Can the Malware Industry be Trusted?

Joe Barr writes "Is the entire anti-virus / malware industry as rotten as it appears? I started digging into it as a result of the recent lame, unsubstantiated assertions of viral threats to Linux by Kaspersky Lab, but the practice doesn't seem to start or end with them. Who knows, maybe it's pandemic in that entire segment of the IT industry."

gee...

[grasshoppa]

An industry blowing problems up to be bigger than they seem in order to sell more product? Conspiracy!

The only real crime here is that we've let ourselves be suckered by them for as long as we have.

Re:gee...

[Tackhead]

> An industry blowing problems up to be bigger than they seem in order to sell more product? Conspiracy!

No, that's Government. (Wait, there's a difference?)

Re:gee...

[scronline]

Well, on the Windows platform it's well justified doom and gloom. But like with any corperation (read greedy) that sells a product, they are going to want to boost sales. So it's their job to state the reason(s) why their product is necessary. Many times the truth gets skewed in that process.

But regardless of the fact that ANY software producer will hype their product (As I'm sure you've seen by reading /. the words Microsoft and Yankee Group should spring to mind) you have to take that hype with a grain of salt. You can't buy into everything otherwise you're the gullible little sheep that they need/expect to survive. The aptly named Phantom console is a perfect example or even Duke Nukem Forever. However, I don't want to bash Kaspersky since after all, I prefer their AV software to any other mainstream product out there.

Either rate, Antivirus is a necessary evil. Using *NIX doesn't remove you from the responsibility of not forwarding an email virus because it's a funny joke. You may laugh, but there have been several times I've had people on Linux forwards me "jokes" with Windows viruses attached.

Re:gee...

[grasshoppa]

However, I don't want to bash Kaspersky since after all, I prefer their AV software to any other mainstream product out there

Nod32. Know it, love it.

You may laugh, but there have been several times I've had people on Linux forwards me "jokes" with Windows viruses attached.

Then that is the fault of a clueless email admin. I've setup many email servers, and I don't think a virus has ever made in past that point coming in or going out. It's quite simple really, which prompts me to call the admins in question idiots.

Re:gee...

[tnk1]

No, that's Government. (Wait, there's a difference?)

That's like saying there's no difference between the organ grinder and his trained monkey. Of course, there is a difference. One of them dances around, makes monkey noises, and steals stuff from you for the benefit of the other.

Re:gee...

[psu_whammy]

The other is the trained monkey.

Re:gee...

[scronline]

What does it matter if the admin is/was less than knowledgable. Isn't that part of the point? My mail servers scan for all viruses and spam and....yadda yadda, but there are still those people out there that simply don't know. What about those people just learning linux? What about those rare cases where someone's filtering daemon isn't working and to allow mail to continue to pass while it's being repaired the filtering is bypassed? Or for that matter, I seem to remember a time when email filtering wasn't done and it wasn't all that long ago.

It's a mistake to act holier than thou and label someone an idiot because they simply because something isn't/wasn't being done. I'm just saying that calling someone an idiot isn't exactly helpful to ANY problem. As a perfect example...

You're narrow-minded and part of the *NIX stigmata since you think that everyone should have as much knowledge about IT as you do, if they don't they're instantly stupid. Try lending a hand instead of calling someone an idiot. For all you know they could literally be a nuclear physicist.

Didn't exactly like that comment much, did you? Which do you think got my point across better and will illicit a better response? Paragraph 2 or Paragraph 3?

Sorry to get off-topic, and I don't really mean any true insult. Just making a point.

Re:gee...

[ZeroExistenZ]

I believe there isn't.

You should watch century of the self if you get the chance. It lays out how the psyche of people have subtly being manipulated for both commercials as policital reasons.

The documentary shocked me as I've never thought it would've been as well defined and with as clearly defined "goals".

Re:gee...

[kesuki]

I reread your comment. The irony slipped past me the first time :)

but you know what, the entire industry isn't corrupt, there are at least 8 competing adware companies, and yes they ALL try to collect personal data, they ALL try to make the ads pay the bills. Some companies try to do it the right way. they keep the software running on their own servers, and their own products EG yahoo. some companies try to squeeze a little more out of the bottom line, and offer 'sweet deals' to opens source communities. a little cash, a few coders, and we can make your product better, just code in a little bit of tracking data about which user clicks on which url whenever they do in your software and send it to your datacenter... I think you know who does that. then there are the true malware writers.

They write software that takes over your system. They make pretty decent money at it too, and frankly, without them who'd be getting paid the big bucks in IT? yeah it sucks, there are people who want a Free ride, get over it. As long as the people getting the free ride are profiting vastly less than the people who are doing the more honest less evil way then it all works out in the end right?

Re:gee...

As a long time /. etc reader I think this has something to do with "shoot the messenger" and especially "shoot the russian, red messenger" thing.

Cold war crap in technical sites look funny.

Re:gee...

[From+A+Far+Away+Land]

I was always pretty virus-savvy, but when I found vmyths.com Rob really opened my eyes. Someone doesn't need an antivirus program to go virus free, and I did it for years, and only got my first infection while I was running free AVG 7, and ran an insecure version of Java, giving me the javabyte virus when I must have surfed somewhere unsafe. It was easy to clean up fortunately.

Every year Symantec has a critical flaw in their software, so someone can actually be SAFER without Norton on their computer, and a little common knowledge.

Bad title!

[Rob+T+Firefly]

Surely they mean the anti-malware industry?

Re:Bad title!

[truthsearch]

Exactly. I read the title and thought of course we can't trust the people who write malware... they write malware!!

Re:Bad title!

[gmf]

Surely they mean the anti-malware industry?

Maybe that's the same? Who knows?

Re:Bad title!

Parent: Insightful

Re:Bad title!

[buckhead_buddy]

Rob T Firefly wrote:

Surely they mean the anti-malware industry?

I think there's a dubious market for malware. (Okay, so my old boss might be the type to commission a new virus, but most aren't.) The anti-malware markets need a continuous set of threats to be taken seriously and though they don't write the malware themselves, it's integral to their success in business.

Advice from industry experts giving 'analysis' such as "The smarter virus writers won't deploy their security compromises until after Vista actually ships." practically tells malware developers "If you're smart, you'll hold off on deploying your next big hack until after Vista ships so that your security hole won't be patched up before then."

When their analysts actually look seriously at alternitives that will reduce the scope of malware (such as moving to Linux or Mac OS X) then we may have real separation between the markets. Until then the anti-malware camp probably the most able to profit from (and legally disclaim responsibility for) the existence of malware.

Re:Bad title!

[Rob+T+Firefly]

Next on Slashdot.. does that mugger demanding your wallet at knifepoint really have your best interests at heart? Stay tuned.

Re:Bad title!

[Ant+P.]

(Shamelessly ripping off a comment half a page above) Wait, there's a difference?

Re:Bad title!

[grommit]

I don't know about you but Norton's software is certainly malicious from my perspective.

Re:Bad title!

Surely they mean the anti-malware industry?

Saying that's a bad title suggests that there is a difference between the anti-malware and malware industries. I'm not so sure about that.

Re:Bad title!

[just_forget_it]

more like some greasy-haired goombah explaining the benefits of "protection money"

This is a lot like Sears, Best Buy, Home Depot, CompUSA, and Circuit City having their salesman over-exaggerate potential (yet very rare) problems in order to sell the extended warranty.

Re:Bad title!

[RemovableBait]

I pointed this out in an email to the 'duty editor' before the story went live, but they obviously didn't listen. Tagged 'badtitle'.

Good thing they don't get paid for editing Slashdot. Oh, wait...

Re:Bad title!

[DCstewieG]

That's how I read it to. I thought, duh, no. Then realized it mean anti-malware. Then thought, hell no!! Little thing called "conflict of interest." Kinda like when a TV commercial says that if you are tired during the day you must be diseased and need a magic pill!! Hmmm....

Re:Bad title!

"extended warranty"

Cue responses from the losers who bought the extended warranty and thought it was totally justified because their $63 DVD player crapped out 92 days after they bought it.

Hey, you people, it's like a casino. They wouldn't sell you the extended warranty if the odds were in your favor!!!!!!!!!!! Save your money!

wtf?

[kunwon1]

From TFA:

Today, players like McAfee, Symantec, Norton, and dozens of other firms fight for a share of a market worth tens-of-billions of dollars a year.

If this guy doesn't know that Symantec == Norton, I don't think I have any use for his opinions on malware companies.

Re:wtf?

It looks like the author of the article edited it, removing Norton.

But he really should have just reworded the sentence.

Symantec AntiVirus and Norton AntiVirus are very different products even though they both belong to the Symantec corporation.

Re:wtf?

I think you mean Symantec = Norton. Your == is just a true/false test. It's obviously true, but you are leaving most C programmers scratching their head over the syntax error.

Re:wtf?

[kunwon1]

Well, I'm not a C programmer. I'm a guy who hit the button twice by accident.

money

[Lord+Ender]

If you assume that every person is motivated by money alone, then you are forced to conclude that anti-malware companies have the greatest incentive to produce malware.

Re:money

[Draelen]

They don't need to do that, yet. Other people (motivated by money) do that job perfectly well for them already. All they need to do is simply convince people that their product is a must for survival on the internet.

Re:money

Are you trying a reductio, or are you just an idiot?

Re:money

[level_headed_midwest]

I think that even though the anti-malware industry surely tries to play fast and loose with the virus statistics and spread FUD for the less-vulnerable-by-design OSes (as we have seen in this article) that is not malicious at all- it's simply marketing. Just about every company (and especially politicians) everywhere will spin the facts to "create the need" for their products or services. However, I do not think that any anti-malware companies make viruses. That's a very good one for the conspiracy theorists as it certainly is possible and would be extremely lucrative, but the writers sometimes get caught. If a McAfee or Symantec got caught writing and releasing viruses, that would be all she wrote for the company's future- and not to mention that they are liable for any and all damages and lost time/income due to their virus infecting computer systems. Bottom line is that it's too big of a liability for them to make viruses. Besides, there are MORE than enough bored 28-year-olds living in their parents' basements to supply the world with viruses.

Re:money

[Lord+Ender]

I may be an idiot, but at least I figured out how to log in, coward.

Re:money

That statement is nearly correct. For a "Flawless Victory!" it should read as follows:

If you assume that every corporation is motivated by money alone, then you are forced to conclude that anti-malware companies have the greatest incentive to produce malware.

