Can the Malware Industry be Trusted? 185
Joe Barr writes "Is the entire anti-virus / malware industry as rotten as it appears? I started digging into it as a result of the recent lame, unsubstantiated assertions of viral threats to Linux by Kaspersky Lab, but the practice doesn't seem to start or end with them. Who knows, maybe it's pandemic in that entire segment of the IT industry."
gee... (Score:5, Insightful)
The only real crime here is that we've let ourselves be suckered by them for as long as we have.
Bad title! (Score:5, Insightful)
wtf? (Score:5, Insightful)
If this guy doesn't know that Symantec == Norton, I don't think I have any use for his opinions on malware companies.
money (Score:5, Insightful)
people DO believe this stuff (Score:5, Insightful)
Agree or disagree with the points of this article (I mostly agree), there is an elephant in the middle of the room everyone ignores.
From the article (emphasis mine):
"Only the stupidest dolts in the universe?" Aside from being a little insulting, it's just not true. Many intelligent people believe these reports simply because, as the article points out elsewhere, because it is repeated the lie becomes truth.
People trust "media" to the extent they don't have expertise in some subject matter. What other result would you expect? There are too many topics, too many reports, and too many things demanding attention, general consumers and lay people, appropiately (though naively), rely on integrity of reporting bodies to filter that part of their world not their specialty(ies).
Reporting organizations (e.g., CERT) have an ethical responsibility to normalize and make canonical data issued for general consumption.
Unfortunately the technology world today is Microsoft's sandbox, and seemingly if anyone wants to play, be it media, competition, and lately even government, Microsoft seems to be able to control the rules. Sigh, again.
perceived standard? (Score:5, Insightful)
Title is chillingly apropos (Score:4, Insightful)
Not really...after all, these firms have absolutely no interest in eliminating the problem, but only in treating the symptoms. That's why they continually endorse an OS that is legendary for its security holes, while spreading FUD about more secure alternatives like *nix and MacOS, which have a chance of actually fixing the underlying problem.
Re:Bad title! (Score:3, Insightful)
Fear and Protection Rackets (Score:5, Insightful)
If there was a solid infrastructre that was trusted the whole industry would disappear. The industry is based on the Microsoft Operating system and its designed vulnerabilities. The industry would not exist without the flaws in the Microsoft Operating systems and workflow. If Microsoft fixed its stuff, or if people migrated to a solid infrastucture the industry would disappear. I am sure the industry as a whole is looking at Linux as a big threat, it could destroy their whole reason for existing.
As a whole the Linux client is not a market for this industry. They need to make Linux/OSS users feel the threat so we will by their product.
What a stupid title (Score:2, Insightful)
Of course it can't! It's the friggin' malware industry! Their business plan centers around installing stuff on your PC that you don't want on there and didn't ask for, and abusing your PC without your permission for their own purposes. Why on God's green earth would someone like that be trusted?
Re:gee... (Score:3, Insightful)
But regardless of the fact that ANY software producer will hype their product (As I'm sure you've seen by reading
Either rate, Antivirus is a necessary evil. Using *NIX doesn't remove you from the responsibility of not forwarding an email virus because it's a funny joke. You may laugh, but there have been several times I've had people on Linux forwards me "jokes" with Windows viruses attached.
Re:Bad title! (Score:3, Insightful)
I think there's a dubious market for malware. (Okay, so my old boss might be the type to commission a new virus, but most aren't.) The anti-malware markets need a continuous set of threats to be taken seriously and though they don't write the malware themselves, it's integral to their success in business.
Advice from industry experts giving 'analysis' such as "The smarter virus writers won't deploy their security compromises until after Vista actually ships." practically tells malware developers "If you're smart, you'll hold off on deploying your next big hack until after Vista ships so that your security hole won't be patched up before then."
When their analysts actually look seriously at alternitives that will reduce the scope of malware (such as moving to Linux or Mac OS X) then we may have real separation between the markets. Until then the anti-malware camp probably the most able to profit from (and legally disclaim responsibility for) the existence of malware.
Readers (Score:3, Insightful)
Re:gee... (Score:3, Insightful)
Nod32. Know it, love it.
You may laugh, but there have been several times I've had people on Linux forwards me "jokes" with Windows viruses attached.
Then that is the fault of a clueless email admin. I've setup many email servers, and I don't think a virus has ever made in past that point coming in or going out. It's quite simple really, which prompts me to call the admins in question idiots.
