How many viruses are made by anti-virus companies?

Discussion in 'other anti-virus software' started by sg09, May 26, 2011.

Thread Status:
Not open for further replies.
  1. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    until someone creates the department of pre-crime, enforcing laws will have to wait until after the laws get broken. not sure that counts as prevention.

    this will probably come as a surprise to many, but the assertion that anti-malware companies need malware to survive is technically untrue.

    first, and most obviously, anti-malware software could easily continue to be sold even if the malware problem never got any worse (no additional malware was created). what, you think all those updates to microsoft word are because the world of word processing is changing so fast? of course not.

    second, but more striking, the only thing anti-malware software really needs in order to be successful is the perception that there's malware out there (just look at how successful scareware is). perception can be managed through clever (and unscrupulous) marketing, without the need for any actual malware at all.
     
  2. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    702
    But who does seriously believe the talk of sales and marketing people? Who really believes that all these nice promises from advertisement are the truth?

    Ok, but Zvi might have been the last person who really believed it when he made that statement. ;)
     
  3. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    unfortunately, when marketing is their only source of knowledge, lots of people believe.

    and that's not just a hypothetical situation. where else do you think the average person gets answers to questions s/he didn't even know to ask? debunking ads about anti-malware isn't as straightforward as debunking beer ads. it's unfortunate but, in security, marketing is the dominant information source.
     
  4. smage

    smage Registered Member

    Joined:
    Sep 13, 2008
    Posts:
    378
    If malware writers stop writing malware, end users will benefit but AV companies will suffer.
     
  5. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    that depends on how you define "suffer". they'll have to change the way they do business (and change can be painful) but they'll still be doing business.
     
  6. FlimFlam

    FlimFlam Registered Member

    Joined:
    May 23, 2011
    Posts:
    42
    I hope you never enter politics.

    We know. :D

    You just contradicted yourself on security. I utilize these steps everyday on workstations.

    Are you really that naive?
     
  7. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    could you elaborate on how you think i contradicted myself? i'm curious to know where the things i've said could be construed to be internally inconsistent.
     
  8. FlimFlam

    FlimFlam Registered Member

    Joined:
    May 23, 2011
    Posts:
    42
    Go back and reread your own posts.
     
  9. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    i'm sorry but you're assuming that your interpretation of things is the only possible interpretation of things. if i interpret my statements differently than you do then it's entirely possible for me to not be able to find the contradiction. that's why i need your help.
     
  10. FlimFlam

    FlimFlam Registered Member

    Joined:
    May 23, 2011
    Posts:
    42
    Kurt, I'd like to expound further on this subject with you, but I think this thread has drifted away from its original topic of "How many viruses are made by anti-virus companies?".

    I think a new thread should be started about Internet security and then a focused discussion could follow.

    It's been an enjoyable conversation so far, thank you for your input.
     
  11. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    hi,

    This is here old stories and statements, related by a recent one:
    http://nakedsecurity.sophos.com/201...mpany-hires-convicted-chinese-malware-author/

    I doubt that the moral and theological angle is the right to circumscribe such problems.
    Anyone who wishes to understand Security and be a good defender needs to practise Insecurity and be a good attacker: this means doing all the things criminal hackers do without the same goal of course: write malwares, evade AV engines, bypass firewall and HIPS, stress the OS to find vulnerabilities, pentest his own private network and so on.
    There is AV developers who write malwares, vulnerability assesment consultants who sell 0day for the maffia, forensic analysts who give advices to pedophils and so on.
    And there is black sheeps in every industry, in every sphere of the society: banks and rating agencies, pharmaceutical labotories and doctors, car manufacturers and motoring journalists in particular (journalists and every industry in general) etc...
    If i consider the yin and the yang of human beeing and its industries, nothing is always white, nothing is always black, but everithing is often grey.
    A fiasco? Then what else?

    Rgds

    Rgds
     
  12. adrenaline7

    adrenaline7 Registered Member

    Joined:
    Apr 27, 2011
    Posts:
    128
    Perhaps on Wilders security forums. Corporate security professionals certainly don't get their knowledge from Norton advertisements.
     
  13. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    the difference is hinted at in your own word choice. "black sheep". the people you're talking about are not part of the establishment, they aren't mainstream, their actions aren't condoned and when they're found out they're thrown out.

    av company workers who make malware is a lot different than av companies who make malware.

    then why do they continue to complain about av not performing as advertized. it's not a simple as getting their knowledge from norton adverts, but they too have a body of knowledge that originated in large part from marketing. the anti-virus is dead nonsense is an overreaction to the realization that part of what they thought they knew is wrong, but few realize how far that wrong-knowledge reaches.

    for one thing, they started forming that body of knowledge long before they ever became corporate security professionals.

    in addition to that, the amount of info that comes out of a security vendor that isn't marketing in one sense or another is vanishingly small. they have to base their knowledge on something, they have to get the details from somewhere. there's no central, widely recognized, unbiased source of information that people can turn to - they have to rely on the distorted messages vendors have been sending because there is comparatively little else out there.
     
