Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anti-Botnet Market is Black Eye for AV Industry

Posted by Zonk on from the why-buy-one-when-you-can-have-two-at-twice-the-price dept.

alternative coup writes "eWEEK is running a story on the emergence of an anti-botnet market to fill a perceived need for software to deal with botnet-related malware (Trojans, keyloggers, rootkits, etc.). The article characterizes this as 'another black eye' for the existing anti-virus industry — asking consumers to pay twice for protection from things that anti-malware suites are missing. Venture capital money is flowing to these anti-bot products, an implicit statement that the AV giants are not doing their jobs. 'For companies such as Symantec, which sells the Sana-powered Norton AntiBot and anti-malware subscriptions, it's a nickel-and-dime situation. Symantec officials say Norton AntiBot is for a specialized, technical market segment looking for high-end tools to deal with botnets, but [Andrew Jaquith, an analyst with The Yankee Group] said it's a case of anti-malware companies double-dipping.'"

10 of 204 comments (clear)

  1. I've already started dumping Norton by joshamania · · Score: 4, Interesting

    Symantec has already lost me as a customer. I began shifting my clients away from it as soon as the new spybot 1.5 released. It has a modicum of registry protection and it generally isnt a crapshoot as to whether or not its going to brick the computer its installed on...brick may be a strong term, but Norton/Symantec's footprint is way too much for a client machine...and now they want to add more.

    Yeah...ditch these people now. AV on the client is a scam. Effective management and AV at the chokepoints can often provide enough protection I've found.

    1. Re:I've already started dumping Norton by Zeinfeld · · Score: 5, Interesting
      I recently cleaned up a relative's machine after reports that it was running slowly. He suspected a virus, the problem was that he had five different A/V packages on it, none of which he had asked for. Every tech support guy who had touched the machine had loaded his company package of goodies on it, including their A/V cramware. Then the A/V packages were fighting so it took 15 minutes to bring up explorer.

      I killed all the A/V apart from the one that comes with AOL (which was the only one being updated in any case). Machine worked again. Problem solved.

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
    2. Re:I've already started dumping Norton by Machtyn · · Score: 3, Interesting

      I'd also check out what Comodo is doing. Their free software is free for all, not just personal users (like Grisoft's AVG). They make their money off of web-site security certificates. I particularly like their firewall. It is very granular and allows you to create a myriad of rules based on software and/or ports.

    3. Re:I've already started dumping Norton by Sorthum · · Score: 3, Interesting

      Yahoo's done the same thing. A friend installed Messenger, come to find out it installed not only the Yahoo Toolbar, but an entire Yahoo menu within Firefox. "Install this utility" didn't used to mean "Please rape my computer for me."

  2. A/V bloat due to antiquated approaches by Temujin_12 · · Score: 4, Interesting

    IANAAVE (I am not an anti-virus expert), but it seems to me that much of the bloat comes from the ever increasing virus signature database these engines have to keep in memory (especially for on-access real time scanning). Considering that there seems to be no end in site for these signature files and the high rate of virus mutation, virus signature tables seem to be an extremely antiquated and inefficient model for detection.

    Of course, heuristics won't be a silver bullet as it brings its own set of problems (ie: false positives), but I think we'll see more of this used as time goes on. IANAB (I am not a biologist), but is seems that our body's immune system operates more on heuristics than some exhaustive chemical look up table. Considering the millions (billions?) of years nature has invested in our immune system I think we would do well to take a page from mother nature on this one.

    --
    Faith is a willingness to accept something w/o complete proof and to act on it. Reason allows you to correct that faith.
  3. Doomed business model? by psydeshow · · Score: 4, Interesting

    Anti-virus, anti-spyware, firewall -- all of these protections should be built in to the operating system.

    We shouldn't have to add third-party tools to make an OS secure. It should be secure (or at least, secure-able) out of the box.

    Charging more for a suite of software that all does the same thing sounds like a last-gasp attempt to deliver some profits before architectural changes force these companies out of business.

  4. Am I alone? by FredFredrickson · · Score: 3, Interesting

    I don't use any antivirus at all. I just don't get infected in the first place.

    Use Opera to browse porno. (Or just about anything at all).

    Don't run crack.exe (it's a trojan).

    Problem Solved. Am I alone here?
    In the off chance that I get infected (Ok, I ran crack.exe), just take the hooks out of the system (hijack this, pv if neccessary, unlocker, done). Restart. Problem soved.

    --
    Belief? Hope? Preference?The Existential Vortex
  5. Replacements for Norton by sm62704 · · Score: 3, Interesting

    Apple or Linux. My box is dual boot with networking in Windows disabled, as I pointed out in a comment modded "flamebait" this morning (who's going to flame me for giving my honest opinion about Microsoft, Ballmer?)

