Computer Associates Offers Warranties

Kelvin D. writes, "Computer Associates has come up with a new angle to get consumers to buy its security software — a warranty with cash benefits if you catch a virus ($1,500) or get your identity stolen ($5,000). From the article: 'Users who want the identity theft coverage need to both install and register their copies of Warranty Corporation of America's Mobile Lifeline (included). No registration, no coverage.'" Moblie Lifeline includes something that sounds like a benign Trojan: it lets you retrieve or delete files from your stolen computer if it's ever connected again to the Internet.

question

[jimstapleton]

how do we know they are secure enough to prevent others from hacking in and doing that to your NOT stolen computer that you are using? Seems a huge potential downside.

Call me crazy but

[Ravenscall]

I predict if they honor this and publicize it well, they will be bankrupt within two years.

My boss would love this

[celardore]

My work computer got infected by a trojan yesterday. I was browsing a BBS where some malicious user had posted a SWF that opened up some other page on an IP, I'm not sure but I think it could have been the most recent MS IE critical vunerability. My boss spent from 9am to 2pm trying to get rid of a trojan. The antivirus the PC already had was Symantec, which was what first alerted us to it this morning. It couldn't remove it, so we tried AVG and Pandasoft as well as House Call. Nothing would shift the damn thing, it ended up with me having to replace the PC with a spare one. He'd have loved to have cashed in on this, as we both wasted most of our workday.

Fine Print

[HatchedEggs]

This is merely a marketing ploy. Lets be realistic, the fine print will actually keep this occuring in almost any instance.

I am also betting that there will be additional fine print about the identity theft... as it occurs so frequently. Plus, you will have to follow their guidelines. Which will probably include industry best practice information... which if you were willing to follow that, in most instances you wouldn't have a problem with identity theft anyways.

Comment removed

[account_deleted]

Comment removed based on user account deletion

It's gonna suck to be CA tech support

[rsilvergun]

the $1500 dollar waranty only kicks in if they can't remove the virus. And hell, what counts as 'removing' a virus anyway. Given that most viruses use random file names and sizes, and many periodically update themselves to change their signatures (becomming 'new' viruses in the process), good luck proving that the virus wasn't fully removed. But that won't prevent the techies from taking the heat from an asshat who thinks he's due $1500.

"benign Trojan"

[Trillan]

Wikipedia calls a Trojan "a malicious program that is disguised as or embedded within legitimate software." Given that, something that the installer knows about and isn't malicious can't really be "a benign Trojan."

Lets you retrieve files?

[sdirrim]

So, what this seems like is it lets you connect to your stolen computer to retrieve the files. A sort of hidden, unprotected FTP server on your computer. Couldn't this possibly be used by a hacker to steal your files remotely? How does the computer know it has been stolen, and how does it identify the rightful user? And how can you ensure that someone doesn't get your files before you do?

Seems like a potentially dangerous utility, even worse than the Sony rootkit.

The Fine print

[fenodyree]

If your laptop or personal computer (collectively "PC" and "PC's") fails due to a virus infection after the CA Anti-Virus 2007 software is properly installed and registered, you can receive up to $1,500.00 in technical service and hardware replacement under the limited warranty associated with the CA Anti-Virus 2007 software. Covered malfunctions include:
* Your PC will not boot or start up; or
* Your PC will boot and the hard drive is accessible, but the operating system is malfunctioning, causing other components to not operate properly.

Does "properly" mean not as fast as it should, internet explorer sending my data somewhere it shouldn't? What is Properly. That world will cause CA to soar or sink, depending on how judges define it.
Cheers,
-feno

Re:Fine Print

[Daemonstar]

This is merely a marketing ploy. Lets be realistic, the fine print will actually keep this occuring in almost any instance.

I agree.

Since we're not informed as to what the "fine print" says, it is conceivable that it could include shipping the infected PC to CA or taking it to a "CA Authorized Repair Center", for inspection. If that is so, then there's not telling how long it could be before you get your computer back.

You have to wonder...

[WhiteWolf666]

Why the *HELL* Microsoft doesn't offer Warranty protection like this.

This is a great product, IMHO. This is CA putting their money where their mouth is. I don't know anything about their actual coding abilities, but I really like it from the actual business angle.

As for me, I run OS X & Linux, and have not yet had the need for an anti-virus product, even though an up to date ClamAV does reside on my systems.

Re:Call me crazy but

[Anonymous Coward]

I predict if they honor this and publicize it well, they will be bankrupt within two years.

Don't think so. Lets do some math.

Say you spend $25,000, all 500 PCs get botted so bad - 25000-4500 = 20500 profit and their tool doesn't have to work at all.

Now a real guarantee would be a refund of all that you spent in the last 2 years. But what the heck, do it. As if you really cared about security you wouldn't be running Windows with it's track record.

Wagon WAY before the horse...

[Vexler]

What CA is doing here is complete nonsense. Several problems spring to mind immediately:

1) Identity theft involves a lot more than just the laptop sitting in front of a user. It involves the user's total awareness of unusual requests for personal information and commitment to protect that information. Social engineering, dumpster diving, and (certainly) user stupidity can all compromise the security of the data. CA will find a good chunk of its customers who were just careless about what they wrote down or told whom, and kick itself in the pants. You can't indemnify human failure.

2) If the laptop is compromised by a virus that sends keystrokes to a Romanian website, CA will want forensic proof. It will have to see conclusive evidence that (a) its software worked correctly and was not subject to accidental or deliberate tampering by the user, (b) any personal information obtained in this manner was used intentionally to impersonate the user and cause harm, and of course (c) that the machine in question "failed" as a direct result of the virus (although to what extent "failed" covers is unclear). Just the resources necessary to conduct proper forensics alone is daunting enough, and $5000 for theft and $1500 for virus infection seems a pittance. It's a lose-lose proposition, and CA is trying to make it sound generous.

3) The offer to encrypt or destroy data on any stolen laptop is laughably absurd, and serves no purpose except as a way to TRY and get the last laugh in. "So you took my laptop? Well, I'll just have to think of a REAL GOOD comebacker. Oh, I know. If you are stupid enough to connect it to the Internet, I can erase what you probably already got off the drive by then. Ha, ha." The machine is gone and at the mercy of the thief, and Josephine User is up the creek with no paddles.

4) Most frustratingly, it is misleading for a technology company to offer services that distorts what "identity theft" really involves. You are not educating the user in the process except "If I lose my laptop I get $$$". You are not providing a truly comprehensive plan to combat this problem. All this "offer" does is to try and make money. Again, clever marketing does not make a bad idea into a good one.