Symantec Hopes To Deliver Anti-Virus Online

daria42 writes "Symantec today said it will slowly move towards supplying its consumer applications online as services." From the article: "Sykes also said there was the possibility that tiny pieces of an application or a single virus scan could be resold by organisations such as online banks, which may choose to ensure their customers are not infected with a virus or spyware before they log on to their account ... This could be paid for by the customer using their credit card or by adding it to their mobile phone bill by sending a text message, said Sykes, who warned that banks could decide not to provide access to anyone with an infected computer."

Broken Internet

[theRiallatar]

What happens when a virus or spyware cripples your ability to launch the service via the web? What happens when you want to boot into a safe, standalone environment (no web access) and scan?

Linux?

[Rydia]

So, uh... what about those of us that run just linux? Will banks assume we're clean, or will they just lock us out because Symantec's stuff returns an error? That's a pretty big concern.

I don't want to

[NotoriousGOD]

What if I don't want to pay my bank for a stupid virus service. My bank should be a BANK. What, is Norton going to help me save money in a high interest bearing account now? Businesses should stick to what they do, so they do it best, instead of trying to be "user friendly".

Re:I don't want to

[Nikker]

The only reason I could see this as a GoodThing(TM) is for keyloggers. As a bank I wouldn't care if your computer ran or not because that's completely on your side of the fence. To give a warm and fuzzy feeling to you more than anyone that your not being jacked for the data your entering to what ever PC your using at the time.

That brings to my mind additional questions, would I want to pay additional money evrey time I use the banks services? By paying this will it insure as in insurance that if I do get snooped that I will be fully covered for any damages that may occur if they were wrong or missed a baddy or two? And how high would they cover? These are banks we are talking about here they will NOT spend money that does not make them money, period.

This would bring attention to the people who are using friends, family's or public computers for these transactions, it would probably wake them up. What I think would really work is a sandbox using encryption based on a one time password sent to your cell phone. It would be a website password, not unheard of but much more streamlined then scanning an entire computer for bad apples.

I would think it would work like so...

1. Goto web site and click on "View account" or something like that
2. You enter your cell phone number or an alias you have set up with them
3. Bank responds with a one time code to a personal device which is reasonably secure (wireless hand set)
4. You enter the code into the app and use only the app for interacting with your account
5. The bank is sent a checksum of the app on each transaction to insure integrity

If Symantec is going to use the same method and be sure there will be no infection then using that application to interract would be just as good, no? I may be the only one but I would not want to be waiting at a computer while it goes through the possible millions of files just to do a transfer or check my balance. In that case I would just want the bank to send me a SMS with my balance or a cheezy wap interface to transfer between 2 accounts.

I guess you can't blame Mr. Norton for trying but I don't think its gonna fly with banks. It does bring about a new method of accesssing the data that should be looked at. Possibly if it works well enough we could use this method for sending other types of confidential data or stuff you just don't want anyone else to see.

This is news?

[TheSpoom]

McAfee's been doing this for years and when I was doing tech support, I frequently recommended my customers use Trend Micro HouseCall, a free online virus scan, whenever their current virus scanner wasn't working or wasn't installed.

No guaranties

[BentSorenDahl]

"... which may choose to ensure their customers are not infected with a virus or spyware before they log on to their account."

Just because the antivirus scanner doesn't find anything doesn't nessesarily need to mean that there are none.

Uh, no thanks...

[maillemaker]

Every time I see a pop-up advertisement that says:

"YOUR COMPUTER COULD BE INFECTED WITH SPYWARE - CLICK HERE"

It sends up huge red flags for me, and I always shut them down without clicking. I've seen so many of them (wanting to optimize my Windows, etc.) that I'm now gun shy of any such remote scanning application.

I'll be thinking long and hard about letting anything scan my system through my firewall.

Steve

Re:Uh, no thanks...

[Xugumad]

"Your registry has 42 errors!"

