Slashdot Mirror
Anti-Botnet Market is Black Eye for AV Industry
alternative coup writes "eWEEK is running a story on the emergence of an anti-botnet market to fill a perceived need for software to deal with botnet-related malware (Trojans, keyloggers, rootkits, etc.). The article characterizes this as 'another black eye' for the existing anti-virus industry — asking consumers to pay twice for protection from things that anti-malware suites are missing. Venture capital money is flowing to these anti-bot products, an implicit statement that the AV giants are not doing their jobs. 'For companies such as Symantec, which sells the Sana-powered Norton AntiBot and anti-malware subscriptions, it's a nickel-and-dime situation. Symantec officials say Norton AntiBot is for a specialized, technical market segment looking for high-end tools to deal with botnets, but [Andrew Jaquith, an analyst with The Yankee Group] said it's a case of anti-malware companies double-dipping.'"
Symantec has already lost me as a customer. I began shifting my clients away from it as soon as the new spybot 1.5 released. It has a modicum of registry protection and it generally isnt a crapshoot as to whether or not its going to brick the computer its installed on...brick may be a strong term, but Norton/Symantec's footprint is way too much for a client machine...and now they want to add more.
Yeah...ditch these people now. AV on the client is a scam. Effective management and AV at the chokepoints can often provide enough protection I've found.
IANAAVE (I am not an anti-virus expert), but it seems to me that much of the bloat comes from the ever increasing virus signature database these engines have to keep in memory (especially for on-access real time scanning). Considering that there seems to be no end in site for these signature files and the high rate of virus mutation, virus signature tables seem to be an extremely antiquated and inefficient model for detection.
Of course, heuristics won't be a silver bullet as it brings its own set of problems (ie: false positives), but I think we'll see more of this used as time goes on. IANAB (I am not a biologist), but is seems that our body's immune system operates more on heuristics than some exhaustive chemical look up table. Considering the millions (billions?) of years nature has invested in our immune system I think we would do well to take a page from mother nature on this one.
Faith is a willingness to accept something w/o complete proof and to act on it. Reason allows you to correct that faith.
Anti-virus, anti-spyware, firewall -- all of these protections should be built in to the operating system.
We shouldn't have to add third-party tools to make an OS secure. It should be secure (or at least, secure-able) out of the box.
Charging more for a suite of software that all does the same thing sounds like a last-gasp attempt to deliver some profits before architectural changes force these companies out of business.
I don't use any antivirus at all. I just don't get infected in the first place.
Use Opera to browse porno. (Or just about anything at all).
Don't run crack.exe (it's a trojan).
Problem Solved. Am I alone here?
In the off chance that I get infected (Ok, I ran crack.exe), just take the hooks out of the system (hijack this, pv if neccessary, unlocker, done). Restart. Problem soved.
Belief? Hope? Preference?The Existential Vortex
Good grief.
People are really, really stupid. Once your system is compromised, it is *not-fixable*. There is no reliable, effective way to insure that your system is untampered with unless you can do a bit-wise verification of every executable on the system, and even that isn't 100%; you really need to check *every* file against a "known-good" one.
I've seen plenty of systems with "up-to-date" antivirus get hosed, and they generally don't seem to be the same afterwards. Not to mention that few, if any antivirus packages are better than 95%.
If you can't keep your system clean, it isn't reliable. The only thing antivirus is really good for is as a means to determine if you need to wipe and re-install. For business purposes, I believe this to be unacceptable, and I cannot fathom why people don't switch to systems that do not require this ridiculous kludge.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
Apple or Linux. My box is dual boot with networking in Windows disabled, as I pointed out in a comment modded "flamebait" this morning (who's going to flame me for giving my honest opinion about Microsoft, Ballmer?)
So as to not garner another "flamebait mod" from the astroturfers by pointing out how insecure Windows is out of the box, I won't. Rather, I'll point out that Linux and Mac aren't being targeted by the botnet operators. Regardless of the reasons, you're safe with Mac or Linux unless a cracker targets you personally (no OS is completely secure).