A scenario in which it is profitable for a corporation or company to commit crimes is a scenario in which corporate crime is not just likely, but is well-nigh inevitable. The sole reason for these entities to exist is to make money. Everything else ( including abiding by pesky laws ) is secondary to the goal of making money. If your initial comment was made in jest, then you need look no further than Enron, Worldcom, Haliburton, Microsoft, the **AAs, Bechtel, Union Carbide, and practically every company of significant size as a counter example. Its not merely a statistical correlation or coincidence, but is a causal effect. All companies will commit crimes if they can make a buck doing so.

Individual people can be moral, or immoral. Corporate entities on the other hand are amoral - they operate with no sense of ethics or duty of lawfulness at all.

And apropos the FA, I have it on strong authority that Kaspersky Labs are basically funded and owned wholly by russian organised crime syndicates. I cant speak for the other anti-malware vendors, but wouldnt be surprised if they had mafia-esque sponsors as well. Its one hell of a shadowy industry

Re:money

[Walter+Carver]

If malware reduces, it's bad for their bussiness. It's so easy for them to collaborate with spammers in order to "fight" them later. Spammers get some time of "reign" and then anti-malware companies "fix" the problem. Everybody wins. Everybody but the consumer.

people DO believe this stuff

[yagu]

Agree or disagree with the points of this article (I mostly agree), there is an elephant in the middle of the room everyone ignores.

From the article (emphasis mine):

Every year, US-Cert produces huge fireworks in the security trade press with their annual summary of misinformation about security flaws. The idiots in the press repeat the lie verbatim and the lie becomes real. What is the lie? That Unix/Linux is less secure than Windows. Granted, only the stupidest dolts in the universe -- and the trade press -- are going to buy that crap, but they put it out there anyway.

"Only the stupidest dolts in the universe?" Aside from being a little insulting, it's just not true. Many intelligent people believe these reports simply because, as the article points out elsewhere, because it is repeated the lie becomes truth.

People trust "media" to the extent they don't have expertise in some subject matter. What other result would you expect? There are too many topics, too many reports, and too many things demanding attention, general consumers and lay people, appropiately (though naively), rely on integrity of reporting bodies to filter that part of their world not their specialty(ies).

Reporting organizations (e.g., CERT) have an ethical responsibility to normalize and make canonical data issued for general consumption.

Unfortunately the technology world today is Microsoft's sandbox, and seemingly if anyone wants to play, be it media, competition, and lately even government, Microsoft seems to be able to control the rules. Sigh, again.

Re:people DO believe this stuff

[tbannist]

You can't trust (U.S.) Media. In the cae of Jane Akre vs. Fox News, a U.S. Court of Appeals Judge ruled that Fox News (and by precident, every other media outlet) did not have a duty to report the news truthfully or factually.

Re:people DO believe this stuff

[Shadowlore]

People trust "media" to the extent they don't have expertise in some subject matter. What other result would you expect? There are too many topics, too many reports, and too many things demanding attention, general consumers and lay people, appropiately (though naively), rely on integrity of reporting bodies to filter that part of their world not their specialty(ies).

What should we expect? We should expect that if something is important to you, you at least do some research into it. It isn't like the information you'd need isn't out there.

Re:people DO believe this stuff

[vertinox]

"Only the stupidest dolts in the universe?" Aside from being a little insulting, it's just not true. Many intelligent people believe these reports simply because, as the article points out elsewhere, because it is repeated the lie becomes truth.

I don't mean to be semantic, but would not a truly "intelligent" being be able to be able to tell the truth from propaganda, exagerations, and lies? As in your mental capabilities has been fully developed to discern social engineering?

Otherwise, they wouldn't they wouldn't fit the text book of what intelligence is. A truly intelligent person would be able to know when someone is lying to him or at least take everything with a bit of disbelief. Perhaps a key feature of intelligence is its relationship with skepticism.

Of course an intelligent being can still go along with lies for other reasons such as the lie suits his needs or he simply chooses to ignore the lies because it doesn't apply to him.

Of course the devil advocate in me says even the most book smart person can be duped in a field that isn't related to him. As in... Sure I can do amazing things with computer technology, but I'm hard pressed to follow my car mechanic's description of my cars problems and be able to discern if the work he is suggesting really needs to be done. That of course doesn't make me a mindless idiot or dolt in my real line of work.

However, on the same token, if I was a car mechanic and a car parts person was trying to sell me the anti-mal-oil add-ons and I buy it without question and any real car mechanic worth his salt knows that is a waste of money then I am a certified dolt in my profession.

Re:people DO believe this stuff

[Red+Flayer]

""Only the stupidest dolts in the universe?" Aside from being a little insulting, it's just not true."

Sure it's true. Assumption: the population considered includes only people who use computers and know that Linux/Unix/MacOS/Windows exists.

The stupidest dolts could be half the population if you wanted. No quantity of 'dolts' is specified, so for all it matters, the stupidest dolts could include all but the smartest dolt.

The real implication, however (and this is the part I love) is that it's logically implied that anyone who believes it is a dolt.

complete lame if you ask me.

[edgecrush3r]

Anyone can collect information about bluetooth devices on the go, and with simple Tooting action you could try to force the user install malicious software on his device. But whats the point of all this ?? In the end you gain not much, except for maybe a list of personal contacts which you can use for complete psychopate experiences. You dont need an array of devices to see if a certain exploid is working, just get your hands on the device implementation docs or just start reverse-engineering the stack on your own device. On an average train journey I discover 10/15 Bluetooth enabled devices on my Mobile. Using the same Mobile, I also discover 200/240 WiFi Access-Points with zero encryption if I travel by car. The latter at least gains enough connectivity to browse 'Slashdot'. Trying each door to see if a car is locked, is pointless unless your trying to steal it.

Re:complete lame if you ask me.

[Pieroxy]

Are you 100% certain you posted on the right story?

Gadzooks!

[goldaryn]

Every year, US-Cert produces huge fireworks in the security trade press with their annual summary of misinformation about security flaws. [...] The summary gives a total for flaws found in Windows and another total for flaws found in Unix and Linux. Last year, those totals were 812 for Windows and 2,312 for Unix/Linux.

Oh ****! Quick, someone tell me how to upgrade to this "Windows" thing!

Re:Gadzooks!

[karait]

My conclusion would be that Windows has an alarming number of flaws for a system with almost no security.

Re:Gadzooks!

If you're interested into better data then just ask the antivirus database of your antivirus program how many virii are known for Windows (that's definitely more than 2312)...additionally ask the creator of "AdAware" or comparable tools how many troyan horses and malware are known for Windows....

Re:Gadzooks!

[NoxNoctis]

Pardon me for playing devil's advocate here, but... What was the average time taken to release a fix/patch for the security from the moment of discovery for both? I'm also curious how many of this vulnerabilities are still around? Without these bits of information the statistics you collected from the US-CERT are just numbers.

Re:Gadzooks!

[morethanapapercert]

What I'd like to see is more detail on what exactly constitutes a flaw?
OK, so there are 812 flaws for the Windows family (9x/NT/2K/XP) and 2,312 for the UNIX/Linux family (UNIX,BSD,Debian, Ubantu, slackware, red hat etc etc). Seems clear enough. TFA makes clear that a flaw which affects fifty different distros is counted as fifty separate flaws. Also pretty clear. Misleading perhaps, but possibly defensible by the statisticians who compose the numbers.
  What is not clear to me is just what is considered a flaw. A bug in package management that corrupts the install of something is clearly a flaw, but not a vulnerability. Similarly, an application that corrupts data if a library dependancy is out of date is also a flaw, but that is not a vulnerability either.
  A bug in a web form that allows a vistor to pass arbitrary *executable* data to the underlying systems is clearly a vulnerability. I'd like to see a count of how many of that 812/2,312 breaks down into flaws that allow a stranger to f**k with your system in some fashion.
  After all, if you want to pick an OS (or an application for that matter)based on minimizing risk, then the key number is the amount of vulnerabilites. I am not a *nix user (yet!) but it is my understanding any one distro or even the entire family as a whole has fewer vulnerabilities to 3rd party attacks and that proven "in the wild" exploits are even fewer. ( I am totally ignoring insider attacks, no box is completely secure to someone who has physical access to it )
      That being the case, the odds of a *nix box being compromised from an outside attack is far, far lower than for a Windows box. OR am I being totally misled here?

Re:Gadzooks!

[jrumney]

Last year, those totals were 812 for Windows and 2,312 for Unix/Linux.

There's a simple reason for the difference between general perception (at least on Slashdot) and the raw statistics above. If a vulnerability is found in openssh, it counts as a flaw for Linux, for BSD, and for any Unix flavours that ship openssh by default. If a vulnerability is found in the ssh client that ships with Windows... oh wait.

perceived standard?

[OffTheLip]

Microsoft has established itself as a standard so much so that even a 'unbiased' consumer organization such as Consumer Reports basically only acknowledges MS when reviewing computers and making recommendations. Apple is a player but not top tier. It's no wonder AV companies pander to MS and spread FUD. Logically, one would think that a business that exists to correct flaws in another product would lead consumers to shy away form that product but no, because MS is a standard.

Re:perceived standard?

[Penguin+Programmer]

It's no wonder AV companies pander to MS and spread FUD. Logically, one would think that a business that exists to correct flaws in another product would lead consumers to shy away form that product but no, because MS is a standard.

Wait, why on earth would an industry that exists to correct flaws in another product lead consumers away from that product? If AV companies encouraged people to ditch Windows, actually be careful on the internet and take other measures to avoid malware, and people listened to them, the companies would go out of business. No Windows, no need for a Windows anti-virus.

I think it has nothing to do with MS being a "standard," its just the fact that the AV companies need Windows to have some holes in it (and need people to exploit these holes) in order to have any selling points for their software. It's "pander to MS" or go out of business.

Re:perceived standard?

[tbannist]

I think OffTheLip was referring to the obvious point that if a product has spawned an entire industry that revolves around fixing it so that it actually works, that potential customers should be wary of using that product due solely to the existence of that industry. It implies that there are very serious problems with the original product. I do not think he meant that the industry itself should be engaging in self-destructive activities.

The only situation where this is not the case is where the customers are convinced that there is no substitute for the product under consideration.

For example, you'd never eat at a restaurent that had a stomach pump kiosk set up out front that was doing a brisk business with departing patrons, would you?

Yet people still buy an operating system that requires you to have anti-malware and anti-spyware software running constantly to prevent your computer from being exploited by others.

Re:perceived standard?

[DanQuixote]

SWEET!!!

FTA...

"It may be that if you do business with Microsoft on a regular basis, you get used to working in an ethics-free environment"

ROTFLMAO!

Title is chillingly apropos

[TripMaster+Monkey]

Not really...after all, these firms have absolutely no interest in eliminating the problem, but only in treating the symptoms. That's why they continually endorse an OS that is legendary for its security holes, while spreading FUD about more secure alternatives like *nix and MacOS, which have a chance of actually fixing the underlying problem.

