Can the Malware Industry be Trusted? 185
Joe Barr writes "Is the entire anti-virus / malware industry as rotten as it appears? I started digging into it as a result of the recent lame, unsubstantiated assertions of viral threats to Linux by Kaspersky Lab, but the practice doesn't seem to start or end with them. Who knows, maybe it's pandemic in that entire segment of the IT industry."
gee... (Score:5, Insightful)
The only real crime here is that we've let ourselves be suckered by them for as long as we have.
Re:gee... (Score:4, Funny)
No, that's Government. (Wait, there's a difference?)
Re:gee... (Score:4, Funny)
That's like saying there's no difference between the organ grinder and his trained monkey. Of course, there is a difference. One of them dances around, makes monkey noises, and steals stuff from you for the benefit of the other.
Re:gee... (Score:2)
You should watch century of the self [bbc.co.uk] if you get the chance. It lays out how the psyche of people have subtly being manipulated for both commercials as policital reasons.
The documentary shocked me as I've never thought it would've been as well defined and with as clearly defined "goals".
Re:gee... (Score:3, Insightful)
But regardless of the fact that ANY software producer will hype their product (As I'm sure you've seen by reading
Re:gee... (Score:3, Insightful)
Nod32. Know it, love it.
You may laugh, but there have been several times I've had people on Linux forwards me "jokes" with Windows viruses attached.
Then that is the fault of a clueless email admin. I've setup many email servers, and I don't think a virus has ever made in past that point coming in or going out. It's quite simple really, which prompts me to call the admins in questio
Re:gee... (Score:2)
Re:gee... (Score:2)
but you know what, the entire industry isn't corrupt, there are at least 8 competing adware companies, and yes they ALL try to collect personal data, they ALL try to make the ads pay the bills. Some companies try to do it the right way. they keep the software running on their own servers, and their own products EG yahoo. some companies try to squeeze a little more out of the bottom line, and offer 'sweet deals' to opens source communities.
Re:gee... (Score:2)
Every year Symantec has a critical flaw in their software, so someone can actually be SAFER without Norton on their computer, and a
Bad title! (Score:5, Insightful)
Re:Bad title! (Score:5, Funny)
Re:Bad title! (Score:5, Funny)
Title is chillingly apropos (Score:4, Insightful)
Not really...after all, these firms have absolutely no interest in eliminating the problem, but only in treating the symptoms. That's why they continually endorse an OS that is legendary for its security holes, while spreading FUD about more secure alternatives like *nix and MacOS, which have a chance of actually fixing the underlying problem.
Re:Title is chillingly apropos (Score:4, Interesting)
What bugs me about the big guys is that they've become such gigantic products. They cause as many problems with their bloat as they fix, and they still don't fix everything (especially where Ad/Spyware is concerned). And this, of course, makes them REALLY not want to fix the underlying issue: people would start noticing that their computer starts up twice as fast and generally runs much better without some cyclopean anti-everything program.
Symantec Client Security started out as an OK little product. At the time, I was very impressed that its UI was so clean. Now, they're a complicated amalgams of firewall, AV, anti-spyware, Cuisinart and dishwasher. While I realize that they sell integration, there's no reason that integration need entail poor usability and baffling complexity. I once tried to get FTP to work on a relative's computer. I found that in Norton there was no firewall rule for FTP anywhere (or it was named something weird), yet it was blocking all traffic. My only option was to completely disable their firewall (and people get pretty mad when you tell to disable something they paid for.
The reason there's such a high pressure to integrate, of course, is that these guys make big bucks off of huge corporate licenses. Many IT or business development people I've talked to have said that they won't put anything except Norton on a desktop. I can see their point, because only dealing with one company means less IT and B2B overhead. And from Norton/Symantec's point of view, if they didn't offer a fully integrated solution, then somebody else would and they'd lose the client. So, they acquire every technology they possibly can and haphazardly jam it into their suite.
