I see lots of comments from people who don't know what "LifeLock" is. To save you the trip to Wikipedia:
"LifeLock Inc. is an American identity theft protection company based in Tempe, Arizona. LifeLock was founded by Robert Maynard Jr. and Todd Davis in 2005. LifeLock’s identity theft protection system detects fraudulent applications for credit and illegal use of personal information. It also monitors the use of personal information and credit score changes. As of 9 February 2017, it is a subsidiary of Symantec."
It is mostly famous for being somewhere between being really terrible at actually protecting your identity, and being an outright scam. The "controversies" section is worth reading:
Are there any credit monitoring or "identity theft prevention" services that aren't outright scams?
Most of them spend huge amounts of money on scare-tactic ads, use shady free-trial-with-automatic-billing-that's-impossible-to-cancel sign-up models, and are cagey about what exactly they're monitoring and how their flagging works.
It's too easy to run these sorts of businesses as "do absolutely nothing, collect checks every month, suffer no consequences if things go wrong because the event is rare, profit is purely a function of sales team size" operations.
Kind of like the anti-virus market, actually... I guess this is a good match!
CreditKarma is legit and free. Of course just like any other free service, you are the product. They recommend products to you based on your credit and finances. They also give you full weekly access to your Transunion and Equifax credit reports.
Are any of the credit monitoring services actually useful?
After the Experian debacle my credit card company began offering complementary credit security reports. Recently I opened a new card and throughout the process kept an eye out for security alerts. Nothing. Not a blip about anyone pulling my credit history or a notification that a new account had been created using my SSN. Maybe because this is the free tier it isn't as thorough in checking as it could be. But doesn't that make it a worse option than not having credit monitoring?
There's a service called IDNotify that I have through TurboTax somehow - I believe they gave it away with the tier I needed to file my business expenses and income.
It does send me alerts every time my email shows up in a dump from some hacked service, which is a nice bonus, over and above what the likes of CreditKarma do.
I have the same service for free (don't recall why). One pet peeve I've had is that my email address for a third party account was "leaked" (hotel chain I believe) and IDNotify doesn't list enough detail (e.g., listed password) when they get a hit to let me know if somehow my actual account was compromised, so I have to scramble to the provider and verify all account accesses were legitimate.
I presume these listings get recycled multiple times and resold to inflate the value of something not so valuable wherever IDNotify is finding these listings, so since people operating in those circles want to make their information look more valuable, IDNotify falls for it. Then, I'm left guessing if my account was actually compromised and basically just cycling my password regularly, making that aspect of their service virtually useless.
Lifelock, where did I hear about those scammers before? Maybe while reading about the founder being a potential identity theft himself (something about "Maynard stole his father's identity")?
I thought this name is a joke. But it's not April 1st. So I googled it, and it's not a joke. Broadcom bought Symantec's enterprise arm, and this is the consuner remnant. The name is for real.
In the AV industry, the enterprise versions usually lag the consumer versions by a couple years. Their sales are driven by awards and independent ratings, so all resources go towards making sure that year’s consumer versions are optimized for the tests in time for the release. Once it’s done, they start backporting.
My experience has been that the enterprise versions at least include some semblance of stability and performance enhancement, vs the consumer releases.
But it's been awhile since I've dealt with consumer AV.
Is this false now? Maybe the consumer market has gotten more capable? More competition?
I have a very cynical view, but I think the consumer AV field has gotten less competitive and more scammy. With Defender/Windows AV/Windows Anti-Malware bundled into Windows since 7 (thanks to one of the dumber parts of the anti-trust litigation expiring, second perhaps only to Office not being able to directly bundle PDF export for several versions, which expired at the same time), consumer AV has work very hard to convince users to install it, and even harder to convince users to keep paying for it. Some of them are just scarier dialogs repeating what Windows Security Center shows (like they aren't even pretending to bundle their own engines anymore) and twelve ads for other security products in their "family".
Consumer AV is nothing but a mafia protection racket shaking down poor people that don't really have the money to pay for it, but think they have to because of that one time their Windows XP computer got a virus when Microsoft wasn't legally allowed to have their AV product in the box and on by default because a couple of companies convinced US judges that somehow AV was a value add and not a critical platform need for an operating system.
I feel sorry for someone every time I see they have consumer AV installed.
Reading through the page, I thought it was a parody set up to comment on some ‘vendor lock-in’ quality of theirs. Then searched the name, learned it's real but not a company that I would want to associate with.
