Slashdot Mirror
Anti-Botnet Market is Black Eye for AV Industry
alternative coup writes "eWEEK is running a story on the emergence of an anti-botnet market to fill a perceived need for software to deal with botnet-related malware (Trojans, keyloggers, rootkits, etc.). The article characterizes this as 'another black eye' for the existing anti-virus industry — asking consumers to pay twice for protection from things that anti-malware suites are missing. Venture capital money is flowing to these anti-bot products, an implicit statement that the AV giants are not doing their jobs. 'For companies such as Symantec, which sells the Sana-powered Norton AntiBot and anti-malware subscriptions, it's a nickel-and-dime situation. Symantec officials say Norton AntiBot is for a specialized, technical market segment looking for high-end tools to deal with botnets, but [Andrew Jaquith, an analyst with The Yankee Group] said it's a case of anti-malware companies double-dipping.'"
... the best protection against botnets is never install Windows? I've really never understood why some law firm hasn't had a go at a class action against MS. Botnets, viruses, id thieveng trojans etc etc etc, ultimately they do bear a share of the responsibility, and thus surely the costs?
Read the EULA.
...has infuriated me for some time. This idea that some things are 'viruses' and others, 'spyware'. Last year, I tried to nail down Sophos on this very thing. If I'm protected against viruses, shouldn't I also, by default, be protected against spyware since that's how it usually gets on there in the first place?
'Oh no', they tell me. 'That's different...' Yeah. I see that. Now we got this going on.
People want their computers to be protected against any form of intrusion - from within or without - regardless of how it's classified. The reality is, that there are now forms of malware out there that are either undetectable or incurable once you have them. I use a gateway to help protect our computers, but every once in a while it still happens.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
Really... is there a need to separate spyware (which AV programs are horrible at detecting) from virus scanning as well? Most of the things mentioned are detected by scanners as they are, but not well. There's only so much that signature scanning with poorly implemented heuristics can detect.
So don't forget to get an AV program, personal firewall app, spyware scanner, and a botnet scanner in addition to the next trend that can be re branded and sold to people once again.
I wonder if some people use servants to check their snailmail for scams.
You just countered your argument. Our computers are meant to be servants and do stuff like this for us, that's the whole point.
Linux, you magnificent bastard, I read the fucking manual!
How can an OS add on fix a fundamental problem of the security of an operating system and the applications that are running on top of it?
It is my firm belief that AV software can never fix the real problem: broken OS security model and application bugs. For the AV software vendors this is always a game of catch up, the virus/trojan/worm/bot etc. creators have a huge advantage: numbers. They have more people figuring out ways to infect your computers, brake through your buggy and exposed application interfaces, send out executables with backdoors and viruses.... there are probably thousand times as many people working on the ways to take over PCs than there are people who are in 'business' of preventing this from happening.
And really, it is not that complex of a problem: run OS administration applications in one security level, run user applications in another security level, use hardware infrastructure to prevent these levels from intersecting and taking over each other, but of-course allow the highes level administration applications to take precedence over any user application and at least kill it. Do not allow execution of applications that are not authorized by the user. There are more good ideas than that, but basically do not allow a user application to hijack the system by pretending to be an OS administration application, do not allow user applications to change their access levels, do not allow them to hide their processes from observers. Designate protected data storage on disks, and allow that data only to be modified by certain applications that are assigned by the user.
However this is not a job for some ad on AV software.
You can't handle the truth.
Symantec has a pattern of acquiring a company that's somehow related to their core business (Does anyone remember what that's supposed to be? I sure don't...) and turning the product into bloated crapware. Norton Utilities used to be FANTASTIC, as did BackupExec; whenever Symantec acquires something, it's time to find a replacement for it...
Sure, but you and I both know that the minute that the OS fixes this stuff, there will be MASSIVE litigation from the entire AV sector.
Kind of crappy, really-- but what REALLY rankled me was when MS released its OneCare; sorry, but you don't get to charge me to fix the holes in your broken systems. That's a massive conflict of interest that I'm rather surprised nobody has taken them to task for yet...
... the best protection against botnets is never install Windows?
That will only hold true as long as the market share for the non-Windows operating systems remains at its current levels. Whether Mac or Linux is intrinsically more secure than Windows is a subject for another (lengthy and heated) discussion, but the fact remains that practically, an OS is only as secure as the user running it lets it be. Linux users are much more secure from threats than Windows users for two reasons. One: since Linux accounts for such an infinitesimally small percentage of market share, malware coders don't waste their time coding for Linux. Two: since most Linux users are enthusiasts who generally know what they are doing, they can harden their installs to a greater degree than your average Joe-Sixpack Windows user.
A large upsurge in Linux use, especially by the 'typical' user that clicks on anything and everything, and runs their console session as root, would be irresistible to the malware coders, and you'd see the same situation you're seeing with Windows now.
