Trial AV on New Computers, a customer disservice.

[+Warwagon MVC]

 

The most common AV shipped on systems is a trial version of Mcafee. It usually resides in the list of hidden icons down in the system tray invisible from the user. When I connect for remote support into a users machine, it's not uncommon to find the trial AV has been expired for months or even years. Now with the requirement of the reg key to get the latest windows update this could become an issue. With Mcafee on the system Windows Defender turns it's self off, and with the Trial AV expired, it offers no protection either as well not placing the reg key on the system especially if it's expired months before the requirement.

 

Just an observation.

[Circaflex]

2 hours ago, warwagon said:

it's not uncommon to find the trial AV has been expired for months or even years.

Which is 100% on the user. I know McAfee will nag you to death about it being expired or a trial version and to upgrade, if the AV is expired for that long the user was just careless.

[Brandon H Supervisor]

3 minutes ago, Circaflex said:

Which is 100% on the user. I know McAfee will nag you to death about it being expired or a trial version and to upgrade, if the AV is expired for that long the user was just careless.

As much as I understand what you are saying @warwagon Circaflex is correct. McAfee isn't exactly quiet about being expired. Norton isn't usually quiet about being expired either (considering it's the other AV OEMs usually choose)

[+Warwagon MVC]

I agree with what both of you are saying, but I Think the other issue is, as silly as it may sound a lot of people don't know how to uninstall the software. This might also explain why I sometimes find webroot or some other AV installed alongside the expired Mcafee.

[Draconian Guppy]

i've seen this and a thousand times.

 

Heck i've seen this and AVG/AVAST/ANY FREE ANTIVIRUS installed on top of that. Makes you wonder, why companies aren't forced to like after 100x nags, just remove itself.

[Marujan]

kaspersky is free and can be extended for free

 

 

 

 

[Jim K Global Moderator]

I haven't used trial anti viruses in ages (if ever). So, my question is this. Does the trial McAfee/Norton/etc. disable Windows Defender and if it does ... does it stay disabled after the trial ends leaving the computer without any protection?

[Circaflex]

40 minutes ago, warwagon said:

I agree with what both of you are saying, but I Think the other issue is, as silly as it may sound a lot of people don't know how to uninstall the software. This might also explain why I sometimes find webroot or some other AV installed alongside the expired Mcafee.

I wish the AV vendors would revert to their previous practices which were if the AV installer detected another AV present it would first tell you to remove that AV. These days, it seems like that doesnt happen because I have seen computers with three or four different AVs running, which is insane.

[Brandon H Supervisor]

29 minutes ago, Jim K said:

I haven't used trial anti viruses in ages (if ever). So, my question is this. Does the trial McAfee/Norton/etc. disable Windows Defender and if it does ... does it stay disabled after the trial ends leaving the computer without any protection?

windows defender will stay disabled as long as it detects another AV solution installed from my understanding ...

[Jim K Global Moderator]

14 minutes ago, Brandon H said:

windows defender will stay disabled as long as it detects another AV solution installed from my understanding ...

Aaaah. That is a big bummer...

[goretsky Supervisor]

Hello,

 

Unfortunately @warwagon, this is how the market has evolved.  Back in the 1980s through early 1990s, software companies could license OEM versions of the software to hardware vendors for a fee to include fully-functional versions of their software, and many PC manufacturers did that, with the additional third-party software acting as a competitive advantage and a way to distinguish themselves in a crowded marketplace.  But, gradually over time, that shifted into a model of offering "light," "special edition," or even "time-limited trials" as market consolidation began to occur in the 1990s as the various hardware vendors gobbled each other up or went out of business.  By the time Windows 95 and 98 were released, the business model had flipped entirely, with the direction the cash flow going in the opposite direction.  Today, most third-party software that is preloaded onto computers is done as part of a business development agreement between the software developer and the hardware reseller. 

 

Here's how it works:  The software developer has to pay the hardware vendor a fixed amount of money just in order to obtain installation rights.  These fees can be hundreds of thousands to millions of dollars.  Then, the software developer has to pay a per-computer fee to load a trial version of their software onto the system, which can range from a few cents to several dollars per computer.  Then, if the end-user purchases a license for the pre-loaded trial version of the software, the software vendor has to pay the hardware reseller a percentage of the license fee.  How much?  In the case of software sold on an annual subscription basis like anti-malware software, it can be 100% of the first year's license, then 50% of the second year's, 25% of the third year's and so forth.  And this doesn't include things like minimum payments, where the software vendor guarantees the hardware reseller gets a certain amount of money each quarter, whether subscriptions are licensed or not.  There may also be some other back-end costs in, as well, such as training for the hardware vendor's support staff, software licenses for the hardware vendor (with or without an employee home-use clause), advertisement and branding fees and so forth.

