Exposing Security Vendors Failing to Protect America’s Public Systems

PC Matic Exposes Failing Security Vendors

The concept of an antivirus failing isn’t new.  To be quite frank, it has become rather common.  New ransomware attacks are being successfully executed daily, and only a fraction of them are made public.  And what’s worse — those that do go public, rarely share which security solution they were using at the time of the infection.  Shouldn’t that be one of the first things they disclose?  If the organization got infected, that solution failed.  Other customers, both at a business and home-user level, likely would want to know that.

Since the infected organizations typically do not come forward with this information, PC Matic has begun digging for it.  According to the Freedom of Information Act, anyone can make a public record request for specific information to any entity that is primarily funded by the public.  Therefore, PC Matic has submitted public records requests to over 100 U.S. public municipalities, school systems, and law enforcement agencies.

The documentation we’ve received thus far is quite surprising.

“…we contacted the North Dakota Information Technology Department, a state agency, and they indicated during September 2016, the North Dakota Health Department computers were using Symantec End Point Protection antivirus.” – North Dakota Health Department, Department of Mineral Resources ransomware attack

“At the time of our ransomwareinfection we were using the Symantec Enterprise Antivirus Suite.” – Devin Barber, IT Manager, City of Yuba City ransomware attack

“Response: the vendor is ESET.” – Caroline Celaya, Public Records Requests Manager, San Francisco Transportation Municipality Agency

Symantec is one of the top-used security solution vendors used by public agencies, with 33.3% reporting using their products at the time of the ransomware infection.  Beyond what is included above, other vendors used include Microsoft, Trend Micro, and Malwarebytes.

Knowing the Weakness Isn’t Enough

These organizations have verbalized their security solution failed them.  They know where their weakness is, yet 75% of those infected, aren’t doing anything about it.  Three out of four organizations hit with ransomware have not switched security solution providers.  Instead, they’ve either kept the exact same solution or boosted their protection plan with the same vendor.

“In response to your Right To Know request dated August 27, 2018, the following information is provided: Antivirus – Was and continues to be Microsoft System Center End Point Protection.” – Sandra Warner, Open Records Office, Pennsylvania State Senate ransomware attack

“According to our computer vendor our server was using Trend Micro prior to the incident. Currently we are using Trend Micro Worry Free Advanced 9.” – Joseph Massetti, Derby Police Department ransomware attack

“The City of Muscatine utilizes Malwarebytes and to date has not changed its service provider.” – Gregg Mandsager, City Administrator, City of Muscatine ransomware attack

“In response to your request, we were using Microsoft antivirus solution and we are still using Microsoft antivirus solution.” – Becky Crouch, Office of Operations, Chester County School District ransomware attack

Does this make sense to anyone?  The vendor failed to protect the information once already, but the organization continues to trust them to meet their cyber security needs?  Or worse yet, they’re paying them more money, in hopes that by doing so, they’ll get better protection.  Just how long will it be, before they fall victim to another attack?

9,638 total views, 67 views today

(Visited 8,317 times, 10 visits today)

25 thoughts on “Exposing Security Vendors Failing to Protect America’s Public Systems

  1. I would love to use Malwarebytes but their more recent product (in the last year or so) comes with a deep-rooted ‘problem’ file for us users of modems here in S/E Asia which prevents logging on to the Internet. THEY
    ABSOLUTELY DENY THIS AS A POSSIBILITY but I and countless other victims can prove the ABSOLUTE OPPOSITE.

    This is the danger when a company becomes “too big for its boots” – they NEVER listen !!

    PS I used them for years before and was very satisfied and in my Androids it is currently fantastic.

  2. I have a question regarding ransomware or malware. I have been running Malwarebytes for a few years and feel confident with its protection capabilities, so far. No system is probably ever totally perfect. Nonetheless, would PCMatic together with Malwarebytes complement each other if both are installed?

    • If you’re running the premium version of Malwarebytes with realtime protection then we do not recommend running both at the same time. However, if you’re just using Malwarebytes for scans and cleans then our product would go alongside it great.

  3. The “Enter” key and mouse are the most dangerous commands. Sometimes the off button is the best choice.

    98 of a hundred computer problems are solved with a simple reboot. – Bill Gates 1984

  4. We used Symantec, Norton, and just about every other anti-virus software. As malware became more and more prevalent, friends and associates who used the exact same software as did we were infected. Some of it even came our way. At that moment, we were confronted with the reality that all the anti-virus software we used made us more vulnerable, not less. PC-Matic responded to our inquiries and we went with a lifetime membership, which I recommend to everyone. Our son who in pre-med has introduced PC-Matic to numerous classmates and professors who all have had virus problems and thus anti-virus problems.

  5. I appreciate you doing the digging on this. My experience in big business and government IT environments indicates that, by far, they have relied way too much on Symantic, Microsoft and McAfee for their Security. Over the years I have tried all of these on my personal systems, along with a few “Free” products, While the “Free” products seemed to receive fewer attempts, thereby fewer successful intrusions, none of them actually protected me from attacks. Since I have been using PCMatic, I have been unable to identify a single successful attack though I have received a few notices of attempts to access by sources I didn’t recognize and didn’t accept.

