Slashdot Mirror
Anti-Botnet Market is Black Eye for AV Industry
alternative coup writes "eWEEK is running a story on the emergence of an anti-botnet market to fill a perceived need for software to deal with botnet-related malware (Trojans, keyloggers, rootkits, etc.). The article characterizes this as 'another black eye' for the existing anti-virus industry — asking consumers to pay twice for protection from things that anti-malware suites are missing. Venture capital money is flowing to these anti-bot products, an implicit statement that the AV giants are not doing their jobs. 'For companies such as Symantec, which sells the Sana-powered Norton AntiBot and anti-malware subscriptions, it's a nickel-and-dime situation. Symantec officials say Norton AntiBot is for a specialized, technical market segment looking for high-end tools to deal with botnets, but [Andrew Jaquith, an analyst with The Yankee Group] said it's a case of anti-malware companies double-dipping.'"
Symantec has already lost me as a customer. I began shifting my clients away from it as soon as the new spybot 1.5 released. It has a modicum of registry protection and it generally isnt a crapshoot as to whether or not its going to brick the computer its installed on...brick may be a strong term, but Norton/Symantec's footprint is way too much for a client machine...and now they want to add more.
Yeah...ditch these people now. AV on the client is a scam. Effective management and AV at the chokepoints can often provide enough protection I've found.
... the best protection against botnets is never install Windows? I've really never understood why some law firm hasn't had a go at a class action against MS. Botnets, viruses, id thieveng trojans etc etc etc, ultimately they do bear a share of the responsibility, and thus surely the costs?
Read the EULA.
...has infuriated me for some time. This idea that some things are 'viruses' and others, 'spyware'. Last year, I tried to nail down Sophos on this very thing. If I'm protected against viruses, shouldn't I also, by default, be protected against spyware since that's how it usually gets on there in the first place?
'Oh no', they tell me. 'That's different...' Yeah. I see that. Now we got this going on.
People want their computers to be protected against any form of intrusion - from within or without - regardless of how it's classified. The reality is, that there are now forms of malware out there that are either undetectable or incurable once you have them. I use a gateway to help protect our computers, but every once in a while it still happens.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
IF a company can't be constantly selling you NEW products (as opposed to just updates for the old) and using new fear tactics to do it, how can they grow? The AV market basically stagnated, so they started to introduce their new software (to fight phising, adware, etc.) as stand-alones or supplements. Why just incorporate it into your stagnating existing product when you can introduce a whole new line?
SJW: Someone who has run out of real oppression, and has to fake it.
It was bad enough when they started hitting us wit subscriptions to virus signatures, but now... Not that I use Symantec products anyway. Free solutions still have the upper hand in my book.
Seriously, is it supposed to look like that?
Really... is there a need to separate spyware (which AV programs are horrible at detecting) from virus scanning as well? Most of the things mentioned are detected by scanners as they are, but not well. There's only so much that signature scanning with poorly implemented heuristics can detect.
So don't forget to get an AV program, personal firewall app, spyware scanner, and a botnet scanner in addition to the next trend that can be re branded and sold to people once again.
IANAAVE (I am not an anti-virus expert), but it seems to me that much of the bloat comes from the ever increasing virus signature database these engines have to keep in memory (especially for on-access real time scanning). Considering that there seems to be no end in site for these signature files and the high rate of virus mutation, virus signature tables seem to be an extremely antiquated and inefficient model for detection.
Of course, heuristics won't be a silver bullet as it brings its own set of problems (ie: false positives), but I think we'll see more of this used as time goes on. IANAB (I am not a biologist), but is seems that our body's immune system operates more on heuristics than some exhaustive chemical look up table. Considering the millions (billions?) of years nature has invested in our immune system I think we would do well to take a page from mother nature on this one.
Faith is a willingness to accept something w/o complete proof and to act on it. Reason allows you to correct that faith.
How can an OS add on fix a fundamental problem of the security of an operating system and the applications that are running on top of it?
It is my firm belief that AV software can never fix the real problem: broken OS security model and application bugs. For the AV software vendors this is always a game of catch up, the virus/trojan/worm/bot etc. creators have a huge advantage: numbers. They have more people figuring out ways to infect your computers, brake through your buggy and exposed application interfaces, send out executables with backdoors and viruses.... there are probably thousand times as many people working on the ways to take over PCs than there are people who are in 'business' of preventing this from happening.
