 2711699 ) on Sunday January 09, 2022 @05:58AM (#62156795)
    From https://us.norton.com/360 [norton.com]:

    Defense against today's cyber threats.

    Cyber threats are ever-evolving. Cybercriminals can steal personal information through your computers and mobile devices, and there are a number of ways that they do it.

    Cybercriminals can use different types of malware to get what they want, such as:

    Cryptojacking: Malware that gives cybercriminals access to "mine" cryptocurrency on your computer, at the expense of your resources.
  • "Norton Antivirus is, itself, a virus." - A coworker

    I let my antivirus software updates lapse on my Windows machines several years ago and haven't noticed any trouble. I don't think it ever found anything legitimate, but did have a couple of troublesome false-positives. I think having ad blockers in web browsers are (were?) much more important.
  • the electricity bill?
  • While it's reprehensible that they would do this, especially in what is supposed to be a security product, you have to admire the audacity of it. "You will pay us money so that you can use your own resources to make more money for us." It's like somebody looked at Feudalism and thought, "what if the serfs had to pay a membership fee?"

  • Sounds like the caching strategy was a little aggressive when pre-fetching. And someone should have been able to foresee the reaction, when the information went public
  • ... I was just joking when I compared the performance effects of your software to crypto-mining malware. Sheesh!
  • They've been irrelevant bloatware for a decade. I used to LOVE their products. Especially their enterprise AV. Then slowly the install got bigger, and bigger, and bigger, and I was looking at installers 5x the size they used to be. And customer computers (when I was a consultant) running slower and slower.

    The only way they've managed to stay in business is via preinstall agreements with PC vendors.

  • "Norton is pretty much amplifying energy consumption worldwide, costing their customers more in electricity use than the customer makes on the mining, yet allowing Norton to make a ton of profit," tweeted security researcher Chris Vickery. "It's disgusting, gross, and brand-suicide."

    I agree that it's disgusting, but brand suicide? Look, they've done their apparent level best to kill that brand for years (decades really) and it's still alive. Suggesting that THIS is what's going to do in their fucking worth

  • Of Norton/Symantec software I liked was the C/C++ compiler of the late 90â(TM)s. Too bad it had compatibility issues with most libraries - led to an early demise of an otherwise decent product.

    The last purchase of anything Norton was with the laptops we bought our boys in 2007 - it was bundled. I did not renew the software.

    Since then, I receive 3-5 emails per day in my Junk mailbox telling me my subscription is about to run out, has run out, or there is an update I must try.

    Clearly, the scammers know

    • See my own separate comment on this (which I wrote before reviewing any others posted here). We had exactly the same experience, and I was just lamenting to myself that I did not dive deeper into the infuriating "subscription spam" - either as system messages or emails. Good to see that you covered that in more detail.

  • I'm not on the market for an AV product right now, but next time I am I'll be looking elsewhere. I'm astonished someone at Norton thought this was a good idea. There are so many problems with this, not least in terms of resource usage. As a researcher what if I bring my laptop onto a military base and plug it into the wall? Now electricity paid for by the Federal government is powering a cryptomining operation (no matter how small) that will pay me, a private contractor, and Norton, a public company.

    Even

    • by cusco ( 717999 )

      They haven't been a "security" company since Peter Norton sold his Utilities to Symantec in the '90s. I have yet to see a single issue that Symantec software could deal with better than the built-in Windows Defender that comes free, but there have been several that Norton AV couldn't handle that Defender could.

      • Fair point (and I agree about Defender). I guess I should say a "purported AV/security company". Honestly I've been reasonably impressed (or may just not disappointed?) with Defender on my non-work machine. My employer just switched us from Symantec corporate AV to Sophos. Too early for me to decide how it compares to Symantec/Norton, or Defender.

  • I have seen so many scams that are pulled on users. This was a norton scam. I was the sysadmin for a small ISP. I also worked locally on many businesses machines. One afternoon I go out to an insurance company. They just bought the new version of Norton and it wouldn't install. When I get there they have one of 'theirs' in a remote session on one of the machines. They have filtered the event viewer to show just errors. They are pushing their standard support scam and I quickly get rid of them. The p
  • Norton is actually a unit of Symantec, a company from which I have never had a piece of usable software. Bought or used multiple copies of its various products over the years, six I think, because they were everywhere in stores, had huge name recognition, and were preinstalled in computers I bought, and so I thought maybe I just had a bad experience and maybe they make some good stuff and maybe should give it a (another) try. Never saw any of that good stuff.

    Often their antivirus software was pre-installed

    • by EvilSS ( 557649 )

      Norton is actually a unit of Symantec, a company from which I have never had a piece of usable software

      I think you mean NortonLifeLock: https://en.wikipedia.org/wiki/... [wikipedia.org] a name that should instill a sense of competence and ethics to anyone who hears it.

      Symantec split in two, with enterprise software going one way, consumer shit going the other. Vertias kept the enterprise stuff, Symantec the consumer bits. They eventually renamed themselves NortonLifeLock when they merged with LifeLock. I guess at some point Veritas sold Symantec Endpoint Protection to Broadcom. Meanwhile NortonLifeLock still owns the No

  • A NortonLifeLock spokesperson also told The Verge in an email that you can completely remove NCrypt.exe by temporarily turning off Norton's tamper protection feature, and then deleting the executable. We confirmed that ourselves, and it could be good news for anyone worried about Norton remotely activating the feature.

    After deleting the NCrypt.exe, create a directory in that location named "NCrypt.exe". That will prevent Norton from re-installing it. If the installer detects an entry named "NCrypt.exe" it will probably either call the file delete system call, which will fail, or try to overwrite the existing entry which will also fail.

    • seriously if you are using norton in the first place the only response is uninstall, obviously the software is not trustworthy and having it run a critical system component is not something you should be putting manual patches around.
    • by ebvwfbw ( 864834 )

      After doing something like that? The only rational remedy is to remove Norton entirely. Don't even think about using them again.
      Besides, Windows comes with AV software now.

  • What the hell is wrong with this world when an antivirus company is slipping a fucking bitcoin miner onto your computer?
    'Cryptocurrency' is a troll-meme and needs to DIE and GO AWAY FOREVER. It's wasteful bullshit and you're either a fool or a scumbag if you involve yourself with it.
  • Norton was always basically Malware itself, I guess this just puts that final nail in the coffin and perhaps removes the blinkers of some of their defenders. Even for such a shitty company I am a little shocked they would sink this low.
  • Board members want to know, "How can we get in on crypto?"

  • coming by the end of the year. They will settle and claim no wrongdoing. The lawyers will all make millions and every customer will get a $10 coupon for a Norton product. Yay!
  • What did you expect?

    Hopefully you aren't expecting it to keep your computer safe. The best you can hope for is a bloated crap fest which is never fully able to be uninstalled.

  • Are we sure this is a real thing not a prank or third party S&G?

    I have Norton installed, and even after doing a system wide search including mounting the partition under Linux I cannot find the file in question.

  • will opt-in become the new get out of jail free card... A product will have 49 features you want plus one scam listed somewhere toward the bottom. And it will pester you weekly to mark the features you want enabled or click the "accept all, don't ask again" checkbox. Or bury the opt-in permission on line 19578 of the EULA with an alternative EULA lacking that clause available by mail.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...