While I'm posting, I will admit that the article is least partially true. At my company [robotgenius.net], we were somewhat embarassed to admit that we were sad when the first really apocalyptic adware site we'd found went offline. This wasn't because we wanted to drum up sales, but rather because they were a great test case for our technology.
Re:Title is chillingly apropos (Score:2)
Re:Title is chillingly apropos (Score:3, Interesting)
Re:Title is chillingly apropos (Score:2)
How so? When replying, please consider that I'm Joe Sixpack, armed with the root password, just enough smarts to install stuff and not enough smarts to not install bad stuff.
Re:Title is chillingly apropos (Score:4, Interesting)
I put it this way: Windows' application integration is built on a base of executing as instructions anything it finds which can possibly be executed. Documents and help files have embedded controls to be executed by the system, to name just one example. MS has learned that this is dangerous behavior, but their ability to move away from this model is severely hampered by the need to maintain compatibility, even basic functionality, with a mountain of installed base.
Good point about "Eulaware" (Score:3, Insightful)
There are operating systems that can protect against that threat. They're not mainstream in design, and neither Linux nor OS X is among them.
>please consider that I'm Joe Sixpack
Joe Sixpack
Re:Good point about "Eulaware" (Score:2)
Ok, so I didn't mean that *I'm* Joe Sixpack, I meant something along the lines of "Explain to me how Linux or OS X can prevent me from screwing my machine over. While doing so, assume that I have the root password and am Joe Sixpack..."
*I* am actually a developer with 7 years commercial experience who's been using a variety of different computer systems over the last 23 years, from my humble little Sinclair ZX Spectr
Re:Good point about "Eulaware" (Score:2)
Not really. Consider that Firefox has had many drive-by exploits available for it, and nothing stops you installing software on Linux without root then altering startup scripts/gconf/kconfig/session manager to ensure it's always loaded. From there it's trivial to do many things, including (in the unlikely event you care) getting the root password.
Re:Good point about "Eulaware" (Score:2)
Examples? I'd really like to see scum-ware persistently infect a RAM based PuppyLinux runtime. On that note, users are going to download crap, it's what users do. However, the scum-ware author ***KNOWS*** the OS layout for Win/OS-X, there's little flexibility, they can be 99% certain when estimating the fs/lib layout that what they need is there. On Linux, that's
Re:Good point about "Eulaware" (Score:2)
What'll really blow your mind is when you realize that his UID is actually 5 digits.
Re:Good point about "Eulaware" (Score:2)
Linux protects the user better than Windows from that on at least 2 different ways: 1) It normaly comes with the dancing cursors and weather forecasting apps included, so the user won't be that tempted to install them. 2) Most software doesn't have a EULA*, so we can teach Joe Sixpack to be sispicious of software that shows it.
There are also 2 unrelated advantages: 1) Linux DEs don't ask confirmation every time for every stupid action, so the user gets used to read dialog windows. 2) Most document formats
Re:Good point about "Eulaware" (Score:2)
Re:Good point about "Eulaware" (Score:2)
Well, my wife doesn't have admin priv. on her OS-X box, so I don't have to worry too much about her installing things she shouldn't. The fact that the box is very usable for a non-admin user does help with resisting viral attacks.
Re:Title is chillingly apropos (Score:2)
"...more secure alternatives like *nix and MacOS, which have a chance of actually fixing the underlying problem." How so? When replying, please consider that I'm Joe Sixpack, armed with the root password, just enough smarts to install stuff and not enough smarts to not install bad stuff.
Well, both of those OS's have some architectural advantages, like not needing to run network services for local actions, that make automated compromises less common. They both tend to be more responsive to vulnerabilities
Re:Title is chillingly apropos (Score:2)
Sounds familiar, hmm, where have I heard that business plan before?
Not a big coincidence that the anti-malware firms are doing so well, when their business model mimics that of the (consistent) market darlings for the last two decades, big pharma.
Re:Title is chillingly apropos (Score:2)
Symantec's CEO, John Thompson, made comments that everyone ought to buy a Mac.
http://news.zdnet.co.uk/internet/security/0,39020
(Disclaimer: I work for Symantec. My opinions are my own and not necessarily reflective of my employer.)
