[HN Gopher] Norton is installing a Cryptocurrency miner called N...
___________________________________________________________________
Norton is installing a Cryptocurrency miner called Norton Crypto
(NCrypt.exe)
Author : decrypt
Score : 393 points
Date : 2022-01-04 15:41 UTC (7 hours ago)
(HTM) web link (twitter.com)
(TXT) w3m dump (twitter.com)
| mediocregopher wrote:
| Even from a pro-crypto standpoint this offering is somewhat
| problematic:
|
| > Once earned, they can track their earnings in their Norton
| Crypto Wallet, which is stored in the cloud so it cannot be lost
| due to hard drive failure.
|
| From https://community.norton.com/en/blogs/product-service-
| announ...
|
| So your "earnings", meager as they likely will be, aren't even
| properly given to you.
|
| Not to mention it seems unlikely that a consumer-grade machine is
| going to earn enough from its share of mining to cover the energy
| costs. At this point you have to have some kind of extra-cheap
| energy source to be able to compete in mining. Although some
| people (e.g. me) have a flat-rate electricity bill with their
| apartment, so maybe some could take some advantage.
| kingcharles wrote:
| Can you transfer out the Ethereum in Ethereum? A lot of these
| hosted crypto wallets only let you convert it back to local
| currency. You can't spend it or trade it outside the corp that
| is holding it.
| wcoenen wrote:
| From Norton's post:
|
| > _What platforms can I transfer the crypto to?
|
| > Norton Crypto supports transfers of Ethereum from your
| digital wallet to Coinbase._
| b0sk wrote:
| The idle cycles on your CPU in
|
| 2000s : aid search for extra terrestrials
|
| 2010s : help search for cancer cures
|
| 2020s : help planet incinerating ponzi grifters (h/t: jwz)
| ffhhj wrote:
| Since China banned crypto mining is there a sort of accidental
| arms race to find which civilization depleds its energy
| resources? Let's see who gets burned first?
| lloydatkinson wrote:
| It's like a hitchhikers guide to the galaxy plot...
| mey wrote:
| It does remind me of the Shoe Event Horizon. Except, what we
| have constructed with Proof of Work is probably more like The
| Paperclip Game, at the end of this we will be converting
| matter to energy to coins.
| staplers wrote:
| So just money in general.
| HPsquared wrote:
| Extraterrestrials: no money
|
| Cancer research: some money
|
| Crypto: more money
| kingcharles wrote:
| I don't know why you didn't make any money from the SETI
| search. It worked out nice for me once I'd established
| contact; I'm now get 20 DogeCoin for every anal probe they
| administer.
| Sohcahtoa82 wrote:
| 20 Dogecoin is only a little over $3.
|
| You're getting scammed.
| paxys wrote:
| All three of them being pointless and wasteful.
| Austin_Conlon wrote:
| Why for the cancer research use?
| salawat wrote:
| This, right here, is blatant theft, and unauthorized utilization
| of consumer resources. I don't care if there is a clause in there
| about "You consent to blahblahblah."
| badRNG wrote:
| I think there's a misunderstanding because the original thread
| leaves one thinking that Norton is surreptitiously installing
| cryptominer malware on their customer's machines (not a big fan
| of how that was communicated.) In reality, this is an optional
| cryptomining application that you can choose to run (if you are
| willing to let Norton keep a 15% cut.)
|
| https://community.norton.com/en/blogs/product-service-announ...
| robbedpeter wrote:
| Nobody competent with computers is going to be using Norton.
| It'll show up on gram and gramps home pcs, and they'll have
| been running it for a year before they proudly mention: "I've
| been mining NortonCoin to save money on my anti-virus
| subscription!" Or whatever bullshit Norton sales gremlins
| have fed them.
|
| Their demographic is people who don't know better, and this
| whole thing reeks of illegal consumer exploitation.
| wlesieutre wrote:
| A lot of people's grandparents are going to earn $10 of
| "free money" with this utility and have no idea that it
| cost them $200 of electricity. Meanwhile Norton's laughing
| all the way to the bank with their 15% off the top.
|
| (disclaimer: numbers totally made up, but I'm sure the
| average Norton user's computer isn't mining profitably)
| squarefoot wrote:
| "Norton is installing a Cryptocurrency miner" sounds like when
| 10-15 years back it made the news when one app or one OS
| installed adware or spyware. We did nothing, and now it is
| becoming the norm. If that's the trend, then, ladies and
| gentlemen, we're screwed: every piece of software will attempt to
| monetize from user's hardware, no matter the cost, particularly
| when cost is on the users. Name one reason why they shouldn't do
| that, there's no law forbidding it except common sense.
|
| Cryptocurrency is cancer. It doesn't scale, it can't scale, it's
| becoming a huge unsustainable environmental disgrace, and it's
| the #1 reason why certain hardware is harder to find and
| overpriced, followed by energy, of which we have plenty but
| decided to waste it in mining farms.
|
| Here are some numbers, just look at the trend: from 77 TWh to 204
| TWh in one single year.
|
| https://digiconomist.net/bitcoin-energy-consumption/
|
| https://www.businessinsider.com/bitcoin-mining-electricity-u...
|
| Now just picture what will be like 5 years from now with possibly
| one PWh of miners worldwide pumping heat in the atmosphere 24/7,
| and energy prices skyrocketing because it will always be
| allocated to this task, therefore demand will always be higher
| than offer. Seriously, WTF!
|
| Of course I expect downvotes from users with vested interest in
| cryptocurrencies, however I politely ask others to reply with
| "You're wrong because ..." followed by a believable explanation.
| I _want_ to be proven wrong on this.
| [deleted]
| cwkoss wrote:
| You're wrong because:
|
| - Aggressively mining crypto consumes enough system resources
| that most users would notice it and uninstall the software.
| (Norton may have an edge here because users are used to Norton
| making their systems performance worse)
|
| - Even aggressive mining produces very little on the vast
| majority of systems (really need gaming GPU to make any money).
| CPU mining hasn't been economically profitable for nearly a
| decade: Norton probably makes <$0.001 per day on the median
| machine. Managing a network of chromebooks cryptomining would
| probably be unprofitable for Norton _even if only accounting
| for the cost to Nortons systems_. Norton 's only hope of making
| profits from this is from the "whales" with the best machines.
|
| - Multiple programs mining on the same system would split the
| rewards, drawing down value of such a system even further
| (unless they use tricks to monopolize system resources in a way
| that would make it even more noticeable to users).