Poor Microsoft, if they ever marketed a secure OC Norton and McAffee would sue for anticompetetive monopoly practices and the EU wouldn't let them sell Windows in Europe any more.
-mcgrew
(I don't do Mondays very well and I'm on a losing streak lately so please be kind to an old nerd)
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
IF a company can't be constantly selling you NEW products (as opposed to just updates for the old) and using new fear tactics to do it, how can they grow?
This is the problem with many industries today. They have the need to grow, like a cancer has a need to grow. Why must people be so greedy that they have to use every unethical and immoral tactic there is to sustain their greedy growth? What's wrong with settling for an honest living without stealing your way to cancerous growth like Norton does with is product? Why isn't Norton seen as evil as the RIAA (I mean, besides the fact that they don't sue their customers; selling you vinyl then tape then CD then download of the same song is akin to Norton, except npbody MAKES you "upgrade" to CD from vinyl)
Why does Norton need to get your money every six months, while the company who sold you the computer it's protecting only has to sell you a new one when YOU feel the need for a new one? Why can't Norton settle for the sale they make when you buy a PC?
Why should an OS have to come with a media player when there are tons of free ones, but an OS that's prone to malware can't come with AV? Microsoft should buy Norton or McAffee or someone and give you free virus defs.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
My home firewall/nat box runs Linux, and I check the logs on a semi-regular basis, just as a lark, and because it makes me itch to not check the logs, and I can assure you that there are plenty of automated attacks out there looking for linux.
Usually it's just common password stuff (because there are a lot fewer services that can be compromised through the usual buffer overflow stuff...I did have a couple of weeks where a guy was spamming an overflow exploit for some version of FTP I wasn't running), looking for application installs where the username is known, and the default password is also known. I get five or six hundred of of those a day, on a system that doesn't even respond to ping from the outside world.
I think the thing that really keeps people from hitting the Linux that hard is the fact that the odds are that an internet-facing Linux box is just a security appliance, and those are hard to break (by definition) and even if your l33tness managed to crack the box, you can end up left with a basically worthless box, which may not even be facing a network with anything good on it.
It's just a lot of work, for little return.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
And for any other anti-virus vendor who cares to implement it.
#1. A bootable CD that can give you read/write access to the local hard drive.
#2. A database (that can be updated) of what the MOST COMMON files are in which directories OF THE OS and their various identifying characteristics.
Because it is far, Far, FAR easier to validate that a certain file is "good" than to determine that it is "bad".
Simple concept, no?
Anything that cannot be identified can be "quarantined" if the user so wishes. Any data files SHOULD be easily identified.
Another benefit of this approach would be to identify files left over from incomplete un-installs.
Hey, if the various 3rd parties WANT to, they could even offer to run the un-install routine for the apps they've identified. Or to clean-up known crap.
It seems to me that, superficially at least, it makes sense to talk about a "botnet market" as separate from the anti-virus software market if you are talking about a higher-level network solution, not simply another program that consumers run on their PCs. But from the article, it's not clear what the focus of this supposed market is. If it's software that's run by companies with large PC networks, or ISPs, and if its purpose is to track botnet-like behavior by network clients with the aim of isolating suspect clients from that network, then it makes some sense to me. This could be a good thing...if it works. If it's yet another "safe computing" package marketed to Joe Sixpack, then it's an outstandingly stupid idea. If a computer is part of a botnet, the critical failure has already occurred, and no application package is going to fix it.
I suppose the people who are boosting this new "market" are responding to a money-making opportunity created by a real social problem: the fact that massive botnets exist, and that such phenomena rob us of collective resources--that is, resources that exist for our common use. Ultimately such collective thievery boils down to every individual having to pay more for services, and to endure degraded service quality to subsidize the thieves. Surely preventing this is a worthy goal...or a goal worth paying money for.
