The Anti-Virus Industry Scam
by Richard Forno - - Monday, 16 February 2004.
One has to wonder how the anti-virus industry sleeps well at night. On one hand, it purports to serve the world by defending our computers and networks from any number of electronic critters and malicious code. On the other hand, sometimes its "cure" is worse than the problem its companies and products allegedly treat. Add to that a decades-old concern over business, market share, and publicity, and you have all the ingredients for a confused industry, product, and service. This situation regularly benefits the antivirus software industry and victimizes its customers.

Let's start with malicious code outbreaks in general. Unlike hurricanes and tsunamis, there is no standard way of naming malicious code -- and thus is the greatest problem facing the antivirus industry. Gone are the days when simple names like "Jerusalem", "Michaelangelo" and "Stoned" were accepted and used by all antivirus vendors and their products. Today, what one company calls "Worm_Minmail.R" another calls "W32.Novarg" -- someone else calls it "MyDoom.A@m" and another may classify the same thing as "W32/MyDoom." What is needed is a return to industry-wide nomenclature for malicious code that can be used by all vendors in describing their products and making the reporting, analysis, and resolution of such outbreaks easier and more productive for customers and researchers alike.

Then there's the matter of marketing and mindshare. First and foremost, antivirus vendors are in business to make money, and it behooves them to capitalize on as much free publicity as they can. Thus, with each new outbreak we see vendors stumbling all over themselves to be the "first to detect and defend" against the latest malicious code and probably explains why there's no longer a standard outbreak naming scheme after nearly two decades. From press releases to interviews on television, radio, and newspapers, antivirus industry executives race to establish their companies and products as the most vigilant and capable on the market, an activity often made more amusing when backed by questionable, if not fabricated, statistics and predicted damage assessments (usually in the billions of dollars) from each outbreak -- and almost always followed by a pitch espousing the cost-effective security that only their products provide.

As a result of antivirus industry marketing, customer ignorance, and easily-exploitable operating systems and enterprise servers, it's rare to find a wired organization without antivirus software on their mail servers or corporate gateways. These sensors are on constant prowl for the latest malicious code attack and are intended to defend their host network from future outbreaks based on existing attack signatures. In other words, these products only defend what they know how to defend; meaning that unless a network administrator keeps his antivirus software current (sometimes on a daily basis) it's quite easy for the "next best" attack to create havoc on his allegedly-protected network, much to the satisfaction of the antivirus industry. Then the game begins afresh - while costs mount for customers and profits rise for antivirus software vendors.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th