Re:Title is chillingly apropos

[happyemoticon]

What bugs me about the big guys is that they've become such gigantic products. They cause as many problems with their bloat as they fix, and they still don't fix everything (especially where Ad/Spyware is concerned). And this, of course, makes them REALLY not want to fix the underlying issue: people would start noticing that their computer starts up twice as fast and generally runs much better without some cyclopean anti-everything program.

Symantec Client Security started out as an OK little product. At the time, I was very impressed that its UI was so clean. Now, they're a complicated amalgams of firewall, AV, anti-spyware, Cuisinart and dishwasher. While I realize that they sell integration, there's no reason that integration need entail poor usability and baffling complexity. I once tried to get FTP to work on a relative's computer. I found that in Norton there was no firewall rule for FTP anywhere (or it was named something weird), yet it was blocking all traffic. My only option was to completely disable their firewall (and people get pretty mad when you tell to disable something they paid for.

The reason there's such a high pressure to integrate, of course, is that these guys make big bucks off of huge corporate licenses. Many IT or business development people I've talked to have said that they won't put anything except Norton on a desktop. I can see their point, because only dealing with one company means less IT and B2B overhead. And from Norton/Symantec's point of view, if they didn't offer a fully integrated solution, then somebody else would and they'd lose the client. So, they acquire every technology they possibly can and haphazardly jam it into their suite.

While I'm posting, I will admit that the article is least partially true. At my company, we were somewhat embarassed to admit that we were sad when the first really apocalyptic adware site we'd found went offline. This wasn't because we wanted to drum up sales, but rather because they were a great test case for our technology.

Re:Title is chillingly apropos

[Tim+C]

more secure alternatives like *nix and MacOS, which have a chance of actually fixing the underlying problem.

How so? When replying, please consider that I'm Joe Sixpack, armed with the root password, just enough smarts to install stuff and not enough smarts to not install bad stuff.

Re:Title is chillingly apropos

[Red+Flayer]

"Not really...after all, these firms have absolutely no interest in eliminating the problem, but only in treating the symptoms. "

Sounds familiar, hmm, where have I heard that business plan before?

Not a big coincidence that the anti-malware firms are doing so well, when their business model mimics that of the (consistent) market darlings for the last two decades, big pharma.

Re:Title is chillingly apropos

[Y2]

more secure alternatives like *nix and MacOS, which have a chance of actually fixing the underlying problem.

How so? When replying, please consider that I'm Joe Sixpack, armed with the root password, just enough smarts to install stuff and not enough smarts to not install bad stuff.

I put it this way: Windows' application integration is built on a base of executing as instructions anything it finds which can possibly be executed. Documents and help files have embedded controls to be executed by the system, to name just one example. MS has learned that this is dangerous behavior, but their ability to move away from this model is severely hampered by the need to maintain compatibility, even basic functionality, with a mountain of installed base.

Re:Title is chillingly apropos

[99BottlesOfBeerInMyF]

"...more secure alternatives like *nix and MacOS, which have a chance of actually fixing the underlying problem." How so? When replying, please consider that I'm Joe Sixpack, armed with the root password, just enough smarts to install stuff and not enough smarts to not install bad stuff.

Well, both of those OS's have some architectural advantages, like not needing to run network services for local actions, that make automated compromises less common. They both tend to be more responsive to vulnerabilities thus further reducing risks. They are motivated to fix the problems as developers are also users and no one has a monopoly to ensure income.

Mostly, it is this last aspect. Right now there are security features on certain linux distributions that if properly integrated into the OS and UI would make both automated attacks and trojans a whole lot harder to manage. They have not been integrated into mainstream distributions because, there is no real demand. Linux does not really have a malware problem because of the architectural choices, people who make up the user base, and the size of the user base. If, however, that were to change, I have no doubt developers would respond and implement them. Microsoft has not, because they just don't really care that much and have no motivation to do so.

Re:Title is chillingly apropos

[mmalove]

What underlying problem? Users not knowing how to use their access rights on the OS? You've got that on any operating system.

Since I got my home computer in Spring 05 (over a year ago in other words) I've run it without AV or AS (anti spyware), on a Windows platform. From day one I turned off active X, javascript, scripting, etc except on trusted sites. I've taken it to various shady regions of the internet in that time, and yesterday decided to go ahead and install Ad-aware just to see if anything had broken through. Want to guess what was on my system?

1000s of threats? No.
100s of threats? No.

I had one piece of malware, excluding tracking cookies (which are a necessary evil with any kind of remember me feature). Some dialer that I discovered was completely inactive because my computer lacks a traditional modem.

I do wish Windows defaulted to a less vulnerable state, but securing for day to day use is a matter of point and click, and a little bit of vigilence.

Re:Title is chillingly apropos

[swv3752]

At least in NIS 2006 you could create special rules to open specific ports, but it was not easy. Of course some of thier default settings were idiotic. By default NIS would block secure web pages. Add in that Symantec only offers pay for support phone calls, and you really have to wonder if they purposefully do this to hold thier customer's bank access hostage.

Re:Title is chillingly apropos

[nvrrobx]

Apparently you aren't actually keeping up with the industry.

Symantec's CEO, John Thompson, made comments that everyone ought to buy a Mac.

http://news.zdnet.co.uk/internet/security/0,390203 75,39269294,00.htm

(Disclaimer: I work for Symantec. My opinions are my own and not necessarily reflective of my employer.)

Re:Title is chillingly apropos

[99BottlesOfBeerInMyF]

Not really...after all, these firms have absolutely no interest in eliminating the problem, but only in treating the symptoms.

So look who is motivated to fix the problem. MS isn't, they aren't losing market share and they've introduced their own anti-virus to milk the situation. So who is? Well alternate OS vendors are (as you mentioned), since they can use it as a differentiator, but most of them don't really have a malware problem so they haven't put much effort into a better solution. Big, enterprise businesses are and people who sell them solutions that do multiple tasks, like network management, where malware is a small piece of the puzzle. Some of the solutions to come out of that space are surprisingly effective. "Oh, gee another random worm outbreak. Well, lets just stop that from spreading or re-entering the network using our routers to filter it. Now I'll send this list of infected hosts to operations along with a virus signature and they can clean them when someone writes an AV signature and a tool to remove this one."

Who else is motivated? Big network operators are. Worms clog pipes and launch DDoS attacks. That is fine, since they can charge for the bandwidth, but customers complain about the network congestion and a lot of people are willing to pay extra for "cleaned" pipes. Some of the solutions in that space are likewise effective; the same thing on a larger scale. At least one of the tools ups the ante by letting operators swap signatures using a centralized database.

Who else is motivated? Open source projects, like Clam AV and the like. If corporations donated a quarter of what they spend on proprietary solutions to these guys, they'd save a fortune and end up with better solutions. They could emulate the techniques employed by the two examples above and apply them on a smaller scale.

It is a pity most corporate purchasing agents did not have a course on critical thinking in high school.

Re:Title is chillingly apropos

[Oztun]

I worked for an on-site PC repair company and I would add that Norton causes more problems than spyware. I would go on more calls where PC's ran like crap because Norton products needed to be reinstalled than spyware cleanup calls. All I can say is thanks Norton for helping me pay my rent.

Re:Title is chillingly apropos

[Chris+whatever]

Can Microsoft be considered the biggest Malware company EVER???

Re:Title is chillingly apropos

[a.d.trick]

Usually when a user installs bad software, they don't know what's going on. The problem with the Windows security model it that it is very permissive about how to execute code. All you need is a file with a particular extention. To make things even worse, it hides the extention by default and you can put an icon on it to make it look like another kind of a file. So Joe User things he's opening a birthday card.

That's one reason package managers are so cool. If you make that the only easy way to install stuff it allows for some quality control. Plus, advanced users can add extra repositories for software that is not in the main one.

Alan Trick

Re:Title is chillingly apropos

[svvampy]

The problems yo've experienced are largely due to a poor interface design.

Whenever an executable tries to make a connection to another host through the firewall, the following information should be displayed:

program is trying to open a connection to target-ip[hostname] on port

Then the following options should be available:

• Always allow program to connect to target:port

• Always allow program to connect to any host on port

• Always allow program to connect to target on any port

• Allow this connection for this session

• Block this connection for this session

• Permanently block this connection

It may seem to be too detailed, but the dumb-ass user will get by by selecting block everything or allow everything to their tastes. It'd also be nice to have application profiles set up, so that after you first install foo-fox and it tries to connect the first time you can select an application profile: 'web browser' that will open up the appropriate ports.

Re:Title is chillingly apropos

[jp10558]

There are firewalls that do this - Outpost is the notable one.

The Security Industry Does Not Want Security

There's an entertaining presentation from Defcon X given by Gobbles (with help from Silvio Cesare and The Unix Terrorist) - 'Wolves Among Us' - the video is worth watching for a laugh, several laughs, at the expense of many so called experts. http://www.defcon.org/html/links/defcon-media-arch ives.html

Silvio: "The Security Industry Does Not Want Security, They Want Insecurity"

Who would have guessed

[DoChEx]

Seriously, people buy anti-virus because they fear viruses, who tells them what viruses to fear??? How strange that those anti-virus companies are all doom and gloom.

Can they be trusted?

[WillAffleckUW]

Sure.

OK if I install this spyware in your computer and just backup your credit card numbers for you without your permission?

Thanks.

Oh, no, that's ok, you don't have to answer. We'll do it anyway.

I trust some of the anti-malware industry

[Coopjust]

Well, I certainly don't trust the malware industry :)
Seriously, however, I never buy any peice of security software without looking for testing results and reviews.
Also, I will never use any product that makes false positives intentionally (to scare the user into using/buying the product). That's just asking for trouble.

Re:I trust some of the anti-malware industry

[goldaryn]

> Also, I will never use any product that makes false positives intentionally

Hmm, you make an interesting point. Ever notice that when you run one of these expensive security suites and you don't get any meaningful results, you always get a couple of "dangerous" cookies found, just to keep the results above zero?

The logic must be: Don't tell them it's clean. Use fud if necessary.

Answer

[ilovegeorgebush]

Yes it is, and no it can't.

Fear and Protection Rackets

[RichMan]

The whole thing is a protection racket. The more they can make you afraid of the consequenses and aware of the "threat" the more you are willing to pay for protection. The whole thing is based on a vulnerable infrastructre.

If there was a solid infrastructre that was trusted the whole industry would disappear. The industry is based on the Microsoft Operating system and its designed vulnerabilities. The industry would not exist without the flaws in the Microsoft Operating systems and workflow. If Microsoft fixed its stuff, or if people migrated to a solid infrastucture the industry would disappear. I am sure the industry as a whole is looking at Linux as a big threat, it could destroy their whole reason for existing.