And really, it is not that complex of a problem: run OS administration applications in one security level, run user applications in another security level, use hardware infrastructure to prevent these levels from intersecting and taking over each other, but of-course allow the highes level administration applications to take precedence over any user application and at least kill it. Do not allow execution of applications that are not authorized by the user. There are more good ideas than that, but basically do not allow a user application to hijack the system by pretending to be an OS administration application, do not allow user applications to change their access levels, do not allow them to hide their processes from observers. Designate protected data storage on disks, and allow that data only to be modified by certain applications that are assigned by the user.
However this is not a job for some ad on AV software.
You can't handle the truth.
My user number is prime. Is yours?
Anti-virus, anti-spyware, firewall -- all of these protections should be built in to the operating system.
We shouldn't have to add third-party tools to make an OS secure. It should be secure (or at least, secure-able) out of the box.
Charging more for a suite of software that all does the same thing sounds like a last-gasp attempt to deliver some profits before architectural changes force these companies out of business.
the trick to understanding it was to know that "AV" stands for "antivirus", not "adult video"
what does the adult video industry have to do with botnets? and nevermind the black eyes, that's a kind of adult video i'm not into
live and learn
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
... the best protection against botnets is never install Windows?
That will only hold true as long as the market share for the non-Windows operating systems remains at its current levels. Whether Mac or Linux is intrinsically more secure than Windows is a subject for another (lengthy and heated) discussion, but the fact remains that practically, an OS is only as secure as the user running it lets it be. Linux users are much more secure from threats than Windows users for two reasons. One: since Linux accounts for such an infinitesimally small percentage of market share, malware coders don't waste their time coding for Linux. Two: since most Linux users are enthusiasts who generally know what they are doing, they can harden their installs to a greater degree than your average Joe-Sixpack Windows user.
A large upsurge in Linux use, especially by the 'typical' user that clicks on anything and everything, and runs their console session as root, would be irresistible to the malware coders, and you'd see the same situation you're seeing with Windows now.
____
~ |rip/\/\aster /\/\onkey
Once for the OS which should have been more secure in the first place, twice for the anti-virus, and a third time for the anti-botnet.
I mean, shouldn't it be adjusted by the market itself? Some vendors want to sell burger and fries separately, and some comes in a combo. If the combo seller have the same quality and cheaper, then they'll win. Nobody forces you to go to that non-combo restaurant.
I was looking for antivirus software for my parents XP machine and I thought it was quite odd to see them sell a antivirus program and then packages with anti spyware/bot/etc. I would be pissed if I was running windows and was looking for antivirus software.
If they had another few hands, they'd be triple and quadruple dipping. Once they figure out that separate email scanners could be sold... well, you know what I mean.
Meanwhile they are preventing nothing. Car analogy time: Lets pick on Ford today. Ford sells you a new car, and a yearly maintenance contract to keep everything working. Of course it is your responsibility to take the car in for that maintenance each year. If you put low profile tires/wheels on the car, it voids part of the maintenance warranty, but for another 75 dollars per year, you can buy the loPro rider guarantee.
That's all good, but you are out of warranty as soon as they figure out that global warming has caused roadways to be dirtier. Now to stay in maintenance warranty you have to buy a GW-100 airfilter system add-on.... only $75/year
Because of the new air filter, you now have to buy higher octane fuel to get the same performance, and that just shortened your powertrain warranty by 3 years.
And on and on it goes... at some point, you're better off just riding the fucking bus
Support NYCountryLawyer RIAA vs People
I don't use any antivirus at all. I just don't get infected in the first place.
Use Opera to browse porno. (Or just about anything at all).
Don't run crack.exe (it's a trojan).
Problem Solved. Am I alone here?
In the off chance that I get infected (Ok, I ran crack.exe), just take the hooks out of the system (hijack this, pv if neccessary, unlocker, done). Restart. Problem soved.
Belief? Hope? Preference?The Existential Vortex
Except what you'll see is 50 million computer users running Linux as root all the time because an OEM configured it that way rather then be annoyed with support calls asking how to install some new program. Those 50 million people then get an email about free XXX videos, run an attachment that installs various kinds of malware, and we're right back where we started.
