Anti-Botnet Market is Black Eye for AV Industry

alternative coup writes "eWEEK is running a story on the emergence of an anti-botnet market to fill a perceived need for software to deal with botnet-related malware (Trojans, keyloggers, rootkits, etc.). The article characterizes this as 'another black eye' for the existing anti-virus industry — asking consumers to pay twice for protection from things that anti-malware suites are missing. Venture capital money is flowing to these anti-bot products, an implicit statement that the AV giants are not doing their jobs. 'For companies such as Symantec, which sells the Sana-powered Norton AntiBot and anti-malware subscriptions, it's a nickel-and-dime situation. Symantec officials say Norton AntiBot is for a specialized, technical market segment looking for high-end tools to deal with botnets, but [Andrew Jaquith, an analyst with The Yankee Group] said it's a case of anti-malware companies double-dipping.'"

I've already started dumping Norton

[joshamania]

Symantec has already lost me as a customer. I began shifting my clients away from it as soon as the new spybot 1.5 released. It has a modicum of registry protection and it generally isnt a crapshoot as to whether or not its going to brick the computer its installed on...brick may be a strong term, but Norton/Symantec's footprint is way too much for a client machine...and now they want to add more.

Yeah...ditch these people now. AV on the client is a scam. Effective management and AV at the chokepoints can often provide enough protection I've found.

Re:I've already started dumping Norton

[Zeinfeld]

I recently cleaned up a relative's machine after reports that it was running slowly. He suspected a virus, the problem was that he had five different A/V packages on it, none of which he had asked for. Every tech support guy who had touched the machine had loaded his company package of goodies on it, including their A/V cramware. Then the A/V packages were fighting so it took 15 minutes to bring up explorer.

I killed all the A/V apart from the one that comes with AOL (which was the only one being updated in any case). Machine worked again. Problem solved.

A/V bloat due to antiquated approaches

[Temujin_12]

IANAAVE (I am not an anti-virus expert), but it seems to me that much of the bloat comes from the ever increasing virus signature database these engines have to keep in memory (especially for on-access real time scanning). Considering that there seems to be no end in site for these signature files and the high rate of virus mutation, virus signature tables seem to be an extremely antiquated and inefficient model for detection.

Of course, heuristics won't be a silver bullet as it brings its own set of problems (ie: false positives), but I think we'll see more of this used as time goes on. IANAB (I am not a biologist), but is seems that our body's immune system operates more on heuristics than some exhaustive chemical look up table. Considering the millions (billions?) of years nature has invested in our immune system I think we would do well to take a page from mother nature on this one.

Doomed business model?

[psydeshow]

Anti-virus, anti-spyware, firewall -- all of these protections should be built in to the operating system.

We shouldn't have to add third-party tools to make an OS secure. It should be secure (or at least, secure-able) out of the box.

Charging more for a suite of software that all does the same thing sounds like a last-gasp attempt to deliver some profits before architectural changes force these companies out of business.