The name has me imagining a Honeymooners fantasy horror spin-off where a bearded Art Carney begins dabbling in the occult during the pilot, quickly learning to supernaturally send some unfortunate to a tragic, yet deserved, life fate for each episode.
So what's the difference between 'enterprise security' and 'consumer security' products?
I work for a (partial) competitor and I can't really imagine splitting our company into consumer and enterprise versions.
Exploits are exploits, no matter if the target is a Windows XP in an AD domain, or a Windows 10 video game box in a home. A lot of threat analysis/discover infrastructures need to be duplicated, let alone the analysts and reverse engineering engineers.
Enterprise security is typically B2B with annual contracts in the tens to hundreds of thousands of dollars; most any company dealing with any kind of PII requires every employee workstation/laptop to have a security product installed with periodic scans, often daily, and then an audit trail a mile long.
Vs. consumer security, I am guessing, Windows has a built in virus scanner now that's pretty good, and also free; LifeLock is a sort of credit freeze/identity theft monitoring service... a product marketed directly to consumers, but also as a pack-in offering that credit card companies are starting to offer to customers for free, especially as part of settlements due to personal information breach legal settlements. Different market/scope.
My company isn't "enterprise" size, but we have over 100 machines in the office so it makes sense to buy a business product rather than a consumer product. I agree that the detection/protection portion of the product can easily be the same between "enterprise" and "security," but the real value (at least for us) is on the management side.
Some features that I've found valuable as an admin:
- Consolidated billing, suited to the company's normal billing cycle
-Easy automated deployment (e.g. GPO deployment)
- Management console to monitor the status of all devices
- Multiple admin accounts for delegation
- Timely alerts by email to specified admins
- Granular security policies
- Security policies by device group (i.e. different port exceptions for user workstations vs servers)
- Ability to push virus definitions / policy changes to specific devices if necessary
There are a few other possibly useful features we're not using with our current setup (such as specifying an internal update server).
Enterprises may have custom requirements or interfaces that consumers don’t care about. Makes sense to split if the firm expects to support both markets at the same time. Quite tough to pull off.
Threat analysis is an important, but it's really a small part of Symantec's operations as a whole. (and that tech can be relatively easily licensed and/or purchased)
Sales, marketing, strategy, partnerships, product development, support, legal and compliance -- much of the rest of the company, will be vastly different for B2B vs B2C.
Norton Utilities, Norton DiskDefrag, Norton Anti-virus (earrrly versions) were all great, man I used them heavily. This news feels like more of a eulogy for what was Symantec
So ignore the “life lock” stuff for a moment. Is anyone paying attention to the gobbling up of second-tier suppliers that broadcom’s been steadily doing? The life lock stuff is the stuff that Broadcom for some reason found indigestible.
Go look at the history of acquisitions over the last 20 years. [1] LSI, PMC-Sierra, Avago, Infineon, Brocade, CA... It’s highly likely that any electronic device has a Broadcom chip or component inside of it.
Same scam, new brand? Whatever happened to the Norton class of product? Those delivered good value to the user. Did what they promised, didn't spy, didn't upsell me through FUD and dark patterns.
Looking at their history[1], they got commoditized. They were first clobbered as the OS vendors started to build in utilities that were good enough for most people, and later open source software was better.
Add to that they wanted to capture a larger demographic, so they've exited the hobbyist market entirely and got into PC optimization / AV / VPN snake oil. They became the crapware you have to delete from a new Windows machine.
And now branding themselves after ID theft snake oil? If you burned $30 a month at least you'd get warm.
Norton Commander was great too and Peter Norton wrote the book on programming the IBM PC.
IIRC Norton AntiVirus was a rebranding of Symantec's antivirus software and probably the first usage of Norton's name for marketing reasons whereas NortonLifeLock is the last.
Was? It still is! Used it two weeks ago when I had to copy some files to my DOS retro machine and I could not be bothered to re-learn the xcopy syntax after all these Linux years :)
"LifeLock Inc. is an American identity theft protection company based in Tempe, Arizona. LifeLock was founded by Robert Maynard Jr. and Todd Davis in 2005. LifeLock’s identity theft protection system detects fraudulent applications for credit and illegal use of personal information. It also monitors the use of personal information and credit score changes. As of 9 February 2017, it is a subsidiary of Symantec."
It is mostly famous for being somewhere between being really terrible at actually protecting your identity, and being an outright scam. The "controversies" section is worth reading:
https://en.wikipedia.org/wiki/LifeLock#Controversies