Clueless users given the ability to become administrators (which they can if they own the machine) will defeat any OS security.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
Since these packages are all separate programs, how does this affect the performance of the computer it runs on? One of our students wanted to get on our wireless connection. She had a, just-out-of-the-box, brand new HP laptop with 1 GB of RAM running Vista and the full Norton suite.
It took almost 3 minutes just to get to network prefs. The process should have taken less than 30 seconds but ended up being closer to 7 minutes!
We tend to measure computer speed in GHz, but there needs to be a new standard set here - I call it: DRAGWARE. How much more drag will a bot-net detector put on an already bogged down system? If every program or DLL has to go through a torture test before it can even be executed, does that effectively make a 3 GHz Dual-Core processor run like it's 900 MHz?
Go ahead and see for yourself like I have. Take an Intel processor running Vista and dragwar and put it up against Linux on the same machine or even the Mac. The difference will astound you.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
If the ISP's started doing that everyone would have fits about them looking at and filtering your data.
I think it's bad enough that some ISP's may track your bandwidth usage.
Once they start inspecting each packet who knows where it will stop.
"I'd rather have a bottle in front of me than have to have a frontal lobotomy."
Do the anti-virus co CEOs also have poor handwriting? These days, whenever I read anti-virus (or anti-spyware or anti-malware or anti-trojan) articles, I am reminded of (not very good) doctors who always use difficult and confusing words to befuddle me and deprive me of the little money I have - Microsoft certainly did not invent FUD, though it mastered it better than its oringial inventors (doctors), and now the AV industry is gleefully following these bozos...
Good grief.
People are really, really stupid. Once your system is compromised, it is *not-fixable*. There is no reliable, effective way to insure that your system is untampered with unless you can do a bit-wise verification of every executable on the system, and even that isn't 100%; you really need to check *every* file against a "known-good" one.
I've seen plenty of systems with "up-to-date" antivirus get hosed, and they generally don't seem to be the same afterwards. Not to mention that few, if any antivirus packages are better than 95%.
If you can't keep your system clean, it isn't reliable. The only thing antivirus is really good for is as a means to determine if you need to wipe and re-install. For business purposes, I believe this to be unacceptable, and I cannot fathom why people don't switch to systems that do not require this ridiculous kludge.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
Apple or Linux. My box is dual boot with networking in Windows disabled, as I pointed out in a comment modded "flamebait" this morning (who's going to flame me for giving my honest opinion about Microsoft, Ballmer?)
So as to not garner another "flamebait mod" from the astroturfers by pointing out how insecure Windows is out of the box, I won't. Rather, I'll point out that Linux and Mac aren't being targeted by the botnet operators. Regardless of the reasons, you're safe with Mac or Linux unless a cracker targets you personally (no OS is completely secure).
Poor Microsoft, if they ever marketed a secure OC Norton and McAffee would sue for anticompetetive monopoly practices and the EU wouldn't let them sell Windows in Europe any more.
-mcgrew
(I don't do Mondays very well and I'm on a losing streak lately so please be kind to an old nerd)
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
If I look at all the problems Anti-virus software causes compared to that caused by actual viruses it is clear viruses have caused little damage compared to the Anti-virus software.
The dominant anti-virus software vendors have their product requirements stipulated by marketing departments and bloat it with duplicated or inefficient additional features.
Marketing departments have done a lot to corrupt technology and create confusion always changing names and naming conventions. They are also a major source of spam. We really just need a global product database with features and specification and do away with marketing all together, the cost of which is passed onto the consumer, the most we should see in the media is a new or upgraded product announcement that way we know to look for it in the database
The most efficient measure against viruses is actually user training and creating awareness and knowing not to fall for obvious deceptions and to stay away from "strange" web sites that you don't know. Sure there are some exceptions but most virus infection comes from a lack of common sense.
"an infinite player that has lost his finite mind" ~Infinite Play the Movie (it blends with reality)
The antivirus industry ITSELF is a multibillion dollar "black eye" on the "dominant vendor of PC operating systems".
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
My home firewall/nat box runs Linux, and I check the logs on a semi-regular basis, just as a lark, and because it makes me itch to not check the logs, and I can assure you that there are plenty of automated attacks out there looking for linux.
