Symantec makes a popular antivirus (sometimes referred to by the brand "Norton" or "Norton Internet Security"). Now it's not particularly effective, and it is a performance hog - it will bring your computer to a standstill toute suite. But that's not the point of this post.
Symantec's on-line support procedures for people who get infected could not be better designed to maximize financial damage to Symantec customers.
Here's what happens: someone gets some sort of new malware on their computer. They smell a rat, and go online to Symantec for help. If their annual antivirus subscription has expired, Symantec's support site makes them enter their credit card number:
So what's wrong with this? Most of the malware today includes software that records every keystroke you type. So the malware gets to intercept the credit card details:
The punch line? Symantec's own annual Internet Security Threat Report says that 70% of malware captures credit card information that is typed in by the user.
After railing at Symantac's customer support people via their online chat support for not properly protecting his machine, Delano was told to speak with their premium support folks who could remotely take control over his system and give it a thorough inspection and cleaning.
Delano said he initially protested, but after pricing other services like Best Buy's Geek Squad, he agreed to pay Symantac $100 for the service. He was instructed to enter his credit card number and other billing information at a secure symantec.com Web site. However, the keyloggers that were still on his machine, intercepting his information.
So, Symantec can't say that they don't know.
If you think that you have malware on your computer, do NOT use Symantec antivirus and absolutely, positively DO NOT ENTER YOUR CREDIT CARD.
You can get a second opinion via free online antivirus scanners: I like Trend Micro's House Call, but there are ones from ESET (well regarded for technical capability) and F-Secure as well. You'll have to use Internet Explorer, and while I tell you not to, just this once I'll forgive you.
But Symantec clearly doesn't give a fig for their customer's safety. While IANAL, this strikes me as such egregious negligence that they may be liable for damages.
Note: if anyone from Symantec reads this and wants to respond, you can leave a comment or email me (email contact info is in the links on the right hand side). Technical folks can expect some sympathy; marketing flacks better bring a good story.