Can the Malware Industry be Trusted?

Joe Barr writes "Is the entire anti-virus / malware industry as rotten as it appears? I started digging into it as a result of the recent lame, unsubstantiated assertions of viral threats to Linux by Kaspersky Lab, but the practice doesn't seem to start or end with them. Who knows, maybe it's pandemic in that entire segment of the IT industry."

The Security Industry Does Not Want Security

[Anonymous Coward]

There's an entertaining presentation from Defcon X given by Gobbles (with help from Silvio Cesare and The Unix Terrorist) - 'Wolves Among Us' - the video is worth watching for a laugh, several laughs, at the expense of many so called experts. http://www.defcon.org/html/links/defcon-media-arch ives.html [defcon.org]

Silvio: "The Security Industry Does Not Want Security, They Want Insecurity"

I trust some of the anti-malware industry

[Coopjust]

Well, I certainly don't trust the malware industry :)
Seriously, however, I never buy any peice of security software without looking for testing results and reviews.
Also, I will never use any product that makes false positives intentionally (to scare the user into using/buying the product). That's just asking for trouble.

Work on your public image

[gr8_phk]

From TFA "The idiots in the press repeat the lie verbatim and the lie becomes real. What is the lie? That Unix/Linux is less secure than Windows. Granted, only the stupidest dolts in the universe -- and the trade press -- are going to buy that crap, but they put it out there anyway."

idiots, dolts, crap. There is a lot of name calling in there. He sounds like a teenager complaining about her friends. I don't claim to be the most articulate person around, but this guy shouldn't be writing articles. People judge you by the words you use. I got so distracted by his name calling I had to post before finishing the article, and I'm wondering if I'll be able to reach the end or take his side given the tone.

Re:I trust some of the anti-malware industry

[goldaryn]

> Also, I will never use any product that makes false positives intentionally

Hmm, you make an interesting point. Ever notice that when you run one of these expensive security suites and you don't get any meaningful results, you always get a couple of "dangerous" cookies found, just to keep the results above zero?

The logic must be: Don't tell them it's clean. Use fud if necessary.

Re:perceived standard?

[Penguin Programmer]

It's no wonder AV companies pander to MS and spread FUD. Logically, one would think that a business that exists to correct flaws in another product would lead consumers to shy away form that product but no, because MS is a standard.

Wait, why on earth would an industry that exists to correct flaws in another product lead consumers away from that product? If AV companies encouraged people to ditch Windows, actually be careful on the internet and take other measures to avoid malware, and people listened to them, the companies would go out of business. No Windows, no need for a Windows anti-virus.

I think it has nothing to do with MS being a "standard," its just the fact that the AV companies need Windows to have some holes in it (and need people to exploit these holes) in order to have any selling points for their software. It's "pander to MS" or go out of business.

Re:job security

[boldtbanan]

i've always thought that maybe anti-virus and anti-spyware companies would produce virus's and spyware, i mean how do you get better job security than fixing something that you broke.. and people STILL say thanks!

Yeah, like Microsoft's announced entry into the anti-virus industry. You can actually find a way to profit from your screw ups (or active sabotage if you're even more insidious).

Re:AV for MacOSX: $59 -- Why?

[buckhead_buddy]

Symantec AntiVirus products for Mac (in my experience) are incredibly popular among people moving from PC's to Macs: the so called "Switcher" market. It's really just a matter of having built a reputation on fear in one market and the user feeling naked without that product.

Some argue that it's not bad to have a security infrastructure in-place, even if theres very little self-propagaiting malware out there. It makes one "ready" to deal with the inevitable threats when they are discovered. It makes one confident that they will be the first ones to recognize and recover from any future infection.

That seems like a good idea until you realize that to install and remove malware means the software will need to operate with very high permissions. Installing programs like Clam or Symantec Antivirus are possibly giving hackers more potential ways to exploit your system than if you hadn't installed the anti-malware to begin with. I think there actually have been low-level, local security holes found based soleley on security software that the user has installed.

On the Mac, I think there is more harm than good done right now with anti-virus products. It's almost like feeling you must hang that lucky pair of fuzzy dice in your new car because you think it helps you not have accidents, when in fact their interference in your driving might be what causes you to have one.

Re:Title is chillingly apropos

[happyemoticon]

What bugs me about the big guys is that they've become such gigantic products. They cause as many problems with their bloat as they fix, and they still don't fix everything (especially where Ad/Spyware is concerned). And this, of course, makes them REALLY not want to fix the underlying issue: people would start noticing that their computer starts up twice as fast and generally runs much better without some cyclopean anti-everything program.

Symantec Client Security started out as an OK little product. At the time, I was very impressed that its UI was so clean. Now, they're a complicated amalgams of firewall, AV, anti-spyware, Cuisinart and dishwasher. While I realize that they sell integration, there's no reason that integration need entail poor usability and baffling complexity. I once tried to get FTP to work on a relative's computer. I found that in Norton there was no firewall rule for FTP anywhere (or it was named something weird), yet it was blocking all traffic. My only option was to completely disable their firewall (and people get pretty mad when you tell to disable something they paid for.

The reason there's such a high pressure to integrate, of course, is that these guys make big bucks off of huge corporate licenses. Many IT or business development people I've talked to have said that they won't put anything except Norton on a desktop. I can see their point, because only dealing with one company means less IT and B2B overhead. And from Norton/Symantec's point of view, if they didn't offer a fully integrated solution, then somebody else would and they'd lose the client. So, they acquire every technology they possibly can and haphazardly jam it into their suite.

While I'm posting, I will admit that the article is least partially true. At my company [robotgenius.net], we were somewhat embarassed to admit that we were sad when the first really apocalyptic adware site we'd found went offline. This wasn't because we wanted to drum up sales, but rather because they were a great test case for our technology.

Re:perceived standard?

[tbannist]

I think OffTheLip was referring to the obvious point that if a product has spawned an entire industry that revolves around fixing it so that it actually works, that potential customers should be wary of using that product due solely to the existence of that industry. It implies that there are very serious problems with the original product. I do not think he meant that the industry itself should be engaging in self-destructive activities.

The only situation where this is not the case is where the customers are convinced that there is no substitute for the product under consideration.

For example, you'd never eat at a restaurent that had a stomach pump kiosk set up out front that was doing a brisk business with departing patrons, would you?

Yet people still buy an operating system that requires you to have anti-malware and anti-spyware software running constantly to prevent your computer from being exploited by others.

Re:Title is chillingly apropos

[Y2]

more secure alternatives like *nix and MacOS, which have a chance of actually fixing the underlying problem.

How so? When replying, please consider that I'm Joe Sixpack, armed with the root password, just enough smarts to install stuff and not enough smarts to not install bad stuff.

I put it this way: Windows' application integration is built on a base of executing as instructions anything it finds which can possibly be executed. Documents and help files have embedded controls to be executed by the system, to name just one example. MS has learned that this is dangerous behavior, but their ability to move away from this model is severely hampered by the need to maintain compatibility, even basic functionality, with a mountain of installed base.

Re:Title is chillingly apropos

[Oztun]

I worked for an on-site PC repair company and I would add that Norton causes more problems than spyware. I would go on more calls where PC's ran like crap because Norton products needed to be reinstalled than spyware cleanup calls. All I can say is thanks Norton for helping me pay my rent.