Usually it's just common password stuff (because there are a lot fewer services that can be compromised through the usual buffer overflow stuff...I did have a couple of weeks where a guy was spamming an overflow exploit for some version of FTP I wasn't running), looking for application installs where the username is known, and the default password is also known. I get five or six hundred of of those a day, on a system that doesn't even respond to ping from the outside world.
I think the thing that really keeps people from hitting the Linux that hard is the fact that the odds are that an internet-facing Linux box is just a security appliance, and those are hard to break (by definition) and even if your l33tness managed to crack the box, you can end up left with a basically worthless box, which may not even be facing a network with anything good on it.
It's just a lot of work, for little return.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
And for any other anti-virus vendor who cares to implement it.
#1. A bootable CD that can give you read/write access to the local hard drive.
#2. A database (that can be updated) of what the MOST COMMON files are in which directories OF THE OS and their various identifying characteristics.
Because it is far, Far, FAR easier to validate that a certain file is "good" than to determine that it is "bad".
Simple concept, no?
Anything that cannot be identified can be "quarantined" if the user so wishes. Any data files SHOULD be easily identified.
Another benefit of this approach would be to identify files left over from incomplete un-installs.
Hey, if the various 3rd parties WANT to, they could even offer to run the un-install routine for the apps they've identified. Or to clean-up known crap.
It seems to me that, superficially at least, it makes sense to talk about a "botnet market" as separate from the anti-virus software market if you are talking about a higher-level network solution, not simply another program that consumers run on their PCs. But from the article, it's not clear what the focus of this supposed market is. If it's software that's run by companies with large PC networks, or ISPs, and if its purpose is to track botnet-like behavior by network clients with the aim of isolating suspect clients from that network, then it makes some sense to me. This could be a good thing...if it works. If it's yet another "safe computing" package marketed to Joe Sixpack, then it's an outstandingly stupid idea. If a computer is part of a botnet, the critical failure has already occurred, and no application package is going to fix it.
I suppose the people who are boosting this new "market" are responding to a money-making opportunity created by a real social problem: the fact that massive botnets exist, and that such phenomena rob us of collective resources--that is, resources that exist for our common use. Ultimately such collective thievery boils down to every individual having to pay more for services, and to endure degraded service quality to subsidize the thieves. Surely preventing this is a worthy goal...or a goal worth paying money for.
As many here know, the virus/botnet problem is due to two factors: a massively deployed operating system that is by design insecure, and a multitude of ignorant users. Of the two, the OS is most to blame. If Joe couldn't get his PC zombified by clicking some link to download stupid stuff off a web page, or reading some mystery email, the problem would be much diminished. However, I judge on the basis of their track record that Microsoft is unlikely to ever create a truly secure operating system; it's just not a priority. Because of Microsoft's ability to get computer retailers to bundle only their OS with every computer that is sold and because of most buyers' disinclination to learn about what they are purchasing, the situation is likely to continue—unless computer users are given a strong incentive to change their buying habits.
And here's where network-level anti-botnet software might change things. Suppose ISPs started to identify PCs that are compromised to the extent that they constitute a public nuisance or threat—and isolate them from the network. Obviously, the anti-bot software would have to be very good; you don't want a significant number of false positives. But it seems to me that if you do automated traffic analysis, it wouldn't be that hard to identify the zombies (here's where those who really know about this stuff get to jump in and tell me why I'm wrong). Once identified, the zombie is isolated, the owner gets a singing telegram notifying him of the action that was taken and why, and what he should do to fix the problem. ("Reinstall Windows" will probably not be the recommended solution.)
I think that this would help, but it would require several other changes. For one thing, it's not clear to me that ISPs actually care about botnets or viruses. I'm not sure why that is. (Again, someone with a better understanding of the communications infrastructure might want to help me out here.) For another, the [L|U][n|i]n[u|i]x OS has to become a commercial product. That's right: it has to be pried out of the hands of the well-meaning and hardworking people who have made it what it is today, and put into the hands of some money-grubbing capitalist who will make deals with computer retailers, guarantee support to end-users, and above all give it a decent name. You see, normal people don't trust free things; they only trust people who take their money. That's the fundamental stumbling block of the free software movement: in the market place, anything that's to be had for nothing is perceived as having no value.
