Slashdot Mirror
Symantec Hopes To Deliver Anti-Virus Online
daria42 writes "Symantec today said it will slowly move towards supplying its consumer applications online as services." From the article: "Sykes also said there was the possibility that tiny pieces of an application or a single virus scan could be resold by organisations such as online banks, which may choose to ensure their customers are not infected with a virus or spyware before they log on to their account ... This could be paid for by the customer using their credit card or by adding it to their mobile phone bill by sending a text message, said Sykes, who warned that banks could decide not to provide access to anyone with an infected computer."
What happens when a virus or spyware cripples your ability to launch the service via the web? What happens when you want to boot into a safe, standalone environment (no web access) and scan?
So, uh... what about those of us that run just linux? Will banks assume we're clean, or will they just lock us out because Symantec's stuff returns an error? That's a pretty big concern.
Thankfully I've already moved away from Symantec products. There are some situations where offering software as online services is not necessarily the best idea. I would put critical system utilities in that category.
What if I don't want to pay my bank for a stupid virus service. My bank should be a BANK. What, is Norton going to help me save money in a high interest bearing account now? Businesses should stick to what they do, so they do it best, instead of trying to be "user friendly".
Where all think alike, no one thinks very much.
McAfee's been doing this for years and when I was doing tech support, I frequently recommended my customers use Trend Micro HouseCall, a free online virus scan, whenever their current virus scanner wasn't working or wasn't installed.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Just because the antivirus scanner doesn't find anything doesn't nessesarily need to mean that there are none.
Every time I see a pop-up advertisement that says:
"YOUR COMPUTER COULD BE INFECTED WITH SPYWARE - CLICK HERE"
It sends up huge red flags for me, and I always shut them down without clicking. I've seen so many of them (wanting to optimize my Windows, etc.) that I'm now gun shy of any such remote scanning application.
I'll be thinking long and hard about letting anything scan my system through my firewall.
Steve
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
Maybe I'm a bit jaded at having been in the computer support industry for too long, but with the proliferation of nasties these days that disrupt internet connectivity in one form or another, I'm skeptical as to whether this is going to actually work. Hell, a good percentage of infections these days, be they viruses or malware, require manual cleaning, often from safe mode or self contained non-volatile bootable media. Even Symantec overwhelmingly recommends booting to safe mode to clean infections in most of their AV DB articles.
If I were a credit institute/bank/whatever, I'd:
Step 1: Offer virus scanning for a charge
Step 2: Require my customers to be virus-free
Step 3: Since I can only be sure they are virus-free after they have been checked (With my scanner, since I can't be bothered to support other peoples solutions): PROFIT!
Add to this the legitimate question about other OSes and AV-solutions and you have a bona fide extortion scheme.
But then, I'm a computer scientist, so I don't do "online banking" anyway...
Who cares? Who even uses this crap? If you don't have an active virus-shield style app scanning all the time you're just asking to get infected these days. I can't count the number of times that AntiVir Personal Edition virus shield (free for individual home use) has saved me from a virus or trojan while browsing. If I had to rely on a web-based scanner I'd be infected FIRST before I knew about it later.
Knight37 - Once a Gamer, Always a Gamer
This model for killing viruses sounds very much like the code gamers are getting used to seeing.
Its down to trust.
Before you can come on MY website, you have to run MY code. If you run my code and it gives the wrong result, then your fucked.
Problems, OS dependence, other people have mentioned already, but another is security - what kind of permissions do I have to give to allow arbitary code to be run which can access the running list of applications and OS internals, how do I know the code being run is safe?
Would you really feel safe opening up so much of your machine for a general internet site?
We are moving away from internet explorer and the nightmare of activeX, lets not go back to it.
After thought, if the banks implimented this as a standalone application and it did this scan as part of its initial authentication (like the gaming world), I would be less bothered than expecting this kind of code to be run in a browser. strange isn't it.
liqbase
Are they only going to scan active processes running? My virus scans take forever.
I can imagine trying to connect to my bank and waiting for the virus scan. I will getting bored and wander off. Then the bank would kick me off due to inactivity because it finished the scan while I wasn't looking.
"Only one thing, is impossible for god: to find any sense in any copyright law on the planet." Mark Twain
What interest is it of the banks to purchase such a product? Everything comes down to the bottom line, hows this going to help?
Just because some exec comes up with a snassy (new?) idea and starts talking it up doesn't mean it will find its home in the marketplace.
To me this sounds annoying, plain and simple. As a bank exec I'd really be scratching my head trying to figure out how my customers win (which makes me win).
Quack, quack.
Norton was decent when Peter Norton used to run the show. When he sold his company to Symantec, I have noticed the software turn into bloated crap. People seem to believe Norton is the best still, it used to be great in the mid-90s, but now it is garbage.
For anyone that buys Norton, I would try Nod32 instead, I think it is the best one out there if you're willing to spend money.
For those of you who prefer a free antivirus, I would try Antivir, it is much better than AVG.
If consumers get used to allowing their banks to execute code on their systems, then they become even more vulnerable to phishing scams... Phishing sites will have their own "virus checking" tools, just like the real banks, except these tools will install malware instead of trying to remove it..
Also virus checkers will be useless against more targetted attacks which are being seen more often nowadays, small attacks against customers of a particular organisation which don`t become widespread enough to get noticed by antivirus vendors..
And finally those of us not using windows systems or not using ie may get turned away since we're not able to run the virus checker (and most likely wouldn`t need to in any case).. I don`t think firefox provides a way to execute code with access to your local filesystem (for obvious security reasons) in the same way that activex does.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
...where they go and buy Norton AntiVirus for Macintosh.
Symantec Hopes this, Symantec Hopes that..
Symantec has been *hoping* to deliver something worthwhile ever since they stopped developing for DOS-mode.
Face it, the Norton Utilities used to be *great*. Now they suck! Norton Anti-Virus has never been spectactular. Norton Ghost.. Well, Norton Ghost is pretty good; at least the version I have; it still runs under DOS4GW with a non-MS GUI.
Do daemons dream of electric sleep()?
There are going to be risks no matter what security products a bank provides to its customers. After a year and a half working as a malware analyst, I know well that a "Clean" Virus Scan will provide customers with nothing but a false sense of security. Sober for instance has currently has 20+ variants that are known. You can bet there are plenty of malware variants in the wild that have no signatures. What the banks need to do is provide their customers with adequate computer security and let the customer decide which products are best for them.
Step 1: Hack Bank & have $rand clients told they are infected; Redirect to fake Norton Site.
Step 2: Take Credit information, infect client PC; churn disk for a while
Step 3: Make ~$5 per client suckered
Step 4: Rent out infected PCs for $$$$$$
Look, really, it's my computer. Sometimes it's private (none of anyone else's business what it's doing); sometimes I want some help checking whether it in infected with a virus, bacterium, worm, amoeba, horse, elephant, or whatever. Sometimes it's doing something confidential between me and my employer; in which case the bank had better check with my employer if they want to do anything with the computer.