 

How much money does this generate?  Well, I was told at the height of this by a colleague in the space that computer resellers were making anywhere from $30-60 per PC in pre-load fees.

 

When a large tier-one manufacturer like Dell, Lenovo or Hewlett-Packard ships millions or tens of millions of systems a year, they stand to make tens to hundreds of millions of dollars a year from those software vendors.  That's a lot of money, and a lot of inventive to keep loading more and more trial software onto PCs.  When it gets so bad that it is creating an ecosystem for programs like "Dell Decrapifier" and "Crap Cleaner" to uninstall such things, it should give you an idea of the economic pressures involved.

 

Basically, it took a security vulnerability on the scale of Superfish three(ish) years ago to get Lenovo out of the pre-loaded software business, and while I have no idea about the financial impact of giving up those contracts, I'm sure it had a measurable, material impact on their bottom line.

Regards,

Aryeh Goretsky

12 hours ago, warwagon said:

 

The most common AV shipped on systems is a trial version of McAfee. It usually resides in the list of hidden icons down in the system tray invisible from the user. When I connect for remote support into a users machine, it's not uncommon to find the trial AV has been expired for months or even years. Now with the requirement of the reg key to get the latest windows update this could become an issue. With McAfee on the system Windows Defender turns it's self off, and with the Trial AV expired, it offers no protection either as well not placing the reg key on the system especially if it's expired months before the requirement.

 

Just an observation.

 

[+Fahim S. MVC]

I have to agree with @warwagon here.  I understand that it is a bit in your face as to the fact that you are no longer protected, but at the same time nothing 'stops working' at least from a user experience point of view other than the user having to dismiss a pop-up or ignore a message.  When comparing this to an Office 365 installation, for example, you cannot create a document until you subscribe again - forcing the user to act in some way - even if that way is downloading a different office suite.

 

Maybe Microsoft need to take a harder line on this? So that when a trial expires, Windows Security automatically kicks in, or after a grace period.  Worse case scenario a machine is unprotected for a small period of time which isn't ideal, but a whole lot better than being unprotected for 10s or 100s of days.

 

Thank you @goretsky, for the enlightening explanation (as always).

 

 

[goretsky Supervisor]

Hello,

 

Under Windows 10, when third-party anti-malware has entered into an expired state, it must notify Windows.  When this occurs, Windows Defender takes over and the third-party anti-malware program is suspended and no longer protects the system.  This is the reason why Windows Defender continues to download updates in the background even after third-party anti-malware software is installed; so that if the third-party anti-malware expires, the system can be protected by an up-to-date instance of Windows Defender.

 

Regards,

 

Aryeh Goretsky

 

On 2/14/2018 at 12:13 PM, Jim K said:

I haven't used trial anti viruses in ages (if ever). So, my question is this. Does the trial McAfee/Norton/etc. disable Windows Defender and if it does ... does it stay disabled after the trial ends leaving the computer without any protection?

 

[Brandon H Supervisor]

7 hours ago, goretsky said:

Hello,

 

Under Windows 10, when third-party anti-malware has entered into an expired state, it must notify Windows.  When this occurs, Windows Defender takes over and the third-party anti-malware program is suspended and no longer protects the system.  This is the reason why Windows Defender continues to download updates in the background even after third-party anti-malware software is installed; so that if the third-party anti-malware expires, the system can be protected by an up-to-date instance of Windows Defender.

 

Regards,

 

Aryeh Goretsky

 

 

great, did not know it did this, thank you for the information as always

 

now the question is do most AV software send the notification like they're supposed to

[+Fahim S. MVC]

3 hours ago, Brandon H said:

great, did not know it did this, thank you for the information as always

 

now the question is do most AV software send the notification like they're supposed to

If I was a betting man (which, for the record, I am not), my money would be on no.

[+Biscuits Brown MVC]

The best option for the user would be if the AV companies continue to nag but revert to a lesser featured free version of their product. This way the user at least has some protection. The AV company can be as aggressive with the nags as it wants at that point, just don't leave the system unprotected and unpatchable. 