Anyway, the result I'm hoping for is that, as a result of penalizing stupid user behavior, people will either start using one of the epigonoi of Unix, or that MS will crumble under market pressure and actually create a decent secure OS. Well, I can dream.
Great men are almost always bad men--Lord Acton's Corollary
Read the EULA.
Has any non-signed agreement ever held up in court? Rather, the true answer is that Microsoft has such a big team of lawyers they can defeat the DoJ. What can any lawyer do against such weaponry?
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
Norton is the worst anti-virus product I've ever used. It's slow and impossible to completely uninstall. I wouldn't take it if you paid me. McAfee is much better, but it still hits performance noticeably on slower computers. The best antivirus software I've used is Eset Nod32. At $59 for a 2 year subscription, it's $15 cheaper than Norton. I replaced McAfee's security suite on my mom's laptop with Eset's. The difference in boot times and load times is amazing. It's easier for her to use too, it doesnt pop up with all sorts of scary messages.
Whether Mac or Linux is intrinsically more secure than Windows is a subject for another (lengthy and heated) discussion
Which has repeatedly taken place here and you apparently never bothered following. Mac and Linux ARE intrinsically more secure than Windows.
A Trojan can hit any computer. That's why Linux folks are always cautioning to never run untested binaries.
There are no viruses in the wild for Mac or Linux. Your method of securing your PC works fine for Mac and Linux but will not for Windows.
One: since Linux accounts for such an infinitesimally small percentage of market share, malware coders don't waste their time coding for Linux
"Market share" is a meaningless term when it comes to FOSS. There is no way to count the six computers I installed Linux on last year from the same CD, all of which report to web sites that they're running IE on Windows rather than Firefox on Linux.
You can, however, measure Macs. Apple shipped 1,610,000 Macintosh® computers in a single quarter last year! That's one hell of a big potential botnet. If it was as easy to pwn an Apple as it was to pwn a Windows machine, it would have already been done. There are more than enough Apple computers to make it worth a malware writers's time.
Unless you're a Microsoft employee tasked with defending your company's products, please stop defending thair pathetically insecure OS. If you are such an employee, please let us know so we can take what you say with a grain of salt; however, we all know about Microsoft astroturf.
Me? I've never owned an Apple, and run dual-boot Mandriva/XP on my PC. I've disabled networking on the Windows side.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
#3. Linux users get their software from an organized and centralized location... The idea of visiting some random website, and downloading useful binary software from them is completely foreign.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
AV and malware tools don't have a standard definition or usage for what constitutes an actual problem so you're left up to each individual tool telling you which problems it finds.
Maybe it only finds the problems it can find, maybe it only tells you about the problems it can fix. Maybe the definition of 'fix' is up in the air too. For too long the AV vendors have created products that can't be compared head to head reliably. They ALL claim to do something called AV scanning, but no one can really tell you what that is and how or if they are any good at it. They can't even standardize on a taxonomy for what an infection is or is called.
And without that standardization no tool can tell you about what it DOESN'T know, its unknown unknowns so to speak.
For example, if the AV company is telling me I can't even know whether my machine has been botnet'ed then how can I trust them to tell me it is or how good their coverage is?
I'll give you another example from the Department of Redundancy. For years I used both Ad-Aware and Spybot until about 18 months ago when I finally discovered that all they were doing was erasing cookies. They never found anything on any machine running an firewall and a real time AV scanner (such as AVAST or McAfee SCF). They were completely useless and I could duplicate their function by erasing cookies myself.
And then I popped on Wireshark and did a long capture of the outgoing traffic to verify these machines weren't sending out packets I didn't know about. If I've been botnet'ed then it's hiding the traffic from a wirescanner too, which is unlikely.
So I have to conclude that this massive problem of malware and botnets is like having unprotected sex in a Mexican whorehouse. Most people don't do it but the people who do are clearly performing some stupid shit to get themselves in trouble. Ordinary good practice would, I think eliminate almost all malware and botnet activity.
So when the AV companies come telling you that only their product can fix what ails you, be skeptical. I bet any normal safe practices would accomplish the same thing.
