Norton Antivirus logo surrounded by Ethereum cryptocurrency
Norton 360 Antivirus is currently downloaded on tens of millions of computers across the globe. For any of those who have been regularly updating, they introduced a crypto-mining service for Ethereum into the June 2021 update. This is opt-in only and has to be enabled with end-user access.
This crypto-mining should never be running on your computer without your knowledge, but what if that user access is compromised? This is ready to execute from a vulnerable exploitation, on your personal PC. I’m flabbergasted at the series of bad decisions made here; let’s dive in.
They claim that it’s a way to offset your costs, allowing you to pay for your subscription via the mining process. They also scrape 15% off of the top of that mining. What’s the big deal about that?
Crypto-mining requires an insane amount of stress on your personal computer’s GPU, generates an incredible amount of heat, and even on a souped-up gaming machine, you will still struggle to break even on the cost of mining. If you are mining for yourself, you might be able to break out even or a little ahead of the cost of the energy on your own GPU, but you’d still be wearing down really expensive hardware. When Norton skims 15% of the coin return, you come out cost negative, and all to have a computer that’s hotter than the sun trying to keep up.
The most expensive way to mine Ethereum is on a single PC’s GPU, so this offer ensures that you will spend more on your energy bill than you’d save in the mining for the subscription, and all just to make this company a little unethical profit.
I can understand the marketing appeal of jumping on the crypto-bandwagon. The concept of using crypto-mining to offset costs of products isn’t an entirely novel idea, but it has to be tied to energy-efficient scalable infrastructure.
Crypto-mining is just a technology; if you use it in a well-engineered way, then there’s a sweet spot to doing the same thing with some efficiently engineered server farm, and you might be able to make a return on your energy costs.
This marketing scheme has probably overheated thousands of computers, and we don’t know how much wasted energy consumption this gimmick has been, and ultimately will be, responsible for.
How many of the end users who opted into this mining understood that this would, by design, cost them more out of pocket than the subscription? How many end users understood the impact on their own PCs? Crypto-mining is energy intensive, and we are all responsible for ensuring we don’t overheat the global energy grid from radically inefficient distributed mining practices.
Everything about the execution of this was an incredible playbook in what not to do. A business should not have the authority to install crypto mining via automated updates. In one fail swoop, the trust of a global online community is gone, and they won’t get it back.
Rational concerns over the security over this access have already been noted. On the Norton Crypto Community board, one of the top trending forums is currently “Is Norton Mining behind my back or is it just broken” (it wasn’t, there was no GPU usage). This erosion of confidence cannot be recovered.
We should never let a company choose profit over energy consumption if they are going to do it on a global scale. This should be a lesson to all of us as we continue to see crypto move onto the center stage.