| kikimora wrote:
| This cryptocurrency rant is offtopic. Would it make a
| difference if Norton would install something that shows ads?
|
| As to your question - crypto is the new form of cash, different
| form every other forms we have known before. One exciting
| property is the relative independence from any particular
| economical or political system. Blockchain in general has
| potential to replace all middleman from lots of transactions.
| Think of property, fundraising, stocks, trade (especially
| overseas), etc. Specific implementations can be regulated by
| government(s), the point is to replace bookkeepers with
| machines.
| UncleOxidant wrote:
| > crypto is the new form of cash
|
| Yeah, yeah, yeah, we've heard this like thousands of times.
| And yet crypto isn't being used like cash. Everyone is
| encouraged to "hodl" their crypto not spend it. It's being
| pushed as an inflation hedge like gold. Even most crypto
| folks don't seem to be pushing the "it's a new form of cash"
| narrative anymore.
| everfree wrote:
| > I politely ask others to reply with "You're wrong because
| ..." followed by a believable explanation. I want to be proven
| wrong on this.
|
| One thing you're wrong about is that cryptocurrencies are _in
| general_ mined using electricity and specialized hardware.
| Bitcoin is the biggest outlier in that respect, with its plans
| to continue their mining program permanently. Ethereum has the
| software to end their mining program (the "beacon chain"),
| which is currently finalized in spec and running alongside the
| original chain as they finish testing it before final release
| later this year (the "merge" event).
|
| I always feel the need to nitpick here, as it's a common
| misconception that "most" cryptocurrencies are an environmental
| disgrace. Bitcoin is an environmental disgrace, Ethereum you
| could say is an environmental disgrace until they shut off
| mining later this year, but since the vast majority of
| cryptocurrencies don't use mining at all, it makes the most
| sense to target the ones that do rather than throwing the
| entire space under the bus.
|
| I also disagree that cryptocurrency can't scale, as I'm
| intimately familiar with the work being done with transaction
| execution verification by zero knowledge proof (especially
| Ethereum's zero knowledge rollups), but that's a discussion for
| another time.
|
| I'm also aware that I am in a comment thread about a company
| doing something very scammy in regards to crypto, so please try
| to distance my explanation from the disapproval we share
| towards Norton. Obviously I am not trying to defend Norton
| here.
| squarefoot wrote:
| Thanks to you and cwkoss for the very constructive replies,
| that's what I was looking for. I was speaking broadly, the
| news about Norton just gave the chance to comment.
|
| > Bitcoin is an environmental disgrace, Ethereum you could
| say is an environmental disgrace until they shut off mining
| later this year, but since the vast majority of
| cryptocurrencies don't use mining at all
|
| Can you please elaborate on that? If that's the case then
| I've to read a bit more on the subject as I thought every
| cryptocurrency required powerful hardware (GPUs or ASICs)
| under intensive load, which of course translates in huge
| power demands. The graph showing an almost 3x factor increase
| in power consumption in just one year looks worrying to me,
| however if you say there are other environment friendly
| means, that makes the matter interesting. What are however
| the chances that we can correct that factor in a immediate
| future?
| rytill wrote:
| Isn't that just a criticism of proof-of-work cryptocurrencies?
| ronsor wrote:
| At that point you may as well skip the antivirus and go straight
| to a shady Russian download site. The result will be the same,
| but at least you won't be paying for the miner.
| brnt wrote:
| The Pirate Bay will be the last place where you can still get
| clean software.
| ch33zer wrote:
| I'm pretty ignorant about this stuff but when proof of stake
| comes around won't there be no need for this mining pool at all?
| I thought under proof of stake you're just validating
| transactions instead of actually finding a hash, which doesn't
| require a big pool of workers. Seems weird for them to focus on
| ETH rather than BTC or something else.
| dudus wrote:
| It seems proof of stake has been delayed ad infinitum for ETH,
| to the point people seem to be losing confidence it's ever
| coming out. Plus there's some real concern about it. Even if
| eth changes to proof of stake there will be plenty of coins to
| mine with proof of work.
| imwillofficial wrote:
| I'm ashamed to have ever worked for Symantec. This is beyond
| ridiculous. Absolute abuse of trust.
| quirkot wrote:
| My cousin's laptop from 2015 with 50 chrome tabs open will
| _definitely_ earn more ETH than it costs for electricity
| </sarcasm>
| cool_dude85 wrote:
| Norton gets the coin and your cousin pays the electric bill.
| From their end it's all upside.
| pc86 wrote:
| No, they don't.
|
| At the risk of violating the site guidelines, I suggest you
| actually read the article instead of responding to what you
| assume it says.
| skeeter2020 wrote:
| They charge you for the product on subscription and then
| take a cut of the total mined currency (I beleive 15%). If
| that isn't all upside not sure what is.
|
| I'd suggest you follow the site guidelines as well and
| comment to add value.
| pc86 wrote:
| "Norton gets the coin" _absolutely_ suggests that this is
| nefarious mining where Norton gets 100% of the value.
| That 's demonstrably false, and just because Norton is a
| horrible company with horrible products doesn't mean we
| need to pretend it's something it isn't.
| vorpalhex wrote:
| Norton is taking a 15% "fee".
| https://community.norton.com/en/blogs/product-service-
| announ...
| low_tech_love wrote:
| I wonder what some universities and companies who still rely on
| Norton licenses across the board will have to say about this at
| the end of the month when their electricity bill comes.
| taylanu wrote:
| On top of it all they had the audacity to set the mining pool fee
| to 15% with no option for alternative pools. (for ref mining pool
| fees are generally 1-3%)
| badRNG wrote:
| Important note, because it isn't immediately obvious: Norton is
| bundling an _optional_ cryptocurrency miner that they are
| offering as a product. Nothing here indicates that Norton is
| surreptitiously adding cryptominer malware on their customers '
| machines (like one might assume reading the original thread.)
| Though they are taking a 15% cut for using their miner...[1]
|
| [1] https://community.norton.com/en/blogs/product-service-
| announ...
| cbhl wrote:
| Huh, I guess after they saw how many of their customers had
| crypto miners detected on their systems they decided to get in
| on the game.
| skeeter2020 wrote:
| is this the same way MS adds "optional" telemetry and other
| features, LinkedIn "optionally" adds me as a follower to
| everyone in my network and every website "optionally" adds me
| to receive all sales & marketing emails?
