Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Malware Threat Reports Are "Apples and Oranges"

kdawson posted more than 4 years ago | from the calling-a-spade-a-flippin'-shovel dept.

Security 191

Ant writes "The December malware threat reports are trickling in from vendors — and they all appear to be different. Fortinet, Sunbelt Software, and Kaspersky all published their lists of the most prevalent malware strains for the last month of 2009, but they didn't match up, leading to an admission that users will inevitably be confused by the results. Not only do the various security companies use different names for the threats they identify; they don't even identify the same threats."

Sorry! There are no comments related to the filter you selected.

Do any of them mention linux or OS-X? (2, Insightful)

symbolset (646467) | more than 4 years ago | (#30720396)

At all?

This will answer your question, symbolset - (5, Insightful)

Ethanol-fueled (1125189) | more than 4 years ago | (#30720400)

From TFA, but not in order:

"He argued that antivirus companies have tried to use common names for malware that they find..."

No they haven't.

"It's hard for users...Because anti-malware vendors are also competitors, they have little incentive to work together on normalizing names and detection techniques, he pointed out...Because of the way that the industry works, you can't work around them too well."

That's why.

"In short: is there a problem with the user confusion over threat tables like these? Most definitely..."

Most definitely not. Windows users have no idea about 'threat tables' or what the hell's going on, except that their antivirus program is blinking red and making noises and they have to keep clicking "yes" or "OK" to make it better.

"'Comparing the monthly statistics from different anti-virus companies is truly comparing apples and oranges,' said Tom Kelchner, Sunbelt Research Center manager. 'What one company detects and identifies as a specific, named piece of malcode, another may detect generically.'"

The inconsistency stems from the fact that these so-called "antivirus software research labs" are just Windows terminals with neckbeards in each. Symantec's neckbeard prefers browsing porn sites with ActiveX. Fortinet's neckbeard gets his latest and greatest malware from careless P2P downloads. Kapersky's neckbeard gets his viruses from phishing and gambling sites.

Hence the inconsistent naming conventions and detection profiles across vendors. +5 informative.

We Win! (0)

LostCluster (625375) | more than 4 years ago | (#30720436)

The inconsistency stems from the fact that these so-called "antivirus software research labs" are just Windows terminals with neckbeards in each. Symantec's neckbeard prefers browsing porn sites with ActiveX. Fortinet's neckbeard gets his latest and greatest malware from careless P2P downloads. Kapersky's neckbeard gets his viruses from phishing and gambling sites.

Windows users have gotten smart about updating, people know better than to take ActiveX downloads from free porn sites, and people have wised up about trusting what they get from P2P. All sources are now seeing lower virus rates and the statistical noise is becoming louder than actual results... so these top lists are becoming worthless, there ain't much to be worried about anymore.

Re:We Win! (2, Insightful)

ozmanjusri (601766) | more than 4 years ago | (#30720580)

Windows users have gotten smart about updating, people know better than to take ActiveX downloads from free porn sites, and people have wised up about trusting what they get from P2P. All sources are now seeing lower virus rates

September 29, 2009 11:51 AM PDT
Malware worldwide grows 15 percent in September

A rise in malware has caused the number of infected PCs worldwide to increase 15 percent just from August to September, says a report released Tuesday
http://news.cnet.com/8301-1009_3-10363373-83.html

Phew, I'm glad they're so much smarter - imagine how much more clickfraud and spam the botnets would be perpetrating if they hadn't wised up.

Close to 60% of all US Windows computers are hosting malware already, and that's not likely to change any time soon. The anti-malware industry is making a fortune from Windows flaws, but overwhelming evidence suggests it's not money well spent. If computer users DID wise up, they'd be moving away from expensive and fragile platforms, not adding to the coffers of modern day snake-oil merchants.

Re:We Win! (0, Redundant)

boaworm (180781) | more than 4 years ago | (#30720966)

Close to 60% of all US Windows computers are hosting malware already

I thought Windows had a market share that was higher than that! But as we know, 76 % of all statistics are made up on-the-fly.

Re:We Win! (2, Interesting)

hairyfeet (841228) | more than 4 years ago | (#30721068)

And how much of that is caused by the bad practices of places like Worst Buy? As a PC repairman I get a lot of Best Buy and Staples machines across my desk, and the default settings these bunches use is just terrible. They ALL have Automatic Updates for Windows turned off, most haven't had so much as a single patch since they came from the factory, the only "protection" they have is a shitty 30 day crapware AV install, and some even have the firewall DISABLED by default! WTF?

