Cupertino, CA -- Would you buy a fake Rolex wristwatch for $50 out of someone's coat, in a back alley? Would you buy counterfeit software, for a price that's just too good to be true?

While looking closer at the face of a "Rolax" or "Rolux" might be a dead giveaway that it's a cheap knock-off, sometimes it's not so easy to spot counterfeit software. In fact, many thousands of small businesses may have already fallen victim to a new scam going around the net - and unknowingly purchased some bogus Symantec Norton software . . . and, for no extra charge, got a heap of potential aggravation.

Why This Hit So Close to Home

A few weeks ago, I started getting e-mail messages from someone going around the Internet and sending junk e-mail that read, "90% Off Norton SystemWorks".

Now, I'd received many of these messages before. You probably have, too. But this one was different -- and caused a lot more headaches than just clogging up my Inbox.

This time the messages were being sent around with a forged (or spoofed) e-mail header, which to the non-technical, untrained eye, made it look like the e-mail messages were originating from a bogus address.

Within an hour, after receiving about a dozen of these bounced messages, I was on the phone with tech support for both our Internet access ISP and Web host ISP, just to make sure they both knew we were victims here, not the perpetrators.

But then a few days later, it occurred to me that we were just tarnished in the crossfire. In reality, besides Symantec, the real victims are those who fall for this scam, which could easily be our loyal subscribers and customers, both small-business owners and computer consultants.

How to Beat the Norton Counterfeit Software Scam

I wanted to get you some advice, firsthand, on how to steer clear of the counterfeit software.

Since tracking down one of these back-alley felons would be next to impossible, I turned to Symantec's chief guru on the topic, William Plante, the director of Symantec Brand Protection. He chairs Symantec's Brand Protection taskforce, and here, he tells us about how we can protect our consulting practices and our clients from the dangers of counterfeit software.

Feinberg: How big is the counterfeit software problem for Symantec?

Plante: Just to put this in perspective and give you an idea of the magnitude, Symantec's largest bust to date in November 2001, in the Los Angeles area, had a street value of $40M. The counterfeit software was all CD-ROMs only, with no retail packaging, no warranty cards or anything like that. It's a huge problem. By March 2002, we recognized the threat and formed Symantec's Brand Protection task force. My brand protection department has six full-time employees and utilizes contract investigators on every continent around the globe. We're receiving upwards of 1,200 e-mails a day reported to either or

Feinberg:: Why is Symantec's counterfeit software such a problem for small businesses and computer consultants?

Plante: If you receive a s p ~ m message, click through to the server and purchase, it's very often credit card fraud. It (the Web page) says secure order and has all the stuff to make you think it's authentic. But, anywhere from 10% to 30% of the messages that we respond to are, in fact, credit-card scams. Most of the time these Web sites are hosted outside the U.S.; many times in South America, Eastern Europe, Southeast and Central Asia. The hosting ISPs (once contacted) are generally pretty quick to shut these problems down. It's very difficult for the consumer to differentiate between the credit-card fraud and a counterfeiter who'd actually send you a CD-ROM. There's absolutely no way for Symantec to warranty the authenticity of the software once it's installed. Every month, for the last eight months now, we've run across examples of our code altered . . . Trojan horses, code manipulated to erase certain files and we're now investigating cases of absolute disk corruption upon installation of the counterfeit software. The consumer's ultimately left with no recourse because whoever sold the counterfeit software to them is long gone.

Feinberg: What's Symantec doing proactively to fight back against these problems?

Plante: To protect against counterfeiters, we'll have digital rights management (DRM) in place by this September for our 2004 product line. We anticipate another year before all the "stale" product (2003 versions) cycles through, so we likely have a good 18 months left of this. We're currently testing a DRM system, but want to make sure it's very simple and consumer-friendly. We have the benefit of coming in after Microsoft's XP activation.

Feinberg: What can non-technical small business owners and managers do to avoid being scammed?

Plante: We only sell our software in a yellow box, or you can download the software from our Web site. We don't sell software by envelope alone. It should show up in a standard retail yellow box. We've had some reports of counterfeit yellow boxes outside of the U.S., but we've never seen any kind of explosion of it, because it's very expensive. Next, anything that says, "90% off Inventory Blowout Sale" is like buying a Rolex watch off someone's inner coat pocket. It's just not reasonable. What kind of company sells its product at 90% off? If there's no way for them to call back whomever they bought it from, the "alarms" should go off as well. If it (the offer) comes to you via unsolicited e-mail, don't buy it.

Feinberg: How are you reaching small value-added resellers (VARs) and computer consultants that service small businesses?

Plante: We've actually sent out a letter to every registered channel partner in North America, giving out the two e-mail addresses where you can report suspected Symantec counterfeit software. Unfortunately, some small-business VARs, who've even sold our products in the past, have gotten duped into purchasing counterfeit product. We've had to intercede in several instances and say, "that stuff is counterfeit". We're working with small-business VARs to educate them that Symantec just doesn't sell its software that way. A good legitimate VAR that has a good relationship with us is not likely to fall into that trap anymore. Sometimes even their clients are asking them, "Hey, what is this 90% off?" We've been telling VARs to send any complaints or any information they've got to either of those mailboxes I mentioned earlier.

Tips for Avoiding Counterfeit Symantec Norton Software

  • Only buy from authorized distributors and LEGITIMATE system integrators and retailers, either at the store or on the Internet.
  • Check product prices. If it seems "too good to be true" (i.e. 90% discount), it's generally a scam that's pedaling counterfeit software.
  • Get details, in writing, on return, service and warranty policies.
  • Look for the well-known standard Symantec Norton yellow boxes, which are generally too expensive for counterfeiters to try to knock-off.
  • If you've already fallen for the scam, contact your credit-card company IMMEDIATELY as the counterfeiters often look to gather up and sell stolen credit-card numbers.
  • Don't buy software promoted through mysterious e-mail.

© Copyright 2003, Joshua Feinberg
Small Biz Tech Talk is a registered trademark of KISTech Communications