|
| If it's bundled it's not really optional, is it?
| fourseventy wrote:
| Its optional because you don't have to turn it on... not
| rocket science
| brnt wrote:
| Countdown before an update inadvertently enables the miner
| in 3, 2, 1...
| sophacles wrote:
| I think you inadvertently spelled _' inadvertently'_
| wrong.
| cnbeining wrote:
| It's a legit product from Norton - a Crypto *Wallet*.
|
| Source: am NLOK employee.
| tzekid wrote:
| A wallet and mining client that uses 100% of your GPU if
| "idle". But of course mining it's opt-in, and that's good
| because everybody reads all the text on a prompt before they
| mindlessly click "Confirm".
| duskwuff wrote:
| A "crypto wallet" with a 15% withdrawal fee???
| emerged wrote:
| I wouldn't use the word "legit" within 50 miles of this.
| willio58 wrote:
| It's comical at this point, anyone working for Norton here? Would
| love to know the thoughts of someone internal.
| cnbeining wrote:
| It's a Crypto _Wallet_.
|
| Source: am NLOK employee.
| howinator wrote:
| No it's not.
|
| Source: https://community.norton.com/en/blogs/product-
| service-announ...
| pc86 wrote:
| Who in their right mind would admit working for Norton at this
| point?
| onphonenow wrote:
| No removal option for this "feature". It's funny how anti-virus
| stuff looks like virus stuff.
|
| You can however "pause" the mining forever while keeping
| everything installed which is what support will suggest if you
| ask.
| perennate wrote:
| > You can however "pause" the mining forever while keeping
| everything installed which is what support will suggest if you
| ask.
|
| Just to clarify because this sentence sounds a bit misleading
| -- according to
| https://support.norton.com/sp/en/us/home/current/solutions/v...
| the cryptocurrency miner is off by default, so if you haven't
| turned it on, then there's no need to pause it if you don't
| want it running.
| handoflixue wrote:
| Do you actually have any knowledge of the product, or are you
| just quoting a support page? I wouldn't trust a support
| page's definition of "opt-in"
| short12 wrote:
| Norton has outright been a malware company for a long time
|
| I'd love to see the feds arrest a few people there and destroy
| the company.
|
| Just remember. Don't ever hire someone with recent Norton
| experience I their resume. I'd sooner fill that gap in with the
| explanation that I was selling fentanyl laced products on the
| dark web
| notyourwork wrote:
| Anecdotal, a few years back I had the opportunity to interview
| an engineer. Their background was in web advertising.
| Regardless of what I feel about ads on the internet, the
| candidates technical background with respect to how they handle
| iframes inside of iframes many levels deep and how they inject
| code into the page was actually quite a fascinating
| conversation on the technical merit of it all.
| wizzwizz4 wrote:
| I don't know - there are acceptable (if rare) reasons to work
| on Norton, but I can't think of any reason that selling
| fentanyl-laced products would be okay.
| 999900000999 wrote:
| So a kid who got recruited out of college is somehow a bad
| person ?
|
| No one is forcing you to install this stuff, I think Match is a
| horrible company which takes advantage of people, facilitates
| scams, on top of outright fraud .
|
| I still recognize skill, if you told me you improved load times
| on Match.com by 60% I'd be very interested in hiring you. I
| wouldn't personally work for any dating app or adult
| entertainment platform. But I have nothing against those who
| do.
| anormalpapier wrote:
| > Don't ever hire someone with recent Norton experience I their
| resume.
|
| This is pretty ridiculous. I worked there and and there is much
| more going on internally than writing malware-like software. By
| the time I left they still had pretty decent engineers just
| trying to find a job in a better company, like me.
|
| These sort of decisions don't come from Software Engineers and
| management there is known to be pretty shitty.
|
| Also, it's not like they maliciously inserted this thing to
| mine crypto for Norton itself. Whatever your computer mines is
| yours (still a bad idea though IMO)
|
| https://community.norton.com/en/blogs/product-service-announ...
| Ansil849 wrote:
| > These sort of decisions don't come from Software Engineers
| and management there is known to be pretty shitty.
|
| No, but the decision to work and continue working there does.
| jodrellblank wrote:
| So you're saying you would trust this hypothetical ex-
| Norton engineer resume _more_ , because they made the
| decision not to continue working there?
| Ansil849 wrote:
| I'm saying no such thing. What I am saying is that I find
| this 'we're just code monkeys, we don't enact policy'
| retort I see so frequently here incredibly annoying,
| because it acts like programmers are not human beings
| with agency in a market with typically extreme mobility.
| jodrellblank wrote:
| If they're trying to leave and can't leave because nobody
| will hire them because they work(ed) somewhere bad
| (that's the original comment in this thread; never
| trusting a Norton employee's resume) and you're also
| criticising them for "choosing" to continue working
| there, what chance does that give them? That isn't having
| agency in a market.
|
| If "the decision to work and continue working there" is a
| bad one, that makes the decision to leave a better
| decision, yes? And the person who makes such a decision,
| a better person. And if you want to hire people who have
| agency and act with integrity, someone who left Norton is
| a slightly higher signal than someone who never heard of
| Norton, isn't it?
| [deleted]
| Barrin92 wrote:
| >and there is much more going on internally than writing
| malware-like software
|
| that sentence doesn't exactly inspire confidence lol. So
| you're saying people are aware of the fact that they're
| partially writing malware like software and that's..
| accepted? That's like an accounting firm saying "don't judge
| us like that, there's much more going on here than the money
| laundering"
| kjaftaedi wrote:
| > _Also, it 's not like they maliciously inserted this thing
| to mine crypto for Norton itself._
|
| No, but it is still malicious in the sense that it:
|
| (1) does not inform the user or ask for consent
|
| (2) seemingly does not offer an option to disable it
|
| While I want to apply Occam's razor here, you'd have to
| assume all of the people that worked on this were negligent
| or unqualified... when sadly the more likely scenario is that
| these decisions were most likely intentional.
| perennate wrote:
| > (1) does not inform the user or ask for consent
|
| > (2) seemingly does not offer an option to disable it
|
| Where do you see this? As far as I can tell, it is off by
| default, and the user must explicitly enable it (consent)
| to use the miner.