I have to wonder with so many setting up such obviously shitty fucked up default policies if they aren't sabotaging these machines on purpose to make more money on repairs and pushing extended warranties. There is no excuse in this age of zero day attacks to be selling horribly out of date unpatched machines, yet I see them come across my desk all the time. The average user doesn't know their machine has been set to screw them from the word go, to them it is new and should be ready for use, but its not even close. Joe and Sally average don't know about changing settings for Windows updates, or how to see if their firewall is running or not.

So while i'm sure the comments here at /. will be filled with insults at clueless Windows users, I say a lot of the blame needs to be leveled at places like Worst Buy. To use a /. car analogy, nobody expects to have to take their brand new car straight from the dealership to a mechanic so he can get the brakes to work and the doors to lock, do they? So why should the users need to be IT guys just to get a functional PC at retail?

Re:We Win! (0)

Anonymous Coward | more than 4 years ago | (#30721216)

Wow, they really do this? They should be named-and-shamed by the cybersecurity tzar, at the very least. Might as well preinstall botnet clients at the factory.

Re:We Win! (1)

ArsenneLupin (766289) | more than 4 years ago | (#30721302)

Might as well preinstall botnet clients at the factory.

No, that would be HP.

Re:We Win! (2, Insightful)

Erikderzweite (1146485) | more than 4 years ago | (#30721358)

This is why education is so important and the idea that a computer is simple is bad. People buy devices that are as powerful as supercomputers were 15 years ago and expect them to be as simple as a toaster. So they end up giving vast amounts of computing power and network bandwidth to criminals.

As for Best Buy -- just an example of how easy are a fool and his money parted. I recall reading an article about how many people just buy a new cheap PC after theirs is infected. Of course, current security practices of Best Buy are unacceptable, but it appears that they can get away with it (they provide a working configuration after all). So it is up to users to develop some intelligence...

Wow! (-1, Troll)

symbolset (646467) | more than 4 years ago | (#30720444)

I was impressed with myself for getting the first post on that but wow!

You managed to reply, quote, and post all of that in 8 seconds. You're a script. I've got to give you this though: you're a good one. Topical, username in subject, conclude with moderation suggestion, "threat tables" and inconsistency recognition. Very nice. Skynet is almost here.

If you had replied to me instead of TFA, since you would have been only the second post and since I didn't give you anything to work with, it wouldn't have given you away.

Give my regards to Minerva.

Re:Wow! (2, Insightful)

HamSammy (1716116) | more than 4 years ago | (#30720458)

<quote><p>You can see each story 10-20 minutes before it goes "live." (Assuming we posted it that far in advance, which usually we do.)</p></quote>

Straight from the Subscription FAQ. Fail troll is fail.

Re:Wow! (3, Insightful)

HamSammy (1716116) | more than 4 years ago | (#30720482)

Totally pressed the submit button on accident, now I am the failing one.

There can only be one way out.

SEPPUKU.

Re:Wow! (2, Funny)

symbolset (646467) | more than 4 years ago | (#30720488)

Sure you can. How do you think I managed to get first post? But my comment was not visible for 10 minutes. It was visible for 8 seconds between the time I posted it and the time I read his reply. Not long enough. This fine article, as of the time I clicked reply, still doesn't have a second thread under it. He's a script.

Re:Wow! (1)

MichaelSmith (789609) | more than 4 years ago | (#30720688)

He's a script.

Or he is you.

Re:Wow! (1)

Ethanol-fueled (1125189) | more than 4 years ago | (#30720704)

Or he is you.

Re:Wow! (1)

MichaelSmith (789609) | more than 4 years ago | (#30720752)

Either you have been drinking too much Ethanol or I have not been taking enough Tegretol.

Re:Wow! (2, Insightful)

thoughtfulbloke (1091595) | more than 4 years ago | (#30720784)

The writer could conceivably seen the story in the firehose, thought this one will make the front page, copied and pasted story into a text editor and composed their message, then had it ready to post. When the article with your reply came live, they posted within 8 seconds, with a more cogent response than your initial first post as they had time to work on a first reply. This is also suggested by the post referencing the story but not your post.

Alternatively they might have actually read the article, and thought This will make slashdot one day, then followed a similar plan, but Mr. Ocham might want a word over an explanation that involves that much forward planning and OCD monitoring of the front page.