Yikes, I'm on a Mac, I'm suprised it's only 42 :)

Whoa there nellie... not such a hot idea...

[Akardam]

Maybe I'm a bit jaded at having been in the computer support industry for too long, but with the proliferation of nasties these days that disrupt internet connectivity in one form or another, I'm skeptical as to whether this is going to actually work. Hell, a good percentage of infections these days, be they viruses or malware, require manual cleaning, often from safe mode or self contained non-volatile bootable media. Even Symantec overwhelmingly recommends booting to safe mode to clean infections in most of their AV DB articles.

Let me add another concern...

[Hakubi_Washu]

If I were a credit institute/bank/whatever, I'd:

Step 1: Offer virus scanning for a charge
Step 2: Require my customers to be virus-free
Step 3: Since I can only be sure they are virus-free after they have been checked (With my scanner, since I can't be bothered to support other peoples solutions): PROFIT!

Add to this the legitimate question about other OSes and AV-solutions and you have a bona fide extortion scheme.
But then, I'm a computer scientist, so I don't do "online banking" anyway...

Web Based Scanning Won't Cut It

[knight37]

Who cares? Who even uses this crap? If you don't have an active virus-shield style app scanning all the time you're just asking to get infected these days. I can't count the number of times that AntiVir Personal Edition virus shield (free for individual home use) has saved me from a virus or trojan while browsing. If I had to rely on a web-based scanner I'd be infected FIRST before I knew about it later.

Punk Buster

[LiquidCoooled]

This model for killing viruses sounds very much like the code gamers are getting used to seeing.

Its down to trust.

Before you can come on MY website, you have to run MY code. If you run my code and it gives the wrong result, then your fucked.

Problems, OS dependence, other people have mentioned already, but another is security - what kind of permissions do I have to give to allow arbitary code to be run which can access the running list of applications and OS internals, how do I know the code being run is safe?

Would you really feel safe opening up so much of your machine for a general internet site?

We are moving away from internet explorer and the nightmare of activeX, lets not go back to it.

After thought, if the banks implimented this as a standalone application and it did this scan as part of its initial authentication (like the gaming world), I would be less bothered than expecting this kind of code to be run in a browser. strange isn't it.

4 hours to do online banking?

[sckeener]

Are they only going to scan active processes running? My virus scans take forever.

I can imagine trying to connect to my bank and waiting for the virus scan. I will getting bored and wander off. Then the bank would kick me off due to inactivity because it finished the scan while I wasn't looking.

Norton used to be decent.

[beeswax]

Norton was decent when Peter Norton used to run the show. When he sold his company to Symantec, I have noticed the software turn into bloated crap. People seem to believe Norton is the best still, it used to be great in the mid-90s, but now it is garbage.

For anyone that buys Norton, I would try Nod32 instead, I think it is the best one out there if you're willing to spend money.

For those of you who prefer a free antivirus, I would try Antivir, it is much better than AVG.

Quite worrying...

[Bert64]

If consumers get used to allowing their banks to execute code on their systems, then they become even more vulnerable to phishing scams... Phishing sites will have their own "virus checking" tools, just like the real banks, except these tools will install malware instead of trying to remove it..

Also virus checkers will be useless against more targetted attacks which are being seen more often nowadays, small attacks against customers of a particular organisation which don`t become widespread enough to get noticed by antivirus vendors..

And finally those of us not using windows systems or not using ie may get turned away since we're not able to run the virus checker (and most likely wouldn`t need to in any case).. I don`t think firefox provides a way to execute code with access to your local filesystem (for obvious security reasons) in the same way that activex does.

4 Steps to Profit:

[amcdiarmid]

Step 1: Hack Bank & have $rand clients told they are infected; Redirect to fake Norton Site.

Step 2: Take Credit information, infect client PC; churn disk for a while

Step 3: Make ~$5 per client suckered

Step 4: Rent out infected PCs for $$$$$$