|
| See e.g. https://support.norton.com/sp/en/us/home/current/s
| olutions/v... which mentions a License and Services
| Agreement that must be accepted before the miner can be
| used at all, and clearly says the mining status can be
| toggled between Active and Paused.
| VWWHFSfQ wrote:
| > it's not like they maliciously inserted this thing to mine
| crypto for Norton itself. Whatever your computer mines is
| yours
|
| It says you're joined to a mining pool. Is this a Norton
| 360-only mining pool? If so, I'm guessing they have their own
| hardware participating in the pool as well. And if that's the
| case, you're helping them mine for blocks just as much as
| you're helping yourself. But they don't say that anywhere so
| who knows.
|
| edit: and it also appears that they're taking 15% of whatever
| you mine.
|
| So they've apparently:
|
| * Set up a Norton-only pool
|
| * Joined all their customers computers to it
|
| * Collect 360 subscription fees to participate
|
| * Collect 15% of everything their customers mine
|
| * Participate in the pool themselves, further benefiting from
| their customers mining activity
|
| And what happens to the unclaimed/unused wallets that they're
| holding for their oblivious customers in "the cloud"? If I
| cared enough about this to read the fine print I bet I'll
| find that they're reserving the right to empty those after a
| certain period of inactivity.
| random314 wrote:
| And who pays the customers electricity bill? They are
| simply stealing your electricity.
| yosito wrote:
| Not just your electricity, but also your processor time,
| which you likely intended to use for something else.
| duskwuff wrote:
| > And what happens to the unclaimed/unused wallets that
| they're holding for their oblivious customers in "the
| cloud"?
|
| For that matter: what happens when Norton gets hacked and
| loses the cryptocurrency they've been holding for their
| users?
| perennate wrote:
| > oblivious customers
|
| Users must explicitly agree to a Norton Crypto License and
| Services Agreement and activate mining before the software
| starts mining Ethereum. It is unlikely there would be any
| oblivious customers.
|
| See https://support.norton.com/sp/en/us/home/current/soluti
| ons/v...
| Kinrany wrote:
| How explicit is their agreement compared to the usual
| dark pattern of "guess which one of these five checkboxes
| is optional"?
| [deleted]
| jjulius wrote:
| >Just remember. Don't ever hire someone with recent Norton
| experience I their resume.
|
| I completely understand this sentiment and why you're
| approaching it this way, but I have to ask - what if the person
| with recent Norton experience is trying to get away, or got
| away, from them _because_ they share your views about Norton?
| Would you just throw away the resume without a second thought,
| or would you at least be open to hearing about their thoughts
| working there?
| creddit wrote:
| People who say these things are primarily looking for reasons
| to moralize and gatekeep. It's not about actually achieving a
| just outcome.
| drdeca wrote:
| If this maxim was universalized, I don't think it would produce
| the outcomes you desire? At least, not in the short term.
|
| This would make it so the people there would be essentially
| forced to stay there?
|
| It would, of course, also provide an incentive against
| beginning to work there, but, I still think other rules would
| better further your goals.
| chickenpotpie wrote:
| > Just remember. Don't ever hire someone with recent Norton
| experience I their resume
|
| Toxic hiring mentality. Unless someone is very high up, it's
| just a job to them and they're just trying to feed their
| families.
| voakbasda wrote:
| jabej wrote:
| That was nothing but the result of the winning side wanting
| someone to pay for what the losers did to them. It never
| made sense.
| [deleted]
| jrockway wrote:
| "Just following orders" is a loaded expression. You're
| implying that they're committing genocide, when really all
| they're doing is helping some company make a product you
| don't think is particularly good. It's definitely not worth
| such harsh words.
| dontbothr83 wrote:
| voakbasda wrote:
| No, it absolutely does not imply committing genocide. It
| implies that following orders of a superior does not
| absolve you of guilt when committing _any_ crime.
|
| Even if this was not currently criminal, this behavior
| appears inexcusable. The software engineers building this
| software lacked the ethical stamina to stand up and say
| "no" to their masters. They deserve an equal share of the
| condemnation and consequences for their participation.
| HPsquared wrote:
| Everyone, even the janitor?
| avalys wrote:
| What if they worked at Norton but not specifically on
| this one feature you have an issue with?
| tadzik_ wrote:
| If I worked at Norton and this happened I'd be handing in
| my resignation on the same day because I wouldn't want to
| be associated with these practices and for anyone,
| including future employers, to assume that I was involved
| in them.
|
| Or rather, I would if this wasn't mostly FUD and blown
| out of proportion. According to other comments it's
| entirely opt-in.
| tombert wrote:
| Talk is cheap on this. Pretty much every government on
| earth has committed at least one atrocity, and usually
| many. Would you condemn a public defender for working for
| the US government, because the US government murdered
| millions of Native Americans?
|
| I mean, that's a valid enough position to have, but I
| don't feel like you have really thought it through.
| dontbothr83 wrote:
| tadzik_ wrote:
| Talk is cheap, but so is switching jobs. The broader you
| go on this the harder it is to avoid, I still pay my
| taxes even though my government does terrible things with
| the money, but I don't have much of a choice. I have
| refused job offers from companies that do things I don't
| like though because it's not really that much of a loss.
|
| And I don't know what kind of standards public defenders
| in the US have, but over here it's common than an abuse
| of power by the police force is followed by a wave of
| resignations.
| tombert wrote:
| I think you're missing my point, I don't think I made it
| terribly well.
|
| My point is that if we take a job like a public defender,
| I think most people agree that the action of what they're
| doing is a good thing. Providing representation to people
| who cannot afford a lawyer is (I think) nearly
| universally regarded as "good". However, they _are_ paid
| by the US government, who has done its share of very evil
| things. Does that mean I should condemn a public defender
| because the entity that signs their paychecks does evil
| stuff?
|
| Personally, I think the answer is "no". Any sufficiently
| large entity has its share of bullshit, and I personally
| do not think that every individual that has ever
| associated with that entity is guilty-by-association by
| working with them. You're welcome to disagree, of course,
| but I would be surprised if everyone you like passes your
| purity test then.
| tadzik_ wrote:
| No, not everyone I like passes my purity test, you're
| right. I try not to judge them too much for it, they have
| their reasons (largely economical), and it's their call.
| _I_ wouldn 't do it, but I don't condemn them for it
| either - and I never said that I would. I merely stated
| my own stance on this, which is, as you say, cheap to
| have since I'm in a stable situation and the IT job
| market is abundant of well-paying jobs.