Re:Title is chillingly apropos (Score:3, Insightful)
Not really...after all, these firms have absolutely no interest in eliminating the problem, but only in treating the symptoms.
So look who is motivated to fix the problem. MS isn't, they aren't losing market share and they've introduced their own anti-virus to milk the situation. So who is? Well alternate OS vendors are (as you mentioned), since they can use it as a differentiator, but most of them don't really have a malware problem so they haven't put much effort into a better solution. Big, enterprise
Re:Bad title! (Score:3, Insightful)
Re:Bad title! (Score:3, Insightful)
I think there's a dubious market for malware. (Okay, so my old boss might be the type to commission a new virus, but most aren't.) The anti-malware markets need a continuous set of threats to be taken seriously and though they don't write the malware themselves, it's integral to their success in business.
Advice from industry experts giving 'analysis' such as "The smarter virus writers won't deploy their security compromises until after Vista a
Re:Bad title! (Score:2)
Good thing they don't get paid for editing Slashdot. Oh, wait...
wtf? (Score:5, Insightful)
If this guy doesn't know that Symantec == Norton, I don't think I have any use for his opinions on malware companies.
Readers (Score:3, Insightful)
Re:Readers (Score:2)
Re:wtf? (Score:2)
money (Score:5, Insightful)
Re:money (Score:2)
Re:money (Score:2)
people DO believe this stuff (Score:5, Insightful)
Agree or disagree with the points of this article (I mostly agree), there is an elephant in the middle of the room everyone ignores.
From the article (emphasis mine):
"Only the stupidest dolts in the universe?" Aside from being a little insulting, it's just not true. Many intelligent people believe these reports simply because, as the article points out elsewhere, because it is repeated the lie becomes truth.
People trust "media" to the extent they don't have expertise in some subject matter. What other result would you expect? There are too many topics, too many reports, and too many things demanding attention, general consumers and lay people, appropiately (though naively), rely on integrity of reporting bodies to filter that part of their world not their specialty(ies).
Reporting organizations (e.g., CERT) have an ethical responsibility to normalize and make canonical data issued for general consumption.
Unfortunately the technology world today is Microsoft's sandbox, and seemingly if anyone wants to play, be it media, competition, and lately even government, Microsoft seems to be able to control the rules. Sigh, again.
Re:people DO believe this stuff (Score:2)
Re:people DO believe this stuff (Score:2)
What should we expect? We should expect that if something is important to you, you at least do some research into it. It isn't like the inform
Re:people DO believe this stuff (Score:2)
I don't mean to be semantic, but would not a truly "intelligent" being be able to be able to tell the truth from propaganda, exagerations, and lies? As in your mental capabilities has been fully developed to discern social engineering?
Otherwise, they wouldn't they wo
Re:people DO believe this stuff (Score:2)
Sure it's true. Assumption: the population considered includes only people who use computers and know that Linux/Unix/MacOS/Windows exists.
The stupidest dolts could be half the population if you wanted. No quantity of 'dolts' is specified, so for all it matters, the stupidest dolts could include all but the smartest dolt.
The real implication, however (and this is the part I love) is that it's logical
somewhat OT about media reliability (Score:2)
I think that's a critically important observation, and if you extrapolate a little you get to an uncomfortable realization: people look for news that reaffirms what they want to hear. With the proliferation of news sources, you can find specialized news feeds, and end up with a situation where hundreds of thousands of Americans believe we found WMD's in Iraq -- because the repeated me
Re:Mod parent up, please. (Score:2)
Demand more from the IT press. (Score:2)
Joe Barr admitted that he had done that with the claims about Apple, but he then spent time doing the research.
And the "journalists" that "report" on the IT industry have a long and colourful history of bias and willful ignorance. There is no excuse for that. And it is those reports by those "journalists" that kee
Gadzooks! (Score:5, Funny)
Oh ****! Quick, someone tell me how to upgrade to this "Windows" thing!