  14. adrenaline7

    adrenaline7 Registered Member

    Joined:
    Apr 27, 2011
    Posts:
    128
    somewhat confusing post...who is "they" you keep referring to or that is complaining? IT security pro's? They go to school to do what they do, many are hacking nerds and analyze firewall logs etc for fun. If you think they get their knowledge from advertisements we'll just agree to disagree.
     
  15. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    2 things:
    1. you have to let go of "advertisements". marketing is a heck of a lot more than just advertisements.
    2. you need to think bigger picture. where do you think the teacher's knowledge came from? were do you think the person who designed the curriculum got their knowledge from?

    information doesn't just pop out of thin air into people's brains, people collect it. but if the only information readily available to collect is bad then most people will have bad information. it doesn't matter if they're hacking nerds, it security pros, teachers, etc. info about how security technology works can only originate at the same point the technology itself does, and if the people responsible for the technology only release a distorted view of how the technology works then that distorted view is what people will learn and pass on to others.
     
  16. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    I'm just an average user, without strong knowledge for malware
    But I'm surely know that no anti malware can protect me 100%

    I can't have a good explanation, but :

    I will not trust my teacher to be correct and honest 100%, but I'll surely use her/his word as a reference.

    I will not put all my bet on one horse

    I will not put all my trust on my elected president, but I'm surely hope that he will do good.

    Finally even though the world is not perfect , I'm sure that I'll live in it and fight for my best.

    GBU :D
     
  17. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Too many times, I see others saying that common sense is all that's needed. Those days are gone. It doesn't do any good to tell a user to avoid questionable sites when legitimate sites are being compromised and are serving up malware. How do you avoid opening potentially infected files when they can come from within your own business, or another user in your own home? What good does it do to only install software from "reputable" companies when some of these are deliberately including unwanted content, ranging from adware to rootkits? Staying "up to date" is of limited value. You can't patch your way to security. If that was possible, XP and IE6 would be the most secure code on the planet. We can't expect ISPs to remove all possible malicious content. The only way that would even be possible would be for them to examine every bit of data going thru their network. I wouldn't want such an internet where everything I send or receive is looked at by a 3rd party, although big brother would love it and is slowly shoving it down our throats anyway.

    If one looks at the recent trends for malware and the constantly accelerating numbers of new variants, types, etc of malicious code being released , it should be clear that the quantity is potentially infinite. That would make the database of detections potentially infinite as well. It was just 7 years ago that F-Prot for DOS fit on 3 floppies, signatures and all! How big is an installed AV now? Updating has gone from occasional thru daily to every few hours or less. The specific behaviors malicious code uses to interact with a system is growing almost as fast and overlaps more with the behavior of legitimate system and software, making it more difficult for heuristics to determine what is and isn't legitimate. We are approaching the point where it will become impossible for the typical user to keep a Windows system uncompromised. It doesn't matter what MS develops as security features. Malware authors defeat it in a small fraction of the time it takes to develop it. Sandboxing and virtualization were touted as solutions for a while, until malware that could detect these environments was created. Some of the browser sandboxes held up for a fair amount of time, but now we can see that they aren't as bulletproof as was claimed, something that most of us knew was marketing hype to begin with. In the long term, there's only one remaining fact, if malicious code is allowed to execute, there's no guarantees.

    I fear we're near the point that the typical user will have to use a read-only system that they can't modify or add to in order to be reasonably sure of remaining malware free, and even this won't prevent the theft of personal info via social engineering. The problem here is that most users won't accept such a system. They want to be able to add to it as they please and expect someone else to clean up the mess. We've built a monster and made ourselves dependent on it, one designed with absolutely no security in mind. The system is too big to replace without causing economic chaos. IPv6 won't fix it, and introduces problems of its own.

    I've grown tired of this everlasting arms race and trying to patch/update to a slightly lower state of insecure. IMO, all of the internet is untrustable and should be treated as such. I'll stay with a compact OS, stripped of unnecessary components, and protected by a default-deny policy with automated integrity checking. For me, setting it up was less hassle than trying to keep up with a losing battle. Beyond that, it doesn't matter where that malicious code came from or how many there are.
     
  18. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,438
    Location:
    Milan and Seoul
    You always have very strong arguments, and it is indeed very difficult not to agree with your logic. I feel however that notwithstanding the ever increasing malware plague it is not really a losing battle. Credit cards with high spending ceiling should not be used online, banking online should be avoided (except for accounts with small amounts of money, I personally don't do it anymore), backing up to an external HD has proved perhaps the best insurance against any malware and not contingency.