|
| I see the point that you're getting at, and there's
| surely the line to be drawn here, and I think it's a
| question of scale - and the line is placed differently
| for each individual. I don't have absolutist views on
| this, and I probably wouldn't feel bad either, as a
| public defender in the example you bring up. I'd say
| public defenders are in the clear even if their state-
| employer also does bad things - since at least some of
| the things that they do are good and need to be done,
| like keeping people safe. I wouldn't say the same about
| Norton since they're one of many and if they went down
| tomorrow nothing much would really happen.
|
| I don't think it's comparable to the IT industry though.
| Companies _hugely_ care about their image, and poking
| holes in that image is an effective - or at least
| available - way to put pressure on them. Consider how
| much effort they 're making to recruit people, and how
| heavily they rely on friends recommending their friends.
| "Your employees will leave and they'll discourage their
| friends from working with you" will work much better on a
| tech company than it would on a state that doesn't really
| compete with anyone else when it comes to public defense.
|
| One's own conscience work similarly in this case. There's
| a long way to go from "I directly boost profits of a
| ruthless, replacable corporation" to the "I criticize the
| society and yet I participate in it" meme.
| RansomStark wrote:
| I've never understood this argument. It is clear that
| nobody is implying a genocide is underway, they are
| simply alluding to an extreme example of ignoring or
| justifying negative actions, to show that each of us has
| agency and should be held to account for their actions.
|
| I always think it's an interesting juxtaposition because
| although the actions (in this case working for an AV
| company) are always so far removed from the extreme
| example, so too are the repercussions.
|
| The "just following orders" soldier, had he refused to
| carry out his orders, or attempted to flee, would have
| been shot in the back for desertion. The penalty for
| following orders, or not following orders, is the same:
| death (at least in the canonical example).
|
| Whereas with the situation being discussed here, it
| results in what? Maybe holding out for another job.
|
| In the extreme we expect people to pay the ultimate price
| to prevent atrocities, which should serve to remind us
| that, in the everyday, we should engage our moral
| compass, endure a small hardship, and through that
| hardship, prevent a small amount injury from being
| inflicted on the world.
| jodrellblank wrote:
| From the first picture here[1] it says "Turn your PC's
| idle time into cash: show me how"
|
| That appears to be opt-in. It's quite plausibly something
| people interested in crypto might actively want, namely a
| company they already do business with offering to make
| all the decisions about coins and wallets and stuff for a
| small fee. If a YC startup offered this, or it was added
| to the Dropbox client as an opt-in "let Dropbox make you
| some cash", people would love it. If Windows 11 or Edge
| included it, people would hate it. As an opt-in thing
| it's not a bad idea; not quit-your-job bad and certainly
| not "just following orders" Nazi trolling bad. It's
| Norton and AntiVirus's reputation which taint it.
|
| "It is clear that nobody is implying a genocide is
| underway" - it at least implies that something strongly
| and obviously bad is underway that anyone with integrity
| should avoid. And that's not obviously the case either.
|
| [1] https://community.norton.com/en/blogs/product-
| service-announ...
| tombert wrote:
| I understand where you're going with this, and while I
| don't really "disagree", I think it's a bit of a stretch to
| go from Nuremberg justifications of murder to "installing
| some stuff that makes your computer slow because someone
| asked you to". Should "just following orders" fully absolve
| you of guilt, even on a small scale? No, definitely not,
| but I feel like the language you used is loaded.
|
| Most engineers on HN aren't solely developing for non-
| profits and charities, we're writing software for for-
| profit entities, and most of the really big for-profit
| entities are pretty evil (e.g. Google, Facebook, Apple,
| Microsoft, etc). It's not unreasonable to condemn people
| for working for these companies, but I think it's important
| to put into perspective the scale and intent of most of the
| people working there.
| w1nk wrote:
| It doesn't just make your computer slow, which is bad
| enough, it's actively stealing your electricity and
| converting it into their money. How can that possibly be
| justified?
| tombert wrote:
| It's not justified, I don't claim it is. It should be
| condemned, I just feel like the term "just following
| orders" has a bit of a loaded Nuremberg connotation to
| it.
|
| I guess I'm accusing the parent comment of hyperbole more
| than being "wrong".
| wallacoloo wrote:
| the job market ( _especially_ if you're an engineer
| considering Norton) is so flush right now, you could choose a
| hundred other positions with similar workload and benefits.
| when you choose to work for a shitty company under such
| circumstances, it shows that you don't care in the least for
| the other people with whom you coinhabit the planet. that's
| antisocial behavior, and human society relies upon a certain
| amount of soft punishment for antisocial behaviors. yes: you
| should be _thanking_ hiring managers who turn down candidates
| who have no regrets about past work at toxic companies,
| because those hiring managers are preserving our society at
| the margins.
| chickenpotpie wrote:
| The job market is still complicated and not that easy. I
| know quite a few people that ethically disagree with their
| job and have been trying to leave for over a year and the
| phone is just not ringing. So now they should just be
| banned from working anywhere else? What are the supposed to
| do? Quit and starve?
| wallacoloo wrote:
| > you should be thanking hiring managers who turn down
| candidates who have no regrets about past work at toxic
| companies
|
| "no regrets" is an important part of this. though it's
| not quite the precise word i'd like, since your friends
| could well not regret their choice to stay given the
| circumstances you outline. what i want is for our culture
| to fight against antisocial behavior: to encourage the
| everyday person to give sufficient weight to social
| impact when making decisions.
|
| "sufficient" is subjective, so as a starting point
| replace that with "non-zero" and i think we come out
| ahead: the toxicly selfish (or socially ignorant) are
| encouraged to behave at least mildly pro-socially, and
| the friends you mention who _tried_ to leave evidentially
| gave non-zero weight to their social impacts -- even if
| they failed -- and would pass such a test.
|
| the world is gray and i _don 't_ want a purity test. but
| that's not a license to _ignore_ our social
| responsibilities.
| skeeter2020 wrote:
| Potential Upside: maybe they'll need to redesign their antivirus
| to leave some resources available for mining coins?
| costcofries wrote:
| This is so absurdly disgusting, there's nothing more to it. The
| whole thing boggles my mind but the FAQ is just on another level,
| here's one example:
|
| Q: Will I be able to adjust the settings thresholds, or will
| Norton decide that?