Re:Gadzooks! (Score:3, Funny)
There's a simple reason for the difference between general perception (at least on Slashdot) and the raw statistics above. If a vulnerability is found in openssh, it counts as a flaw for Linux, for BSD, and for any Unix flavours that ship openssh by default. If a vulnerability is found in the ssh client that ships with Windows... oh wait.
perceived standard? (Score:5, Insightful)
Re:perceived standard? (Score:3, Interesting)
Wait, why on earth would an industry that exists to correct flaws in another product lead consumers away from that product? If AV companies encouraged people to ditch Windows, actually be careful on the internet and take other measures to avoid malware, and people listened to th
Re:perceived standard? (Score:3, Interesting)
The only situation where this is not the case is where the customers
Can they be trusted? (Score:2, Funny)
OK if I install this spyware in your computer and just backup your credit card numbers for you without your permission?
Thanks.
Oh, no, that's ok, you don't have to answer. We'll do it anyway.
I trust some of the anti-malware industry (Score:3, Interesting)
Seriously, however, I never buy any peice of security software without looking for testing results and reviews.
Also, I will never use any product that makes false positives intentionally (to scare the user into using/buying the product). That's just asking for trouble.
Re:I trust some of the anti-malware industry (Score:2, Interesting)
Hmm, you make an interesting point. Ever notice that when you run one of these expensive security suites and you don't get any meaningful results, you always get a couple of "dangerous" cookies found, just to keep the results above zero?
The logic must be: Don't tell them it's clean. Use fud if necessary.
Fear and Protection Rackets (Score:5, Insightful)
If there was a solid infrastructre that was trusted the whole industry would disappear. The industry is based on the Microsoft Operating system and its designed vulnerabilities. The industry would not exist without the flaws in the Microsoft Operating systems and workflow. If Microsoft fixed its stuff, or if people migrated to a solid infrastucture the industry would disappear. I am sure the industry as a whole is looking at Linux as a big threat, it could destroy their whole reason for existing.
As a whole the Linux client is not a market for this industry. They need to make Linux/OSS users feel the threat so we will by their product.
Re:Fear and Protection Rackets (Score:2)
TFA is on the mark in terms of the vacuous ethics of computer security software press releases and scare mongering but that doesn't mean that solid, secure operating systems would elliminate the need for anti-malware products. Maybe I'm wrong but I don't think the patching mechanisms for Linux distros and Macs or are so fantastic and/or t
Re:Fear and Protection Rackets (Score:2)
AV for MacOSX: $59 -- Why? (Score:5, Informative)
Noticed a copy of AntiVirus for Mac OSX @ CompUSA last week. $59! Three questions:
1) Who buys this stuff?
2) Why so much?
3) Why?
To my knowledge there is only one virus in the wild for OSX and it never really made an impact. I understand that AV for Mac scans for the billions of Windows viruses, but considering that the Mac is extraordinarily unlikely to become infected, it's similarly unlikely a Mac will pass on a virus. I know it's part of being a good net citizen, but ultimately scanning email is your own responsibility. I don't scan for Linux or mainframe viruses, or iPaq scripts. Why should I scan for Windows viruses?
Or am I missing something?
Re:AV for MacOSX: $59 -- Why? (Score:2)
Re:AV for MacOSX: $59 -- Why? (Score:5, Interesting)
Some argue that it's not bad to have a security infrastructure in-place, even if theres very little self-propagaiting malware out there. It makes one "ready" to deal with the inevitable threats when they are discovered. It makes one confident that they will be the first ones to recognize and recover from any future infection.
That seems like a good idea until you realize that to install and remove malware means the software will need to operate with very high permissions. Installing programs like Clam or Symantec Antivirus are possibly giving hackers more potential ways to exploit your system than if you hadn't installed the anti-malware to begin with. I think there actually have been low-level, local security holes found based soleley on security software that the user has installed.
On the Mac, I think there is more harm than good done right now with anti-virus products. It's almost like feeling you must hang that lucky pair of fuzzy dice in your new car because you think it helps you not have accidents, when in fact their interference in your driving might be what causes you to have one.
