2006-07-01
Abstract
With a lack of killer applications to spur the market, is the PC industry developing an unhealthy reliance on malicious software? Brian McWilliams presents his thoughts.
Copyright © 2006 Virus Bulletin
Cynics have sometimes suggested that the anti-virus software industry secretly provides succour to virus writers. But if you're open to such computer conspiracy theories, doesn't it make more sense that Microsoft and Intel, along with PC hardware manufacturers and retailers, benefit most from today's record rates of malware infection?
The notion dawned on me during a recent visit to Best Buy [1], a large US electronics store. I watched as a middle-aged woman used a shopping cart to roll her desktop PC in from the huge parking lot, past the bright aisles of gleaming new computers, to the customer service desk.
'It's dead', she told the man behind the counter, a member of Best Buy's 'Geek Squad' repair crew. After hooking up the computer and attempting to boot it, the repairman declared that her PC was probably infected with viruses and spyware, and that it would cost $199 to fix. Moments later, the woman decided to junk the three-year-old system and buy a new notebook computer for $1,000.
Each day, this scenario is played out all over the USA, and not just in the mega-stores. Botnay Bay Computers [2], a privately owned PC sales and service firm serving southern New Hampshire, reports that over 70 per cent of its repair work is caused by malicious code. In about half of those cases, 'the customer decides to buy a new machine rather than pay us [$80 per hour] to try to clean it', said Botnay technician Bud Gardner.
Similar anecdotal reports abound. In July 2005, The New York Times reported that the malware menace - combined with ever-falling PC prices - has led consumers to treat computers as disposable items [3].
It should come as no surprise that malware might indirectly be a big driver of new sales. Studies by Pew Internet [4], Webroot [5], and others suggest that the majority of home PCs have some sort of malicious software infection. Even mild cases can make new systems sluggish and clog their Internet connections.
Industry analysts don't seem to be tracking malware-driven purchases closely, so no hard figures are available to back up the anecdotes. But Rob Enderle, principal analyst for the Rob Enderle Group [6] in California, estimates that between 30 and 50 per cent of new systems sold to consumers and small businesses are the ultimate result of malicious code infections.
It seems that the scourge of malicious software has altered some consumers' upgrade calculus. Rather than pining after the newest, fastest system so they can run demanding new killer applications, many computer shoppers today just want to start over with a clean slate (or at least a pest-free Microsoft Windows system registry).
In the past, hardware mean-time-between-failure (MTBF), the measure of a PC component's expected lifecycle, might have dictated some system replacements. But today, sales increasingly seem to be driven by high failure rates for software - specifically, the fragility of Microsoft's operating systems and its Internet Explorer web browser in the face of onslaughts from viruses, worms and adware.
Of course, if you practice 'safe hex', you can easily keep a PC in service for many years. Case in point: the Dell Dimension desktop I'm using to write this article. The Pentium 3 system is pushing seven years old and yet is still perfectly adequate for the tasks I put it through.
The PC industry can't afford too many customers like me. Instead, they'd probably prefer a marketplace full of people like the ones Lawrence Baldwin regularly assists. Baldwin runs an online intrusion monitoring service called MyNetWatchman [7]. His company is often hired by Internet service providers to provide remote malware removal for the ISPs' infected customers.
According to Baldwin, many novice computer users self-diagnose malware infections as simply the ravages of time: 'When their systems slow down, people tell me their CPU must be worn out,' when in fact the machine may be built with cutting-edge technology that's just been hobbled by viruses and spyware. Baldwin knows of one instance in which a frustrated owner of a new Pentium 4 system literally tossed the PC in a dumpster.
I imagine that some junior accountant at a big PC vendor might think this explosion of spyware and other malicious code is good for business. After all, PC sales took a dive during the dot-com crash. Miraculously, malware may have helped turn the industry around in recent years.
But such a view would be woefully short-sighted. Shorter PC lifecycles may spur sales of replacement machines industry-wide, but they also serve to erode the power of brands. If computers continue their slide toward becoming disposable commodities, consumers may be unwilling to pay extra for a medallion from the likes of Dell, Compaq, or Gateway.
The technical support problems created by malware present another downside for the PC industry, says analyst Roger Kay of Endpoint Technologies Associates [8]. 'The margins on a PC are so low, a single tech support call can blow away any profit on the unit', says Kay.
In response, PC vendors and retailers seem to be trying to minimize their damages, or even turn malware into a new revenue generator. Gateway, for example, states specifically that it doesn't cover damages caused by viruses in its limited or extended system warranties. Compaq has a similar policy, and steers customers toward what it calls its HP Tune-up for PC Service. For $99, this is a 'single use' service that covers 'assistance with PC performance and problem prevention,' but coverage does not include 'break/fix troubleshooting' or 'repair diagnosis'.
Dell doesn't fix malware infections under its basic warranties; it doesn't even cover what it calls 'virus-inflicted damage' in its $69 Dell CompleteCare accidental damage package. To receive technical support for troubleshooting and removing viruses and spyware, Dell customers can purchase the company's On Call HelpDesk service, which costs $150 for 13 months.