____
~ |rip/\/\aster /\/\onkey
Once for the OS which should have been more secure in the first place, twice for the anti-virus, and a third time for the anti-botnet.
Except what you'll see is 50 million computer users running Linux as root all the time because an OEM configured it that way rather then be annoyed with support calls asking how to install some new program. Those 50 million people then get an email about free XXX videos, run an attachment that installs various kinds of malware, and we're right back where we started.
Clueless users given the ability to become administrators (which they can if they own the machine) will defeat any OS security.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
The main reason Norton lost my company as a customer was their subscription system. Every year we has to buy 10% extra licenses to account for failed installs/subscription renewals/reinstalls to get the automated updates working. Combine that with a bad pricing structure in the small business level of subscription (10 - 20) and I went with Avast Professional. One key good for all installs over the subscription period, and decent volume rebates in my market segment. So I'm amazed how well ISPs filter virus loaded emails nowadays, Comcast Business hasn't let anything go through in months that triggered alarms (down from at least one a week a year ago).
I'm aging rapidly, I bought a new game and had no idea if my machine was good for it.
If the ISP's started doing that everyone would have fits about them looking at and filtering your data.
I think it's bad enough that some ISP's may track your bandwidth usage.
Once they start inspecting each packet who knows where it will stop.
"I'd rather have a bottle in front of me than have to have a frontal lobotomy."
No, it's *NOT* 100% free. Sure, it's free to YOU, in your mom's basement or whatnot, but it's not free to business users in corporate locations.
Do the anti-virus co CEOs also have poor handwriting? These days, whenever I read anti-virus (or anti-spyware or anti-malware or anti-trojan) articles, I am reminded of (not very good) doctors who always use difficult and confusing words to befuddle me and deprive me of the little money I have - Microsoft certainly did not invent FUD, though it mastered it better than its oringial inventors (doctors), and now the AV industry is gleefully following these bozos...
Uh, because it pisses off their customers when they discover that, despite paying the yearly extortio--excuse me, subscription--fee, their computers still aren't protected?
Treat me honestly, fairly and openly, and I'm a customer for life. But if you sell me a "security suite" then nickel and dime me for all of the add-ons to provide the protection I thought I was getting in the first place, then I'll go elsewhere.
I used to use McAfee on my wife's Windows desktop (I use Linux, thank you very much) until I noticed two things happening: 1) the size of the product, and the resources it needed to run, kept growing, and 2) the protection it offered kept shrinking. Despite running the full malware protection on her computer, she *still* kept getting infected, and it was all I could do to keep her machine running. I've since switched to http://www.eset.com/Nod32 and have been, for the most part, pretty happy with it. It's fairly lightweight, works pretty well and has some cool features that reasonably competent system administrators will like (e-mail notifications, for example), although it doesn't tolerate unstable Internet connections during updates, unfortunately.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
If I look at all the problems Anti-virus software causes compared to that caused by actual viruses it is clear viruses have caused little damage compared to the Anti-virus software.
The dominant anti-virus software vendors have their product requirements stipulated by marketing departments and bloat it with duplicated or inefficient additional features.
Marketing departments have done a lot to corrupt technology and create confusion always changing names and naming conventions. They are also a major source of spam. We really just need a global product database with features and specification and do away with marketing all together, the cost of which is passed onto the consumer, the most we should see in the media is a new or upgraded product announcement that way we know to look for it in the database
The most efficient measure against viruses is actually user training and creating awareness and knowing not to fall for obvious deceptions and to stay away from "strange" web sites that you don't know. Sure there are some exceptions but most virus infection comes from a lack of common sense.
"an infinite player that has lost his finite mind" ~Infinite Play the Movie (it blends with reality)
You want to know why you were marked troll? Could it be because of the utter crap you are spreading? Here, let me help clear that up for you:
http://it.slashdot.org/article.pl?sid=07/10/05/1234217
*nix boxes aren't being used as a drone in a botnet but they are being used to control them. Far worse if you ask me.
Maybe a little less smugness and a little more research and you wouldn't get marked troll.
DISCLAIMER: I run Gentoo Linux SOLELY. No Dual Boot, no virtualization.
This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
The antivirus industry ITSELF is a multibillion dollar "black eye" on the "dominant vendor of PC operating systems".
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
why don't ISPs just set up honey pots and use them as test beds to determine what traffic is being generated by a bot, and kill the traffic as it leaves the costumer's computer
That doesn't solve the problem - it just moves it. Onto the vendors of networking hardware.
Core routers are "dumb as rocks" and can be relatively low reliability. The idea there is to treat each packet as a hot potato and move it on with as little "thought" about it as possible - so limited processing power can handle large numbers of packets. If the box goes down the others can find a way around it. But not thinking about each packet means these boxes are gullible.