That OEM would go out of business, because his competetitors would not have such easily compromised PCs and the word would get out.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
Microsoft is a lot like the "Chevy" of computing: everything fits and everyone has parts. that's one big reason why so many good folks run MS/Windows
I sense the beginning of a shift in attitude about the whole security problem though, especially in this thread. the shift being in several notes,-- --that current a/methods really havn't worked good enough where good enough= 100% ; -- that current a/v business may have become a racket in some ways ;
the inevitable conclusion is that a better approach to security is required.
Some people (Read: The Author) work in environments with high employee turnover. I have to process in 2-3 employees a week and we lose just about as many. Therefore training is an effort in futility. That's why I run Trend Micro SMB Client Server security and just forget about it. If a computer is too messed up I'll just re-image it.
why don't ISPs just set up honey pots and use them as test beds to determine what traffic is being generated by a bot, and kill the traffic as it leaves the costumer's computer
That doesn't solve the problem - it just moves it. Onto the vendors of networking hardware.
Core routers are "dumb as rocks" and can be relatively low reliability. The idea there is to treat each packet as a hot potato and move it on with as little "thought" about it as possible - so limited processing power can handle large numbers of packets. If the box goes down the others can find a way around it. But not thinking about each packet means these boxes are gullible.
Edge routers (the last router before the customer, or sometimes the one between two competing ISPs) are smarter and more robust: In the core there are multiple connections, but at the (customer) edge there is usually only one line to only one box, so it has to be as reliable as a phone switch. (If the ISP hasn't routed ALL traffic to/from the user through an extra box at the Network Op Center) it has to act as a "reverse firewall" to protect the gullible network routers from the users and keep the user from using resources he hasn't paid for. It's also the only box on the carrier side where all the customers' packets come together. So if the carrier is to provide comprehensive anti-malware service, that's where it ends up.
Edge routers have a lot of brains and a significant amount of memory. But for their main jobs they only have to look at headers and keep a small amount of state per customer. Add "deep packet inspection" for anti-malware on the current model and you explode the resources required. Now they have to look at the whole content of every packet and apply thousands of tests to it, exploding processor requirements. Worse they have to keep the state for every flow rather than just every customer - and a single tool-generated web page may be hundreds or thousands of separate flows, running in parallel due to browser optimization. And the state for each of the flows is enormous, including the state of the processing of each of the signatures being tested. Finally, they may actually have to hold the packets themselves, to reorder and/or defragment them for the analysis. So the storage requirements explode. And this resource requirement increases their susceptability to DOS attacks.
Further, smartening up the edge routers still further and giving them massive storage upgrades and inbound firewall duties makes them, not the users' machines, the primary target for malware vendors. They'd now have to spoof or subvert this machine to get their stuff to the users. But what a prize! Once it's subverted they get access to ALL the users and their traffic, regardless of the users' OS or anti-malware tools. (The zero-day window becomes "pwnership" of ALL the customers' data - no race between the infection spreading and the AV companies working out and deploying a signature.) Once in control, tapping should be a snap: The routers already have a government-mandated "lawful intercept" capability in place - just reconfigure it to send to the malware operation rather than the authorities. And talk about monocultures: The number of edge router vendors can be expressed with a single digit, likely with (at least at first) only one deep-packet-inspection product each. And they'll no doubt ally with the current anti-malware vendors to obtain their algorithms and signature updates.
So going to ISP-based filtering transfers the computational load of defense from a distributed web of end-users' machines to a small set of ISP boxes, increases the "software monoculture" vulnerability, provides an upstream target that the end user can't defend with a limited number of instances, makes it as vulnerable as the current worst-of-breed approach (microsoft OS and tools plus signature-based active immunity), gives access to ALL users on EVERY success, and raises the cost of the network boxes (and thus your networking bill).
Lowered security at a higher price doesn't seem like a good approach to me.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
AV industry is Black Eye for Microsoft.
If anyone is looking for a good alternative, my last company had panda anti virus and although on some older machines it slowed down the performance a bit it was pretty good overall.
Unless you're a Microsoft employee tasked with defending your company's products, please stop defending thair pathetically insecure OS.
You must be new around here.
____
~ |rip/\/\aster /\/\onkey
The Yankee Group? The "We have our tongues firmly lodged in Microsoft's nether-oriface" Yankee Group?
And I actually AGREE what what was said and find it sensible?
OMG! The end times have come!
