Can the Malware Industry be Trusted?

Joe Barr writes "Is the entire anti-virus / malware industry as rotten as it appears? I started digging into it as a result of the recent lame, unsubstantiated assertions of viral threats to Linux by Kaspersky Lab, but the practice doesn't seem to start or end with them. Who knows, maybe it's pandemic in that entire segment of the IT industry."

gee...

[grasshoppa]

An industry blowing problems up to be bigger than they seem in order to sell more product? Conspiracy!

The only real crime here is that we've let ourselves be suckered by them for as long as we have.

Bad title!

[Rob T Firefly]

Surely they mean the anti-malware industry?

wtf?

[kunwon1]

From TFA:

Today, players like McAfee, Symantec, Norton, and dozens of other firms fight for a share of a market worth tens-of-billions of dollars a year.

If this guy doesn't know that Symantec == Norton, I don't think I have any use for his opinions on malware companies.

money

[Lord Ender]

If you assume that every person is motivated by money alone, then you are forced to conclude that anti-malware companies have the greatest incentive to produce malware.

people DO believe this stuff

[yagu]

Agree or disagree with the points of this article (I mostly agree), there is an elephant in the middle of the room everyone ignores.

From the article (emphasis mine):

Every year, US-Cert produces huge fireworks in the security trade press with their annual summary of misinformation about security flaws. The idiots in the press repeat the lie verbatim and the lie becomes real. What is the lie? That Unix/Linux is less secure than Windows. Granted, only the stupidest dolts in the universe -- and the trade press -- are going to buy that crap, but they put it out there anyway.

"Only the stupidest dolts in the universe?" Aside from being a little insulting, it's just not true. Many intelligent people believe these reports simply because, as the article points out elsewhere, because it is repeated the lie becomes truth.

People trust "media" to the extent they don't have expertise in some subject matter. What other result would you expect? There are too many topics, too many reports, and too many things demanding attention, general consumers and lay people, appropiately (though naively), rely on integrity of reporting bodies to filter that part of their world not their specialty(ies).

Reporting organizations (e.g., CERT) have an ethical responsibility to normalize and make canonical data issued for general consumption.

Unfortunately the technology world today is Microsoft's sandbox, and seemingly if anyone wants to play, be it media, competition, and lately even government, Microsoft seems to be able to control the rules. Sigh, again.

perceived standard?

[OffTheLip]

Microsoft has established itself as a standard so much so that even a 'unbiased' consumer organization such as Consumer Reports basically only acknowledges MS when reviewing computers and making recommendations. Apple is a player but not top tier. It's no wonder AV companies pander to MS and spread FUD. Logically, one would think that a business that exists to correct flaws in another product would lead consumers to shy away form that product but no, because MS is a standard.

Title is chillingly apropos

[TripMaster Monkey]

Not really...after all, these firms have absolutely no interest in eliminating the problem, but only in treating the symptoms. That's why they continually endorse an OS that is legendary for its security holes, while spreading FUD about more secure alternatives like *nix and MacOS, which have a chance of actually fixing the underlying problem.

Re:Bad title!

[gmf]

Surely they mean the anti-malware industry?

Maybe that's the same? Who knows?

Fear and Protection Rackets

[RichMan]

The whole thing is a protection racket. The more they can make you afraid of the consequenses and aware of the "threat" the more you are willing to pay for protection. The whole thing is based on a vulnerable infrastructre.

If there was a solid infrastructre that was trusted the whole industry would disappear. The industry is based on the Microsoft Operating system and its designed vulnerabilities. The industry would not exist without the flaws in the Microsoft Operating systems and workflow. If Microsoft fixed its stuff, or if people migrated to a solid infrastucture the industry would disappear. I am sure the industry as a whole is looking at Linux as a big threat, it could destroy their whole reason for existing.

As a whole the Linux client is not a market for this industry. They need to make Linux/OSS users feel the threat so we will by their product.

What a stupid title

[guspasho]

"Can the Malware Industry be Trusted?"

Of course it can't! It's the friggin' malware industry! Their business plan centers around installing stuff on your PC that you don't want on there and didn't ask for, and abusing your PC without your permission for their own purposes. Why on God's green earth would someone like that be trusted?

Re:gee...

