Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anti-Botnet Market is Black Eye for AV Industry

Posted by Zonk on from the why-buy-one-when-you-can-have-two-at-twice-the-price dept.

alternative coup writes "eWEEK is running a story on the emergence of an anti-botnet market to fill a perceived need for software to deal with botnet-related malware (Trojans, keyloggers, rootkits, etc.). The article characterizes this as 'another black eye' for the existing anti-virus industry — asking consumers to pay twice for protection from things that anti-malware suites are missing. Venture capital money is flowing to these anti-bot products, an implicit statement that the AV giants are not doing their jobs. 'For companies such as Symantec, which sells the Sana-powered Norton AntiBot and anti-malware subscriptions, it's a nickel-and-dime situation. Symantec officials say Norton AntiBot is for a specialized, technical market segment looking for high-end tools to deal with botnets, but [Andrew Jaquith, an analyst with The Yankee Group] said it's a case of anti-malware companies double-dipping.'"

2 of 204 comments (clear)

  1. Re:A/V bloat due to antiquated approaches by ppanon · · Score: 5, Informative

    IANAB (I am not a biologist), but it seems that our body's immune system operates more on heuristics than some exhaustive chemical look up table.

    Yep, you're no biologist, and even less of an immunologist. You need to read up on antibodies. Now, part of the immune system does work on heuristics, but a big part of it is all the antibodies running around your body as a "chemical lookup table", but one with a massively parallel seek mechanism.
    --
    Laissez lire, et laissez danser; ces deux amusements ne feront jamais de mal au monde. - Voltaire
  2. Re:This... by querist · · Score: 4, Informative

    The two sets are not mutually exclusive. It is possible for a "virus" (or a "worm") to include spyware functionality, but just because something is a virus or a worm does not mean it is spyware. Spyware is often installed by either a "drive-by download", where a website pushes something onto your computer without you knowing about it, or it is included with some other application. However, it _can_ be installed by a virus or worm. (Or, for that matter, though an active attack and exploit such as via someone using Metasploit for less-than-noble purposes.)

    Being included with another application may or may not qualify it as a member of the set "Trojan Horse", depending entirely if the application intentionally installed includes the spyware in its function or if the spyware is a secondary piece of software that is not directly announced. A "Trojan Horse", in the software sense, is a piece of software that reportedly does one thing but actually does something else, either with or without including the reported functions.

    However, I agree with what I believe to be the general, pervailing thought that a user should need only one anti-malware application that should be able to handle all of these. I also believe that "defense in depth", when possible (corporate environment, for example) is the best approach. I look at it this way: just because the castle has really high walls and good archers doesn't mean that the guards inside the castle shouldn't be carrying weapons of some sort. The only issue with many "anti-virus" products is that they take so much CPU time and other resources that they negatively impact the overall usability of the computer.

    As a security professional, this irritates me as well. I agree with the Yankee Group's analysis that this amounts to "double-dipping", and I feel it is ethically wrong. However, in a (supposedly) free-market economy, these things will happen until the market sorts them out. (I am _not_ an economist. My speciality is InfoSec.)