Chas - The one, the only.
THANK GOD!!!
Can Linux not be taken over by a virus with a fresh download and no security set up? Can a Mac not be taken over with the same out of the box set up? As much as Microsoft annoys me at times, I must admit that most of their problems come not from their holes in their OS, but from their market share. An operating system is only as secure as those who use it set it up to be. I can set up a Windows box to be super secure, that only the NSA could get into, and have a hard time at that, and at the same time I can set up a Linux box that is open to the world.
Moral of the story: Security is something that users must practice as well as the OS manufacturers. Blaming the car company for your injuries from flying through the window when you didn't wear a seatbelt won't get you very far. The fact that you were swerving over the road drunk won't go over well either.
I don't like Linux. This doesn't make me a troll.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
If Linux ever achieves a large desktop market share, the repository model will inevitably break down and the reality of having to decide weather or not to trust software from third parties will come about.
And hilarity will ensue.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
The reason many companies and people do not buy Macs or switch to distros is because the software they rely on simply doesn't exist anywhere else.
I'm one of those people. I've tried Linux "equivalents", but they simply doesn't work the way I need.
Until I can switch ALL of my software needs to Linux, I simply cannot go over 100%. I keep Linux installed on my PC (Fedora 8 has an entire 160GB drive dedicated to it), but still have to switch back over to XP for the bulk of what I do.
A mac would be better for me, however, there's still the issue of software. Granted, MOST of what I use has a Mac version (ProTools, Cubase SX3, Reason being a few of them), but the rest do not (FL Studio and quite a few VST plugins).
Now... I'm just one person. Imagine a corporation that relies on software without a Mac or Linux port and no viable alternative (from a corporate standpoint anyways). What alternative do they have?
Fifty watts per channel, baby cakes.
The linked story just displays a popup: "Click here or wait 12 seconds" over and over.
Malware has evolved from being mostly destructive juvenile pranks to subversive software with a profit angle. The more intelligent malware tries not to call undue attention to itself. Those generally don't pig out on all the resources or gratuitously trash things. It's not profitable. Overly virulent diseases such as Ebola don't do well because they kill their hosts too quickly.
Meanwhile, the security industry has become like allergies, leukemia, and AIDS in one convenient package. Overkill on the scanning, sapping the computer's "energy" and making it always "feel tired". There's too much commercial software that has stepped past being helpful or even meaning to be helpful and is openly nagging and harassing with advertisements, update notices, FUD, anti-piracy verification demands, and the like. Last time I saw AOL Instant Messenger being used on a computer, about a year ago, I was stunned to see that it was taking a constant hefty 25% of the CPU's time and a noticeable amount of network capacity to run this continuous graphical banner ad campaign within the app. That's the sort of thing I'd expect to see from malware, not software from a supposedly reputable company. Certainly none of the security software was going to flag AIM as malware. Replaced AIM with Pidgin which instantly made the computer more responsive.
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
Does that centralized server vet every piece of code? If not, this is probably even less secure than going directly to the source--there's one more potential place where the package could be compromised.
(full disclosure: I use Linux as my primary home machine, and a Mac as my work machine.)
Riiiiiiight, just like no one buys Windows today, since it's so easily compromised and all. Usability directly affects support costs, and almost no one who buys a PC cares about security at all. A computer optimized for usability for a buyer who doesn't care about security just isn't going to be secure, regardless of the OS.
Socialism: a lie told by totalitarians and believed by fools.
Why would the audio visual industry care about anti-botnet software?
Ask me about repetitive DNA
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
It's not 1994 anymore but people are still arguing this. There are many reasons but this is the least likely of them since the share goes the other way with web servers. Ultimately malware is still almost exclusively a 32 bit MS Windows problem mainly due to that being the only modern platform where the designers did not anticipate it.
And you completely missed the point of his post which stated that it doesn't matter.
And you completely missed the point that the parent was completely wrong.
Care to qualify this?
Sure: there are no viruses for Macs or Linux.
and in large forums of OSX users I have seen reports of security breaches, and reports of OSX malware.
Where, on Symantic.com? If there actually was a virus for OS X it would be huge news, if only because Windows apologists such as yourself wouldn't stop crowing about it for years.
It's about percentages, not numbers. 1,610,000 is a tiny fraction of the total computers sold each quarter.
