One key aspect of the of the rogue AV/AS/AM products is the fact that they are using scare tactics to sell their "products". However even legitimate products have tendencies to go in this direction, as the two examples below illustrate.
The first example is from a Secunia PSI install. Just to clarify my stance on it: it is a great product and the things said in the notification balloon are 100% true. However, it is still very reminiscent of messages generated by some rogue products trying to sell their products.
The second one is from the Authentium blog:
I really, truly believed this to be a screenshot of a new rogue AV, especially because quite a few security sites publish screenshots of these products. It was only after a more careful look that I realized what I was looking at: a screenshot of their product. I left a comment on their blogpost advising that the title and screenshot looked very much like a rogue product (kudos for them for allowing comments on the blog), which got deleted :-). It seems that their PR department is one of the many which doesn’t get that on the web the barrier of entry is much lover and big money doesn’t control what is and isn’t said (or at least not that much).
If I’m ranting about user interfaces, here is one more point: why can’t people make the updates automatic, not invasive and separated from new product install? As an example, here is the update dialog box from the FoxIt PDF reader:
Can anyone tell me, just by looking at the dialog, what features I currently have installed and what I should update? I certainly couldn’t! This isn’t just a “fluffy / good to rant about” topic. A recent study from Google found that Firefox users are much more likely to be up-to-date with the latest version, compared to Opera users, and they attributed this to the fact that Mozilla Firefox has a “one-step” update process (effectively you just have to click yes once), while with Opera you must download the new install kit, run it and click trough it.
Update: added link to the browser study.