|
| A: For now, Norton will manage the settings. We are continuing to
| build capabilities and could potentially make the settings
| adjustable for you in the future.
|
| Like, I know ~1.5m people still pay for AOL [1] but this is
| criminal.
|
| [1]https://www.cnbc.com/2021/05/03/aol-1point5-million-
| people-s...
| prirun wrote:
| My neighbor still pays for AOL, and has an aol.com email
| address. I've tried to get her off of it, but she stays because
| I quit working on her Windows computer a few years ago (got rid
| of all mine, yay!), and for $5-10/mo, she has a person to call
| who will walk her through problems with her computer. Not just
| AOL problems, like with their browser (which she also still
| uses), but with any problems.
| grishka wrote:
| At this point I'm convinced that the entire antivirus industry is
| a scam scheme for the most part. They make everyone suffer for
| their own profit.
|
| Users are scared into installing this crap and paying recurring
| payments for it, and then the performance of their computer goes
| to shit. Developers are given nightmares by having their software
| misdetected as a virus or broken by the antivirus changing the OS
| behavior in unexpected ways.
| frozenport wrote:
| Actually its an advertised feature and you keep most of the ETH
| you mined: https://community.norton.com/en/blogs/product-
| service-announ...
| SketchySeaBeast wrote:
| > Norton Crypto is included as part of Norton 360
| subscriptions. However, there are coin mining fees as well as
| transaction costs to transfer Ethereum. The coin mining fee
| is currently 15% of the crypto allocated to the miner.
|
| So I have to pay money to subscribe to mine Norton Crypto and
| then pay a mining fee on top of that? That's amazing. Are
| they going to partner with QuickBooks so that I can subscribe
| to that as well and for a low 15% transaction fee they'll
| handling filing the taxes for me?
| hericium wrote:
| > > The coin mining fee is currently 15% of the crypto
| allocated to the miner.
|
| Hold up. Does the term "miner" refer to the pool here? Is
| "allocation" mining?
|
| This can be read as the pool getting 85% of what miner
| mined, and allocating 15% fee to the miner.
| ljm wrote:
| If it's installed without warning, I'm sure you'll also get
| a lovely surprise on your electricity bill when it turns
| out your laptop has been mining crypto when you thought it
| was sleeping.
|
| They're basically turning their installed user base into a
| botnet and charging customers money for the pleasure. I
| hope they get taken to court over it.
| jallen_dot_dev wrote:
| Your electricity bill is $10.00 higher this month. But
| don't worry! You earned $8.50 in your Norton Crypto
| wallet.
| kingcharles wrote:
| Congratulations! This month you have earned 8 "dollars"
| and 50 "cents" in NortCoin(tm).
| michaelmrose wrote:
| That you now have to pay $5 in fees to extract from said
| wallet.
| perennate wrote:
| It is installed but not activated without warning AFAIK.
| According to https://support.norton.com/sp/en/us/home/cur
| rent/solutions/v... the user must first agree to a Norton
| Crypto License and Services Agreement and then explicitly
| activate the miner before anything will happen.
| cm2187 wrote:
| At this point windows defender is the principal threat to the
| normal functioning of my computer. It takes 100% CPU
| frequently, blocks my own programs based on some obscure ML
| rules, it re-enables itself when you disable it. It is
| indistinguishable from a virus.
| ralmidani wrote:
| In a lot of ways, Windows itself is indistinguishable from a
| virus.
| grishka wrote:
| What happens if you delete its main executable?
| ssully wrote:
| I have had the opposite experience. I've found windows
| defender to be basically the only AV you really need. I had a
| single occurrence where it flagged software I was writing as
| potentially malicious, but I was able to add an exception for
| my project and not think about it again. I've never noticed
| it clocking my CPU at any noticeable levels. For comparison,
| my work computer requires McAfee and at least once a day it
| clocks my CPU at 65% or more.
| etempleton wrote:
| Windows Defender is the only antivirus I have used on my
| personal machines since it first launch and I have never
| had an issue, though I suspect most of my good fortune is
| good internet habits.
|
| I wonder how much modern windows really requires an anti-
| virus. During the Windows XP days it felt vital, but since
| then it has felt more like something everyone just does out
| of caution.
| jaywalk wrote:
| I've been relying exclusively on Windows Defender since
| before it was called Windows Defender. I view third-party
| antivirus software as pointless at best, and actively
| harmful at worst.
| Terry_Roll wrote:
| Its certainly a legal way to spy on many users and businesses
| to extract secrets thats for sure!
| blacksmith_tb wrote:
| It could be used for that obviously, though do we have any
| evidence? Who would the AV vendors sell the secrets to, and
| how? (I guess it's not a surprise I wouldn't be in those
| meetings, but you'd think there be a whistleblower
| somewhere?)
| buran77 wrote:
| The feature that automatically submits samples for further
| analysis has been known to catch proprietary executable
| code, send it to the AV manufacturer's sandbox where it was
| promptly executed and leaked data from inside that
| infrastructure, or give away some complex hacking campaign
| before the attackers have the chance to use the tools.
| bigodbiel wrote:
| There was that Kaspersky incident.
|
| TL;DR Kaspersky inadvertently acquired confidential NSA
| hacking tools from an NSA employee home computer with their
| AV product installed in it.
| MetaWhirledPeas wrote:
| It has been this way since the 90s, sadly. As a bonus you don't
| even need to be scared into installing it because it was
| already there when you bought your prebuilt PC. Instead you'll
| be scared into not removing it.
| hericium wrote:
| > At this point I'm convinced that the entire antivirus
| industry is a scam scheme for the most part.
|
| I was always under the impression that Microsoft does not fix
| or is extremely slow at fixing particular virus-allowing bugs
| due to their business model of licensing access to system
| features, you have to access to be able to build an antivirus
| software.
|
| I don't know Windows internals but I imagine that your usual
| game or text editor does not have and cannot gain access to
| kernel, bootloader etc, that AVs have.
| grishka wrote:
| I don't know much about more modern Windows, but I'm fairly
| certain that on XP and earlier anything that ran on behalf of
| the administrator (the only user on most home installations)
| could trivially load arbitrary code into the kernel. I'm not
| sure how UAC affects this on Vista and newer.
| muricula wrote:
| These days you need to have your kernel driver signed by
| Microsoft or edit your boot config options to put the
| machine in an insecure state mostly useful for testing. To
| get it signed you need to pass a basic test suite which MS
| provides (and can be gamed). https://docs.microsoft.com/en-
| us/windows-hardware/drivers/in...
