Block viruses by all means, but leave the ethics to me

I've been on the security beat for a good few years now. Indeed, when I first came to the wonderful world of antivirus, Windows didn't have any sort of built-in protection, and a great many people simply went without.

"As long as you're careful and don't visit dodgy sites, there's nothing to worry about," ran the received wisdom - but it was entirely untrue. As I've argued in features over the years, antivirus software was necessary then, and it's necessary now.

The thing is, you have to trust your chosen security suite. Historically, we've tested antivirus tools by pitting them against a deluge of real-world malware and seeing how many nasties they block. But trust isn't just about knowing that a package will protect you from specific threats.

To explain what I mean by that, it's time for me to make a confession.

Over the years, I've amassed a modest collection of "hacking tools" - little scripts and patches that strip the copy-protection from various bits of commercial software. It's not something I tend to advertise; I know how it looks.

But my conscience is clear. Because, for better or worse, many modern applications won't work properly without some sort of activation or online authorisation. And when a critical part of our benchmarking suite insists that it can't reach its activation server, or decides that I've registered it too many times, and that I need to ask customer service to reset my account, it can completely wreck a tight production schedule.

So I've stopped playing along: we have a legitimate licence, and if you're going to be obstructive about my product key, I'm just going to feed you a fake one and get on with my job.

That's the principle, anyway. However, when I've actually tried to use one of these tools, I've often been undermined by my own security software. Take Windows Defender, for example: as soon as it spots a patcher or key generator, it leaps in and cries "a hacking tool! Let me save you from this horrific threat!"

Cue a tiresome process of temporarily whitelisting the offending item before I'm allowed to run it assuming it hasn't already been deleted.

Of course, you might believe that this intrusion is for my own good. Little hacks that you download from the internet can indeed have Trojan-like characteristics. These days, I wouldn't be at all surprised if half of them contained Bitcoin miners.

Yet it's funny: after I've insisted on running one of these hacking tools, a subsequent system scan never seems to find anything malicious left behind in memory, or on my hard disk. So is Microsoft actually looking out for my security - or is it just trying to police the way I use my own computer?

It's an infuriating situation, but not a new one. In fact, to put the above into context, I'm largely drawing on experiences from the period when I was creating and testing the 2011 PC Pro Real World Benchmark suite. But it was all brought freshly to mind this month by the experience of a chap called Graham Marriott. A regular reader of our sister print title Computeractive, Mr Marriott recently wrote to that fine organ to voice his concern that a piece of commercial software - Ashampoo Driver Updater - was being flagged by his Eset antivirus software as a malware risk.

A little digging revealed that the software, in fact, blocks a whole range of system tools as "potentially unwanted programs". The idea is to protect users from unscrupulous "scareware" tools, and their amazing knack of discovering dozens of critical system errors that only the company's paid-for utilities can repair, but it seems to be a very broad-brush treatment.

I suppose the clue is in the name. More or less any program might be unwanted - heck, I don't want iTunes anywhere near my system, thanks. And to be fair, Eset is far from alone in flagging up PUPs, as they're known. Kaspersky is another big name that offers the same protection, and it could be valuable to users who aren't quite as tech-savvy and cynical as your average IT Pro reader.

In this specific case, the issue wasn't exactly that Eset had blocked the Driver Updater installer - the issue was that it had done so in a way that looked like a full-on malware alert. If the warning had been a bit clearer, Mr Marriott might well have been grateful for the heads-up.

Evidently, there are some grey areas when it comes to the role of a security suite. And they're about to get greyer, as Microsoft has announced that a future update to Windows Defender will flag up apps that "display alarming or coercive messages or misleading content to pressure you into paying for additional services". This could be a good idea, if it's handled thoughtfully and transparently.

Unfortunately, based on my own experiences with Windows Defender - and Mr Marriott's with Eset I suspect it's going to be implemented with all the nuance of a sledgehammer. Never mind the scareware, I foresee Defender popping up "alarming and coercive messages", driving users away from whatever applications Microsoft deems politically incorrect.

This is what mean when I say that there's more to trusting a security suite than simply believing in its effectiveness. I wouldn't recommend you rely on Windows Defender at the best of times, in light of its persistently mediocre performance in malware tests. But if it's going to start making value judgments about the software we choose to install, we need start asking whether it's even genuinely looking out for our interests.

As far as I'm concerned, Microsoft's credibility in that department is at rock bottom.

Image: Shutterstock

Darien Graham-Smith

Darien began his IT career in the 1990s as a systems engineer, later becoming an IT project manager. His formative experiences included upgrading a major multinational from token-ring networking to Ethernet, and migrating a travelling sales force from Windows 3.1 to Windows 95.

He subsequently spent some years acting as a one-man IT department for a small publishing company, before moving into journalism himself. He is now a regular contributor to IT Pro, specialising in networking and security, and serves as associate editor of PC Pro magazine with particular responsibility for business reviews and features.

You can email Darien at darien@pcpro.co.uk, or follow him on Twitter at @dariengs.