Re:This will answer your question, symbolset - (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#30720524)

What you are saying has absolutely no relation to the top-level post you replied to. I propose we use a new term, "visibility whore", to describe this behavior.

Re:This will answer your question, symbolset - (0)

Anonymous Coward | more than 4 years ago | (#30720602)

It has every relation to the top-level first post:

Both are visibility whores.

Dumbass.

Re:This will answer your question, symbolset - (0, Offtopic)

symbolset (646467) | more than 4 years ago | (#30720736)

I would mod you insightful, but I already posted (of course). +1 funny.

/recursive memes are funny

//Slashies are really for Fark, not /.

///Stop me before I slashie again

Re:This will answer your question, symbolset - (1)

NSN A392-99-964-5927 (1559367) | more than 4 years ago | (#30721000)

From TFA, but not in order:

"He argued that antivirus companies have tried to use common names for malware that they find..."

No they haven't.

"It's hard for users...Because anti-malware vendors are also competitors, they have little incentive to work together on normalizing names and detection techniques, he pointed out...Because of the way that the industry works, you can't work around them too well."

That's why.

"In short: is there a problem with the user confusion over threat tables like these? Most definitely..."

Most definitely not. Windows users have no idea about 'threat tables' or what the hell's going on, except that their antivirus program is blinking red and making noises and they have to keep clicking "yes" or "OK" to make it better.

"'Comparing the monthly statistics from different anti-virus companies is truly comparing apples and oranges,' said Tom Kelchner, Sunbelt Research Center manager. 'What one company detects and identifies as a specific, named piece of malcode, another may detect generically.'"

The inconsistency stems from the fact that these so-called "antivirus software research labs" are just Windows terminals with neckbeards in each. Symantec's neckbeard prefers browsing porn sites with ActiveX. Fortinet's neckbeard gets his latest and greatest malware from careless P2P downloads. Kapersky's neckbeard gets his viruses from phishing and gambling sites. Hence the inconsistent naming conventions and detection profiles across vendors. +5 informative.

Top class response! Ehthanol-fueled, Well said!

Re:Do any of them mention linux or OS-X? (1)

starbugs (1670420) | more than 4 years ago | (#30720618)

The article does mention Apples [apple.com] and Oranges [sourceforge.net]

Re:Do any of them mention linux or OS-X? (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#30720996)

you appear to love man-sex, you brown eye licker.

Re:Do any of them mention linux or OS-X? (0)

Anonymous Coward | more than 4 years ago | (#30721332)

"You appear to be projecting. Would you like to come out of the closet?"

Re:Do any of them mention linux or OS-X? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#30721326)

They also didn't mention OpenBSD.

I'm just bragging (2, Funny)

The End Of Days (1243248) | more than 4 years ago | (#30720502)

28 years of computing on networks, zero instances of malware. I feel special.

Re:I'm just bragging (0)

Anonymous Coward | more than 4 years ago | (#30720998)

1 out of every 10 brags is hyperbolic.

Re:I'm just bragging (3, Insightful)

TheThiefMaster (992038) | more than 4 years ago | (#30721132)

You mean "zero detected instances".

Example of competition gone wrong (5, Insightful)

syousef (465911) | more than 4 years ago | (#30720570)

Everyone's always touting the benefits of competition, but here's a clear example of competition serving to confuse the market. There are a number of problems:

1) Antivirus solutions do not co-exist - and not just the resident portion. I'd love to run a second or 3rd scanner like I can for spyware but Antivirus vendors have created a market that is use to the worst kind of lock in. Why can't I run 3 different products side by side and decide which one's resident scanner I want switched on? I'm sure there are technical issue but I'm also sure they're not insurmountable.

2) Antivirus vendors are now trying to police what you can and can't do. Look at the numerous reports of false positives for programs that are legally grey (or black) but aren't viruses. I've personally had network tools come up as false positives and it's a pain to unquarantine and exclude them so they don't quarantine themselves again.

3) The main form of collusion between vendors seems to be fitting into Microsoft frameworks so they show up as antivirus software in the appropriate control panel and so you don't get warnings about invalid or out of date antivirus. But this in itself makes them more vulnerable to attack

4) The products are often so badly written that they cause as many problems as they solve. A bad update here or there can (and has in the past) caused irrevocable system damage that has required a reinstall or restore from backup for users. What's the point of an antivirus that does this. Worse I've seen much subtler performance problems from minor antivirus updates - in one case it brought a company I worked for's client's machines to their knees and initially they blamed us. Turns out a change in the engine meant very big files were being opened and re-scanned for every write. Needless to say it wasn't out fault.

