A friend recently brought me their computer to repair. They were complaining that the computer had become slow since they installed a piece of software called ScanGuard. They had downloaded the software because of a Facebook (or other?) advertisement. My job was to fix the laptop, but I decided to look into ScanGuard a little further.
A word of warning
This article is not very technical. I could go into great depths about how ScanGuard doesn’t even open the files it scans, doesn’t check memory, doesn’t check the bootsector or do anything else a traditional malware tool should do. But I won’t do anything technical here since this post is for non-technical users who might be considering buying it.
How they find you
If you are a creator of scam software it is important to understand your target audience. Experienced IT people like myself can detect this stuff from a mile away, but to the casual computer user they can’t tell the difference between TrendMicro, Kaspersky and ScanGuard – they’re just different flavors of the same popsicle if you are not in tune with such things.
They find their marks by advertising on websites such as Facebook. They advertise with Google. They have also create several fake reviews websites where they not only post favorable articles, but also advertise.
How can you tell it’s a scam in 3 seconds or less?
Visit their website. The lack of technical information is astonishing, despite being a fairly clean site. Almost every link is to the downloadable executable. Pricing cannot be found anywhere. It appears to be free, but we all know that it comes are at far heftier price then just money.
Update: Once you actually download ScanGuard, all of the download links turn into purchase links. You can’t actually download it a second time very easily.
How does it scam you?
ScanGuard appears to be some kind of anti-malware software, but in reality, it’s just an engine to drive you to giving them your credit card number. Of course they probably don’t do anything illegal with your credit card number, but they do take your money and they don’t deliver a product that actually works.
Why do people seek out such software?
I suspect there are two reasons. One is the person who already has some kind of malware infestation and is looking for a solution. To this person, I would suggest look at MalwareBytes or Spy-Bot or other similar solution. If they need a full blow anti-virus, I’d say TrendMicro, Kaspersky, McAfee etc… almost anything except ScanGuard.
The second reason is that people just feel the need to do something. They aren’t sure what they should be doing, but they’re aware of all kinds of threats on the internet; they see news reports about it every day! So they know they should do something, but they have no idea what they should do. They also don’t want to bother their friend the computer guy when there isn’t already a desperate need, so they make this executive decision themselves.
How does the scam work?
First they scan your computer and they find a “threat”. This threat can be a simple as a cookie (which cannot possibly be a threat by its very nature). They recommend you fix the threat right away, but the button to fix it doesn’t do anything except launch a web browser and take you to a purchase page for ScanGuard. It’s complete with a limited time offer, a discount and a backwards counting clock until these savings disappear. Not nearly enough time to call you friend the computer guy, right?
But wait you say, I’ve seen Spy-Bot and other legitimate software flag cookies. Yes, they are reporting on “tracking” cookies which give advertisers neat ways to market to you more directly. They aren’t any more of a threat then being marketed to by products that are not interesting.
Oh, and let’s not forget that this isn’t a one time purchase. It’s a subscription. I’m certain it’s very easy to cancel this subscription as well.
Does it actually work at removing malware?
To test this, I installed scan guard on a completely fresh installation of Windows 7 in VMware Workstation. I ran some updates, but got tired of the update process. I didn’t visit one webpage. I copied ScanGuard over and installed it. After the initial scan, ScanGuard located three “threats”. Keep in mind the only websites visited on this computer were ScanGuard’s own website (which happens automatically after installation) and Microsoft’s website (which happens the first time you run IE).
Without buying this software, there’s no way for me to know if it can remove malware or even delete a cookie. I don’t feel like giving this company a penny. However, I was curious if it could actually detect real malware. To test this, I downloaded some malware from Das Malwerk and tossed it onto the desktop.
Right away Windows Defender kicked into action, but not a peep from ScanGuard. Looks like you need to buy ScanGuard to get their real-time protection. In fact, after the initial fake scan, it appears to be impossible to get ScanGuard to do anything except ask for your credit card number.
To test with actual malware, I had to reset back to a clean image and re-install ScanGuard, having already placed the real malware on the desktop before ScanGuard installs.
It came as little surprise that ScanGuard failed to detect any malware in the three known subjects, even though VirusTotal listed each as malware. File A, File B and File C. I further monitored the “scan engine” and watched it blast through the desktop where these files were contained without a single peep from ScanGuard as to their danger.
But it’s free, so who cares?
It’s not free. There’s nothing free about ScanGuard despite them reminding you it’s free all the time. You get one fake scan when it first runs. All of the other features require a subscription. So really it does nothing, except collect your money. And it doesn’t actually do what it says it does. This is the very definition of a scam in my opinion.
Why didn’t they just make a real malware detecting software?
Building real malware detection software is difficult, very difficult. You need lots of staff to analyse potential malware and create definitions. You need to make a very fast scanning engine that can also defend itself against pro-active malware. In short – it’s a lot easier to make fake software then it is to make real software.