As a whole the Linux client is not a market for this industry. They need to make Linux/OSS users feel the threat so we will by their product.

Re:Fear and Protection Rackets

> consequenses
> infrastructre
> infrastructre
> infrastucture
> need to make [...] users feel the threat so we will by their product.

The real question: how can we scare you into buying Mavis Beacon Teaches Typing?

Re:Fear and Protection Rackets

[Davorama]

The whole thing? Let's not get carried away, please. The bad guys are out there. They are writing viruses and ammassing botnets for fun and profit. They are out to get you.

TFA is on the mark in terms of the vacuous ethics of computer security software press releases and scare mongering but that doesn't mean that solid, secure operating systems would elliminate the need for anti-malware products. Maybe I'm wrong but I don't think the patching mechanisms for Linux distros and Macs or are so fantastic and/or timely that they could keep infestations at bay in the face of the zero-days they would face if they each had a third of the market.

Re:Fear and Protection Rackets

[pete6677]

A protection racket would be the anti-virus companies writing and releasing viruses, then charging you for protection from them. That's not what is happening here. Anti-virus products are certainly sold using scare tactics, but then again so is insurance. If someone discovers that Symantec is behind the latest virus that they're selling protection from, I guarantee criminal charges will follow.

Ethics and Morality

Can Malware Industry be Trusted?

Unfortunately, Ethics and Morality are lacking in many Industries and Corporations.

AV for MacOSX: $59 -- Why?

[JonTurner]

Agreed, the industry is full of FUD, along with other substances.

Noticed a copy of AntiVirus for Mac OSX @ CompUSA last week. $59! Three questions:
1) Who buys this stuff?
2) Why so much?
3) Why?

To my knowledge there is only one virus in the wild for OSX and it never really made an impact. I understand that AV for Mac scans for the billions of Windows viruses, but considering that the Mac is extraordinarily unlikely to become infected, it's similarly unlikely a Mac will pass on a virus. I know it's part of being a good net citizen, but ultimately scanning email is your own responsibility. I don't scan for Linux or mainframe viruses, or iPaq scripts. Why should I scan for Windows viruses?

Or am I missing something?

Re:AV for MacOSX: $59 -- Why?

[boyfaceddog]

Who buys this? Obviously you are not in the IT industry! :-)

Serriously, my dept insists on AV/Anti-Malware software on EVERYTHING (even Macs)because my boss's boss (CIO) can be fired if we lose data and she wants someone to blame. The theory is that eventually someone will create a virus for OS X and then we will be prepared. Whatever. I just fill out the P.O.s and do what I'm told.

Keep you boss's boss off your boss's back. That's my motto.

Re:AV for MacOSX: $59 -- Why?

[scottme]

No idea.

Re:AV for MacOSX: $59 -- Why?

[buckhead_buddy]

Symantec AntiVirus products for Mac (in my experience) are incredibly popular among people moving from PC's to Macs: the so called "Switcher" market. It's really just a matter of having built a reputation on fear in one market and the user feeling naked without that product.

Some argue that it's not bad to have a security infrastructure in-place, even if theres very little self-propagaiting malware out there. It makes one "ready" to deal with the inevitable threats when they are discovered. It makes one confident that they will be the first ones to recognize and recover from any future infection.

That seems like a good idea until you realize that to install and remove malware means the software will need to operate with very high permissions. Installing programs like Clam or Symantec Antivirus are possibly giving hackers more potential ways to exploit your system than if you hadn't installed the anti-malware to begin with. I think there actually have been low-level, local security holes found based soleley on security software that the user has installed.

On the Mac, I think there is more harm than good done right now with anti-virus products. It's almost like feeling you must hang that lucky pair of fuzzy dice in your new car because you think it helps you not have accidents, when in fact their interference in your driving might be what causes you to have one.

Re:AV for MacOSX: $59 -- Why?

[Urban+Garlic]

> Or am I missing something?

You're thinking about practical and effective anti-virus measures. Think stupider.

Some organizations have a high-level policy that says that all machines must have up-to-date anti-virus software, and until you can certify that this is the case, you can't use the corporate network, because your MAC address will not be on the router's whitelist.

You can bribe the IT guys (probably more than $60), you can hack your MAC to an allowed one (possible MAC collision, lose your job if you get caught), or you can buy AV for your Mac.

Re:AV for MacOSX: $59 -- Why?

MS Office macro-virii, such as Concept, are cross platform.

Where you find MS, you also find virii.

Re:AV for MacOSX: $59 -- Why?

[gyrogeerloose]

I once checked out a Web site for a company--I don't recall which one--that had advertised their new anti-virus software for OS X on a Mac-oriented site. Afterwards, I sent them a politely worded letter stating something along the lines of "While I'm not saying you shouldn't be selling your product, would you please respond with a good reason I should buy a copy seeing how, at this time, there are no known viruses or spyware that run on OS X?"

I never heard from anyone.

Re:AV for MacOSX: $59 -- Why?

Installing programs like Clam or Symantec Antivirus are possibly giving hackers more potential ways to exploit your system than if you hadn't installed the anti-malware to begin with. I think there actually have been low-level, local security holes found based soleley on security software that the user has installed.

This has happened, yes. Actually there are currently remote LOCALSYSTEM exploits out for Symantec AV Corporate and Symantec Client security. Looking back numerous big-name AVs and personal firewalls were vulnerable to 'shatter' attacks and vulnerabilities are still occassionally discovered in unpacking engines (usually just "zip bomb" type DoS but not always).

My all-time favourite exploit was for ThunderByte AV; this had strong heuristics and ran well on the lowly 486's of the era, but it achieved this by basically running the code(!) in a sandbox. I think it was 29A that worked this out and managed to bypass it, resulting in a virus that got executed by ThunderByte itself every time it was scanned :)

Then there was that release of Norton that wouldn't execute WIN.COM anymore if you turned the 'bloodhound' heuristics all the way up, thereby preventing windows from starting ...

Re:AV for MacOSX: $59 -- Why?

[arose]

What's you problem with Clam?!

What a stupid title

[guspasho]

"Can the Malware Industry be Trusted?"

Of course it can't! It's the friggin' malware industry! Their business plan centers around installing stuff on your PC that you don't want on there and didn't ask for, and abusing your PC without your permission for their own purposes. Why on God's green earth would someone like that be trusted?

Re:What a stupid title

[Anita+Coney]

I agree. I had to convince myself I wasn't reading Digg!

Work on your public image

[gr8_phk]

From TFA "The idiots in the press repeat the lie verbatim and the lie becomes real. What is the lie? That Unix/Linux is less secure than Windows. Granted, only the stupidest dolts in the universe -- and the trade press -- are going to buy that crap, but they put it out there anyway."

idiots, dolts, crap. There is a lot of name calling in there. He sounds like a teenager complaining about her friends. I don't claim to be the most articulate person around, but this guy shouldn't be writing articles. People judge you by the words you use. I got so distracted by his name calling I had to post before finishing the article, and I'm wondering if I'll be able to reach the end or take his side given the tone.

Re:Work on your public image

[Tim+C]

Agreed. I read that far and stopped reading. Maybe I'm being overly harsh and judgemental, but I'm busy, and don't have time to waste on the sort of article that that gave me the impression this was going to be.

Sure, it's an opinion piece, but name-calling isn't called for.

Re:Work on your public image

[Greyfox]

Hmm. I notice our IT guy at work claims that Windows is more secure than Linux or OSX. I also notice that he refuses to take my challenge to put freshly installed Windows, OSX and Linux machines on the open internet for 24 hours to see which of them get compromised. He's gone so far as to claim that OSX "Wouldn't even be a challenge for hackers." There'd probably be no work for the IT department if the company switched to OSX, so I suppose it's understandable that he takes that position. Sure does make him sound like an idiot though.

Re:Work on your public image

[schamarty]

I agree, it doesn't add to your credibility when language like that is used, although I have done it myself once in a while when particularly upset about something!

I must say though, that I read through TFA and it does make a compelling argument. The numbers are pretty damning, and we ought to be aware of it. Too bad Joe Barr lost his cool and so lost readers as well...

Mod parent up, please.

[TripMaster+Monkey]

Yagu makes a good point...being in the IT industry, sometimes we mistakenly perceive things as being blindingly obvious, when in point of fact, it's still quite a mystery to the layman. Characterizing Joe Sixpack as a 'stupid dolt' equates ignorance with stupidity, which is fallacious and counterproductive.

Obviously, the 'stupid dolts' are smart enough to draw conclusions based upon the available intel they have access to...the real problem is that, as the author correctly pointed out, the lies are repeated until they become the truth. GIGO, and all that jazz.

There's no cure for stupidity, but there is a cure for ignorance: education. If we want to fight this FUD, we need to do it by teaching the truth, rather thn dismissing the vast majority of users as 'stupid dolts'. When we do that, we play right into the hands of the malware companies.

Re:Mod parent up, please.

[MrSquirrel]

I whole-heartedly agree. When a user clicks on a .exe/.pif link in an e-mail/IM that says something like "omg picturz frum last nitee!", it's not their fault for being "stupid" -- they just don't know any better. They have a different "reality" as to how computers and the internet work. Why would their friend send them a virus? Why would a pop-up lie when it tells them it detected a virus on their computer and they needed to download malicious virusscanner 1.2 (the 'this installs even more viruses' edition)? Even in cases of phishing -- in their mind, the message says it's from 'so and so'. The populace must be educated to make the internet a safer place -- until then, the world will just be full of technical ignorance/misunderstanding. Now... the 4th or 5th time the same user clicks on the SAME .pif link... then it's okay to want to hit them.

In the news

[955301]

- The malware industry cannot be trusted to report when things are improving or a better alternative to their bread and butter os exists.

- Doctors poor at telling hypochondriac when there is nothing wrong with them.

- Car companies not reliable source of information about bicycles and public transit.

- Lawyers cannot be trusted to create legislation that doesn't criminalize everything.

- Politicians appear to be lying or misleading to get elected.

- Wolves unwilling to notify sheep in advance of attack.

Re:In the news

[rark]

Actually, doctors are notorious for telling people they are being hypochondriacs when they actually have medical problems. No skin off the doctors' noses, as they get paid anyway, and often they get more because a condition requires more treatment when caught later.

Hrm....

The article itself...

... is even lower quality. The inflammatory tone is just embarassing to read (though by and large, I agree with the gist of the content).

