Vol. 2, Issue 30, August 10, 2004
Bogus PDA Vaccine Fools Thousands
When researchers at an antivirus software company discovered a new virus carrying a destructive load capable of infecting Palm OS applications and replicating itself, the computing world was dismayed, but not surprised. The destructive nature of the Palm OS/Phage virus distinguished it from the recent Liberty Crack Trojan-horse program that also was designed for the Palm platform, and galvanized PDA users to seek protection.
However, despite user concerns, researchers at the McAfee Anti-Virus Emergency Response Team unit have given it a low risk assessment since the virus had not yet been found outside controlled environments. Consequently, a vacuum existed into which a particularly enterprising con artist could step in.
"The whole concept behind the 'Phage Inoculation' was pretty out of the box," said Symantec spokesman Karl Pendergast. "But people bought into it, partly because of a lack of mainstream alternatives."
The Phage Inoculation was marketed by a company calling itself PDA Doctor Inc. Unlike products offered by Symantec and McAfee, the Phage Inoculation consists of a device rather than a software program.
"I suppose people assumed the Inoculator ran some sort of software on its own, like a magic black box or something," said Pendergast. "We were curious, so we took a closer look."
In fact, the Inoculator consisted simply of a PDA cable attached to a small plastic box with two LED lights. According to its instruction manual, users plug the device into their PDAs and then turn it on to "cleanse their systems. When the red light turns off and the green turns on, repairs are complete!" The box, analysts have determined, contains nothing more than a simple timer which switches the red light off and the green light on two minutes after being activated.
"You might as well plug your PDA into your refrigerator or toaster for all the good this device does you," said Pendergast.
Thousands of unsuspecting PDA users paid $49.95 for the Inoculators, and sales were still brisk up to the day when Symantec announced that its engineers had discovered the devices were frauds. Since then, consumer fraud offices around the country have been flooded with complaints. PDA Doctor Inc. disappeared as quickly as it had appeared, leaving authorities and consumers to vent their frustration in chat rooms across the Internet.
"Dammit, this was the first gadget I've bought in five years that seemed to work perfectly right out of the box," said Thomas Kellogg, who used the Inoculator on all three of his PDAs. "I thought for once they've made virus protection easy, for once I don't need to spend six hours poring through an instruction manual to get something to work. I swear, I am never buying anything electronic again."
Industry analysts were uncertain what effect the bogus security devices have actually had on PDA security, since the Phage virus has not been widespread. Indeed, not all consumers who purchased the item are complaining.
"Are you kidding? This is the only computer device I've ever purchased that worked as advertised," said Martin Hecht. "I use it every week and haven't had one PDA virus since. I just wish they'd make a model for my PC. I'd rather spend $50 for a box with lights than worry about Microsoft's monthly patches, especially if the results are about the same."