From Ars Technica
Office Depot and its sister retailer OfficeMax have stopped using a technically dubious piece of malware-scanning software after two news services caught the stores recommending costly fixes for PC infections that didn't exist.
According to an investigation conducted by KIRO TV News, four out of six stores in Seattle and Portland, Oregon claimed that out-of-the-box PCs showed "symptoms of malware" that required as much as $180 for repairs and protection. The computers, according to the report, had never been connected to the Internet and were diagnosed as free of malware by security firm IOActive. A separate TV News team from WFXT in Boston reported on Friday that the same free scanning service OfficeMax offers similarly misdiagnosed two of three brand-new PCs as potentially infected.
Officials at Office Depot, the parent company that operates both chains, said they are suspending use of software known as PC Health Check for scanning customers' computers for malware. The officials went on to say they didn't condone the conduct reported by the TV news organizations and have undertaken a review of the assertions.
According to an IOActive security researcher who spoke to KIRO, PC Health Check automatically signals a malware problem when store employees check any one of four boxes indicating that a customer has experienced pop-up problems, slow speeds, virus warnings, or random shutdowns.
"When any four of them is checked [in] any combination and single, as long as one of those boxes is checked you will see the malware symptoms in the report," Derek Held, the IOActive researcher, was quoted as saying. "It didn’t matter anything else that was on the report. It was automatic that made it show up on the report."
KIRO also reported that PC Health Check is sold by Support(dot)com, a company that along with partner AOL agreed to pay $8.5 million in 2013 to settle a lawsuit alleging that they misrepresented the results of free malware scans and then charged fees to fix the non-existent infections. US Senator Maria Cantwell of Washington state has reportedly asked the Federal Trade Commission to investigate the Office Depot service.