[bikeman25]

On my Systems i make sure to remove Trial av on first boot, then do the first system image,   then usually install Avast Free Antivirus, and maintain it properly, then remove rest of any crapware, then do any Windows updates,  this is how i handled my new Windows 10 Gaming Laptop i got in December, worked out well it appears, same as i did for my newer Desktop in September 2017.

 

Do also like that Asus doesn't encrypt there Recovery partition,  prior to Desktop clean install onto relalitively new SSD drive transplanted from old system,  made a backup of all Asus Drivers, Original OEM software incase wanted something after the clean install back then in September, and all the Drivers

 

Whereas HP laptop can't even access the files in Recovery partition lol

 

 

 

 

Edited February 16, 2018 by bikeman25

[goretsky Supervisor]

Hello,

 

If they are a member of any of Microsoft's partnership programs for third-party security software providers like MVI, then, yes, they are supposed to do this.  A little more information about membership requirements can be found here, and I believe that in order to get listed on this page you have to be in a partner program, but I'm not certain of that because not all partners offer consumer products, and it looks like that page hasn't been updated in almost two years.

 

Regards,

Aryeh Goretsky

 

15 hours ago, Brandon H said:

great, did not know it did this, thank you for the information as always

 

now the question is do most AV software send the notification like they're supposed to

 

[goretsky Supervisor]

Hello,

 

If the company in question is partnered with Microsoft and not setting their expired state properly, than they are not complying with Microsoft, and that's what we call a "big no-no" in the industry (technical term).

Regards,

Aryeh Goretsky

 

14 hours ago, Fahim S. said:

If I was a betting man (which, for the record, I am not), my money would be on no.

 

[+Fahim S. MVC]

10 hours ago, goretsky said:

Hello,

 

If they are a member of any of Microsoft's partnership programs for third-party security software providers like MVI, then, yes, they are supposed to do this.  A little more information about membership requirements can be found here, and I believe that in order to get listed on this page you have to be in a partner program, but I'm not certain of that because not all partners offer consumer products, and it looks like that page hasn't been updated in almost two years.

 

Regards,

Aryeh Goretsky

 

 

But what does that really mean? Do Microsoft actually test that the software is behaving properly or is it all done in good faith?

[fusi0n]

On 2/14/2018 at 2:35 PM, Circaflex said:

I wish the AV vendors would revert to their previous practices which were if the AV installer detected another AV present it would first tell you to remove that AV. These days, it seems like that doesnt happen because I have seen computers with three or four different AVs running, which is insane.

This is bad practice. You should always be running at least three AVs to keep you safe. Each AV software has different threat detection and AV databases. If you use three different brands, you won't get a virus. 

 

 

 

 

 

 

lol

[goretsky Supervisor]

Hello,

 

I would imagine Microsoft has some kinds of checks in place, plus Windows users would report such abuses of trust.  Microsoft has removed companies from its partner programs because of abuse, so any company who intentionally violated the terms of the agreement would be in trouble with Microsoft, and it would be a big PR debacle for them as well.

Regards,

Aryeh Goretsky

 

12 hours ago, Fahim S. said:

But what does that really mean? Do Microsoft actually test that the software is behaving properly or is it all done in good faith?

 

[jnelsoninjax]

@warwagon I have to agree with you 100% here, I don't work on many computers, but the few friends/co-workers/etc. that I have are completely computer illiterate and don't know anything about av's, so that is obviously what the manufactures are counting on, someone who knows nothing about computers simply putting in a credit card and buying something like NAV or McAfee's AV which are both horrible programs.

[CrossCheck]

14 hours ago, fusi0n said:

This is bad practice. You should always be running at least three AVs to keep you safe. Each AV software has different threat detection and AV databases. If you use three different brands, you won't get a virus. 

 

 

 

 

 

 

lol

That's a bit overkill. Unless you are constantly visiting sketchy sites, downloading torrents or visiting the

"dark web/deep web" or stupidly opening attachments from email sent from someone you don't know. From the time windows 95 till windows defender came out i never used an AV and never once had a virus. Still to this day i have never had a virus with using windows defender since its inception. One AV is plenty.

[+Warwagon MVC]

9 hours ago, CrossCheck said:

That's a bit overkill. Unless you are constantly visiting sketchy sites, downloading torrents or visiting the

"dark web/deep web" or stupidly opening attachments from email sent from someone you don't know. From the time windows 95 till windows defender came out i never used an AV and never once had a virus. Still to this day i have never had a virus with using windows defender since its inception. One AV is plenty.

I think you missed his "lol" at the very end of his statement.