Can the Malware Industry be Trusted? 185
Joe Barr writes "Is the entire anti-virus / malware industry as rotten as it appears? I started digging into it as a result of the recent lame, unsubstantiated assertions of viral threats to Linux by Kaspersky Lab, but the practice doesn't seem to start or end with them. Who knows, maybe it's pandemic in that entire segment of the IT industry."
The Security Industry Does Not Want Security (Score:1, Interesting)
Silvio: "The Security Industry Does Not Want Security, They Want Insecurity"
I trust some of the anti-malware industry (Score:3, Interesting)
Seriously, however, I never buy any peice of security software without looking for testing results and reviews.
Also, I will never use any product that makes false positives intentionally (to scare the user into using/buying the product). That's just asking for trouble.
Work on your public image (Score:5, Interesting)
idiots, dolts, crap. There is a lot of name calling in there. He sounds like a teenager complaining about her friends. I don't claim to be the most articulate person around, but this guy shouldn't be writing articles. People judge you by the words you use. I got so distracted by his name calling I had to post before finishing the article, and I'm wondering if I'll be able to reach the end or take his side given the tone.
Re:I trust some of the anti-malware industry (Score:2, Interesting)
Hmm, you make an interesting point. Ever notice that when you run one of these expensive security suites and you don't get any meaningful results, you always get a couple of "dangerous" cookies found, just to keep the results above zero?
The logic must be: Don't tell them it's clean. Use fud if necessary.
Re:perceived standard? (Score:3, Interesting)
Wait, why on earth would an industry that exists to correct flaws in another product lead consumers away from that product? If AV companies encouraged people to ditch Windows, actually be careful on the internet and take other measures to avoid malware, and people listened to them, the companies would go out of business. No Windows, no need for a Windows anti-virus.
I think it has nothing to do with MS being a "standard," its just the fact that the AV companies need Windows to have some holes in it (and need people to exploit these holes) in order to have any selling points for their software. It's "pander to MS" or go out of business.
Re:job security (Score:3, Interesting)
Re:AV for MacOSX: $59 -- Why? (Score:5, Interesting)
Some argue that it's not bad to have a security infrastructure in-place, even if theres very little self-propagaiting malware out there. It makes one "ready" to deal with the inevitable threats when they are discovered. It makes one confident that they will be the first ones to recognize and recover from any future infection.
That seems like a good idea until you realize that to install and remove malware means the software will need to operate with very high permissions. Installing programs like Clam or Symantec Antivirus are possibly giving hackers more potential ways to exploit your system than if you hadn't installed the anti-malware to begin with. I think there actually have been low-level, local security holes found based soleley on security software that the user has installed.
On the Mac, I think there is more harm than good done right now with anti-virus products. It's almost like feeling you must hang that lucky pair of fuzzy dice in your new car because you think it helps you not have accidents, when in fact their interference in your driving might be what causes you to have one.
Re:Title is chillingly apropos (Score:4, Interesting)
What bugs me about the big guys is that they've become such gigantic products. They cause as many problems with their bloat as they fix, and they still don't fix everything (especially where Ad/Spyware is concerned). And this, of course, makes them REALLY not want to fix the underlying issue: people would start noticing that their computer starts up twice as fast and generally runs much better without some cyclopean anti-everything program.
Symantec Client Security started out as an OK little product. At the time, I was very impressed that its UI was so clean. Now, they're a complicated amalgams of firewall, AV, anti-spyware, Cuisinart and dishwasher. While I realize that they sell integration, there's no reason that integration need entail poor usability and baffling complexity. I once tried to get FTP to work on a relative's computer. I found that in Norton there was no firewall rule for FTP anywhere (or it was named something weird), yet it was blocking all traffic. My only option was to completely disable their firewall (and people get pretty mad when you tell to disable something they paid for.
The reason there's such a high pressure to integrate, of course, is that these guys make big bucks off of huge corporate licenses. Many IT or business development people I've talked to have said that they won't put anything except Norton on a desktop. I can see their point, because only dealing with one company means less IT and B2B overhead. And from Norton/Symantec's point of view, if they didn't offer a fully integrated solution, then somebody else would and they'd lose the client. So, they acquire every technology they possibly can and haphazardly jam it into their suite.
While I'm posting, I will admit that the article is least partially true. At my company [robotgenius.net], we were somewhat embarassed to admit that we were sad when the first really apocalyptic adware site we'd found went offline. This wasn't because we wanted to drum up sales, but rather because they were a great test case for our technology.
Re:perceived standard? (Score:3, Interesting)
The only situation where this is not the case is where the customers are convinced that there is no substitute for the product under consideration.
For example, you'd never eat at a restaurent that had a stomach pump kiosk set up out front that was doing a brisk business with departing patrons, would you?
Yet people still buy an operating system that requires you to have anti-malware and anti-spyware software running constantly to prevent your computer from being exploited by others.
Re:Title is chillingly apropos (Score:4, Interesting)
I put it this way: Windows' application integration is built on a base of executing as instructions anything it finds which can possibly be executed. Documents and help files have embedded controls to be executed by the system, to name just one example. MS has learned that this is dangerous behavior, but their ability to move away from this model is severely hampered by the need to maintain compatibility, even basic functionality, with a mountain of installed base.
Re:Title is chillingly apropos (Score:3, Interesting)