| mananaysiempre wrote:
| > _These days you need to have your kernel driver signed
| by Microsoft_
|
| However, this is required only for a "proper" kernel
| _driver_ specifically; kernel _code execution_ can still
| be accomplished without any signing at all using
| /dev/kmem-like mechanisms, which Microsoft explicitly
| does not consider a bug[1].
|
| > _or edit your boot config options to put the machine in
| an insecure state mostly useful for testing._
|
| Or fiddle with undocumented registry settings (used,
| among other things, to support upgrades from Windows 7
| installations with unsigned drivers) and suppress signing
| checks for your driver even outside of testing mode[2].
|
| > _To get it signed you need to pass a basic test suite
| which MS provides_ [...].
|
| You also need to register a business entity and cough up
| upwards of 300 USD/yr for a Microsoft-approved EV code
| signing cert[3] before that, which is the biggest hurdle
| for me at least.
|
| I have to say, even if this new Microsoft is not the same
| as old Microsoft, it sure looks very similar from some
| angles.
|
| [1] https://github.com/ionescu007/r0ak#is-this-a-
| bugvulnerabilit...
|
| [2] https://geoffchappell.com/notes/security/whqlsettings
| /index....
|
| [3] https://docs.microsoft.com/en-us/windows-
| hardware/drivers/da...
| muricula wrote:
| Microsoft isn't slower at fixing security vulnerabilities
| than other OS vendors. It turns out identifying and fixing
| issues in a piece of software as large as an OS is hard.
| Access to system features is not restricted by licensing,
| although I believe there is some source code which is
| licensed to AV vendors. Independent companies do write their
| own AVs without interacting with MS much at all besides some
| fairly basic driver signing processes which anyone who writes
| a kernel driver these days has to go through. MS does not
| have unique business reasons for shipping insecure code, and
| ships an OS which is as secure as they come these days in the
| form of the xbox. I used to work for an AV vendor and then
| the MS security team but now work for another OS vendor.
| [deleted]
| kjaftaedi wrote:
| Gotta wonder what Peter Norton thinks about still having his name
| on this.
| hericium wrote:
| I'd love to see a "How to uninstall Norton Antivirus" video by
| Peter Norton.
| bithavoc wrote:
| In case someone is out of context, parent is referring to
| John McAfee's video on how to uninstall the infamous
| antivirus while doing Bath Salts[0]. Intel then proceeded to
| rename the product to distance themselves from the "McAfee"
| name[1]
|
| [0]https://youtu.be/h92Jy94UxTg
|
| [1] https://money.cnn.com/2014/01/07/technology/security/inte
| l-m...
| iso1631 wrote:
| McAfee, where both the product and the founder are awful
| kingcharles wrote:
| > [0]https://youtu.be/h92Jy94UxTg
|
| I've been on the Net for 27 years and this one of the best
| videos I've ever seen.
|
| RIP John McAfee. You were a legend.
| tpmx wrote:
| Wow, he's 78 years old now.
| benjamir wrote:
| He's dead, Jim!
| tpmx wrote:
| Well, not quite yet.
| benjamir wrote:
| Indeed. Thread is about Peter Norton and McAfee was only
| mixed in -- I meant McAfee, my fault.
| hitpointdrew wrote:
| Huh?? He died in a Spanish prison last year..
| https://www.reuters.com/legal/government/john-mcafee-
| found-d...
| tpmx wrote:
| That is not Peter Norton.
| cronix wrote:
| Not to defend this practice at all, but when I was looking into
| crypto mining a fair bit ago, the bar to entry was quite large
| even for someone in the tech space. There didn't seem to be a
| simple app you just download and start. You have to know a lot of
| stuff. I don't know why more companies haven't come out and made
| crypto mining easier for the masses who just use apps but don't
| make them. It seems like low hanging fruit. There could be
| something available now...I haven't really researched as I'm not
| really passionate about this space and seemed more trouble than
| it was worth to get started with the time I was willing to put
| in. I just thought it was odd that there wasn't something with a
| simple interface you could just hit "mine" with maybe a couple of
| radio button options and away you go. I'm sure we will see a lot
| more larger/mainstream companies dipping their toes in, maybe
| even at the OS level to capitalize on it. There _is_ a market for
| it and I 'm guessing it's quite large, probably larger than the
| current crypto market which is kind of niche, just likely not
| many potential customers in the HN type crowd.
| hi5eyes wrote:
| nicehash is fairly easy, even using regular miners like trex,
| gminer take almost no effort
| low_tech_love wrote:
| Mainly because it is impossible to do it in a profitable way
| without some kind of custom setup (unless you have free
| electricity, but please don't do it in your uni or office...)
| jermaustin1 wrote:
| There have come along "apps" that make it easier, but their
| cost is high. Usually in the exchange rates they offer you to
| cash out of it.
|
| Kryptex.org comes to mind. The other month when BTC was at
| $60+k they were offering an exchange rate of low $50k.
| Basically a ~17% discount on the rate. That is a big fee,
| especially when you then ask to be cashed out to some other
| method they then charge 10-20% for (like USD bank transfers,
| etc).
|
| Best bet is to install something like T-Rex miner, hook it to
| some pool and forget about it once you learn the 1 line bat
| file you need.
| pavlov wrote:
| Mining on PCs makes no financial sense if it's your own
| hardware.
|
| If you're stealing someone else's CPU cycles and you have a
| large enough base of PCs, it can be profitable.
| im3w1l wrote:
| This is just not true. Even the original bitcoin software came
| with both mining (possible to turn on and off) and wallet
| builtin.
| SpliffnCola wrote:
| NiceHash is what you're looking for.
| rvz wrote:
| This is not satire. Norton actually thinks it is a good idea for
| anti-virus software to have a cryptocurrency miner installed too.
| whilst also taking a 15% mining fee off of the work!
|
| This is beyond a scam at this point. Is that why closed-source
| anti-virus software is a scam as well since they can install any
| sort of malware when they want to or allow it to run without
| doing anything?
|
| The anti-virus is the virus.
| marcosdumay wrote:
| Norton has been an "computer maintenance tools" package for
| ages. At the late 90's, people used to choose it because of the
| disk defrag, not the antivirus.
| PenguinCoder wrote:
| If this isn't insider hack, then someone high up in management
| signed off on it being a good idea. Utterly mind blowing. Guess
| they need to make money somehow.