    Since I am not an expert in cyber security I can’t vouch that I won’t ever get hacked, I can say though, that each computer I have installed PCMatic on, was found to have had some form of Spyware, Malware or other infestation identified and removed at installation and, to the best of my knowledge,no new corruption has penetrated my system.

  6. Ok but wot about de 1 called AVG? Should I trust them again? Even though I’d got “burned” by’em once,wen they inadverntly charged me twice 4 de exact same “dang thang” wich prompted me 2 demand an immediate refund from them but un4tuneatly they’d only returned about half of that amount in2 my account! So until they do finally gave back of they still owe me,wich iz 70 “buckarooniez” nearly! That even if that were to occur,wich I kinda doubt at this point,that they ever will do that type of “rite thang”.Then I still should not trust them! Just like I should’ve never had don’so in de 1st place,rite?

  7. Kayla-I have a lot of respect for you, but your reply was a little out there. Privately-owned companies are as dependent–and often more dependent–on profit for survival as are publically-traded ones. Size matters. The profit hinges on the performance of the product. If their cars don’t run, Ford Motor Co. fails. If the food’s bad, Flo’s Diner fails even more quickly.

  8. Question for Kayla: What do you think / say about the situation w. Harvey Bolejack who commented above on Nov.12 ? I have no idea what “Electronic I” is, nor do I understand why (or how) someone would use a special Anti-Malware for their Email. I have never had a virus or Trojan or anything else in my 3 or 4 years w. PC Matic. Any idea what “Electronic I” is? Sounds like more information is needed.

  9. Did not see anything in this article on spybot, AVG, or kaspersky? I am leery about kaspersky since it comes out of Russia, but maybe my fears have no merit? I strongly recommend not using Symantec or Norton to all of my colleagues and students, I have nothing but problems with them especially with hosts on our networks.

  10. And how is PC Matic different?

    Your “Company” still wants to make money.

    There is no 100% solution. The company I work for uses whatever solution has the highest successful detection rate with the fewest false positives, averaged over a year.

    To date there have been no compromises here.

    Employees here know to paste addresses into a text file to see the entire URL and look for anything fishy, especially when the address doesn’t look familiar.

    Between employee education, company rules, and smart browser extensions like NoScript, nothing runs automatically, even if an employee does click a link to malware on accident. It would take them marking an unknown domain safe to load and run the scripts, and everyone knows to do a little research or ask a department head before allowing any not-whitelisted script to be run.

    We do have a sandbox computer to test new sites with that has no network shares, and is firewalled in it’s own subnet by a hardware firewall.

    Most of the companies who have been victims did not have a comprehensive plan and employee training, and their software protections left out the most important part, script blocking.

    I keep an eye on PC Matic, but haven’t had opportunity to use it in the last 20 years.

    It’s on our radar, but what we use already works well.

    Thanks for the news updates though. Helpful and imformative, even for currently non-users.

    Best regards …

  11. Many valid points raised here. Well, having been the victim of several ransomware attacks in the past, despite having used many of the above mentioned products and others; I have to say that my experience with PC Matic for the last 2 years has been very positive. I have not experienced any infections to date, my PC is running as good as it ever has. And no, this subscriber is not a PC Matic employee.

    • @Bob M: I am a happy PC Matic subscriber as well and recommend them highly. I converted from Trend Micro some years ago, largely due to Trend Micro’s cost as well as preferring an American-based company. I also use VFEmail (stands for Virus Free Email), a private email service that utilizes a lot of virus protection on their servers, and between the two have never had any kind of infection although I also am wary and delete any suspicious things seen.

  12. Of course it doesn’t make sense until one realizes that all the other solution providers are equally bad.
    If that is the case, as it seems to be, then it does make sense to stay with or upgrade the existing setup rather than change and probably spend hours on new setups and configurations.

    • If the security solution providers are using the same technology to identify malware, then yes, they would all be equally bad. However, each of these identified are using a blacklist — which is why we encourage the use of an automated whitelist technology. Depending on the solution used, moving to a new methodology could be work — but that’s why doing your research to determine which deploys with the most efficiency is important, as well as ensuring the company offers support during that transition.

  13. I, was under the understanding that when I, signed up to PC Matic that my
    Electronic I, used with my E-Mail was
    Protected from Fraud an hacking?? I,
    Have been trapped in a conversation
    By A IMPOSTER. Who cut right in to
    Text messages twice now!! But, I caught
    It by way wording was depicted.

      • None of these solutions deploy an automated global whitelist, and none are proactive means of protection. Rest assured — PC Matic customers won’t find themselves a victim. It is our mission as a company, to prevent all cyber attacks from infecting our customers — and we’re doing great.

        • Isn’t that the same mission all the other companies strive for? And would you advertise the fact that your product failed to provide that protection before you try to figure out where the weak link is?

          • You’d be surprised. Most security companies are publicly traded, meaning they need to make money for their investors. That’s their primary goal — not keeping users protected.

            • @Kayla Elliott: BINGO!!! Yeah, Baby, YEAH! So would it be a stretch to ASSUME the “publicly traded” vendors are ALSO in on the “not keeping users protected” to UP THE ANTE and thus “make money FOR their investors” as well as THEMSELVES? Just wondering aloud ; )

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.