5) Every vendor seems to have their own names for a virus. For pity sake can we have some kind of standard naming mechanism?

Isn't competition suppose to improve such things and open up the market? In this case it just hasn't happened. There has been implicit collusion but not of the right sort to improve or provide a diverse range of products. There's not one product that will protect you well.

Re:Example of competition gone wrong (2, Interesting)

MichaelSmith (789609) | more than 4 years ago | (#30720640)

5) Every vendor seems to have their own names for a virus. For pity sake can we have some kind of standard naming mechanism?

A number or a hash?

Re:Example of competition gone wrong (2, Insightful)

symbolset (646467) | more than 4 years ago | (#30720746)

Hashes really aren't useful for metamporphic code and a short signifier for heuristics is fairly meta.

Re:Example of competition gone wrong (3, Insightful)

Korin43 (881732) | more than 4 years ago | (#30720672)

I'm guessing the reason you can't use multiple resident scanners is that just one will bring your system to a crawl. I don't even want to touch a computer with Norton + McAfee. Back when I used Windows my solution was to have adblock, spybot, AVG and Clamwin and then just scan any programs I downloaded (along with not downloading seedy looking programs). It worked pretty well. If I did have any viruses, none of them were noticable (and my monthly+ scans never picked anything up). I think the need for constantly running virus scanners is seriously overstated, at least for people who know not to run HorseSex.exe.

Re:Example of competition gone wrong (2, Interesting)

syousef (465911) | more than 4 years ago | (#30721154)

I'm guessing the reason you can't use multiple resident scanners is that just one will bring your system to a crawl.

I wrote: and not just the resident portion

I think the need for constantly running virus scanners is seriously overstated, at least for people who know not to run HorseSex.exe.

I got drive by downloaded 2 days ago. My antivirus didn't pick it up, but fortunately my firewall did (which prevented further virus downloads). I was looking for books on photography (reguarly non-sexual photography) and wasn't running horseanything.exe

Re:Example of competition gone wrong (0)

Anonymous Coward | more than 4 years ago | (#30721438)

It was PonyLove.jpg.vbs

Re:Example of competition gone wrong (4, Insightful)

ozmanjusri (601766) | more than 4 years ago | (#30720728)

Everyone's always touting the benefits of competition, but here's a clear example of competition serving to confuse the market.

No, this is a clear example of a monopoly creating a market repairing broken Windows. That's why it seems confusing.

Consumers shouldn't be facing a choice of ineffective bandaids to patch over their computers' inability to keep malware out. They should be able to choose a computer/OS that is inherently resistant.

For computer users, this is a Red Queen's race, and Windows users have to keep paying and stay vigilant just to retain a semblance of control of their own machines. The real solution is to mandate open formats, APIs, and protocols, then let any OS vendor compete on level terms. When consumers can select an OS that suits them, including the level of security they wish to pay for, we will have competition. Only then will OS vendors have to improve their products to retain customers.

Re:Example of competition gone wrong (0)

mwvdlee (775178) | more than 4 years ago | (#30720816)

a computer/OS that is inherently resistant

There is; it's called "a computer that is powered off". Nothing else is "inherently resistant". And now somebody else will probably proof that even a powered down computer can be vulnerable.

Re:Example of competition gone wrong (1)

Carl.E.Pierre (1223962) | more than 4 years ago | (#30720838)

No, there certainly is such a thing. I hate to be one to preach how great mac and Linux are, but they are 'Inherently resistant'(Combination of obscurity and the lack of the porosity leading weak points to be mainly the user, and even then defending him/her from his/herself). There is a huge difference between that and immunity though.

Re:Example of competition gone wrong (1)

mwvdlee (775178) | more than 4 years ago | (#30720866)

"Inherently"
You use that word a lot, but I don't think it means what you think it means.

Re:Example of competition gone wrong (1)

jimicus (737525) | more than 4 years ago | (#30721188)

No, there certainly is such a thing. I hate to be one to preach how great mac and Linux are, but they are 'Inherently resistant'(Combination of obscurity and the lack of the porosity leading weak points to be mainly the user, and even then defending him/her from his/herself). There is a huge difference between that and immunity though.