[scronline]

Well, on the Windows platform it's well justified doom and gloom. But like with any corperation (read greedy) that sells a product, they are going to want to boost sales. So it's their job to state the reason(s) why their product is necessary. Many times the truth gets skewed in that process.

But regardless of the fact that ANY software producer will hype their product (As I'm sure you've seen by reading /. the words Microsoft and Yankee Group should spring to mind) you have to take that hype with a grain of salt. You can't buy into everything otherwise you're the gullible little sheep that they need/expect to survive. The aptly named Phantom console is a perfect example or even Duke Nukem Forever. However, I don't want to bash Kaspersky since after all, I prefer their AV software to any other mainstream product out there.

Either rate, Antivirus is a necessary evil. Using *NIX doesn't remove you from the responsibility of not forwarding an email virus because it's a funny joke. You may laugh, but there have been several times I've had people on Linux forwards me "jokes" with Windows viruses attached.

Re:Bad title!

[buckhead_buddy]

Rob T Firefly wrote:

Surely they mean the anti-malware industry?

I think there's a dubious market for malware. (Okay, so my old boss might be the type to commission a new virus, but most aren't.) The anti-malware markets need a continuous set of threats to be taken seriously and though they don't write the malware themselves, it's integral to their success in business.

Advice from industry experts giving 'analysis' such as "The smarter virus writers won't deploy their security compromises until after Vista actually ships." practically tells malware developers "If you're smart, you'll hold off on deploying your next big hack until after Vista ships so that your security hole won't be patched up before then."

When their analysts actually look seriously at alternitives that will reduce the scope of malware (such as moving to Linux or Mac OS X) then we may have real separation between the markets. Until then the anti-malware camp probably the most able to profit from (and legally disclaim responsibility for) the existence of malware.

Readers

[phorm]

Not all the readers would necessarily know that the two are the same, so it might be just to impress both names in their mind. That or make the 'conspiracy' larger than it seems./

Re:gee...

[grasshoppa]

However, I don't want to bash Kaspersky since after all, I prefer their AV software to any other mainstream product out there

Nod32. Know it, love it.

You may laugh, but there have been several times I've had people on Linux forwards me "jokes" with Windows viruses attached.

Then that is the fault of a clueless email admin. I've setup many email servers, and I don't think a virus has ever made in past that point coming in or going out. It's quite simple really, which prompts me to call the admins in question idiots.

Can the ****** industry be trusted?

[shodai]

No.

Yes, Rotten To The Core

[aldheorte]

Yes, the anti-virus industry is as rotten as it appears, if not more so. In talking to non-expert computer users who use anti-virus, anti-virus causes more problems than it solves. Anti-viral software with automatic updating is essentially like installing a rootkit on your computer controlled by the anti-virus vendor. With just a little bit of training, and perhaps a different email client than Outlook, as well as using Firefox instead of (or patching) IE, viruses and malware are easily avoided.

Anyone who is serious about security doesn't run anti-virus because it does not fix the root issues of vulnerability.

Thy key is that anti-virus can be sold on fear and, since the average computer user doesn't understand that there is nothing mystical about viruses and their vectors are easily identified, fear sells a product that actually makes your computer less secure and less usable. That said, there are some good free programs out there, like ClamAV and Spybot Search & Destroy to help you as a system administrator check out suspicious files or clean up a mess on a specific case by case basis (the latter only applying to Windows).

Counterpoint

[sopwith]

Whether or not the malware industry can be trusted, anyone who calls a company a "servile buffoon" probably can't be trusted to be a impartial and logical journalist.

Things are never as extreme as they seem - there are good & bad guys (and in-between guys, and girls too! :) in both the anti-malware and journalism industries. I don't trust the Kaspersky Kooks at all, but McAffee and some of the other companies (e.g. PC Tools Software, F-Secure) do have some credibility in my book.

Then too, we know that the only way that all those evil writers can sell their stories is to make them sound melodramatic... :P

No! Stay vulnerable. Please.

[xkr]

The anti-malware software industry is like the insurance industry. They want to provide their paying customers with benefit, but the last thing they ever want to do is encourage consumer behavior, law, or product changes that actually eliminate the problem, thus putting themselves out of business.