Re:AV for MacOSX: $59 -- Why? (Score:2)
Re:AV for MacOSX: $59 -- Why? (Score:2)
You're thinking about practical and effective anti-virus measures. Think stupider.
Some organizations have a high-level policy that says that all machines must have up-to-date anti-virus software, and until you can certify that this is the case, you can't use the corporate network, because your MAC address will not be on the router's whitelist.
You can bribe the IT guys (probably more than $60), you can hack your MAC to an allowed one (possible MAC collision, lose your job if y
Source for the most effective AV (Score:3)
#include
#include "OStest.h";
main(){
if((is_OSX() || is_Unixey()) && !has_slashdot_flames()){
}else if(is_MS_OS())
What a stupid title (Score:2, Insightful)
Of course it can't! It's the friggin' malware industry! Their business plan centers around installing stuff on your PC that you don't want on there and didn't ask for, and abusing your PC without your permission for their own purposes. Why on God's green earth would someone like that be trusted?
Re:What a stupid title (Score:2)
Work on your public image (Score:5, Interesting)
idiots, dolts, crap. There is a lot of name calling in there. He sounds like a teenager complaining about her friends. I don't claim to be the most articulate person around, but this guy shouldn't be writing articles. People judge you by the words you use. I got so distracted by his name calling I had to post before finishing the article, and I'm wondering if I'll be able to reach the end or take his side given the tone.
Re:Work on your public image (Score:2)
Sure, it's an opinion piece, but name-calling isn't called for.
Re:Work on your public image (Score:2)
In the news (Score:5, Funny)
- Doctors poor at telling hypochondriac when there is nothing wrong with them.
- Car companies not reliable source of information about bicycles and public transit.
- Lawyers cannot be trusted to create legislation that doesn't criminalize everything.
- Politicians appear to be lying or misleading to get elected.
- Wolves unwilling to notify sheep in advance of attack.
Re:In the news (Score:2)
Hrm....
Anti-malware should stay in the people's hands (Score:2)
their motivation (Score:2)
There will always be takers. So by default we can say that the malware business will remain rotten to the core until it is not only made illegal, but also prossicuted ruthlessly until w
Old Story (Score:2)
Can the ****** industry be trusted? (Score:3, Insightful)
Yes, Rotten To The Core (Score:3, Insightful)
Anyone who is serious about security doesn't run anti-virus because it does not fix the root issues of vulnerability.
Thy key is that anti-virus can be sold on fear and, since the average computer user doesn't understand that there is nothing mystical about viruses and their vectors are easily identified, fear sells a product that actually makes your computer less secure and less usable. That said, there are some good free programs out there, like ClamAV and Spybot Search & Destroy to help you as a system administrator check out suspicious files or clean up a mess on a specific case by case basis (the latter only applying to Windows).
Re:Yes, Rotten To The Core (Score:2)
Too pejorative (Score:5, Informative)
I got to that point in the article and remembered the red ink on a paper I wrote in grad school, wherein the professor said, "too pejorative to be taken as an objective analysis of the topic."
In all things academic or reporting, if you do not really have it, then at least fake objectivity....
Counterpoint (Score:2, Insightful)
Things are never as extreme as they seem - there are good & bad guys (and in-between guys, and girls too!
Then too, we know that t
Spam filter claims are mostly bogus (Score:3, Informative)
[...] extremely low false positive rate, with less than one in one million messages being a false positive. [ironport.com]
A few years ago, Bayesian classification seemed a promising way to filter spam. [messagingpipeline.com]
[...] best recorded levels of accuracy have included 99.991% by one avid user (2 errors in 22,786) and 99.987% by the author (1 error in 7000), which is ten times more accurate than a human being! [nuclearelephant.com]
That translates to better than 99.984% accuracy, which is over ten times more accurate than human accuracy [sourceforge.net]
In the game of cat and mouse between spammers and anti-spam vendors, spammers and hackers quickly developed new techniques to "fool" the Bayesian filtering software. [spamwash.com]
File these under UFO sightings.