You are aware that the great majority of Windows malware in the last 5 or 10 years has been taking advantage of either the weak point between the keyboard and the chair or unpatched client software to install and spread?

Neither of which are exactly unknown on other platforms.

Re:Example of competition gone wrong (2, Insightful)

Bert64 (520050) | more than 4 years ago | (#30721420)

The vast majority of said windows malware actually takes advantage of the user combined with the fact that user typically runs all his code as an admin.. Unix/Mac don't give you elevated privileges by default, and provide a well understood mechanism by which you can elevate your privileges which *should* make you think...

There is also worm type malware which attacks open network services, windows ships with several services on by default, even on a workstation install, which cannot easily be turned off and are usually just hidden behind a software firewall... Linux/Mac ships with virtually nothing listening by default, anything that is listening can be turned off and a software firewall (if you choose to enable one) provides an extra level of security on top of that, not the last line of defence.

The issue with unpatched software, while a concern for all platforms, is simply worse on windows platforms... While Linux distros typically have a centralised package manager which will update all of your software through a single consistent interface and all at the same time, windows has a mechanism for updating the core os, and then each application you install may or may not have its own separate update mechanism which might run in the background (wasting resources), might run when you try to use the program, might require you to explicitly run the update program, or it might not have any update mechanism whatsoever and thus require you to manually check the website for updates.

As an extension to the above, the windows mentality of downloading and executing binary installers from websites lends itself to malware... Users are not encouraged to verify the legitimacy of the site they download from, nor are they encouraged to compare checksums of downloaded files.

And let's not get started in the inherent flaws of the windows security model, sure NT (the kernel) had a very good security model when originally designed, but since then a lot of dos/win9x compatibility cruft has been forced on top. Think of the multiple versions of various apis retained for backwards compatibility, the authentication model designed so you dont need to send the password in the clear over the network, flawed because you can just send the hash instead, doubly flawed because they are now locked in to weak password hashing mechanisms.

Software sources (1)

tepples (727027) | more than 4 years ago | (#30721606)

As an extension to the above, the windows mentality of downloading and executing binary installers from websites lends itself to malware

It's not just the Windows mentality. Mac OS X has the same mentality of downloading a disk image from a site and dragging the .app bundle to the Applications folder. Likewise, if Linux ever gets widespread, it will likely have the mentality of adding a software publisher's repository to a machine's software sources and installing software that way.

Re:Example of competition gone wrong (2, Insightful)

ozmanjusri (601766) | more than 4 years ago | (#30720902)

There is; it's called "a computer that is powered off"

Please tell me how a virus can infect a Live CD?

Re: Live CD (2, Interesting)

Errol backfiring (1280012) | more than 4 years ago | (#30720950)

It can't, usually. But it can infect a machine running from a live CD. No problem.

Re:Example of competition gone wrong (3, Interesting)

SensiMillia (217366) | more than 4 years ago | (#30721036)

Purely theoretical:

- User boots live-cd
- Some malware gets executed and stays in RAM (by user interaction or not)
- Malware reflashes the EEPROM holding the BIOS with some malicious code
- On next boot BIOS will store some malicious code in memory and does something very clever that makes the OS on the liveCD execute that code

It would be a very targeted attack, but not entirely impossible

Re:Example of competition gone wrong (1)

ozmanjusri (601766) | more than 4 years ago | (#30721076)

If you were an OS developer, how would you prevent such an attack?

Re:Example of competition gone wrong (1)

couchslug (175151) | more than 4 years ago | (#30721482)

Some live CDs have extra writable area to save files, but it's stretching it to say a virus would be at all likely to make use of that.

Re:Example of competition gone wrong (1)

timmarhy (659436) | more than 4 years ago | (#30720824)

consumers CAN select the OS that suits them, it just happens that windows is that OS. linux advocates always claim linux can do everything that windows does, so why aren't people leaving windows for linux in droves??

Re:Example of competition gone wrong (2, Insightful)

ozmanjusri (601766) | more than 4 years ago | (#30720918)

why aren't people leaving windows for linux in droves?

Because, as I stated, we don't have open formats, APIs, and protocols.

That makes it difficult for computer users to move freely between OSs and prevents competition on real merits.

Re:Example of competition gone wrong (2, Insightful)

Korin43 (881732) | more than 4 years ago | (#30720934)

Photoshop, Illustrator, certain games..

It's not that they can't run on Linux, it's that they don't.