Edge routers (the last router before the customer, or sometimes the one between two competing ISPs) are smarter and more robust: In the core there are multiple connections, but at the (customer) edge there is usually only one line to only one box, so it has to be as reliable as a phone switch. (If the ISP hasn't routed ALL traffic to/from the user through an extra box at the Network Op Center) it has to act as a "reverse firewall" to protect the gullible network routers from the users and keep the user from using resources he hasn't paid for. It's also the only box on the carrier side where all the customers' packets come together. So if the carrier is to provide comprehensive anti-malware service, that's where it ends up.
Edge routers have a lot of brains and a significant amount of memory. But for their main jobs they only have to look at headers and keep a small amount of state per customer. Add "deep packet inspection" for anti-malware on the current model and you explode the resources required. Now they have to look at the whole content of every packet and apply thousands of tests to it, exploding processor requirements. Worse they have to keep the state for every flow rather than just every customer - and a single tool-generated web page may be hundreds or thousands of separate flows, running in parallel due to browser optimization. And the state for each of the flows is enormous, including the state of the processing of each of the signatures being tested. Finally, they may actually have to hold the packets themselves, to reorder and/or defragment them for the analysis. So the storage requirements explode. And this resource requirement increases their susceptability to DOS attacks.
Further, smartening up the edge routers still further and giving them massive storage upgrades and inbound firewall duties makes them, not the users' machines, the primary target for malware vendors. They'd now have to spoof or subvert this machine to get their stuff to the users. But what a prize! Once it's subverted they get access to ALL the users and their traffic, regardless of the users' OS or anti-malware tools. (The zero-day window becomes "pwnership" of ALL the customers' data - no race between the infection spreading and the AV companies working out and deploying a signature.) Once in control, tapping should be a snap: The routers already have a government-mandated "lawful intercept" capability in place - just reconfigure it to send to the malware operation rather than the authorities. And talk about monocultures: The number of edge router vendors can be expressed with a single digit, likely with (at least at first) only one deep-packet-inspection product each. And they'll no doubt ally with the current anti-malware vendors to obtain their algorithms and signature updates.
So going to ISP-based filtering transfers the computational load of defense from a distributed web of end-users' machines to a small set of ISP boxes, increases the "software monoculture" vulnerability, provides an upstream target that the end user can't defend with a limited number of instances, makes it as vulnerable as the current worst-of-breed approach (microsoft OS and tools plus signature-based active immunity), gives access to ALL users on EVERY success, and raises the cost of the network boxes (and thus your networking bill).
Lowered security at a higher price doesn't seem like a good approach to me.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
If Linux ever achieves a large desktop market share, the repository model will inevitably break down and the reality of having to decide weather or not to trust software from third parties will come about.
And hilarity will ensue.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
The reason many companies and people do not buy Macs or switch to distros is because the software they rely on simply doesn't exist anywhere else.
I'm one of those people. I've tried Linux "equivalents", but they simply doesn't work the way I need.
Until I can switch ALL of my software needs to Linux, I simply cannot go over 100%. I keep Linux installed on my PC (Fedora 8 has an entire 160GB drive dedicated to it), but still have to switch back over to XP for the bulk of what I do.
A mac would be better for me, however, there's still the issue of software. Granted, MOST of what I use has a Mac version (ProTools, Cubase SX3, Reason being a few of them), but the rest do not (FL Studio and quite a few VST plugins).
Now... I'm just one person. Imagine a corporation that relies on software without a Mac or Linux port and no viable alternative (from a corporate standpoint anyways). What alternative do they have?
Fifty watts per channel, baby cakes.
Malware has evolved from being mostly destructive juvenile pranks to subversive software with a profit angle. The more intelligent malware tries not to call undue attention to itself. Those generally don't pig out on all the resources or gratuitously trash things. It's not profitable. Overly virulent diseases such as Ebola don't do well because they kill their hosts too quickly.
Meanwhile, the security industry has become like allergies, leukemia, and AIDS in one convenient package. Overkill on the scanning, sapping the computer's "energy" and making it always "feel tired". There's too much commercial software that has stepped past being helpful or even meaning to be helpful and is openly nagging and harassing with advertisements, update notices, FUD, anti-piracy verification demands, and the like. Last time I saw AOL Instant Messenger being used on a computer, about a year ago, I was stunned to see that it was taking a constant hefty 25% of the CPU's time and a noticeable amount of network capacity to run this continuous graphical banner ad campaign within the app. That's the sort of thing I'd expect to see from malware, not software from a supposedly reputable company. Certainly none of the security software was going to flag AIM as malware. Replaced AIM with Pidgin which instantly made the computer more responsive.
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
I thought fixing as a busted system was east. I press 'F12 for network services boot' and viola my machine has a clean install of windows pushed down!
Its amazing how a properly configured (and locked down) environment can be pretty effective.
It didn't happen that way with Macs. I think your argument is unlikely.