Re: ? - I don't know where to send this one, so I'm sending i t here...

[Drsolly <drsollyp () drsolly com>]

> > Because Willy Wonka never *did* figure out how to sell somebody a
> > second Ever-Lasting Gobstopper.
>
> Of course I know that, but you are absolutely correct to focus on the 
> _suppliers'_ needs.  The supplier wants an income stream.  Long ago MS 
> realized that the way to achieve the best income stream was to 
> regularly update the software.  The contemporary anti-virus (and then 
> "anti-Trojan and now anti-spyware) industry recognized it could achieve 
> this even better than MS with an enduring avalanche of VERY regular 
> updates.
>
> Of course, why this has NEVER changed through force of pressure from 
> intelligent, informed, diligent system admins at large corporate and 
> government clients is actually the important question.  The answer is, 
> in short, there are actually incredibly few intelligent, informed and 
> diligent sys-admins able to (or at least willing to try to) wield any 
> useful amount of economic pressure.
>
> The reasons for that are multitudinous, with some intelligent, informed 
> and diligent sys-admins being ham-strung by ludicrous policies and 
> other entirely internally developed and enforced (within their 
> employing organizations) mechanisms, but it's not entirely incorrect to 
> say that a large part of the problem is that there are actually very 
> few intelligent and informed sys-admins, due to the dominant IT culture 
> being one of "it's right if it works" rather than one of "make this 
> work right".
>
> The latter means businessmen like Dr Solly get rich supporting the 
> "need" of others to keep their systems stupid and ill-run...

This sounds a bit like "People don't know what's best for them, but I
do!". The fact is, these corporate users had a wide choice of AV systems,
including systems that controlled what software users could run. For you
to tell these intelligent and well-informed people that you know better
than they do, what is the best way to deal with the virus issue, makes me
concerned that you might not have fully appreciated the problem that they
were trying to solve.

And perhaps those programmers like Dr Solly who had a better understanding
of the problem, got rich because they understood the real wants and needs
of these users, and addressed those, as distinct from writing software
that they didn't want.

Certainly when I was in the AV field, a signature-based scanner was the 
most cost-effective way of using a bunch of computers in a world that 
included viruses. That was true, because it took months, even years, for 
malware to spread. 

Today is different - malware spreads in hours, or even minutes. However, I 
note that despite the huge difference in the nature of the problem, no 
"forbidden unless permitted" system has captured any substantial market 
share. This makes me think that, quite possibly, the signature-based 
scanner is still the optimum solution for the problem that corporates 
actually face (as distinct from the one that some journalists think that 
they face).
 
> Of course, SOHO is an entirely different kettle of fish, with "stupid 
> and ill-run" being a given and requiring a different approach.  In 
> fact, current AV practices probably are the best approach for such 
> users, but that is no reason to adopt it or even _allow_ it in properly 
> designed and run corporate IT systems...
 
Not as different as you might think. I remember talking to one major bank, 
and I was opining that because their systems were run by systems admins, 
they could assume a considerable degree of knowledge. They fell about 
laughing - most of their "system admins" were accountants, bankers and 
secretarial staff who had "system admin" added to their job description at 
the same time as someone plonked a server down in their branch office.

To put it bluntly, I think you're overestimating the technical capability 
of users.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.