Re:Example of competition gone wrong (2, Insightful)

Erikderzweite (1146485) | more than 4 years ago | (#30721452)

It's a self-sustaining monopoly out there. How can you tell about some abstract choice if for a majority of people PC=Windows? And you can't really blame people here: all they see is Windows, on every shell in every computer store. Exclusive per-CPU deals led to a situation where OEM's pay the same to Microsoft no matter how many OS's they offer, so they usually offer one because it's cheaper that way.
What choice do consumers really have if they don't know about Linux? Windows vs. overpriced Apple computers? Even so, Mac OS share grew up somewhat sharply last few years.

You have a hard time finding a PC that comes with Linux so you end up installing the OS yourself. Then there's this proprietary formats and protocols issue artificially created to ensure Microsoft's lock-in. Then you have some hardware vendors who decide to support Windows only and who don't use standard implementations.

None of those issues speak about the quality of operating systems, but you have to clear those monopoly-made hurdles in order to enjoy vastly improved security, better software management and more comfortable interface of Linux.

Re:Example of competition gone wrong (0)

Anonymous Coward | more than 4 years ago | (#30721146)

to patch over their inability to not install malware

Fixed that for you. Yeah, no-body will admit that they installed loads of what turned out to be malware while trying to watch porn, it must have gotten in by itself due to Windows security flaws.

Re:Example of competition gone wrong (3, Informative)

Revenger75 (1246176) | more than 4 years ago | (#30720754)

1) Antivirus solutions do not co-exist - and not just the resident portion. I'd love to run a second or 3rd scanner like I can for spyware but Antivirus vendors have created a market that is use to the worst kind of lock in. Why can't I run 3 different products side by side and decide which one's resident scanner I want switched on? I'm sure there are technical issue but I'm also sure they're not insurmountable.

I decided on one paranoid night to try to do just that. I found that for the most popular free solutions (AVG, Avast, Avira) you can install them side-by-side and narrowed it down to just one resident scanner running. You either have to find the hidden option in the menus, disable the start-up entries, or just opt not to install them during setup. I was able to safely ignore the warnings about having other AV products installed during the various setups.

An easy solution for individual files is VirusTotal. You can upload the file (less than 20MB) and have it scan it with ~39 different antivirus programs.

The most important thing to remember is that security is a process, and not a product. (If I remember that saying right... and I don't mean explorer.exe)

Re:Example of competition gone wrong (1)

Bert64 (520050) | more than 4 years ago | (#30721432)

I agree, security is a process not a product..
Unfortunately, our voices are nowhere near as loud as those of the vendors telling people that security is a product.

Re:Example of competition gone wrong (2, Informative)

El_Muerte_TDS (592157) | more than 4 years ago | (#30720766)

6) Vendors appear to put more effort into making their user interface "pop" rather trying to minimize resource usage and system impact. For example, Microsoft antivirus creates a system restore point every time the signatures are updated (once a day). Every time a system restore point is created my system become barely unusable for a couple of minutes. You can't control when it updates the signatures (currently for me it's around 23:20). Which brings me to:

7) Vendors want to use their own resistant scheduler service rather than using the standard service that has been in MS Windows since Windows 95. More resource waste.

Falsies (I've been a victim of this & others t (0)

Anonymous Coward | more than 4 years ago | (#30720804)

"2) Antivirus vendors are now trying to police what you can and can't do. Look at the numerous reports of false positives for programs that are legally grey (or black) but aren't viruses. I've personally had network tools come up as false positives and it's a pain to unquarantine and exclude them so they don't quarantine themselves again." - by syousef (465911) on Monday January 11, @02:11AM (#30720570)

This I totally agree with you on, & I myself have been a victim of it as a freeware developer!

E.G.-> I wrote an application back in 1999 that is "flagged" by CA as a threat, albeit with "ZERO THREAT LEVELS", listing it claiming it can be used by malware authors to do damage to others... wtf?

So, upon the advisement of an attorney, I took their 21 point test (via vendorappeals@ca.com & writing greg.jensen@ca.com also in regards to this), & my application did not violate a SINGLE CONSTRAINT, & yet? They STILL list it on their website... - this was prior to ANY RULING that antivirus/antispyware companies can now do so (funny that, eh?)!!!

(Boy - it's rather 'funny' how the "rules change" for big money, eh? Especially when you catch their "so called software engineers" constradicting their own rules for removal from their lists).

