Norton is facing criticism for including a crypto-miner alongside its Norton 360 security software.
Over the summer, the antivirus company Norton announced it was adding a new feature to its LifeLock security software: the ability to mine cryptocurrencies using its “Norton Crypto” tool.
All of the encrypted messaging app's users now have access to Mobile Coin, a privacy-focused cryptocurrency that US exchanges still don't offer.
True to Norton’s roots as a security company, Norton Crypto was billed as a way to help customers improve their cybersecurity by allowing them to mine cryptocurrency without having to rely on “unvetted code on their machines that could be skimming from their earnings or even planting ransomware.”
To be sure, there are real security risks associated with downloading and running untrusted mining programs.
The intent is to give monetary transactions the same protection from surveillance that Signal brought to messaging. But skeptics worry that introducing a financial element will bring unwanted complexity and regulatory scrutiny to Signal, an app that millions of people have come to rely on.
Norton 360 is owned by Tempe, Ariz.-based Norton LifeLock Inc. In 2017, the identity theft protection company LifeLock was acquired by Symantec Corp., which was renamed to Norton LifeLock in 2019 (LifeLock is now included in the Norton 360 service).
Norton very publicly announced it was adding a crypto miner to its Norton 360 security suite, pitching it as a safer alternative to trying to install complex, “unvetted” mining programs from the internet.
But, as a general rule, when a company refashions itself as a cryptocurrency business, it’s usually because it’s in trouble and looking to pivot away from a failing business model to something new and cool (and potentially lucrative). the local business giant Eastman Kodak announced it was launching a “photo-centric cryptocurrency.”
It was initially only available to a limited number of users, but now seems to be available to anyone who installs the program — but in the six or so months since the announcement, there hasn’t been much discussion about the software until this week.
Now, it’s suddenly the center of a backlash, with some Twitter users accusing Norton of installing a crypto miner on users’ computers without any warning.
In a very technical sense, that’s true — my colleague Sean Hollister installed a copy of Norton 360 for himself and did indeed find that the mining app NCrypt.exe was included in the program’s directory.
However, that doesn’t mean that Norton will automatically start mining on your computer, as some seem to believe. Norton’s FAQ says that it won’t mine without permission and that “in addition to having a device that meets system requirements, you must also turn on Norton Crypto on your device.”
Sean says that as far as he could tell, this appeared to be true; the feature didn’t surreptitiously activate after he installed Norton. It didn’t open until he asked it to.
So, when a prominent antivirus firm takes a turn toward cryptocurrency, it’s certainly possible to interpret that move as a sneaky money grab.
That was the general gist of Cory Doctorow’s tweet about Norton Crypto this week, in which he pointed out that Norton takes a cut of the cryptocurrencies its users mine (15 percent of the crypto allocated to each miner, according to its website).
Microsoft fixed the vulnerability the attackers are exploiting, though, nearly a decade ago. The problem: The patch is optional, and most users wouldn't know where to get it even if they wanted to. If anything, it's surprising that it took this long for someone to take advantage.
Several months ago, the antivirus giant snuck a crypto-miner into its consumer software, as noted by author and digital rights activist Cory Doctorow earlier this week.
The pitch is that you can opt into letting Norton mine cryptocurrency on your computer while you're not using it; the software will even set up a secure wallet for you, all for a mere 15 percent cut of the proceeds.
But perhaps the more interesting question is what it says about the market for antivirus software that one of the most prominent manufacturers of those products is now going the way of Kodak.
Once upon a time—say, 10 years ago—antivirus software was one of the standard cybersecurity recommendations for everyone.
Companies purchased licenses for all their corporate computers from one of the big vendors and it became a matter of course that all Windows computers, or at least all work computers, would be running a program from McAfee or Norton or Kaspersky or Avast, or one of the other usual suspects, in the background at all times to scan for viruses.
Perhaps, then, it’s more accurate to say that antivirus software feels a little like a historical vestige of past cybersecurity best practices.
Why do we cling to them? Because they were hammered into us for so many years, or we already have the institutional contracts in place to provide these programs, or simply because it seems like a little extra security couldn’t hurt at a moment when cybersecurity breaches are so much in the news.
It’s difficult to dislodge entrenched cybersecurity guidance, especially when the recommendations we now offer for how organizations should protect themselves (segmenting networks, multifactor authentication, penetration testing) can feel so much more cumbersome or work-intensive than just installing some code on everyone’s computer.
But the Norton Crypto announcement does suggest that even the big antivirus firms know their products are no longer at the vanguard of cybersecurity protections if they’re thinking about branching out into providing crypto mining services.
"YOU CAN DELETE NCRYPT.EXE IF YOU TURN OFF THE TAMPER PROTECTION FEATURE"
None of this is to defend Norton’s inclusion of a crypto miner in its security suite — it’s simply to explain what is and isn’t happening.
As mentioned before, we installed Norton ourselves to get first-hand experience with the miner. While the service may be opt-in, Norton isn’t making it hard to find — when Sean installed the software, its control panel had a big green banner at the top with the text “Turn your PC’s idle time into cash.”
Clicking the “show me how” button shows you a slideshow about the feature, a large “Agree and get started” button, and some smaller text letting you know that the feature you’re turning on is Norton Crypto.
After you turn on Norton Crypto, it’ll set up a wallet for you, and immediately start using your computer’s GPU to mine Ethereum (its system requirements say you need an Nvidia or AMD card with at least 6GB of memory).
Any earnings will be periodically deposited in the wallet set up for you, and once you reach a minimum threshold, you’ll be able to withdraw your earnings to Coinbase.
However, doing so will incur a transaction fee (also known as a gas fee) that’s charged by the Ethereum network itself. That could mean that you’d have to mine a lot of cryptos before it’d make financial sense to withdraw it from your Norton wallet.
The deal looks a lot better from Norton’s end, though — as is often the case with crypto, scale is key here. While using the feature may not be particularly profitable for any one individual, if a lot of people try it out, Norton’s cut could add up to a significant sum.
“The older generation simply doesn’t trust the new-fangled ideas of the Bitcoin youth.”