Slashdot Mirror
Anti-Botnet Market is Black Eye for AV Industry
alternative coup writes "eWEEK is running a story on the emergence of an anti-botnet market to fill a perceived need for software to deal with botnet-related malware (Trojans, keyloggers, rootkits, etc.). The article characterizes this as 'another black eye' for the existing anti-virus industry — asking consumers to pay twice for protection from things that anti-malware suites are missing. Venture capital money is flowing to these anti-bot products, an implicit statement that the AV giants are not doing their jobs. 'For companies such as Symantec, which sells the Sana-powered Norton AntiBot and anti-malware subscriptions, it's a nickel-and-dime situation. Symantec officials say Norton AntiBot is for a specialized, technical market segment looking for high-end tools to deal with botnets, but [Andrew Jaquith, an analyst with The Yankee Group] said it's a case of anti-malware companies double-dipping.'"
The difference between a virus and spyware for me is whether ClamWin gets it or AdAware. Considering how well clam did when compared to the other security suites, I'm not worried about using a non-commercial product. Since it's personal use, AdAware works nicely and for free. Throw in ZoneAlarm is you feel the need to have a firewall, and you're all set with no money down and 0% interest.
Yep, you're no biologist, and even less of an immunologist. You need to read up on antibodies. Now, part of the immune system does work on heuristics, but a big part of it is all the antibodies running around your body as a "chemical lookup table", but one with a massively parallel seek mechanism.
Laissez lire, et laissez danser; ces deux amusements ne feront jamais de mal au monde. - Voltaire
The two sets are not mutually exclusive. It is possible for a "virus" (or a "worm") to include spyware functionality, but just because something is a virus or a worm does not mean it is spyware. Spyware is often installed by either a "drive-by download", where a website pushes something onto your computer without you knowing about it, or it is included with some other application. However, it _can_ be installed by a virus or worm. (Or, for that matter, though an active attack and exploit such as via someone using Metasploit for less-than-noble purposes.)
Being included with another application may or may not qualify it as a member of the set "Trojan Horse", depending entirely if the application intentionally installed includes the spyware in its function or if the spyware is a secondary piece of software that is not directly announced. A "Trojan Horse", in the software sense, is a piece of software that reportedly does one thing but actually does something else, either with or without including the reported functions.
However, I agree with what I believe to be the general, pervailing thought that a user should need only one anti-malware application that should be able to handle all of these. I also believe that "defense in depth", when possible (corporate environment, for example) is the best approach. I look at it this way: just because the castle has really high walls and good archers doesn't mean that the guards inside the castle shouldn't be carrying weapons of some sort. The only issue with many "anti-virus" products is that they take so much CPU time and other resources that they negatively impact the overall usability of the computer.
As a security professional, this irritates me as well. I agree with the Yankee Group's analysis that this amounts to "double-dipping", and I feel it is ethically wrong. However, in a (supposedly) free-market economy, these things will happen until the market sorts them out. (I am _not_ an economist. My speciality is InfoSec.)