14 DAY TRIAL // Users can go extremely wrong when it comes down to choosing a security solution to protect their Windows operating system. And in the video embedded at the bottom you will be able to see just how wrong. The security industry thrives on the shortcomings inherent with all pieces of code, but especially by offering protection for Windows. This status quo will not change anytime soon, as even with Vista, a product of Microsoft's Secure Development Lifecycle and the operating system applauded as the most secure Windows product to date, the Redmond company emphasized the need for antivirus solutions. Still, sometimes, attackers turn security products against users via social engineering schemes.
Case in point: AVSystemCare, one of the worst Windows antivirus you can get. Why? Because the application is not what it claims. It simply masquerades as a security solution, performs a bogus scan for malicious code, always manages to detect malware and virtually blackmails the users. Still, AVSystemCare is but a single item, the fact of the matter is that the product comes in many shapes and sizes. It in fact produces a variety of copies in order to tailor fit itself to the user's Internet navigation behavior. AVSystemCare does not cause any actual damage to the user's machine, but it does offer some pretty strong incentives to catalyze a financial transaction with no purpose whatsoever than to deliver piece of mind.
"AVSystemCare uses a clever trick to allow all of its clones to use identical files, but yet have different names. Installing any of these clones involves downloading a small file from the clone Web site. When the user executes this file it will download the main application components. All of the application files, including the files downloaded from the clone Web sites are identical (for clones of the same language). So, if these files are the same for every clone, then how does the installer know which name to use when installing the application? The answer lies in the user's cookies. After you have visited the clone Web site to download the application, several cookies are stored on your computer," explained Kevin Savage, Symantec Security Researcher.
The cookies serve to tell the installer which name to give to the so-called antivirus. No cookies means that AVSystemCare will install by default. Savage indicated that AVSystemCare cookie engine has problems parsing cookies for Opera and Safari, while being optimized for Internet Explorer and Firefox. "As well, the makers of AVSystemCare have not limited themselves to English language clones; so far, we have seen clones in 11 different languages - English, Portuguese, German, Danish, Spanish, Italian, French, Japanese, Dutch, Norwegian, and Swedish. At the moment there are over 70 domains hosting clones of AVSystemCare in different languages; for example avsystemcare, virenfrierpc, norwayvirus," Savage stated.