| voakbasda wrote:
| Seems like a good plan for an insider to short the stock
| before releasing this "feature" onto the unwashed masses.
| Stevvo wrote:
| I'd imagine a machine infected with Norton isn't even a good
| environment to mine crypto; it's already wasting it's resources
| on the rest of the bloat in that product.
| pjerem wrote:
| At least they now have a really good incentive to really remove
| viruses !
| itronitron wrote:
| Anyone know how to delete a .exe file from Windows 'as
| Administrator' when you are using an Administrator account?
| tombert wrote:
| I haven't run Windows in any serious capacity in about 11 years
| now, but even in 2010 or so, it was pretty rare that I ever got
| viruses on my computer (even with all the trips to torrent
| websites to download TOTALLY LEGAL STUFF).
|
| I've been running Linux or Mac since then, and due to their lower
| userbase there tends to be fewer viruses (as far as I understand
| it), but I would have to assume that Windows has gotten more
| secure and less virusey than it was 11 years ago? I don't think
| anyone I know even uses antivirus anymore. Maybe I'm mistaken.
|
| All that said, I've thought Norton Antivirus was a bloated piece
| of shit piece of software even when computer viruses _were_ a
| problem for me. I guess them installing a crypto miner is just
| further proof of that.
| elwell wrote:
| "The key to the wallet is encrypted and stored securely in the
| cloud. Only you have access to the wallet."
|
| https://community.norton.com/en/blogs/product-service-announ...
| aspenmayer wrote:
| (July 2021)
|
| https://community.norton.com/en/blogs/product-service-announ...
| tpmx wrote:
| Review:
|
| https://www.bleepingcomputer.com/news/cryptocurrency/hands-o...
|
| + It's opt-in
|
| + It's easy to use
|
| - 36 hours of running it did not result in a "single penny"
| (see review for details, may have changed now)
|
| - Uses 100% of the GPU capacity when the GPU is ~idle, with no
| way of adjusting the mining rate
|
| - 15% mining fee
| iso1631 wrote:
| Does it tell you how much extra electricity you're using?
| Hamuko wrote:
| Considering they market it as "PC's idle time into cash", I
| don't think they're much interested in telling you that
| you're in fact burning through electricity to make Norton
| money.
| tpmx wrote:
| How could it know?
|
| Edit: It would actually be nice if the PSU (and all of the
| various subsystems, like the GPU) were required to measure
| the power usage and report it to the OS. I'm sure one of
| those ATX pins could be repurposed to include signalling,
| somehow.
| duskwuff wrote:
| Most GPUs have power sensors that can be read from
| software. Even if they don't, they could make an estimate
| based on the model of the GPU.
| low_tech_love wrote:
| Is it opt-in, though? The twitter post said it's impossible
| to disable and the FAQ literally does not have a single
| question on "how can I disable it?".
| jodrellblank wrote:
| The screenshots from [1] shows it saying "Turn your PC's
| idle time into cash. Show me how". Would that make sense if
| you had no choice in the matter? And on the second
| screenshot it has "Pause mining" button.
|
| [1] from: https://community.norton.com/en/blogs/product-
| service-announ...
| perennate wrote:
| See also https://support.norton.com/sp/en/us/home/current
| /solutions/v... seems clearly opt-in.
| SilasX wrote:
| WTF. If not for the domain (and month) I'd assume that was some
| April Fool's joke.
| adamrezich wrote:
| wow, I just bought my fiancee a gaming laptop and it came
| preinstalled with Norton--I didn't uninstall it right away
| because I predicted it would be a pain, but now I'm going to do
| that first thing after work today. people like my dad still go
| out of their way to install Norton on every computer they get
| their hands on--just a few years ago I built my mom a cheap
| simple desktop to dump her photos onto, and one day she told me
| it was really slow all of the sudden, so I checked it out and lo
| and behold my dad had installed Norton on it and it had made
| everything molasses-slow. kind of sad to see this once-respected
| software suite stooping to these levels.
| asveikau wrote:
| My dad had the same attitude about 10-15 years ago. The printer
| wasn't working. I found it didn't work because an AV product
| (maybe even Norton?) was slowing down the printer driver and
| hit some kind of timeout. I disabled AV.
|
| A few months later they fell to a ransomware attack. The name
| of somebody they didn't know very well but recognized the name
| of had shown up with an attachment. I wondered if the AV
| product would have caught it.
| ifdefdebug wrote:
| Grab the laptop's license key, download a bootable windows
| installer and throw out whatever comes pre-installed. Very fast
| and almost the only way to get rid of the bloat.
| brnt wrote:
| This is the first step for any store bought machine: a fresh
| install from your own install media. It's the only way to be
| sure (and is much faster).
| dustymcp wrote:
| i dont know anyone that ever respected Norton, i think its time
| to have the 'talk' with dad.
| adamrezich wrote:
| I should've said that my dad still manually runs dfrg.msc
| weekly and has a shortcut to it on his desktop lol
| BenjiWiebe wrote:
| dfrgui.exe
|
| Though I guess if it's a shortcut you don't see the actual
| filename too often. :)
| adamrezich wrote:
| ah, that's what I meant--I didn't realize it had been
| renamed!
| anthonyskipper wrote:
| Back in the MS-Dos days Norton was the only game in town for
| a bunch of things... Disk defragmenting, tools for working
| with file system, etc. It was a swiss army knife of good
| tools. But your point is generally correct in that for the
| last 20 years it has been atrociously bad.
| PopAlongKid wrote:
| >Back in the MS-Dos days Norton was the only game in town
| for a bunch of things
|
| In the mid-1980s, PC Tools[0] was a worthy competitor to
| Norton.
|
| [0]https://en.wikipedia.org/wiki/PC_Tools_(software)
| [deleted]
| gigel82 wrote:
| Norton Commander was amazing; had it running on my family PCs
| since 1990 and up until it got upgraded to Windows 2000.
| Nothing good came from Norton since (that I know of).
| nullc wrote:
| Gonna die from irony. For years Norton and other AV vendors have
| been harassing Bitcoin users by falsely identifying their
| intentionally installed Bitcoin node software as a malicious
| cryptocurrency miner (and, no, it doesn't do that). Now they're
| installing their own miner.
| [deleted]
___________________________________________________________________
(page generated 2022-01-04 23:01 UTC)