Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anti-Botnet Market is Black Eye for AV Industry

Posted by Zonk on from the why-buy-one-when-you-can-have-two-at-twice-the-price dept.

alternative coup writes "eWEEK is running a story on the emergence of an anti-botnet market to fill a perceived need for software to deal with botnet-related malware (Trojans, keyloggers, rootkits, etc.). The article characterizes this as 'another black eye' for the existing anti-virus industry — asking consumers to pay twice for protection from things that anti-malware suites are missing. Venture capital money is flowing to these anti-bot products, an implicit statement that the AV giants are not doing their jobs. 'For companies such as Symantec, which sells the Sana-powered Norton AntiBot and anti-malware subscriptions, it's a nickel-and-dime situation. Symantec officials say Norton AntiBot is for a specialized, technical market segment looking for high-end tools to deal with botnets, but [Andrew Jaquith, an analyst with The Yankee Group] said it's a case of anti-malware companies double-dipping.'"

6 of 204 comments (clear)

  1. Re:This... by moderatorrater · · Score: 3, Informative

    The difference between a virus and spyware for me is whether ClamWin gets it or AdAware. Considering how well clam did when compared to the other security suites, I'm not worried about using a non-commercial product. Since it's personal use, AdAware works nicely and for free. Throw in ZoneAlarm is you feel the need to have a firewall, and you're all set with no money down and 0% interest.

  2. Re:A/V bloat due to antiquated approaches by ppanon · · Score: 5, Informative

    IANAB (I am not a biologist), but it seems that our body's immune system operates more on heuristics than some exhaustive chemical look up table.

    Yep, you're no biologist, and even less of an immunologist. You need to read up on antibodies. Now, part of the immune system does work on heuristics, but a big part of it is all the antibodies running around your body as a "chemical lookup table", but one with a massively parallel seek mechanism.
    --
    Laissez lire, et laissez danser; ces deux amusements ne feront jamais de mal au monde. - Voltaire
  3. Re:This... by querist · · Score: 4, Informative

    The two sets are not mutually exclusive. It is possible for a "virus" (or a "worm") to include spyware functionality, but just because something is a virus or a worm does not mean it is spyware. Spyware is often installed by either a "drive-by download", where a website pushes something onto your computer without you knowing about it, or it is included with some other application. However, it _can_ be installed by a virus or worm. (Or, for that matter, though an active attack and exploit such as via someone using Metasploit for less-than-noble purposes.)

    Being included with another application may or may not qualify it as a member of the set "Trojan Horse", depending entirely if the application intentionally installed includes the spyware in its function or if the spyware is a secondary piece of software that is not directly announced. A "Trojan Horse", in the software sense, is a piece of software that reportedly does one thing but actually does something else, either with or without including the reported functions.

    However, I agree with what I believe to be the general, pervailing thought that a user should need only one anti-malware application that should be able to handle all of these. I also believe that "defense in depth", when possible (corporate environment, for example) is the best approach. I look at it this way: just because the castle has really high walls and good archers doesn't mean that the guards inside the castle shouldn't be carrying weapons of some sort. The only issue with many "anti-virus" products is that they take so much CPU time and other resources that they negatively impact the overall usability of the computer.

    As a security professional, this irritates me as well. I agree with the Yankee Group's analysis that this amounts to "double-dipping", and I feel it is ethically wrong. However, in a (supposedly) free-market economy, these things will happen until the market sorts them out. (I am _not_ an economist. My speciality is InfoSec.)

  4. Re:Don't you mean triple-dipping (or more)? by sm62704 · · Score: 2, Informative

    Really... is there a need to separate spyware (which AV programs are horrible at detecting) from virus scanning as well?

    Of course! The difference between a trojan and spyware is that trojans come from e-vile hacker bad guys that want to use your computer for nefarious purposes, and spyware comes from benign, nice, everybody loves them corporations like Sony that want to use your computer for nefarious purposes.

    --
    mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
  5. Re:Get a Mac, or Run Linux! by Sparklepony · · Score: 2, Informative

    Once it's compromised, sure. But antivirus software can actually prevent that from happening. Every once in a while my antivirus software will find a virus tucked away in some file I've downloaded but haven't yet run, and although I don't recall it ever being something I was planning to run (mostly email attachments) I can see how this would help to protect a user who was less security-conscious and more "clicky" than I am. If you catch the virus before it runs, you're as clean as if you never downloaded it in the first place.

  6. Re:I've already started dumping Norton by Danse · · Score: 2, Informative

    I'd also check out what Comodo is doing. ... I particularly like their firewall. It is very granular and allows you to create a myriad of rules based on software and/or ports. I use Comodo's firewall, and I think it works well. I do think the UI could use some more polish though. It's not as easy to work with as ZoneAlarm's, but at least Comodo doesn't randomly lock out my internet connection.
    --
    It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer