US office supply chain Office Depot and its sister retailer OfficeMax have said that they will stop using questionable malware-scanning software after two news outlets caught them recomending expensive fixes for PC infections that did not exist.
Office Depot and its sister retailer OfficeMax have stopped using a technically dubious piece of malware-scanning software after two news services caught the stores recommending costly fixes for PC infections that didn't exist.
An investigation by KIRO TV News found that four out of six stores in Seattle and Portland, Oregon claimed that out-of-the-box PCs showed "symptoms of malware" that required as much as $180 for repairs and protection. These were computers that had never been connected to the intenet and had been diagnosed as free of malware by security consultancy IOActive.
A separate TV News team from WFXT in Boston reported on Friday that OfficeMax's free scanning service misdiagnosed two of three brand-new PCs as infected.
Officials at Office Depot, the parent company that operates both chains, said that both retailers are suspending use of the PC Health Check software that has been at the centre of the controversy. They would go on to say that they disapproved of the news reports' allegations of malice, and that the company has undertaken a review of the assertions.
IOActive security researcher who spoke to KIRO said that PC Health Check automatically signals a malware problem when store employees check any one of four boxes indicating that a customer has experienced pop-up problems, slow speeds, virus warnings, or random shutdowns.
"When any four of them is checked [in] any combination and single, as long as one of those boxes is checked you will see the malware symptoms in the report," Derek Held, the researcher said. "It didn’t matter anything else that was on the report. It was automatic that made it show up on the report."
KIRO also reported that PC Health Check is sold by Support.com, a company that – with partner AOL – agreed to pay $8.5 million in 2013 to settle a lawsuit that alleged that they misrepresented the results of free malware scans and then charged fees to fix the non-existent infections.
Washington state Senator Maria Cantwell has reportedly asked the Federal Trade Commission to investigate the Office Depot service.