Firewall Wizards mailing list archives
Re: Antivirus vendor conspiracy theories
From: "Paul D. Robertson" <paul () compuwar net>
Date: Sat, 27 Nov 2004 08:37:30 -0500 (EST)
On Tue, 23 Nov 2004 MHawkins () TULLIB COM wrote:
This makes the burglar alarm, portable generator and snow tire vendors very predictable in their product offering and the customer is suitably informed as to the various benefits and or limitations that such products provide.
Actually, their customers just don't understand the failure modes of their systems well enough to complain, and more importantly, the failure events are far enough apart that most people thing tings are just fine.
Antivirus vendors have painted themselves into their own conspiracy theoried corner by purveying a product that is based on technology that is purely reactive and for the last ten years they've use one method of protection thereby enabling other attack vectors to be repeatedly successful.
That's not the vendor's faults, it's the market which wouldn't accept the administrative overhead of "known good only" prevention. Also, there are at least two methods of protection- and they're implemented very differently than they were originally in many products.
To use your own analogies, there is nothing proactive about locking a door after you've been broken into, there is nothing proactive to driving slower in the snow after you've already ended up in a ditch, and there's nothing proactive about remembering to gas up the generator after the power blinks off. Yet, that is what antivirus vendors are selling to the consumer and they're marketing spin tells the average joe "install this product and protect yourself from dangerous Internet viruses, worms etc" while year
The virus threat is a situation that's more like the flu. Flu shots may or may not be good for the strain that gets the most spread. Out of the thousands of new viruses released each year, only a very small number get traction- because AV works well against better than 90% of the threats it's supposed to work against, and that's a good thing. Hand-washing is more effective than flu shots, but look at the panic in the US this year over shot availability.
after year major infections spread and the consumer, faced with the cognitive dissonance between antivirus vendor marketing spin and the reality of a system rebuild, crashes, deleted files etc, wakes up and realizes that the antivirus vendors are peddling an awful product that really doesn't protect their system at all.
Marketing spin is marketing spin, and should be taken as such. However, AV works against almost 100% of existing in-the-wild viruses, and probably greater than 90% of new viruses, that's not "doesn't protect their systems at all." Go into any good-sized company and look at the AV software's logs, you'll see quarantined files at probably any company of 40 or so employees or more where Windows desktops are in evidence. Now, why we're not going through those logs and enhancing protections to stop those events as a matter of course... The market won't accept better mechanisms, just like better firewalls are disdained in favor of IDS, which is also a reactive technology. As an industry, we've failed in getting vendors to go the "this is now allowed to work" have it blessed first mode, so we're left with picking up the pieces reactively. As poor as ActiveX is implementation-wise (it's difficult to imagine a worse implementation,) the "this code must be signed by a trusted party before it is executed" idea is a good one, but the market won't accept an implementation that requires the bar to be high enough that the model would actually work. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Antivirus vendor conspiracy theories MHawkins (Nov 27)
- Re: Antivirus vendor conspiracy theories Mike Smith (Nov 27)
- Re: Antivirus vendor conspiracy theories Paul D. Robertson (Nov 27)
- RE: Antivirus vendor conspiracy theories Ben Nagy (Nov 28)