Many consumers may be surprised to learn about these extra charges. Suzanne Crough, a registered nurse in Rochester, New York, certainly was. Late last year, her two-year-old Dell desktop began freezing up and having other performance problems. When she called Dell's tech support, Crough was told she probably had a virus or other malicious software infection, and that her extended warranty didn't cover it. 'I got angry. I told them I had paid extra for the warranty. I felt like I was being held captive,' said Crough. Since her daughters rely on the computer for college homework, Crough capitulated and paid Dell $100 to clean out her PC's malware using remote administration.
To make matters worse, two weeks later, Crough's Internet service provider, Time Warner Cable, notified her that her PC was being used as a spam zombie and threatened to cut off service if she didn't get the problem corrected. Fortunately, Time Warner arranged to have MyNetWatchman handle the system cleaning at no expense to Crough.
Dell and other manufacturers have claimed that spyware-related tech support is eating into their profit margins, so I'm not going to suggest that PC vendors or retailers are getting rich from such 'repair' revenue. And, even if they were, 'if you can turn a cost into an advantage, that's good business,' said Enderle.
But what about Microsoft? The company stands to rack up operating-system licence royalties every time a malware-infected PC is prematurely put out to pasture and replaced with a new one. To keep this revenue stream flowing, is it possible that managers in Redmond are looking the other way on spyware and other malicious code? Could this be why, for example, Internet Explorer's dangerously spyware-friendly 'install on demand' and 'browser helper objects' features are turned on by default?
No way, says Ben Edelman, a Harvard researcher who closely follows the spyware industry [9]. While the big company may not be monolithic in its view of the problem, 'Microsoft really seems to want to stop spyware,' he said. 'For Microsoft, spyware poses a special problem. It harms the Microsoft brand, encouraging users to switch to Macs, infuriating IT administrators, and so on,' said Edelman.
As proof that Microsoft is moving aggressively against spyware, Edelman points to the firm's 2004 acquisition of GIANT Company Software, Inc., which enabled Microsoft to incorporate the GIANT anti-spyware technology into its free spyware removal utility, now branded Windows Defender.
In early 2005, Microsoft also released a free, malicious software removal tool. Today, it is capable of cleaning dozens of worms and viruses. Yet the tool, like Windows Defender, doesn't run under Windows 98, ME, or NT - leading one to wonder whether some Microsoft managers view its anti-malware utilities as an upgrade trick. 'They're not as concerned about the situation as they should be, because they can increase sales because of it. I don't think it's being dealt with aggressively anywhere along the line,' said Botnay Bay's Gardner.
Edelman notes that one of Microsoft's fiercest weapons - its legal team - doesn't have its usual vociferousness when it comes to spyware. He says many high-tech firms seem to be paralysed by legal uncertainty. 'They fear that a spyware vendor must be good or legitimate merely because they have a licence agreement and some lawyers,' said Edelman.
Microsoft further undercut its image as a spyware warrior in July 2005, when rumours swirled that it was close to acquiring Claria, formerly Gator Corporation, a notorious adware firm. Around the same time, Microsoft's anti-spyware program received an update under which the threat from Claria's software and that of several other adware firms was downgraded from 'quarantine' to 'ignore'. Even though the Claria deal never materialized, many observers interpreted this incident as a telling sign of Microsoft's ambivalence about spyware [10].
Whatever the motivations of the PC industry's big players, the malware situation is making consumers like Crough increasingly pessimistic. 'It seems like I'm buying a new computer every couple of years. I don't blame Dell for that. It's just the nature of the beast of computers. There's always going to be these virus idiots who are going to do what they want to do. I don't think there's ever going to be a resolution of this,' said Crough.
Kay, of Endpoint Technologies, says no one in the PC industry, including Microsoft, stands to gain long term when consumers and businesses perceive computers as unsafe or unreliable. 'That inhibits ecommerce, which is one of the big engines driving PC shipments,' said Kay.
According to Edelman, rather than relying on malware-driven replacements, PC vendors are better off growing the market; for example, selling additional computers to households that already have one. But he says market forces won't be kind to vendors that can't deliver a robust, malware-free computing experience to consumers. Edelman predicts a replay of the situation faced by the US auto industry in the 1980s, when foreign manufacturers put great pressure on American car makers to improve quality.
In the long run, said Edelman, consumers reasonably expect - and ought to receive - computers that generally work as expected. 'The PC industry does its best to sell products that are useful, reliable, and robust - products that users actually want, and are prepared to pay good money to get,' he said.
Here's hoping Microsoft and the gang can quickly get out ahead of the malware problem - and put those crazy conspiracy theories to rest.
[3] 'Corrupted PCs Find New Home in the Dumpster', New York Times, July 17, 2005. http://www.nytimes.com/2005/07/17/technology/17spy.html.
[4] 'Spyware: The threat of unwanted software programs is changing the way people use the Internet', July 6, 2005, http://www.pewinternet.org/PPF/r/160/report_display.asp.
[5] Webroot State of Spyware report, May 11, 2005, http://www.webroot.com/stateofspyware/.
[10] 'Why Microsoft AntiSpyware is Untrustworthy', eWeek.com, July 12, 2005, http://www.eweek.com/article2/0,1895,1836008,00.asp.