Why you can trust ZDNET : ZDNET independently tests and researches products to bring you our best recommendations and advice. When you buy through our links, we may earn a commission. Our process

'ZDNET Recommends': What exactly does it mean?

ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.

When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.

ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.


Norton's cynical crypto ploy: A dark harbinger of crapware to come?

Anti-malware vendors are taking a page from the malware makers they're supposed to be policing. What if all software vendors decide to embed crypto-miners and skim the profits?
Written by David Gewirtz, Senior Contributing Editor

There are really only a few ways to make money from cryptocurrency. You can buy it, making a profit when you eventually sell it. You can mine it and make enough coins to make a profit when you eventually sell it. 

You can run a cryptocurrency exchange and make a profit from every transaction. You can even invent your own cryptocurrency and make money when your idea eventually grows big enough to make a profit.

What have I left out? Ah, yes. The risks and the costs.

You can buy cryptocurrency, but you'll only make a profit if the currency's value goes up -- and goes up enough to exceed the fees involved in buying and selling. Whether or not that happens is anyone's guess. It's very similar to buying stocks. Safe bets don't necessarily net big returns, but high-risk bets can cause you to lose your shirt.

See also: Cryptocurrency comes with one colossal caveat: Remember the tulips.

You can mine cryptocurrency, but there's a cost to the mining rigs and an even greater cost in electricity and cooling. If you're just using a spare computer during its idle time, you're never going to make enough for it to be worth the time and effort. But if you dedicate machines or an entire facility, the cost in hardware and power may exceed the value of the coin you mine.

You can set up an exchange, but there's an enormous level of effort to build in the infrastructure and security, as well as the marketing necessary to be accepted as the crypto equivalent of a bank. It's not an easy task.

You could create your own coin and hope investors jump on it as a bandwagon. Generally, unless you have someone as high profile as Elon Musk touting it, you're probably not going to reach critical mass.

But what if there was a risk-free way to make big crypto profits? Scammers and criminals, it turns out, have figured out a way. They've created malware that does crypto mining when placed on an unsuspecting user's computer. The scammers don't have to spend on energy or gear. All that is paid for by their victims. The criminals need to rake in the profits from selling coins they spent nothing to gather.

Fortunately, antivirus and anti-malware products like Norton 360 scan for crypto-mining malware. So if you don't want your machine's cycles sucked away by a criminal enterprise, invest in a subscription to Norton's service, and your PC will be crypto-mining free... or... wait... what?

We're about to split some very ugly hairs here

We covered this last summer. When you install Norton 360, you also install a program called NCrypt.exe in the program's Windows directory. Recently, the Verge did a deep dive on how this works. NCrypt is an Ethereum crypto-mining application. Fortunately, and we can give slim kudos to NortonLifeLock (the company behind the software), the crypto-mining application is not automatically turned on.

Instead, the installer presents a big green nag screen promising you can "Turn your PC's idle time into cash." This leads to the switch that enables the crypto-miner.

So while Norton isn't running a crypto-miner without your permission, it is installing the software automatically and without prior permission. It's definitely a step up from malware vendors because you can turn the feature on and off.

That said, there's an element of "the house always wins" at work here, and Norton 360 users are definitely not "the house."

Norton's cynical bet

When Bitcoin was first introduced, its shadowy creator came up with a scheme for creating value. The idea was that as more and more coin was "mined" using complex computer algorithms, the computer overhead would increase. In other words, it took more computer work and power to mine the 100th Bitcoin than the 10th.

Today, mining popular currencies like Bitcoin and Ethereum takes tremendous processing power. You could take all the spare cycles of your desktop computer and run it every night for a year and make less than $250.

While an extra $250 is nothing to sneeze at, the gotcha is that it will cost at least that much in electricity. In fact, the Verge did a mining test using NCrypt.exe. Their testing showed, "In real numbers, a night of mining on an RTX 3060 Ti netted $0.66 worth of Ethereum and cost $0.66 in off-peak electricity."

The thing is, Norton takes 15% of all the cryptocurrency that users mine using Norton 360. I reached out to Norton's PR team to ask what percentage of Norton 360 users turn on crypto but have not yet received a response. We can assume there's a fair number. After all, the promise of "Turn your PC's idle time into cash" would seem pretty compelling to most users.

See also: I bought Bitcoin from PayPal. Here's what happened.

Even if you keep your machine on all the time, it uses considerably less power than if you're running crypto-mining algorithms.

With that, let's deconstruct Norton's cynical bet.

Most users will lose a considerable amount in terms of power expense and wear and tear on their machines because even though the mining and power costs broke even for the Verge with today's Ethereum mining overhead, it will only get more costly in terms of calculation effort and power over time.

Norton also doesn't release the Ethereum sliver unless a user reaches a minimum threshold, and that could take a very long time. Then, and only then, can the user transfer the Norton-mined Ethereum to Coinbase, and both the transfer and the sale of the transferred Ethereum will also result in fees.

Norton has to know that most users won't make any money. In fact, they have to know that most users will lose money, never actually derive any value, and never take the step to move that tiny little bit of mined Ethereum to Coinbase. Norton has to know that what it's really doing is almost the same as malware vendors: using unsuspecting users' gear and power to mine coin, from which Norton takes a no-way-to-lose 15% cut.

Norton is cynically betting that most of its users are too unsophisticated to do the analysis. Norton is also cynically betting that most users will respond positively to an offer that appears to be easy money.

So not only does Norton charge $50 to $250 a year for Norton 360 (the price goes up in subsequent years, because of course it does), they're betting that users will spend another $200+ a year on electricity based on the promise of turning "your PC's idle time into cash."

That's just cold.

Too juicy a scheme

I think Norton has unleashed a very dangerous and very disturbing genie here. Because while Norton is an early player in the bundled crypto-mining game, they sure won't be the last.

Shaving 15% in profits off the top, using users' power and gear to do all the work and pay all the expenses, is just too promising a scheme for other companies to avoid.

Without a doubt, expect a darker future where technology vendors embed crypto-miners in their code. The more up-and-up companies may give users the option to opt-in or opt-out, while the less aboveboard businesses are likely just to embed their own mining code and hope nobody calls them out.

See also: In just a week, my Bitcoin 'investment' plummeted by almost 14%

How many connected devices are there out there? How many smart bulbs, smart microwaves, anti-malware software suites, smartphone apps, and games -- oh, you can definitely expect this crap from game makers -- how many will embed mining software into their programs and sleeze that 15% off the top?

Mark my words. Cryptocurrency mined using increasing processor work algorithms is a pox on humankind.

Go ahead, comment below. Crypto fans, tell me why being a crypto-miner will make you rich and cool. You know you want to. Go ahead. Thoughtful folks, please feel free to weigh in on the implications of this kind of scheme. Voices of reason are welcome, too.

Disclosure: NortonLifeLock was previously known as Symantec. Back in the days of wooden computers and iron programmers, a way, way, waaay long time ago, I was an executive at Symantec.

You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

Editorial standards