Of course it's about numbers. There are more Macs now than there were Windows PC's when the first viruses started coming out. And, more importantly, most of those Macs are going to be personal computers (with personal info on them) as opposed to business PC's, and a Mac botnet would be virgin territory - no anti-virus software or other botnets to worry about. If making a Mac botnet were remotely as easy as making one for Windows, it would have already happened by now.
Did the froth from your mouth get into your eyes and obscure his message?
More likely you were just washing some Santorum off your rear end and some stuck to your hands, which you then mistakenly attributed to sm.
It didn't happen that way with Macs. I think your argument is unlikely.
Except what you'll see is 50 million computer users running Linux as root all the time because an OEM configured it that way rather then be annoyed with support calls asking how to install some new program.
Which is of course completely unnecessary if you have a decent security model. Which of course Linux has.
One big difference between Windows/Mac and Linux is the idea of a package manager.
When Windows users want free software, they google, go to a usually ad-ridden website and download it. Often times, the software is available from many different mirrors, which makes it easy for malware writers to create a mirror which provides infected software.
A Linux user, on the other hand, will install using a package manager, run by reasonably trusted people. Ideally, only software that has been tested makes it into the package manager.
A Windows package manager could solve many problems. Whitelisted software would make it into the package manager. When a user wants to install software, they would find it in their package manager instead of finding it on the web, then click "install". Make it simple and fast enough, and it would save time for the user. Blacklisted software would also be entered into the package manager, but when a user tries to install it, they would receive a warning that tells them that all known versions of this software are infected.
Another advantage is that updates for 3rd party software can be installed automatically. Since a significant number of vulnerabilities are in 3rd party software, this increases security.
"Symantec is where good software goes to die."
All those moments will be lost in time, like tears in rain. Time to die.
I blame business analysts looking to create money for corporations based on their studies from college, but zero experience in the internet, since they just
recently logged in after studying for years on end.
Managers for thinking they can hire 6 figure BA's to make more money.
Whatever happened to just making a great product, no masters degree needed there. No 20 mill marketing campaigns needed either.
Liberty freedom are no1, not dicks in suits.
Folks, do you think AV vendors wouldn't sell you a tool against botnets if they could? It's their core biz, they've been researching in that area for longer than it has been "in the open" that this is a threat. I know at least 3 AV companies that have been putting massive manpower into the research of botnet threats for over 3 years now, long, long before they have been perceived as a threat by mainstream IT and even longer before mainstream media even heard about them.
In medicine (to explain the subject line), we're in the field of cancer. We have no cure. I'm sorry. We can treat symptoms, we can occasionally even find some sort of temporary cure, but we're far from finding the ultimate solution. And whenever something like this happens, someone emerges to sell you the perfect drug. It's not tested, it's not approved, because "they" (in medicine, the pharma corps and their cronies) don't want you to have a cure.
While I can't judge the pharma industry (and while I'm often tempted to follow the logic that curing is more profitable than healing), I can judge the AV industry. And I know they'd sell you that cure immediately, knowing that as soon as they do, something else will emerge. They won't go out of business just because they sold you the cure for all that's evil, because time has proven that as soon as they do, the malware writers will come up with a new threat to keep them in business.
And while in medicine, no Guru or other self appointed "healer" will attract anyone but the most desperate, it appears to work in AV. The problem is, those "anti-botnet vendors" can't sell you anything but the same snakeoil some AV companies have been selling you. I mean, how do you plan to check whether the product works? Oh, you have no botnet worm on your machien, so it works?
Here, I got a stone to sell...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Secure OSes like Linux and Mac are just as useable as Windows. In fact I'd argue that my distro is MORE useable than Windows. But Mac and Linux are far more secure (see today's FA
And most people DON'T buy Windows today. You and I aren't normal; we're nerds. Nerds install OSes, normal people just buy computers.
How many boxed sets of Vista have been sold compared to downloads of all the various distros of Linux? I wouln't be surprised if there were more sales and downloads of Linux than boxed sets of Vista sold since Vista came out. Does anybody have any numbers?
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
the Bush administration called them off and let MS off the hook
BINGO! They have the power. If I own your boss, I defeat you in anyendeavor that includes him. There is no way to fight something like that.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer