Let’s start with some basic facts. A crypto miner is a malicious software that uses the resources of your computer to generate cryptocurrency for someone other than yourself. It is, at its most basic level, theft of services.
In 2018, crypto jacking (the practice of using browser-based programs to mine cryptocurrency without your knowledge or consent) and crypto mining (malware that usurps your computer’s CPU to mine cryptocurrency) grew to be major threats. The only way you’d know something was amiss was when you realized your internet browsing was very slow and, after a while, your computer stopped working until you restarted it. After a few days, the malware would cause you to “lather, rinse, repeat.” The biggest player in this arena was Coinhive.
Why did Coinhive target browsers? Because it was relatively easy to slip in as an add-on since the code appeared to be innocuous. It was, until you restarted your browser. At that point, the program would run any time your browser was open, using up electricity and processing power to generate minuscule amounts of the cryptocurrency called Monero.
In February 2019, Coinhive publicly announced it was ceasing operations the following month. The service stated that it wasn’t “economically viable anymore” and that the “crash” (of Bitcoin) had severely adversely affected the business. That pretty much sent a death knell to browser-based crypto coin mining.
So why am I bringing this up at the start of 2022? I recently read two articles and learned that crypto mining is alive and well. And it is not being used solely by cybercriminals. Nope, no, siree. Given the pandemic, it seems marketing types have prevailed at Norton, the eponymous Security 360 product maker. A new feature is the inclusion of crypto mining. Avast, a European maker of security software, has announced it is doing the same.
Apparently we live in an upside-down world when security companies allow their crypto miners but claim they can keep out everyone else’s crypto miners. But what does this mean? Well, for one, you have to opt-in to use this feature; Norton doesn’t install it indiscriminately. Also, your computer has to meet some stringent hardware requirements before you’d even see the option. The critical condition is that your computer has an advanced video card (where the computing will take place) so that you can mine Ethereum.
And then comes the kicker: Norton is going to take a good percentage of the money generated. They get 85% while you get 15%. And if you want to obtain your portion — having donated your computing resources — you are faced with additional fees (one a transaction fee and the other a processing fee to cash it in), which reduce your overall take. But suppose that’s not enough to dissuade you. In that case, this money is considered extra income by the Internal Revenue Service, so you will be responsible for including it on your annual tax return.
But the biggest question (and complaint) from security-conscious netizens is: Why would any security company think of doing this? The answer is simple: They want more money from consumers than they get from the annual subscription to their products. Consumers have learned that when subscribing to Norton 360 for the first year, they get a terrific discount. Norton sets the subscription to auto-renew and keeps your credit card on file. Savvy users realize they can turn off the auto-renewal and remove the saved credit card. The day after the current subscription expires, they can purchase a new discounted subscription with a different email address (e.g., email@example.com for the current year because it was firstname.lastname@example.org for last year’s subscription). It seems Norton is simply fighting back in a very unusual manner.
Do I think this is a good idea? Absolutely not! Is it well-intentioned? Undeniably no. Should all consumers be extremely wary about this? Resoundingly yes! Are you (my clients) affected by this? Not at all, because your computer is running SentinelOne Vigilance, part of your SPF+ or SHADE subscription. But if you know of someone who thinks Norton has a terrific security product, I would urge you to let them know that’s not necessarily the case.
Thanks, and safe computing!