    It is true, but I also feel that malware writers should be investigated with the same dedication and professionalism shown for serious crime, and when caught they should spend time behind bars as a deterrent.
     
  19. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I was using my banks online site for a short time, mainly for checkbook balancing. No more. Their policy of changing passwords regularly drove me nuts. If some gets your password, they're not going to wait a month to use. The final straw was introducing flash components into the log-in process. Without the flash block extension, this wouldn't have been visible at all. That IMO is insane, and as far as I'm concerned, makes their multi-step verification untrustable. I'd almost swear that they are trying to make it vulnerable, or deliberately backdoored. Online games do this too, and use the same login/password to access your account, where your account details are kept. As for credit cards, I won't pay 10% or more on top of the price just for the right to have all of my financial transactions monitored by big brother. I don't own or use any plastic.

    Backing up to an external drive is the best way to undo an infection, except for one problem. There's seldom any indication that you've been infected. By the time you find out, the damage is probably done if you were the target. It's not a defense against real time malware.

    IMO, the biggest change over the last several years has been the cost of failure. With malware starting to move deeper than the OS and applications, even system backups aren't a guaranteed fix. We are looking at the beginning of semi-permanent malware, in the BIOS, internal and external devices, etc, which are way beyond the ability of AVs, most people, and the average small PC shop to deal with. How do we detect this stuff, let alone remove it? We couldn't have designed a more vulnerable system if we'd tried, from the users thru the OS to the internet itself. Every component is broken for the sake of convenience and/or "features". IMO, the only semi-sure defense is default-deny, and never allowing unknown code to run.
     
    Last edited: Jun 5, 2011
  20. FlimFlam

    FlimFlam Registered Member

    Joined:
    May 23, 2011
    Posts:
    42
    I like it. ;)
    First, User education, then configuration, then practice, then success, then behavioral change. In the end, many hand shakes from happy users/customers who are malware free.
     
  21. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    User education? That's been being thrown around as a "solution" for 10+ years. While I'll admit that there's exceptions, most users aren't interested in what we call user education. In the last year, I've dropped over half of my clients. No matter what I tell and show them, they kept getting the same infections over and over. The last one for instance picked up a fake AV, for the 3rd time. This was after I showed them exactly what an alert from their AV looked like and showed them pictures of the identical fake. They wouldn't accept a default-deny policy. It wouldn't allow them to install the next game or screen saver that got their attention. I'm done with users like them.

    The problem with the concept of user education is that it goes against 10+ years of conditioning that's taught them the exact opposite. Windows has not only allowed users to alter their system as they please, it's made it consistently easier to do so with each new OS, requiring less skill from the user as it went. I suspect that this is one reason some don't want a newer OS than XP. They don't want to be restricted or inconvenienced in any way, despite the fact that they often have no clue as to what they're doing or what the consequences may be. For user education to work, it has to start with behavior and attitude changes. Unfortunately, this will probably have to be forced, which will be nearly impossible in a market driven system. They won't "upgrade" to a system that tells them they can't do what they want, just as most software vendors won't stop pushing a "solution" that's increasingly ineffective, but continues to be profitable. The concept of identifying unwanted code was fine when there were a few hundred to keep tract of. It's a lost cause against 6 and 7 digit quantities that change by the minute, but the apps based on this concept are still pushed because there's money to be made. They've added almost constant updating, which is somewhat deceptive in itself. Just because the signatures or detections update doesn't mean they're detecting something released the previous day. They tie it into "the cloud", making it dependent on the integrity of someone elses servers. It's sad but true, that real solutions are not profitable solutions, and for that reason, they're not viable. We can all think of several very strong security apps that failed financially in the last 5 years while others that should be dead keep going.

    Personally, I feel the OS should be removed from the PC entirely. The PC itself should be a user data storage and the OS should be on live CDs or other read only medium. Unfortunately, that won't suit the big money company that dominates the industry. If such systems became available and showed signs of being accepted, I'm sure they'd find a way to interfere with it or take it over.
     
  22. FlimFlam

    FlimFlam Registered Member

    Joined:
    May 23, 2011
    Posts:
    42
    My method works for my users/customers. Recidivism has been the exception and not the rule.
     
    Last edited: Jun 5, 2011
  23. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I hope it continues to work for you. My methods have worked for me as well. So far, I've never had to use a backup image due to malicious code, but I have used them to get rid of "legitimate" apps that either didn't live up to the vendors claims or caused other problems on my system. Unfortunately, those of us who have taken steps to really secure our systems are a very small minority.
     
  24. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    That is near impossible, unless you can survive on cloud programs (or all kinds of programs are included) and savable browser settings.
     
  25. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Sounds like your standard Linux live CD to me. No reason such a CD couldn't include encryption software that could completely encrypt an internal hard drive. There's no reason that this has to be limited to Linux operating systems.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.