Can the ****** industry be trusted? (Score:3, Insightful)
Yes, Rotten To The Core (Score:3, Insightful)
Anyone who is serious about security doesn't run anti-virus because it does not fix the root issues of vulnerability.
Thy key is that anti-virus can be sold on fear and, since the average computer user doesn't understand that there is nothing mystical about viruses and their vectors are easily identified, fear sells a product that actually makes your computer less secure and less usable. That said, there are some good free programs out there, like ClamAV and Spybot Search & Destroy to help you as a system administrator check out suspicious files or clean up a mess on a specific case by case basis (the latter only applying to Windows).
Counterpoint (Score:2, Insightful)
Things are never as extreme as they seem - there are good & bad guys (and in-between guys, and girls too!
Then too, we know that the only way that all those evil writers can sell their stories is to make them sound melodramatic...
No! Stay vulnerable. Please. (Score:4, Insightful)
No, not really (Score:3, Insightful)
OTOH, no industry can be trusted. If it wasn't for some tireless public-minded advocates the auto industry would probably have us still driving deathtraps with engines designed in the 1950s or the pharma industry, for example, would have us growing three heads while being charged 50 bucks for a paracetamol.
Re:AV for MacOSX: $59 -- Why? (Score:0, Insightful)
Where you find MS, you also find virii.
Conspiracy? Maybe. Stupidity? Definitely. (Score:4, Insightful)
Can the anti-malware industry be trusted? Can microsoft be trusted? Can the IT industry be trusted?
One thing that all of this overlooks, is that it doesn't take malice for hysteria to spread.
premise: people fear what they don't understand.
premise: most people don't understand computers.
I have a friend who fancied himself a home-taught computer expert. Armed with TweakXP, a few anti-virus tools, and a small handful of other gadgets, he was always offering to "optimize" and "fix" his friends' computers.
And lo! and behold, every single computer that was ever brought to him had "a major virus" or "a serious trojan" problem on it. Of course, there is so much media hype about viruses (and people's bad browsing habits) that this was fairly believable. However, the mere consistency of his diagnoses started making me suspicious....
Sure enough, after a few in-depth conversations, it turns out that he was using bad virus-detection software: some unknown little program that he assumed was "better than all the rest" because it "always found more" (it didn't occur to him that most of them were false positives); and moreover, it turns out he didn't even have a clear understanding of what a "virus" is.
But let me tell you: he had a stream of people in and out of his apartment that were absolutely convinced that ANY time there was EVER a problem with their machine, it MUST have been because of a virus.
Good point about "Eulaware" (Score:3, Insightful)
There are operating systems that can protect against that threat. They're not mainstream in design, and neither Linux nor OS X is among them.
>please consider that I'm Joe Sixpack
Joe Sixpack -- four digit Slashdot id -- the cognitive dissonance is too much, I can't survi
Re:Title is chillingly apropos (Score:3, Insightful)
Not really...after all, these firms have absolutely no interest in eliminating the problem, but only in treating the symptoms.
So look who is motivated to fix the problem. MS isn't, they aren't losing market share and they've introduced their own anti-virus to milk the situation. So who is? Well alternate OS vendors are (as you mentioned), since they can use it as a differentiator, but most of them don't really have a malware problem so they haven't put much effort into a better solution. Big, enterprise businesses are and people who sell them solutions that do multiple tasks, like network management, where malware is a small piece of the puzzle. Some of the solutions to come out of that space are surprisingly effective. "Oh, gee another random worm outbreak. Well, lets just stop that from spreading or re-entering the network using our routers to filter it. Now I'll send this list of infected hosts to operations along with a virus signature and they can clean them when someone writes an AV signature and a tool to remove this one."
Who else is motivated? Big network operators are. Worms clog pipes and launch DDoS attacks. That is fine, since they can charge for the bandwidth, but customers complain about the network congestion and a lot of people are willing to pay extra for "cleaned" pipes. Some of the solutions in that space are likewise effective; the same thing on a larger scale. At least one of the tools ups the ante by letting operators swap signatures using a centralized database.
Who else is motivated? Open source projects, like Clam AV and the like. If corporations donated a quarter of what they spend on proprietary solutions to these guys, they'd save a fortune and end up with better solutions. They could emulate the techniques employed by the two examples above and apply them on a smaller scale.
It is a pity most corporate purchasing agents did not have a course on critical thinking in high school.