    So as to not garner another "flamebait mod" from the astroturfers by pointing out how insecure Windows is out of the box, I won't. Rather, I'll point out that Linux and Mac aren't being targeted by the botnet operators. Regardless of the reasons, you're safe with Mac or Linux unless a cracker targets you personally (no OS is completely secure).

    Poor Microsoft, if they ever marketed a secure OC Norton and McAffee would sue for anticompetetive monopoly practices and the EU wouldn't let them sell Windows in Europe any more.

    -mcgrew
    (I don't do Mondays very well and I'm on a losing streak lately so please be kind to an old nerd)

    --
    mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
  6. Two different symptoms, same cause by DrVomact · · Score: 3, Interesting

    It seems to me that, superficially at least, it makes sense to talk about a "botnet market" as separate from the anti-virus software market if you are talking about a higher-level network solution, not simply another program that consumers run on their PCs. But from the article, it's not clear what the focus of this supposed market is. If it's software that's run by companies with large PC networks, or ISPs, and if its purpose is to track botnet-like behavior by network clients with the aim of isolating suspect clients from that network, then it makes some sense to me. This could be a good thing...if it works. If it's yet another "safe computing" package marketed to Joe Sixpack, then it's an outstandingly stupid idea. If a computer is part of a botnet, the critical failure has already occurred, and no application package is going to fix it.

    I suppose the people who are boosting this new "market" are responding to a money-making opportunity created by a real social problem: the fact that massive botnets exist, and that such phenomena rob us of collective resources--that is, resources that exist for our common use. Ultimately such collective thievery boils down to every individual having to pay more for services, and to endure degraded service quality to subsidize the thieves. Surely preventing this is a worthy goal...or a goal worth paying money for.

    As many here know, the virus/botnet problem is due to two factors: a massively deployed operating system that is by design insecure, and a multitude of ignorant users. Of the two, the OS is most to blame. If Joe couldn't get his PC zombified by clicking some link to download stupid stuff off a web page, or reading some mystery email, the problem would be much diminished. However, I judge on the basis of their track record that Microsoft is unlikely to ever create a truly secure operating system; it's just not a priority. Because of Microsoft's ability to get computer retailers to bundle only their OS with every computer that is sold and because of most buyers' disinclination to learn about what they are purchasing, the situation is likely to continue—unless computer users are given a strong incentive to change their buying habits.

    And here's where network-level anti-botnet software might change things. Suppose ISPs started to identify PCs that are compromised to the extent that they constitute a public nuisance or threat—and isolate them from the network. Obviously, the anti-bot software would have to be very good; you don't want a significant number of false positives. But it seems to me that if you do automated traffic analysis, it wouldn't be that hard to identify the zombies (here's where those who really know about this stuff get to jump in and tell me why I'm wrong). Once identified, the zombie is isolated, the owner gets a singing telegram notifying him of the action that was taken and why, and what he should do to fix the problem. ("Reinstall Windows" will probably not be the recommended solution.)

    I think that this would help, but it would require several other changes. For one thing, it's not clear to me that ISPs actually care about botnets or viruses. I'm not sure why that is. (Again, someone with a better understanding of the communications infrastructure might want to help me out here.) For another, the [L|U][n|i]n[u|i]x OS has to become a commercial product. That's right: it has to be pried out of the hands of the well-meaning and hardworking people who have made it what it is today, and put into the hands of some money-grubbing capitalist who will make deals with computer retailers, guarantee support to end-users, and above all give it a decent name. You see, normal people don't trust free things; they only trust people who take their money. That's the fundamental stumbling block of the free software movement: in the market place, anything that's to be had for nothing is perceived as having no value.

    Anyway, the result I'm hoping for is that, as a result of penalizing stupid user behavior, people will either start using one of the epigonoi of Unix, or that MS will crumble under market pressure and actually create a decent secure OS. Well, I can dream.

    --
    Great men are almost always bad men--Lord Acton's Corollary
  7. Re:surely... by toadlife · · Score: 3, Interesting

    Mac and Linux ARE intrinsically more secure than Windows. And you completely missed the point of his post which stated that it doesn't matter. Did the froth from your mouth get into your eyes and obscure his message?

    There are no viruses in the wild for Mac or Linux. Care to qualify this? I'm always seeing hacked Linux boxes on the net poking around for more hosts to infect, and in large forums of OSX users I have seen reports of security breaches, and reports of OSX malware.

    "Market share" is a meaningless term when it comes to FOSS. There is no way to count the six computers I installed Linux on last year from the same CD, all of which report to web sites that they're running IE on Windows rather than Firefox on Linux. Actually, web stats can be used to accurately measure the percentage of desktops that run Linux. Windows, and OSX. The fact that you configured your linux boxes to send fake agent strings doesn't mean that a large portion do the same.

    You can, however, measure Macs. Apple shipped 1,610,000 Macintosh® computers in a single quarter last year! That's one hell of a big potential botnet It's about percentages, not numbers. 1,610,000 is a tiny fraction of the total computers sold each quarter.

    --
    I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.