Readers

[phorm]

Not all the readers would necessarily know that the two are the same, so it might be just to impress both names in their mind. That or make the 'conspiracy' larger than it seems./

Re:Readers

[kunwon1]

He referred to them as two separate firms. In either case, Slashdot is a site frequented by IT pros, or at the very least 'power users'. We don't need articles that are dumbed-down. No matter the reason, this guy lost credibility with that line.

Re:Readers

[gEvil+(beta)]

I buy my products from Windows and XBox and Office. I like to diversify, it keeps me safer.

Re:Readers

[rob1980]

That's why you say "Symantec (the creators of Norton)" instead of structuring your sentence to make it seem as though Symantec and Norton were two different antivirus vendors. Either way it's a moot issue now as it seems the article has been corrected.

Re:Readers

[LunaticTippy]

Then people will bitch that Symantec didn't create Norton, they bought it.

job security

[jaimz22]

i've always thought that maybe anti-virus and anti-spyware companies would produce virus's and spyware, i mean how do you get better job security than fixing something that you broke.. and people STILL say thanks!

Re:job security

[boldtbanan]

i've always thought that maybe anti-virus and anti-spyware companies would produce virus's and spyware, i mean how do you get better job security than fixing something that you broke.. and people STILL say thanks!

Yeah, like Microsoft's announced entry into the anti-virus industry. You can actually find a way to profit from your screw ups (or active sabotage if you're even more insidious).

Anti-malware should stay in the people's hands

[Spy+der+Mann]

This is my reason for liking Clam antivirus, an open source product and maintained by the public. The governments should sponsor such products with constant donations.

You used to be able to trust them...

... but then, you used to be able to trust slashdot to put a disclaimer in the article when linking to sites owned by the same company.

their motivation

[v1]

Malware publishers are motivated by the money they get from what they do. It's not about morals, it's not about good business, it's ONLY about money. Money is the most powerful motivator there is. If you wave enough cash in front of a group of people, no matter what they have to do, someone will take you up on your offer.

There will always be takers. So by default we can say that the malware business will remain rotten to the core until it is not only made illegal, but also prossicuted ruthlessly until which point it is neither proffitable nor worth the risks. Right now, there are mountains of money to be made, and little or no risk of prossicution, so it continues unchecked.

Don't expect this to change any time soon.

Old Story

[LukePieStalker]

As long as there have been companies selling antivirus software, the rumor has been circulated that they were also developing new viruses to keep themselves in business. In reality, I think that there will always be plenty of "volunteers" to handle this aspect of the business for them.

The Malware industry can be trusted ...

[davidwr]

The Malware "industry" can be trusted to do what is best for the Malware industry.

The anti-Malware industry, which is what this article is talking about, can be trusted to do what's best for the anti-Malware industry.

The former are Black Hat. Let's hope the latter are and remain White Hat.

never buy antivirus/whatever

[deviceb]

i have always believed the people producing the most garbage on the net are the people who's jobs are supported by it. use AVG free personal ad aware free a firewall and your all set. I have been running this setup for years with 0 issues. (i even missed on on the sony rootkit because i listen to streamed music ;) yay me

Demand more from the IT press.

[khasim]

The issue is not whether Joe Sixpack believes what he reads ... it's whether the IT "journalist" merely repeated the claims of a company with a financial interest in fostering a certain perception.

Joe Barr admitted that he had done that with the claims about Apple, but he then spent time doing the research.

And the "journalists" that "report" on the IT industry have a long and colourful history of bias and willful ignorance. There is no excuse for that. And it is those reports by those "journalists" that keep Joe Sixpack so ignorant of the real facts.

Does This Prove His Claims?

I always thought my experience here was ironic. Any thoughts? I mean I have to set my computer to promiscuous to install an anti-virus program! Weird.
http://www.blendedtechnologies.com/mcaf-irony/67

Can the ****** industry be trusted?

[shodai]

No.

Yes, Rotten To The Core

[aldheorte]

Yes, the anti-virus industry is as rotten as it appears, if not more so. In talking to non-expert computer users who use anti-virus, anti-virus causes more problems than it solves. Anti-viral software with automatic updating is essentially like installing a rootkit on your computer controlled by the anti-virus vendor. With just a little bit of training, and perhaps a different email client than Outlook, as well as using Firefox instead of (or patching) IE, viruses and malware are easily avoided.

Anyone who is serious about security doesn't run anti-virus because it does not fix the root issues of vulnerability.

Thy key is that anti-virus can be sold on fear and, since the average computer user doesn't understand that there is nothing mystical about viruses and their vectors are easily identified, fear sells a product that actually makes your computer less secure and less usable. That said, there are some good free programs out there, like ClamAV and Spybot Search & Destroy to help you as a system administrator check out suspicious files or clean up a mess on a specific case by case basis (the latter only applying to Windows).

Re:Yes, Rotten To The Core

Anyone who is serious about security doesn't run anti-virus because it does not fix the root issues of vulnerability.

I don't quite buy that, sir. I am serious about security, I don't use Outlook or IE and I still use antivirus software. Why? Because I don't have control of my Windows machine. Microsoft does. And, damnit, there have been just too many instances where Microsoft, for their own reasons, deliberately re-install, re-enable, or just invoke their own software even though I tell Windows specifically NOT to. With Windows, you don't even have any control over the root issues of vulnerability.

Re:Yes, Rotten To The Core

[dbIII]

With just a little bit of training, and perhaps a different email client than Outlook, as well as using Firefox instead of (or patching) IE, viruses and malware are easily avoided.

There's still open ports that should never be allowed to listen for instructions on a hostile network - you really need to put a MS Windows box under the adult supervision of a firewall - preferably an external one or a little firewall/router embedded system built into your network card.

Too pejorative

[Himring]

Every year, US-Cert produces huge fireworks in the security trade press with their annual summary of misinformation about security flaws. The idiots in the press repeat the lie verbatim and the lie becomes real. What is the lie? That Unix/Linux is less secure than Windows. Granted, only the stupidest dolts in the universe -- and the trade press -- are going to buy that crap, but they put it out there anyway.

I got to that point in the article and remembered the red ink on a paper I wrote in grad school, wherein the professor said, "too pejorative to be taken as an objective analysis of the topic."

In all things academic or reporting, if you do not really have it, then at least fake objectivity....

seen this before

Rewind to 1998 everybody. I read one article during the "millenium crisis" about a school district that bought all new refrigerators because some "expert" told them that their regular refrigerators weren't Y2K compliant and they might stop working - or blow up. We've seen the junk science before, we see it today - it will be with us tomorrow my brothers.

Counterpoint

[sopwith]

Whether or not the malware industry can be trusted, anyone who calls a company a "servile buffoon" probably can't be trusted to be a impartial and logical journalist.

Things are never as extreme as they seem - there are good & bad guys (and in-between guys, and girls too! :) in both the anti-malware and journalism industries. I don't trust the Kaspersky Kooks at all, but McAffee and some of the other companies (e.g. PC Tools Software, F-Secure) do have some credibility in my book.

Then too, we know that the only way that all those evil writers can sell their stories is to make them sound melodramatic... :P

Spam filter claims are mostly bogus

[gvc]

Spam vendors and open source vendors make lots of whacko claims.

[...] extremely low false positive rate, with less than one in one million messages being a false positive.

A few years ago, Bayesian classification seemed a promising way to filter spam.

[...] best recorded levels of accuracy have included 99.991% by one avid user (2 errors in 22,786) and 99.987% by the author (1 error in 7000), which is ten times more accurate than a human being!

That translates to better than 99.984% accuracy, which is over ten times more accurate than human accuracy

In the game of cat and mouse between spammers and anti-spam vendors, spammers and hackers quickly developed new techniques to "fool" the Bayesian filtering software.


File these under UFO sightings.

No! Stay vulnerable. Please.

[xkr]

The anti-malware software industry is like the insurance industry. They want to provide their paying customers with benefit, but the last thing they ever want to do is encourage consumer behavior, law, or product changes that actually eliminate the problem, thus putting themselves out of business.

Re:No! Stay vulnerable. Please.

[noidentity]

"The anti-malware software industry is like the insurance industry. They want to provide their paying customers with benefit, but the last thing they ever want to do is encourage consumer behavior, law, or product changes that actually eliminate the problem, thus putting themselves out of business."

At least the insurance industry covers serious things that one really has no way of completely eliminating ("acts of God" and mishaps).

Re:No! Stay vulnerable. Please.

[Assska]

What? That is a false analogy, the insurance industry exists because life is unpredictable and "shit" happens. The anit-malware industry exists because of faulty programming and home-user ignorance. Next time you belittle the "evil" insurance industry...imagine a world without it. The industrial/technological boom of the 20th century would not been if it were not for insurance and the safety net it provides for entrepreneurs. What has the anti-malware industry done?

Re:No! Stay vulnerable. Please.

[Redwin]

The anti-malware software industry is like the insurance industry. They want to provide their paying customers with benefit, but the last thing they ever want to do is encourage consumer behavior, law, or product changes that actually eliminate the problem, thus putting themselves out of business.

So, how long before the anti-malware industry lobbys for a law to be passed stating that all computers must come installed with an anti-virus product. Like not being able to legally drive without car insurance, you would not be legally allowed to run a computer without anti-virus software.

No, not really

[FishandChips]

Perhaps the question needs wider phrasing: can the IT industry - not just the malware side - be trusted? Personally I don't think so because they seem addicted to denying the consequences of their own actions or foisting the cost on the public. You can see this everywhere from the paltry, tokenish efforts to tackle malware and spam by corporations that regularly turn in billions in profits, to the Heath-Robinson-like, energy-guzzling design of the PC itself, to dumping clean up and recycling via shady deals with the Chinese. Let's not even look at moral issues like DRM and Hollywood or Chinese censors.

OTOH, no industry can be trusted. If it wasn't for some tireless public-minded advocates the auto industry would probably have us still driving deathtraps with engines designed in the 1950s or the pharma industry, for example, would have us growing three heads while being charged 50 bucks for a paracetamol.

Re:No, not really

[spun]

Perhaps the question needs wider phrasing: can the IT industry - not just the malware side - be trusted?

Um, you're asking this of a bunch of people reading slashdot on company time...

That's baloney

[Sigg3.net]

Migrating to another OS does NOT eliminate the people writing malware.
Changing your shoes does not change the weather.
But walking with sandals in a blizzard is not actually helping yourself.

It's hard to tell!

[jdbartlett]

McAfee somewhat blurs the distinction.

Parent Insightful

Parent Insightful

Trust the Volcano Industry

I saw a special on Quahog 5 news. According to Trishia Takinowa, you can trust the Volcano Insurance industry. Especially if there hasn't been an eruption in awhile... it only increases the odds!

