Fake Antivirus Overwhelming Scanners

ChiefMonkeyGrinder writes "Rogue or bogus programs passing themselves off as real antivirus software have been one of the malware themes of 2009, but the APWG's numbers for the first half of the year show that the organisation's members detected 485,000 samples, more than five times the total for the whole of 2008."

Motivation

[99BottlesOfBeerInMyF]

This is all the free market working against the unfree market. In a free market competitors work to make the best product to make the most money. Right now, that's malware writers, each trying to outdo one another and make the best trojans to get the most bots and personal info.

In a free market consumers would buy computers best suited to deal with this threat, with defenses that appropriately reduce this threat to a small subset of their customers. But, since we have one player with a huge amount of influence on the desktop OS market, with huge influence on computer makers and other markets and who has built substantial barriers to prevent consumers from trying other options, desktop OS's are not adapting appropriately. Why should they if it is not losing them significant money?

Trojans aren't some unsolvable problem, but for the most part they are a problem that needs to be dealt with at the OS level. Add on software from computer makers is only going to be partially effective. SELinux, for example, does a reasonable job of mitigating trojans in the secure workstation market, but has not been adapted to the consumer desktop market as yet because it requires integration on the part of application developers and there is no real motivation to do that. Linux and OS X desktops don't face significant levels of attack. Windows doesn't lose real money when it fails to defend against them. Why would anyone who understands the benefits of free market capitalism expect anything but to have malware writers win. They have direct, financial motivation.

Seriously, MS could easily create a sandboxed backwards compatibility layer (they already have). They could easily require all software that did not have a proper signature and an ACL to run in a restricted sandbox. They could dump money into crafting a good UI for it and motivating developers by restricting access to new, useful APIs. The real question is, why should they, as a business, spend that money?

I have a modest proposal that will solve this problem and a lot of other problems all stemming from the same cause. Break up Microsoft. Seriously. They're repeat offender antitrust violators. Break them up and give at least two new companies complete rights to use all the source code and patents and an equal portion of the human resources and capital. Forbid these companies from any nonpublic communication or any agreements they don't offer to other companies with the same terms.

When you have executives at MS-A and at MS-B both realizing they have to do something to win sales contracts from Dell and HP and Sony and Asus guess what, they'll have to compete. Then their financial well being will depend upon which can deliver a better product at a lower price. Neither will be able to strongarm customers or people in other markets. They'll have motivation to fix the flaws in Windows and the accompanying software that people have been learning to work around for decades. And neither company will have to worry about antitrust concerns and will be able to bundle whatever crap they want including their version of IE. I'd be willing to bet if our justice department had the balls, the malware problem would be a minor annoyance in 5 years time.