Anti-Virus gone wrong: a good read

A good article containing some very detailed technical analysis of some anti-virus software and the questionable tactics they use. It goes a long way towards explaining why security software sometimes makes the pc more unstable.

http://www.uninformed.org/?v=all&a=21

 

It's not a problem of the AV products alone. It's caused by the way you have to do API hooking in Windows. It's not well documented, the documentation is sometimes plain wrong or incomplete, often you need to do dirty tricks/workarounds to achieve your goal because there is no other way. And even if your hooking framework is 100% perfect, the user could install another software which does hooking in an unclean way and cause problems together with your product.

Vista was yet another attempt by Microsoft to introduce a clean hooking interface, we will have to see what will come out of it (after SP1).

BTW, the call for behaviour blocking/HIPS on this board leads to even more hooks being installed in your system if you follow that (good) advice. But: more hooks = more potential instability and system slow down. Everything comes at a price...

 

I got SP1b yesterday, I hope my hooks are all clean