No! Stay vulnerable. Please. (Score:4, Insightful)
No, not really (Score:3, Insightful)
OTOH, no industry can be trusted. If it wasn't for some tireless public-minded advocates the auto industry would probably have us still driving deathtraps with engines designed in the 1950s or the pharma industry, for example, would have us growing three heads while being charged 50 bucks for a paracetamol.
Re:No, not really (Score:2)
Um, you're asking this of a bunch of people reading slashdot on company time...
Conspiracy? Maybe. Stupidity? Definitely. (Score:4, Insightful)
Can the anti-malware industry be trusted? Can microsoft be trusted? Can the IT industry be trusted?
One thing that all of this overlooks, is that it doesn't take malice for hysteria to spread.
premise: people fear what they don't understand.
premise: most people don't understand computers.
I have a friend who fancied himself a home-taught computer expert. Armed with TweakXP, a few anti-virus tools, and a small handful of other gadgets, he was always offering to "optimize" and "fix" his friends' computers.
And lo! and behold, every single computer that was ever brought to him had "a major virus" or "a serious trojan" problem on it. Of course, there is so much media hype about viruses (and people's bad browsing habits) that this was fairly believable. However, the mere consistency of his diagnoses started making me suspicious....
Sure enough, after a few in-depth conversations, it turns out that he was using bad virus-detection software: some unknown little program that he assumed was "better than all the rest" because it "always found more" (it didn't occur to him that most of them were false positives); and moreover, it turns out he didn't even have a clear understanding of what a "virus" is.
But let me tell you: he had a stream of people in and out of his apartment that were absolutely convinced that ANY time there was EVER a problem with their machine, it MUST have been because of a virus.
Re:Conspiracy? Maybe. Stupidity? Definitely. (Score:2)
But it's definitely arguable that malice (or at least extreme greed, to the point of not caring about the truth, security, safety or anything else but profit) is behind the *starting* of these rumours. Then the computer-ignorant masses believe and spread the beliefs, because, after all, the security experts said so!
Why I don't trust them at all (Score:2)
Re:Why I don't trust them at all (Score:2)
Unfortunately if they had made a public announcement about it we would probably only remember them as the brave former company that stood up to Sony and were finally and posthumously found to be correct all along - so they had to talk to Sony first in a long slow process. Commercial malware is only going to be dealt with properly by those who don't have anything to l
NO (Score:2)
Open Source software, which by definition is approaching perfection like 1-e**(-k*x) approaches unity, will never, ever be subject to malware. It's the very antithesis of everything the anti-malware industry is about.
and other fine questions (Score:2)
Hypocracy (Score:2)
The AV crowd ain't the bad guys (Score:2)
Does the car industry exaggerate the additional safety an extra airbag on every corner of the car provides?
Does the low-carb food industry exaggerate the effect low-carb food has on your weight?
Does the perfume industry exaggerate the amount of stink you produce if you don't sprinkle their 10-bucks-a-shot stuff under your arms?
Can ANY industry be trusted that they don't blow the effect of their product (or the threat of "what if you don't buy it") out
Re:The AV crowd ain't the bad guys (Score:2)
The fatal flaw... (Score:2)
I like to think of the example of Rusty Jones. In the northeast, road salt destroys cars. Back in the 70s and 80s, as soon as someone would buy a car, they would drive it to Rusty Jones and get their rustproofing service. As soo
Re:The fatal flaw... (Score:2)
Kaspersky Lab is not the anti malware industry. (Score:2)
Re:complete lame if you ask me. (Score:2)
Re:job security (Score:3, Interesting)
This SHOULD be +5 Funny! (Score:2)
Now, on to malware on Linux/Unix, and root-kits. Sure, it CAN happen, and it is quickly dealt with. I simply use hashes on files, and off-site them (tripwire).
Periodically, the hardware is refreshed with the files corresponding to the correct hash. Which ensures that the MAXIMUM time a root
Re:Got it right about SANS (Score:2)