Concerns Over Security Software

Arthbunot Bullwinkle writes to mention a BBC article exploring concerns about the future of security software. The piece looks at trends toward 'free' security products, such as ZoneAlarm, and wonders aloud about where those products will find themselves after Windows Vista is released. From the article: "'Now maybe the good ones will actually get rid of that attack but at the same time they may drop maybe 10 or 20 other attacks onto your system.' The bottom line, according to Mr Day, is that when you download free security software you cannot be certain what you get. But completely free security software may be a thing of the past when the new version of Windows hits the shops early next year. "

RIP IPTables

I'm pretty sad Windows Vista is apparently killing this off.

Paid software safer?

[pembo13]

How is software that one pays for inherently safer?

Re:Paid software safer?

[grcumb]

It gives you a clear target to SUE when shit hits the fan!

Man, is that old chestnut still around?

Let me answer the same way I answered my country programme director when he raised the same issue vis à vis commercial support for FOSS. He said to me that 'confidence' was very important, and that some managers just liked to feel that they had some recourse, even if that feeling was effectively fantasy.

I looked at him and said, 'Since when is it our job to indulge people's fantasies? We have a fiduciary duty to our clients to provide them with the truth, and when indulging their misconceptions works against their best interests, we are duty-bound to advise them of the truth.'

So now I'm going to say to you: You can't sue. If you do, you won't win. You gave up your right to sue when you agreed to the license.

Some key explanations are missing.

when you download free security software you cannot be certain what you get.

...On the other hand, when you buy Norton, you can be certain that what you get is crap.

But completely free security software may be a thing of the past when the new version of Windows hits the shops early next year.

...However, retail security software will continue to exist as these products cater to a demographic that does not understand computers, and these people will always exist.

The biggest problem...

[Dissman]

The biggest problem that I see with Vista is that everyone will be encouraged to use nearly identical software. It's why most viruses written get past Norton at least for a few days... everyone knows to test Norton and McAfee to be sure your virus works.

I've always gained a bit of security by using Mozilla rather than IE... by viewing my e-mail in plain text rather than HTML. By using Zone Alarm rather than a Norton or Microsoft product. When you have everone using one piece of security software, it's less secure because if you can infiltrate one, you can infiltrate all.

Reason to delay upgrading

[Jarnis]

This is yet another good reason to avoid upgrading for now.

Personally, one of the major reason why I haven't taken RC1 into actual use beyond testing it a bit is lack of compatible 3rd party firewall.

Then again.. situation was pretty similar when Win2K came out - early on nothing was compatible. XP was easier because it is effectively a reskinned Win2K, and 99% of Win2K apps worked out of the box - even security products.

Vista is quite a bit more than a reskinned XP, as lots of stuff under the hood has been reworked, and again it's just like Win2K - nothing works intially, but I'm sure over time the problem is going to be fixed. In fact, it's surprising how good the situation is, considering official launch is still several months away.

Freedom to innovate, ad nauseum

[Schraegstrichpunkt]

Um, I hate to defend Microsot, but unlike Internet Explorer, which had no need to be integrated into the OS as much as Microsoft claimed it was, but basic network security features are exactly the kind of thing that should be built into the OS. I hope that antivirus programs eventually become obsolete (likewise with firewalls *anywhere* except perhaps in extremely sensitive environments, but that's probably a long way off).

Now, I'm not particularly confident that Microsoft will actually manage to render third-party security software obsolete, simply because the company just isn't all that good at software development, but I'm certainly not going to rebuke them for trying.

Is it just me?

[Bryansix]

Is it just me or does this guy sound like he is talking out of his ass? There will always be those "fake" security solutions out there that offer themselves for free but are actually spyware/malware. However, there is a large community of people who keep track of these programs and I can tell you that if GriSoft or the makers of ZoneAlarm started dropping trojan horses or spyware on your computer that there would be an uproar and you would hear about it. Right now it is pretty sad for the security companies that charge for their solutions. Every virus/worm that comes out nowadays automatically defeates Norton Anti-Virus or is design to escape its notice. Therefore solutions like Grisoft's AVG Anti-Virus have a leg up sometimes in defeating these problems. In addition, none of the pay solutions do anything useful to prevent or get rid of spyware. While you can upgrade Ad-Aware or Spybot, both have free versions that work great!

I wonder how much Symantec paid these guys to write this article.

Pure FUD

[nolife]

The bottom line, according to Mr Day, is that when you download free security software you cannot be certain what you get.

Mr Day is Greg Day of McAfee.
His intentions are for spreading FUD. There IS bogus spyware software and virus removal tools out there. Odd thing though is some are free and some you actually have to pay for. Having a cost does not make it legitimate at all and Mr Day is stating a criteria that unless you pay for it, chances are it may be a scam. Of course this also implies if you did pay for it, it is not a scam and that is far from the truth. Instead of breaking the FUD campaign into free and paid for, it should be split into "well known and trusted" and "not well known and trusted". Mr Day does not want it to be decided on well a known and trusted basis because to reach that status takes time and effort by a company, he wants everyone to just assume his companies software is the best solution and of course that HAS to come at a price.
Sorry vendors and computer users but these are not binary decisions and it takes some research either way. Free or not free.

Same can be said for retail software

[DigitAl56K]

"The bottom line, according to Mr Day, is that when you download free security software you cannot be certain what you get."

Can we not say the same for commercial software? How many people are still buying Norton Anti-virus despite it's somewhat public record because of it's brand name and price tag? What about firewall software? We've all seen plenty of reviews and comparisons showin firewall A to be better than firewall B and vice versa, but some of the best firewalls for Windows _are_ available for free (e.g. Sunbelt Kerio Personal Firewall [free version] or the rapidly developing Comodo Firewall).

Nothing guarantees that because a product has a price tag attached it is better than any other product.

How to find something reliable and trustworthy? The same way people have been doing it for years - identify knowledgable and reputable third-party reviewers, communities, and do a little research.

Interesting FUD

[Tjp($)pjT]

Most security software that is downloaded comes with checksums you can and should check. That way you do know what you download is what you expect.