Yesterday on Twitter, Samsung's US support team reminded everyone of regular and manual virus scan their television.
Samsung's team followed this with a short video showing someone in a conference room, where 16 buttons deeply pushed into the system menu on a Samsung QLED TV to enable the TV's built-in virus scan, which apparently is "McAfee Security for TV. "
It was surprising that Samsung got instant pushback on these tweets and almost immediately deleted them.
This can raise some questions about Samsung's practice and what we as consumers should expect from modern devices. The fact that Samsung's malware scanner is McAfee (and that McAfee's only customer service is apparently Samsung) raises questions about the real value and purpose of the service: Samsung is paying McAfee for what must be a beautiful trivial application, or is McAfee paying Samsung for brand promotion? But even though we skip the fire-related cynicism and take the concept at face value, we have a few questions.
Ars reached out to Samsung with the following questions, but the statement below provided by the company did not answer them. The following statement is attributed to Samsung:
Samsung takes security very seriously and our products and services are designed with certainty in mind. We recently attended information on one of the preventive security features on our Smart TV to show consumers proactive steps they can take on their device. We would like to clarify that this was just a way of educating consumers about one of the features included in our products and was only posted because we thought consumers would find it informative.
Is there a real danger?
Does Samsung believe there is a real danger of malware infection on its smart TVs? Of course, any random access storage device can run malicious code. However, when it comes to consumer units with almost no access to attack surfaces, the question becomes one of vector. It looks unbelievably unlikely that Samsung is worried that some neighborhood blacks walk into your living room and praise your TV by pressing buttons on the remote – but the TV has a Samsung App Store that hosts third parties apps.
The store is hosted by Samsung and seems to contain fewer than 100 total apps. Thoroughly wetting these applications prior to publishing them does not seem to be a cumbersome load for Samsung to wear … and if a malicious app does sneak past, Samsung cannot simply revoke the app from the back?
Shouldn't it be automatic?
If anti-virus scanning your TV is needed, shouldn't it be automatic? If you make a vanilla Windows 10 installation from an ISO, Windows Defender is installed, enabled, and has regular and automatic updates and scans that are scheduled by default – without requiring consumer interaction. If the consumer decides to replace Defender with a third-party program such as McAfee, Symantec or Malwarebytes, these apps also automatically schedule regular scans and updates. Expect most consumers to regularly schedule and faithfully perform system administration tasks beyond the question, even when it comes to their PCs. even more for their television.
Was the one who runs the Samsung Support USA twitter confused as they simply didn't realize that the service is already running automatically? Or were they correct, and it really doesn't happen unless a particular user beep-beeps 16 plus times with the remote once every week? If not automatically planned, consumers may ask "why not?" Is there any concern about performance issues, or is Samsung just not seeing any real value in a service that can only exist for branding?
How long does malware in Samsung's store last?
How long does Samsung smart TV malware expect to stay in its store? There is a dirty secret about anti-virus scanning: it almost never stops zero-day problems. Heuristic motors are not very effective, and by far the most "true positives" are signature-based detection of known malware. The real purpose of anti-virus is not to block fresh malware, it is to limit the viability window of new malware. In an ecosystem with probably only one vector for malware distribution – Samsung's own App Store – there should be no aging malware floating around, reused by non-talented script kiddies unable to write their own; The only possible threats should be new threats in the first place.
This lets us ask why Samsung not only feels it is necessary to run an internal malware scanner, but it is necessary to enter a third party instead (continues)
A modest counter-proposal
The best The way to keep your big, expensive, clear TV security is never to give it access to your network in the first place. The consumer electronics room is packed with high-quality, inexpensive streaming devices that typically have better interfaces and more capabilities than most smart TVs anyway. Roku and Amazon 4K streaming players both start at less than $ 50; in the unlikely event one of them is compromised, "reusing the bad and buying a new one, probably from a competing brand" seems like a sensible answer. Ana