Viral linux threat

I am the biggest proponent of linux and use it daily, even on this laptop.
The assertion and assumption that linux is immune to worms, viruses and other stuff that affects windows today, is dangerous.

Linux just isn't a common target.

As more people migrate to linux, you'll see more people running and living in it as root out of stupidity and/or ignorance. If you run as root, you are just as vulnerable as an average home user running windows.

When people start targeting linux for viruses and other malware, you'll see the same issues for the same reason.

-AC

Welcome to the world of big business.

[Blue6]

Is this really any different then what a lot of industries do? Just turn on your television and your bombarded with drug company ads for E.D. and a myriad of other aliments. Now excuse me while I go take my pills for restless leg syndrome.

Conspiracy? Maybe. Stupidity? Definitely.

[GregStevensLA]

Can the anti-malware industry be trusted? Can microsoft be trusted? Can the IT industry be trusted?

One thing that all of this overlooks, is that it doesn't take malice for hysteria to spread.

premise: people fear what they don't understand.
premise: most people don't understand computers.

I have a friend who fancied himself a home-taught computer expert. Armed with TweakXP, a few anti-virus tools, and a small handful of other gadgets, he was always offering to "optimize" and "fix" his friends' computers.

And lo! and behold, every single computer that was ever brought to him had "a major virus" or "a serious trojan" problem on it. Of course, there is so much media hype about viruses (and people's bad browsing habits) that this was fairly believable. However, the mere consistency of his diagnoses started making me suspicious....

Sure enough, after a few in-depth conversations, it turns out that he was using bad virus-detection software: some unknown little program that he assumed was "better than all the rest" because it "always found more" (it didn't occur to him that most of them were false positives); and moreover, it turns out he didn't even have a clear understanding of what a "virus" is.

But let me tell you: he had a stream of people in and out of his apartment that were absolutely convinced that ANY time there was EVER a problem with their machine, it MUST have been because of a virus.

Re:Conspiracy? Maybe. Stupidity? Definitely.

[DanQuixote]

[troll on]

This reminds me of the worst virus I've dealt with. You might have heard of it, it's called WindowsXP. It has an amazing ability to propogate itself using social engineering, and Ooooohhhh it's a nasty one. It takes over your hardware and refuses to do what you need until you get "permission" from some bot in Redmond.

Lately I too am finding that all my friends are asking me to help get rid of it.

[troll off]

Re:Conspiracy? Maybe. Stupidity? Definitely.

[rark]

It's not malice that is spreading these beliefs, and I think that the original author is aware of that. Just how many times did he use the word 'idiots' in that article?

But it's definitely arguable that malice (or at least extreme greed, to the point of not caring about the truth, security, safety or anything else but profit) is behind the *starting* of these rumours. Then the computer-ignorant masses believe and spread the beliefs, because, after all, the security experts said so!

Three words about the antimalware industry:

Zero Day Exploits.

2 more words:

Snake oil.

The best protection against malware is dumping Microsoft. No other platform is vulnerable. Your best argument against this is to write a Linux or Mac or BSD virus and dissiminate it.

Good luck, Symantic et al have been trying for years to no avail.

Why I don't trust them at all

[Nom+du+Keyboard]

Not since F-Secure "discovered" the Sony RootKit and decided "work with Sony" rather than remove that crap from my system have I trusted them. In fact, as a litmus test ANY anti-virus software that still doesn't immediately and completely remove all known Sony and other DRM infections is just shy of useless in my opinion. They clearly do not have my own user's interests at heart -- and we're the ones paying these jokers! Removing StarForce would be nice too!

Re:Why I don't trust them at all

F-Secures rootkit scanner detected Sonys rootkit as such from the very beginning, AFAIK. Also, Bruce Schneier said: "Perhaps the only security company that deserves praise is F-Secure, the first and the loudest critic of Sony's actions..

Re:Why I don't trust them at all

They did what was right. The Sony rootkit was not illegal per se, they wrote clearly on the CD label it comes with copy protection and the IP of the song is theirs. The only problem was with Sony rootkit is poor programming, hackers could attack it. Thus F-Secure tried to convince Sony to release a patch or rather abandon the entire rootkit-based copy protection scheme since it is technically very dangerous in a net-connected world. Of course the first thing they did was not to stand at the corner and cry aloud about the Sony rootkit, so all hackers get to know about it and write exploits for it. Then some lone yankee gunman thought he is smarter than all others and made a lot of noise and within days, malware to exploit Sony rootkit appreared in the wild, hurting hundreds of users. That could have been avoided if he used responsible disclosure (go to the vendr first). That's my 50cent.

Re:Why I don't trust them at all

[dbIII]

Not since F-Secure "discovered" the Sony RootKit and decided "work with Sony" rather than remove that crap from my system have I trusted them.

Unfortunately if they had made a public announcement about it we would probably only remember them as the brave former company that stood up to Sony and were finally and posthumously found to be correct all along - so they had to talk to Sony first in a long slow process. Commercial malware is only going to be dealt with properly by those who don't have anything to lose.

Re:Why I don't trust them at all

Unfortunately the Sony rootkit was a form of DRM, which despite horribly mangling computers was propagated under the guise of copyright protection. Courtesy of the DMCA, circumventing copy protection is against the law, so they probably felt obligated to pursue avenues of conduct that wouldn't get them sued.

It's a ridiculous situation, of course, and I agree with you in principle - but F-Secure weren't in a very good position to proceed when they found that.

Source for the most effective AV

[lightyear4]

#include
#include "OStest.h";

main(){
if((is_OSX() || is_Unixey()) && !has_slashdot_flames()){

printf ("Scanning for viruses..........!");
printf ("None found! Goodbye! \n");

}else if(is_MS_OS())

printf ("AHHH!!!!!! $@$*!@*&DU}{#$%3xfad\n");
printf ("\n");
printf ("You're screwed, sorry. \n");
printf ("\n");
printf ("caused an invalid page fault in \n");
printf ("module ORA2.EXE at 0137:0044dba7.\n");
printf ("Registers:\n");
printf ("EAX=0258f108 CS=0137 EIP=0044dba7 EFLGS=00010202\n");
printf ("EBX=00459630 SS=013f ESP=0258d840 EBP=0258f158\n");
printf ("Bytes at CS:EIP:\n");
printf ("c7 42 08 84 60 45 00 89 d1 83 c1 10 89 4a 4c 89\n");
printf ("Stack dump:\n");
printf ("0258f4f8 0258f608 00401781 5328203d 3d204449 43524f20 2929294c\n");
printf ("65722041 72697571 2e206465 204c4c44 656c6966 7325202c 6177202c\n");
printf ("6f6e2073 6f662074\n");

}
}

Good point about "Eulaware"

[Beryllium+Sphere(tm)]

Linux and OS X have a good record for resisting drive-by installs. But as TimC points out, the threat model has to include users downloading dancing cursors and weather forecasting applets with 20-page EULAs, readable three lines at a time, which bury a cryptic line or two which means "all your base are belong to us".

There are operating systems that can protect against that threat. They're not mainstream in design, and neither Linux nor OS X is among them.

>please consider that I'm Joe Sixpack

Joe Sixpack -- four digit Slashdot id -- the cognitive dissonance is too much, I can't survi

Re:Good point about "Eulaware"

[Tim+C]

Joe Sixpack -- four digit Slashdot id -- the cognitive dissonance is too much, I can't survi

Ok, so I didn't mean that *I'm* Joe Sixpack, I meant something along the lines of "Explain to me how Linux or OS X can prevent me from screwing my machine over. While doing so, assume that I have the root password and am Joe Sixpack..."

*I* am actually a developer with 7 years commercial experience who's been using a variety of different computer systems over the last 23 years, from my humble little Sinclair ZX Spectrum with 16KB of RAM, through various Amigas, VAXes, Unix workstations, etc to my current mix of Windows desktops and Linux, Windows and Solaris servers.

*I* don't screw my machines over (well, apart from that one time I tried to mod my Spectrum +2 by replacing the built-in tape deck...), but I'm of the opinion that $randomUserWithAdminAccess does and will, regardless of OS.

Re:Good point about "Eulaware"

[IamTheRealMike]

Linux and OS X have a good record for resisting drive-by installs.

Not really. Consider that Firefox has had many drive-by exploits available for it, and nothing stops you installing software on Linux without root then altering startup scripts/gconf/kconfig/session manager to ensure it's always loaded. From there it's trivial to do many things, including (in the unlikely event you care) getting the root password.

Re:Good point about "Eulaware"

[molarmass192]

There are operating systems that can protect against that threat. They're not mainstream in design, and neither Linux nor OS X is among them.

Examples? I'd really like to see scum-ware persistently infect a RAM based PuppyLinux runtime. On that note, users are going to download crap, it's what users do. However, the scum-ware author ***KNOWS*** the OS layout for Win/OS-X, there's little flexibility, they can be 99% certain when estimating the fs/lib layout that what they need is there. On Linux, that's a much trickier proposition. First, there are a many Linux distros, each with differing fs/lib layouts, nothing can be taken for granted. Second, there is no centralized binary only registry to hide in, it's much easier to find the malware attempting to hide in plain view in /etc/init.d. Lasty, because Linux distros ship with all the software users are likely to use on the media and user data is isolated in /home, odds are users will do fresh installs, destroying the malware, rather than upgrade. Of the Win/Lin/OSX trio, Linux is going to be by far the most resistent to recurring persistent infections because it's not a homogenous playground like Win or OSX. Now, to play devil's advocate, a nasty written in a common interpreted language, to eliminate lib/compilation dependencies, nestled in .kde/Auostart or .gnome/session-manual would be pretty tough for Joe Sixpack to detect.

Re:Good point about "Eulaware"

[RESPAWN]

Joe Sixpack -- four digit Slashdot id -- the cognitive dissonance is too much, I can't survi

What'll really blow your mind is when you realize that his UID is actually 5 digits. ;)

Re:Good point about "Eulaware"

[marcosdumay]

Linux protects the user better than Windows from that on at least 2 different ways: 1) It normaly comes with the dancing cursors and weather forecasting apps included, so the user won't be that tempted to install them. 2) Most software doesn't have a EULA*, so we can teach Joe Sixpack to be sispicious of software that shows it.

There are also 2 unrelated advantages: 1) Linux DEs don't ask confirmation every time for every stupid action, so the user gets used to read dialog windows. 2) Most document formats don't hide executable code, and *nix permissions make it hard to execute programs. Those also contribute a lot to security of Joe Sixpack's computer.

* It is very sad the number of free software projects that asks you to accept the GPL before you install their code. Hint for the developpers, if it is a free license, THE END USER DOESN'T NEED TO ACCEPT IT! Just you, that is distributing the software must accept it, and sometimes not even you.

