Hey, Norton: why does Security Scan behave so much like the malware I remove?
Why? Because it behaves very much like the fake alert malware which causes my customers so much grief.
For starters, it piggybacks on the installers for other programs. Sure, it's usually opt-out, but since it's also checked off for installation by default it usually ends up coming along for the ride. If this really is worth installing, leaving the checkbox blank and let customers opt-in instead (as Chrome does during the Avast! installer).
Once it goes to "work," Security Scan tells me my son's system doesn't have a security product installed. That's untrue, of course, and the same thing fake alert programs do. NSS might not recognize Immunet Antivirus, but it's been doing a great job protecting the laptop from threats.
And then there's that big, nasty threat count. However, apart from Super Mario Forever (hey, my son's 5 and he loves it) being noted as a trust risk, nearly all of the 131 "threats" were actually cookies. No trojans. No keyloggers. No rootkits. But Security Scan doesn't make that distinction -- it just shows me a giant red circle with an X in the middle and tells me Your Computer is at Risk! Just like fake alert malware.
When I click the fix now button, what happens? I'm whisked away to a page where I can purchase Norton instantly -- very similar to the way rogues ask you to activate protection now to remove "infections." To make it worse, there's loud audio as some woman tells me their scan "may have uncovered some problems with [my] PC." Highly annoying.
When you launch Security Scan, there's a big ad offering full protection from Norton 360 since NSS offers detection only. Just like fake alert malware. Security Scan also seems to pop up throughout the day to repeatedly remind me about all these threats -- again, just like fake alert malware does.
When I exit Security Scan, I'm reminded that there are still "threats" on my computer. That I'm at risk. I'm asked if I'd like to get protected (on a nice, shiny button) or say no thanks (in unattractive plain text). Once again, just like fake alert malware.