Traditionally when security experts talk about snake oil products (i.e., security products that don't actually offer any security), they are usually only brave enough to call out products from dubious companies that make claims that are obviously false... almost always around cryptography. Few people call out venture-backed companies with well-known people on the management team.
Partially, this is because with most products, it's not so clear cut whether they are crapware. That is, the company's marketing department can always find someone happy with the product, and so it turns into a battle of credibility and opinion. The technical merits become secondary. A more common issue is that products do something to help, but they're not as awesome as their vendor would have you believe.
At the end of the day, if we say snake oil products are ones that don't do what the marketing leads the customer to believe it does, then many reputable security companies peddle snake oil.
For example, consider the company Trusteer. They're backed by the firm US Venture Partners. They have some seasoned veterans on their team, and some smart people. Plus, they have one big customer, Ing Direct, whom I'll assume is happy with them.
Trusteer's product is snake oil.
Their marketing claims that their product Rapport, "... protects login credentials and transactions, from desktop to Website, even if a computer is infected with malware." When I first heard this claim, I heard it directly from their President's mouth when he was explaining to me what they do (incidentally, I thought he was a good guy who genuinely believed in the marketing). I asked, "is this even going to work when malware writers start targeting your software?" He said "yes", that their technique will protect your personal info, no matter what infection is on your machine.
While there are a few ways you could make claims like that and have it be defensible, the solution they explained to me didn't sound like it would do that job. Basically, they put their code on your machine, and it obfuscates stuff. A determined attacker should eventually be able to figure out what that code is doing, and undo it or disable it.
The only way I can imagine them defending their technical claims is for them to say, "well, we sit in the kernel, and malware can't touch us if running with regular user privileges". But, in reality, there is plenty of malware that gets inside the kernel. Often, the bad guy just tricks the user into installing something with administrative privileges.
A few days ago, a friend sent me a link with a video where they show custom malware that has no problem defeating Trusteer's protection. The product does not do what the company claims.
If I were Trusteer, I'd counter this claim of snake oil by saying, "well, we never expected people to think it works all the time, just that it works most of the time". I wonder if Ing Direct knew that when they started offering their product. Because now, Ing Direct is going to its banking customers with a product that makes people feel like they don't have to worry about whether they're infected anymore. Why pay for AV, when the only thing you were worried about is identity theft?
Even if their marketing claims reflected the reality of their technology, I think it promotes a false sense of security. In short, trusting this product to do the job it claims to do only puts you at risk, particularly because it's not a huge stretch to think that, if you're going to get infected, it could easily be by something that can disable Trusteer's product. In fact, if enough people are using Trusteer's product, then that kind of malware would certainly get pretty common.
But, I suppose that, if you do understand the risks, it is better than nothing. Certainly, if you think you have a good chance of being infected, you shouldn't do online banking at all, you should worry about the infection. But if you don't think you are, then this product could actually help some of the time, when it turns out you actually were infected.
As you can see, the line between snake oil and a legitimate product is often a marketing claim. As a general rule of thumb, security companies want to make you think you're as secure as possible. Many of them are happy to lead you to believe that you're more secure than you actually are, which could end up putting you in a bad situation.
Therefore, it's generally worth doing your homework on security products you buy, to make sure you have at least a high-level understanding of the technical merits, and the drawbacks.