Re:Good point about "Eulaware"

[arose]

It is very sad the number of free software projects that asks you to accept the GPL before you install their code.

Somehow that mostly happens in Windows ports of free software...

Re:Good point about "Eulaware"

[rthille]

Well, my wife doesn't have admin priv. on her OS-X box, so I don't have to worry too much about her installing things she shouldn't. The fact that the box is very usable for a non-admin user does help with resisting viral attacks.

NO

[ajs318]

Anti-virus, anti-spyware, anti-adware stuff ..... it's all closed-source payware. That alone just goes to show that the primary motivation for writing it is not to get the job done properly, but to milk people for money.

Open Source software, which by definition is approaching perfection like 1-e**(-k*x) approaches unity, will never, ever be subject to malware. It's the very antithesis of everything the anti-malware industry is about.

and other fine questions

[saltydogdesign]

Can I trust a man who breaks into my house, rapes my wife and kills my children? I dunno. Any takers?

Hypocracy

[deblau]

Any time someone claims Windows is more secure than Linux, ask them this: If Windows is so secure, why are the AV companies pushing harder at the market for Windows AV products than for Linux?

Re:Hypocracy

Because the linux market is worth approximately 0$ while the MS market is worth well over 10$ billion.

And that doesn't take into account anything other than installed user base. God forbid you take a moment and actually look at other market factors. The precieved security that comes with linux. The entire open source movement which tends to shun subscription pay services in favor of (mostly) inferiour open source projects. The computer literacy level of the average unix/linux GEEK when taken against the average windows user. And many more.

The next time someone claims linux is more secure than windows. Ask them this. Which kernal? Did you compile it? Who did? Which distro? With or without todays updated release? On what hardware? First, or third party drivers?

And then ask them to take the installed base of linux against the installed base of windows and then using a weighted average contrast the number of known and verified security issues.

The thing that most irritates me about the open source crowd, is that you guys (rightly) take great pride in your work (or the work of your peers). The problem is that it leads to unreal views on what the product is or isn't.

Is Linux secure? No. Is windows secure? No. Is there such a thing as a secure OS? Probably, but not one that will do anything you actually want to do.

The bottom line is that windows is only "the most insecure" Os because it's the most used OS. Which not only means it has the most hands in making software and drivers for it. But it also has the most black hats looking for holes. Let your average AOL user loose on any number of linux desktops and you'd be suprised how fast the system crashes and burns.

In reguard to the greater topic. Is the security industry trustworthly? God help us if they aren't. Because no one else is going to.

I don't "trust" Norton in the sense that I would give them my CC numbers or SSN. But I trust norton to make a decent AV product. And a decent Firewall despite what some novice users might say about FTP. ;)
Do I trust them to make efforts to stop malware in the first place? No. Thats rediculas. Do you trust the medical industry to cure you? Wouldn't it be more likely they would like to treat you on an ongoing basis? Given a choice, they are going to do whats best for them. Whats best for them is finding and destroying any malware that adversly affects my computer. Because if they don't, I find something that does. It's really very simple, and it's the way the world works.

Are we done with they fluff articles yet? Is the world of IT really this boring these days?

The AV crowd ain't the bad guys

[Opportunist]

Does the pharma industry exaggerate the bird flu threat?
Does the car industry exaggerate the additional safety an extra airbag on every corner of the car provides?
Does the low-carb food industry exaggerate the effect low-carb food has on your weight?
Does the perfume industry exaggerate the amount of stink you produce if you don't sprinkle their 10-bucks-a-shot stuff under your arms?

Can ANY industry be trusted that they don't blow the effect of their product (or the threat of "what if you don't buy it") out of proportion?

Actually, the ONLY thing you can definitly rely on is that anyone who wants to sell his product will tell you that the world's coming to an end if you don't use it.

I'm working for one of those anti-malware companies. Yes, there is a threat. No, not for YOU. At least, for most of you. Simply tick the following questions:

Do you think patching your OS is for weenies?
Do you start anything sent to you from anywhere?
Do you forgo all common sense when you log into the web?

If you answer "no, yes, no", grats, you're safe. PERIOD. No AV needed. Doesn't hurt, but you can do without.

For the other 99% of internet users, there's anti-malware programs. No, they're not perfect. No, the world's not coming to an end when you don't use it (though I wish it would make their computers explode so they just MIGHT get hit by the ClueByFour(tm)). Yes, there are a LOT of fraudulent tools out there that hype and rant about oh how insecure your system is and that you have a bazillion infections even if there are none, just to lure you into buying their crap.

Usually, we try to "be good", though, and actually provide a service for the clueless masses that trample through my sweet little net these days. Yes, take our marketing goons and stick them with the lawyers of the RIAA for the sake of humanity (thinking about it, round up the rest of the marketeers from other companies while you're at it), then fire them into the sun.

But I do think we do more good than ill. At least for those who go to the 'net without the foggiest idea of the threats that are our there for them. Yes, that even provides YOU, as a clued person, a service. It might be one less moron with a spambot to tell you that c1sali5 got cheaper again.

Re:The AV crowd ain't the bad guys

Does the politics industry exaggerate the terrorism threat?
Don't the anti-terrorism measures and the constant emphasis on threat cost us more than the occasional attack?

Re:The AV crowd ain't the bad guys

[Opportunist]

I didn't want to draw political examples or the list would've exceeding the posting limit.

Re:The AV crowd ain't the bad guys

[swordfishBob]

Your 3 questions aren't enough:

            Do you think patching your OS is for weenies?
            Do you start anything sent to you from anywhere?
            Do you forgo all common sense when you log into the web?

For a period, Outlook and/or Outlook Express would automatically launch content. Malware can spread to networked machines where files are shared or services are vulnerable. Browser hijackers take effect before people realise.
As dissed here often, user applications running with full admin privilege is a major issue.
Phishing works because people can't tell it's not real - and the only reason they'd be suspicious is because they've heard of such scams and know people have been caught in the past.

That said, there used to be some very effective antivirus software that didn't require daily signature updates, until a/v vendors realised there was more money to be made from subscriptions.

Re:The AV crowd ain't the bad guys

[Opportunist]

Yes, there are other issues that should be taken care of. But if you answer those 3 questions "right", it's quite likely you'll take care of the rest, too. For some reason, to my experience it's either-or extremes: Either your computer is tighter than Fort Knox or more open than a brothel during an exec conference.

And yes, there was no real "need" for daily sig updates during the "old days". The problem of today is, though, that you have more "new" malware per DAY than you had about 10 years ago per year. Additionally, spreading is by magnitudes faster today than in the days predating the internet boom. Also, their destructive power was heaps lower. Writing malware was a geek hobby. Few of them were really destructive, most were more a proof of concept than an actual attack to user data. Today, viruses are a business. "Fun" viruses that display some ASCII art are gone, replaced by malware that spies on your passwords and uses you as a spamslugger.

AV autors had much more time to react, too. Virus writers had to take into account that it will take months until their code is distributed widely enough, so it had to "slumber" for a while and activate on some arbitrary date if they wanted to create real havoc. Today, distributing malware is a non-issue. It is where you want it to be, in as many copies as you desire.

Comparing the AV problem of today (and the means taken against them) to what was standard about 10 years ago is quite unfair. It's like saying you can survive rush-hour in New York 'cause you drove 50 years ago through the town and it can't be different today.

Re:The AV crowd ain't the bad guys

[swordfishBob]

Fair enough, and there certainly are differences between now and then.
One of those differences is that some antivirus solutions then didn't actually scan for known viruses at all. They scanned for new or altered executables and prevented them from launching prior to approval. Doesn't help in the case of a trojan where the user says "yes this is ok", but the theme seems to have been picked up again by MS (in a half-hearted way through execution restrictions and warnings when launching downloaded content), and more so by Winternals Protection Manager. That's the point I wanted to make - the change to scanning for specific threats seemed more about marketing ("we recognise 2341325 viruses!") and selling renewals. Work on preventing program misbehaviour got low priority, hence the range of antispyware that was achieving what antivirus software already should have handled.

His definition of "virus" is a bit off

From the article:

Almost all of the 21 are programs modifying files in accordance with standard *nix permissions.

There is nothing in any definition of "virus" (or worm, or malware) that requires the malware to elevate privileges. In fact, many, if not most, Windows viruses and worms would probably execute happily with or without Administrator privileges. Of course, they can't infect or destroy non-owned files, but that is nothing but a virtual hurdle for spreading.

Disclaimer: I am employed by an anti-virus vendor -- that creates Linux anti-virus products. However, their main selling point is to limit the spread of Windows viruses in heterogenous environments.

Wisdom follows, pay attention!

I work in AV industry. Linux malware does exist and it exists in-the-wild. What do you think about a 6MB rootkit, that does Perl, PHP, SSH plus whatever you want? That is Linux.Rootkit.Agent.O We sent the first sample of that to Kaspersky, it had been working silently on customer's server for at least 3 months.

It is a matter of fact that that no current general purpose computer is safe from malware, because all of them are von Neumann principle devices, with unified storage of data and instruction code. There is no hard boundary to prevent data from becoming instructions (=infection) or programs modifying themselves and each other (=> rootkit). The NX-bit, Intel Virtualization Technology and other hardware patches have just recently started to fix this fundamental flaw.

It really doesn't matter if the OS is Windoze or Linux or foot-pedal (Apple uses single-button mouse, that is). Since Windows is the most popular OS (Apple is small minority) and the likely choice of beginners (thus Linux excluded), it is the ideal target of malware.

Malware is not written for fun nowadays, it is business. Malware conquers you a botnet to herd, so you can multiply and deliver spam or blackmail companies with DDoS attacks. Why spend time to write generic Linux malware for a mass epidemic, when 20,000 home windoze PCs can do anything, like down a Top500 firm's webportal? Only specific Linux malware gets written, plus in Un*x circles hand hacking is more traditional than viruses.

I feel Linuxers are actually complaining about the lack of viruses, because that means they are unable to make progress in the desktop/laptop arena. If ever there will be millions of daily use Linux desktops, there will be ample malware for them, let your wish be granted!

Otherwise, Kaspersky Labs is one of the AV companies with better support for Linux, in workstation, server and gateway role. As far as I can tell from sales, they are about the only viable choice for commercial AV for Linux, since GeCad RAV was assimilated by M$. Why bite their heads off?

Otherwise, the article was so biased and borderline hate-speech, even Fox News would refuse to carry it. No wonder he could place it on NewsForge exclusively: the BBC was not interested...