As many here know, the virus/botnet problem is due to two factors: a massively deployed operating system that is by design insecure, and a multitude of ignorant users. Of the two, the OS is most to blame. If Joe couldn't get his PC zombified by clicking some link to download stupid stuff off a web page, or reading some mystery email, the problem would be much diminished. However, I judge on the basis of their track record that Microsoft is unlikely to ever create a truly secure operating system; it's just not a priority. Because of Microsoft's ability to get computer retailers to bundle only their OS with every computer that is sold and because of most buyers' disinclination to learn about what they are purchasing, the situation is likely to continue—unless computer users are given a strong incentive to change their buying habits.
And here's where network-level anti-botnet software might change things. Suppose ISPs started to identify PCs that are compromised to the extent that they constitute a public nuisance or threat—and isolate them from the network. Obviously, the anti-bot software would have to be very good; you don't want a significant number of false positives. But it seems to me that if you do automated traffic analysis, it wouldn't be that hard to identify the zombies (here's where those who really know about this stuff get to jump in and tell me why I'm wrong). Once identified, the zombie is isolated, the owner gets a singing telegram notifying him of the action that was taken and why, and what he should do to fix the problem. ("Reinstall Windows" will probably not be the recommended solution.)
I think that this would help, but it would require several other changes. For one thing, it's not clear to me that ISPs actually care about botnets or viruses. I'm not sure why that is. (Again, someone with a better understanding of the communications infrastructure might want to help me out here.) For another, the [L|U][n|i]n[u|i]x OS has to become a commercial product. That's right: it has to be pried out of the hands of the well-meaning and hardworking people who have made it what it is today, and put into the hands of some money-grubbing capitalist who will make deals with computer retailers, guarantee support to end-users, and above all give it a decent name. You see, normal people don't trust free things; they only trust people who take their money. That's the fundamental stumbling block of the free software movement: in the market place, anything that's to be had for nothing is perceived as having no value.
Anyway, the result I'm hoping for is that, as a result of penalizing stupid user behavior, people will either start using one of the epigonoi of Unix, or that MS will crumble under market pressure and actually create a decent secure OS. Well, I can dream.
Great men are almost always bad men--Lord Acton's Corollary
ClamAV works fine, but on Windows, the performance is horrid. ClamAV takes 4X+ as long to scan a hard drive as Grisoft AVG. For that big of a performance difference, I'll just pay the $30. Not to mention the lack of on-demand scanning, and the massive memory footprint.
No it doesn't. AdAware "misses" so much spyware it's not funny. Spybot easily blows it away.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Whether Mac or Linux is intrinsically more secure than Windows is a subject for another (lengthy and heated) discussion
Which has repeatedly taken place here and you apparently never bothered following. Mac and Linux ARE intrinsically more secure than Windows.
A Trojan can hit any computer. That's why Linux folks are always cautioning to never run untested binaries.
There are no viruses in the wild for Mac or Linux. Your method of securing your PC works fine for Mac and Linux but will not for Windows.
One: since Linux accounts for such an infinitesimally small percentage of market share, malware coders don't waste their time coding for Linux
"Market share" is a meaningless term when it comes to FOSS. There is no way to count the six computers I installed Linux on last year from the same CD, all of which report to web sites that they're running IE on Windows rather than Firefox on Linux.
You can, however, measure Macs. Apple shipped 1,610,000 Macintosh® computers in a single quarter last year! That's one hell of a big potential botnet. If it was as easy to pwn an Apple as it was to pwn a Windows machine, it would have already been done. There are more than enough Apple computers to make it worth a malware writers's time.
Unless you're a Microsoft employee tasked with defending your company's products, please stop defending thair pathetically insecure OS. If you are such an employee, please let us know so we can take what you say with a grain of salt; however, we all know about Microsoft astroturf.
Me? I've never owned an Apple, and run dual-boot Mandriva/XP on my PC. I've disabled networking on the Windows side.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.