No, not really

[FishandChips]

Perhaps the question needs wider phrasing: can the IT industry - not just the malware side - be trusted? Personally I don't think so because they seem addicted to denying the consequences of their own actions or foisting the cost on the public. You can see this everywhere from the paltry, tokenish efforts to tackle malware and spam by corporations that regularly turn in billions in profits, to the Heath-Robinson-like, energy-guzzling design of the PC itself, to dumping clean up and recycling via shady deals with the Chinese. Let's not even look at moral issues like DRM and Hollywood or Chinese censors.

OTOH, no industry can be trusted. If it wasn't for some tireless public-minded advocates the auto industry would probably have us still driving deathtraps with engines designed in the 1950s or the pharma industry, for example, would have us growing three heads while being charged 50 bucks for a paracetamol.

Re:AV for MacOSX: $59 -- Why?

[Anonymous Coward]

MS Office macro-virii, such as Concept, are cross platform.

Where you find MS, you also find virii.

Conspiracy? Maybe. Stupidity? Definitely.

[GregStevensLA]

Can the anti-malware industry be trusted? Can microsoft be trusted? Can the IT industry be trusted?

One thing that all of this overlooks, is that it doesn't take malice for hysteria to spread.

premise: people fear what they don't understand.
premise: most people don't understand computers.

I have a friend who fancied himself a home-taught computer expert. Armed with TweakXP, a few anti-virus tools, and a small handful of other gadgets, he was always offering to "optimize" and "fix" his friends' computers.

And lo! and behold, every single computer that was ever brought to him had "a major virus" or "a serious trojan" problem on it. Of course, there is so much media hype about viruses (and people's bad browsing habits) that this was fairly believable. However, the mere consistency of his diagnoses started making me suspicious....

Sure enough, after a few in-depth conversations, it turns out that he was using bad virus-detection software: some unknown little program that he assumed was "better than all the rest" because it "always found more" (it didn't occur to him that most of them were false positives); and moreover, it turns out he didn't even have a clear understanding of what a "virus" is.

But let me tell you: he had a stream of people in and out of his apartment that were absolutely convinced that ANY time there was EVER a problem with their machine, it MUST have been because of a virus.

Good point about "Eulaware"

[Beryllium Sphere(tm)]

Linux and OS X have a good record for resisting drive-by installs. But as TimC points out, the threat model has to include users downloading dancing cursors and weather forecasting applets with 20-page EULAs, readable three lines at a time, which bury a cryptic line or two which means "all your base are belong to us".

There are operating systems that can protect against that threat. They're not mainstream in design, and neither Linux nor OS X is among them.

>please consider that I'm Joe Sixpack

Joe Sixpack -- four digit Slashdot id -- the cognitive dissonance is too much, I can't survi

Re:Title is chillingly apropos

[99BottlesOfBeerInMyF]

Not really...after all, these firms have absolutely no interest in eliminating the problem, but only in treating the symptoms.

So look who is motivated to fix the problem. MS isn't, they aren't losing market share and they've introduced their own anti-virus to milk the situation. So who is? Well alternate OS vendors are (as you mentioned), since they can use it as a differentiator, but most of them don't really have a malware problem so they haven't put much effort into a better solution. Big, enterprise businesses are and people who sell them solutions that do multiple tasks, like network management, where malware is a small piece of the puzzle. Some of the solutions to come out of that space are surprisingly effective. "Oh, gee another random worm outbreak. Well, lets just stop that from spreading or re-entering the network using our routers to filter it. Now I'll send this list of infected hosts to operations along with a virus signature and they can clean them when someone writes an AV signature and a tool to remove this one."

Who else is motivated? Big network operators are. Worms clog pipes and launch DDoS attacks. That is fine, since they can charge for the bandwidth, but customers complain about the network congestion and a lot of people are willing to pay extra for "cleaned" pipes. Some of the solutions in that space are likewise effective; the same thing on a larger scale. At least one of the tools ups the ante by letting operators swap signatures using a centralized database.

Who else is motivated? Open source projects, like Clam AV and the like. If corporations donated a quarter of what they spend on proprietary solutions to these guys, they'd save a fortune and end up with better solutions. They could emulate the techniques employed by the two examples above and apply them on a smaller scale.

It is a pity most corporate purchasing agents did not have a course on critical thinking in high school.