The virus-naming confusion he mentions is indeed the shame of AV industry. This is what you get when market-driven private entities are competing with each other in a media-oriented world. Government leadership and hand-selection gives you the Apollo programme, but I heard you geeks do not like that. Anyhow, the virus naming mess should be fixed ASAP, possibly with a DNS-like system based on IPv6. I've been thinking about that a lot. It could work retroactively to converge on a single name, no big problem, many AV software already expect constant network connection anyhow.

BTW, AV companies do not write viruses. If they wanted to you, would have no chance. There are many bright people working there, just try to crack this quizz program: http://www.t2.fi/bin/t206-challenge.exe

This SHOULD be +5 Funny!

[ratboy666]

Really, getting people to run an EXE from the 'net under the guise of trying to determine if they are "smarter" than the anti-malware crowd. Good one. If you run it, you are obviously dumber, no matter WHAT the result is.

Now, on to malware on Linux/Unix, and root-kits. Sure, it CAN happen, and it is quickly dealt with. I simply use hashes on files, and off-site them (tripwire).

Periodically, the hardware is refreshed with the files corresponding to the correct hash. Which ensures that the MAXIMUM time a root-kit can live is the time to refresh. Of course, the original vector could be exploited again -- I rely on regular security updates to plug those.

YMMV

Ratboy

Re:This SHOULD be +5 Funny!

The program was an entry to a computer security conference. Those who are able to reverse engineer it will find the code inside, which can be fed to the program, which will in turn display an e-mail address. Mailing that address one will receive a free coupon for a scandinavian IT conference. The quiz program was written by a virus analyst, who had seen a lot of tricks in assembly programming and incorporated those plus his own ideas to make it hard to unlock the secret.

http://www.t2.fi/bin/t206-challenge.exe

AntiVirus companies are like protection racketeers

[joeyblades]

Whenever I think of AV software I am reminded of the Monty Python skit: "Army Protection Racket". In the skit, Michael Palin and Terry Jones portray a couple of mafiosos and they wander around the office of an army Colonel, casually pushing objects off the desk, the shelves, etc.. All the while they say things like, "You've got a nice army base here, Colonel. We wouldn't want anything to happen to it." They imply that bad things might happen like all the tanks might break or the squad of paratroopers might catch on fire...

"We can guarantee you that not a single armoured division will get done over for fifteen bob a week."

http://orangecow.org/pythonet/sketches/racket.htm

Do I trust the anti-malware companies??? Of course not...

Do I pay the protection money??? Of course I do...

Politics: Can the Defense Industry be Trusted?

[Ambidisastrous]

Ambidisastrous writes

"Is the entire national-security / defense industry as rotten as it appears? I started digging into it as a result of the recent lame, unsubstantiated assertions of terrorist threats to America by President Bush, but the practice doesn't seem to start or end with him. Who knows, maybe it's pandemic in that entire segment of the federal government."

and worse...

[MERVERNATOR]

Im sure they play it up to sell more product... and additionally as Ive been thinking for years.. I wouldnt be surprised if some of the larger anti-virus companies were directly responsible for some of what gets circulating out there.

somewhat OT about media reliability

[smellsofbikes]

>People trust "media" to the extent they don't have expertise in some subject matter. What other result would you expect?

I think that's a critically important observation, and if you extrapolate a little you get to an uncomfortable realization: people look for news that reaffirms what they want to hear. With the proliferation of news sources, you can find specialized news feeds, and end up with a situation where hundreds of thousands of Americans believe we found WMD's in Iraq -- because the repeated message becomes true. And if the news source you're listening to says what you want to hear (and why wouldn't it? coz that's why you chose to listen to them, after all) you're less likely to question it, and you have a positive feedback loop for isolation and polarization of groups of society. I wish I knew a way to avoid this situation, but I don't think it's repairable.

Got it right about SANS

SANS poses as a public-spirited entity. But anyone who deals with them knows they are all about sales and marketing. Most of their content is contributed by others, either for free, or by people who pay for the privilege. Nothing wrong with being commercial. Just don't pretend you're saving the world, and hawking overpriced training seats and vapid "certifications" while you're at it.

Re:Got it right about SANS

[sakshale]

I find the statement disheartening. Until I read the article, I had no reason to question SANS. When first established, SANS had a solid team of people with high integrity, some of which I had worked with in the past. The SANS security boot camp I attended, back in the late-nineties, was THE best, most solid, technical workshop I have ever attended. Now, years later, based on this article, it seems that the BORG has gotten to them. I will definately have to research his statements related to SANS.

Re: "Trusting" Malware

[TaoPhoenix]

I used to specialize in "DitchWare". ("So your current old thing is too slow, and it's kinda clogged to boot, so you're ditching it? Gimme!") So if I started with junk... why become paranoid about it? I never used it for commerce or business.
Anything that snuck by the firewall on the way *in* was usually caught trying to dial *out*. Once spotlighted, I'd boot to low safe level, rename the offender to something else, rename a copy of something useful to the malware's name, and let other people's trojans load my 10 favorite programs. Ah, well, that was fun. Now I work with materials I actually have to be *responsible* for. :/

--TaoPhoenix

The fatal flaw...

[GWBasic]

The fatal flaw in the anti-virus / malware industry is that it exists primarily to fix a problem with Windows. Specifically, it's a bad idea to form a business around fixing a flaw in someone else's product, because as soon as the flaw is fixed, the business is killed overnight.

I like to think of the example of Rusty Jones. In the northeast, road salt destroys cars. Back in the 70s and 80s, as soon as someone would buy a car, they would drive it to Rusty Jones and get their rustproofing service. As soon as car manufacturers started rustproofing cars at the factory, Rusty Jones went out of business.

The anti-virus / malware industry will be destroyed as soon as Windows is sufficently immune to viruses.

Re:The fatal flaw...

[Frumious+Wombat]

Although curiously Ziebart http://www.ziebart.com/ is still in business, so maybe RJ just had a bad business plan? These companies didn't go away when Windows started including tools such as Defraggers (and started optimizing their filesystems so they didn't need defragging before the computer needed fragging instead), they just switched to other "value-added" propositions. Even if Windows becomes more secure, there is still going to be the User to deal with, and tools to clean up after the user will be popular instead.

Re:The fatal flaw...

[emurphy42]

as soon as Windows is sufficently immune to viruses.

Oh, and that'll happen Real Soon Now. :)

Re:The fatal flaw...

[dbIII]

The fatal flaw in the anti-virus / malware industry is that it exists primarily to fix a problem with Windows. Specifically, it's a bad idea to form a business around fixing a flaw in someone else's product, because as soon as the flaw is fixed, the business is killed overnight.

It's taken many years to get Longhorn/Vista together and that still doesn't fix the problems that the ecosystem of applications to make MS Windows run effectively are there to solve. They'll be around for a very long time yet even if the situation changes - I've seen a few fresh MS Windows98 installs in the first half on 2006, some on very expensive hardware (feild machines with each motherboard on a card running MS Win98 communicating via a backplane and the data acquisition hardware) with expensive custom written software that is not going to run on MS Server2003 - so MS Win98SE remains the best option until the new software and hardware is developed (which is designed to be portable and ignore the MS shifting goalposts completely).

Kaspersky Lab is not the anti malware industry.

[fireman+sam]

That are just one company. If the entire industry is so bad, why then didn't the author have problems with the other anti malware companies?

Truested Industry?

[mmethe]

It's a sad day when such a thing as malware ca be referred to as an industry. It seems all too convienent to find 'Fix Your PC' ads on sites that are less than respectable. I am also sick of stuff being planted on MY PC without my consent. It's my property. There are solutions though. I recently beta tested a product called Aura from Atka Software LLC. It really takes a whole new approach to the malware 'industry'. It assumes all downloads are bad and does not allow ANY AT ALL to occur. Using Aura there is no need to wait for the security firms or others to identify something as malware. It just blocks it all unless you tell it not to. It really is worth checking out... I was just a beta tester but now I am an owner and user of the product. Check it out at GetMyAura. Try it... It will play a big role in stopping the malware industry. There is also a review here. -mwm

I've been burned by all but Avast 4+

[JonathanBrickman0000]

I've been burned by every single antimalware product I've tried, at least once, except for Avast ( http://www.avast.com/ ) versions 4 and up. I have never, ever, had a problem with Avast, on a horrible variety of machines and platforms, even cases where the machine had 500+ infestations during installation.

Consumer Reports and Apple

[LihTox]

Actually, I have seen Consumer Reports magazine review Apple computers several times, side-by-side with PCs, in their articles (in the past couple of years). I remember being impressed about the fact. I don't know about their history of doing so or if they've changed in the last year.

Closed Source Payware?

[alizard]

You mean like Search & Destroy? It's practically universally recommended... but good luck if you try to buy a copy, it's donationware. Before I stopped running Linux full time, I ran several Windows security apps, all of which were freeware.

Now that I've established that you don't know what you're talking about. . .

As for:

Open Source software, which by definition is approaching perfection like 1-e**(-k*x) approaches unity, will never, ever be subject to malware

I have so much confidence in your statement that I keep a copy of F-Prot for Linux running on this box at all times. While it's a commercial product, the Linux version is free for home users.

As for Open Source approaching perfection. . . if Open Source were remotely close to perfection, I wouldn't be writing Linux tutorials for money, everything would be running a GUI from which everything could be done easily and there'd be no market for Linux tutorials.

Re:Closed Source Payware?

[ajs318]

You miss my point, which is that any software where you have not seen the source code is inherently untrustworthy.

For me, access to the source code is more important than zero price or distribution rights. Even if someone insists for me to pay for their software and not hand out copies to all and sundry, I can just about live with that -- provided I get shown the source code, so I can make up my own mind about what it is really doing. Unless I have seen the source code, I have no reason to trust it. And if the supplier is actively seeking to prevent me from seeing the source code, they have earned themself a huge black mark.

If you have nothing to hide, then you have nothing to fear.

McAfee's origins

[Old+Man+Kensey]

Does anybody else remember how McAfee (the original founder of the company that bears his name) came to prominence doomsaying the Michaelangelo virus? He was predicting $60 million dollars of loss and fifty thousand to five million infections (in 1992, an era when most people had never heard of "The Internet"). Come March 6, 1992, very little happened and even his lower bound was several times higher than actual reported infections.

This "scandal" is nothing new.

So, fake objectivity is better than being honest?!

WTF??? How is faking objectivity any better?!? Do you enjoy being lied to? I guess Microsoft is a perfect company for you then, their "studies" have a perfectly objective style of writing, good luck!

At least this guy is honest. I don't need some "air of objectivity" (fake or not) to apply critical thinking and determine for myself if there is any merit to his arguments. I value content over form, any time.