I am not alone in this either, by the by:

----

E.G. #1 - Dr. Mark Russinovich has had this happen with his utilities as well

E.G. #2 - Nir Sofer of Nirsoft has also...

----

In fact, I had a large discussion with Nir about this in fact, via email, & he does a blog on it...

(Does it change anything? Nope!)

NOW, my app, ALL it does? Is allow a user to launch ANY APP HE WANTS, invisibly. I designed it @ the request of a user on a forums to help him out, back when Apache for Windows did not have a resident background service running (like most webservers do on Windows), or @ least that was his problem he told me.

So, since it was VERY EASY TO CREATE, & at the request of a fellow forums member, to help he out, I did so.

(I.E.-> It is a simple app, & it uses 1 line of code to do so (i.e.-> most shell/spawn commands in various compilers have parameters to do this in many compilers), so I "whipped it up" for him, as he requested needing such a tool - just to help out a fellow forums poster whom I had known for years no less online @ NTCompatible.com... )).

Next thing I know? My app is listed by CA + this fool named Thor Schrock as a malware!

(& others also, but, they removed it once I requested it and showed them that I am ANYTHING BUT a 'malware author', per guides I have been doing for decades like this one -> http://www.tcmagazine.com/forums/index.php?s=9dacda674c6b55f869c4db3d5b0cc0df&showtopic=2662 [tcmagazine.com] that owns the top spot on GOOGLE when you search "HOW TO SECURE WINDOWS 2000/XP" and the top 50 or so after that. It has gone WELL over 250,000 views online in 2 yrs. time across 15 forums and also has been rated "5/5 stars", or is in their top 5 most viewed on tech forums sections, or was made a "sticky/pinned thread" or "essential guide" no less! My guide helps Windows uses secure their systems in fact!)

I have YET to have my single app (APKApp2BackGroundDaemonProcessEngine.exe) be removed from CA's or this fool "Thor Schrock's" listings, even though I did not violate a SINGLE constraint of CA's removal request document's constraints...

These people victimize smaller developers who are NOT "malware authors" because they know what it costs with attorneys to attack them... so, they get away with it.

I was told in fact, by an attorney out of Rochester N.Y. who handles such things I had a winning case, but he told me it was not worth it ($150,000 award roughly possible), because he said these companies would drag him through the courts for 10++ yrs., & that would make his expenses EXCEED THAT AWARD AMOUNT... he told me this is HOW they operate & victimize smaller devs like Nir & myself (and, get away with it too, because of this "red tape" b.s.).

That was 2-3 YEARS AGO now, no less!

They also listed it for YEARS (since 2004) under my MIDDLE NAME + LAST NAME ONLY, not my first name included in there (thus, I would never find it by say, searching GOOGLE for my full name... I only stumbled on it by accident one day searching google for where apps I had written had ended up over the years).

I also asked this "Thor Schrock" character (who posts on CA's forums, funny that eh?) where he got his information, & he would NOT divulge it... in fact, I think it is HE who did this to myself because of his lack of letting me know this information. I consider it libelling myself. He is by NO MEANS a computer guru, & doesn't even have a degree in the art & science of computing afaik either... nor did he perform a disassembly or formal analysis of my ware either.

In fact, I even later asked BOTH PARTIES, why this is so, even approaching Greg Jensen on it by phone and email as noted above earlier here by myself (he is head of CA's development on their "security suite" (which a company I worked for was using & sells, but even THEY removed it from their network because it was tearing up valid emails from customers & partners)...

Result? No answers & even a threat that I not call he again. I only did so, once.

I later asked them if they list PING (because it can issue a ping of death or it could in the past @ least)... they do not.

One of their constraints also is IF an app alters a HOSTS file (mine in question here I noted above does not), & I asked why they don't list Spybot "Search & Destroy" (because it uses a HOSTS file to protect a user)... again, they do not.

I.E.-> These companies CONTRADICT THEIR OWN RULES!

I agree here, with personal reasons, this is a valid problem you note, in "false positives", because even when you do their removal requests and pass their "tests"? They still do NOT remove your app.

IF this is difficult to believe? Write Nir Sofer of NIRSOFT about it. He will verify my statements here, as doubtless will Dr. Mark Russinovich of Microsoft (many of HIS tools have been removed though, doubtless because he is now an MS employee & Microsoft would sue the LIFE out of CA & others like they, IF they did not remove Dr. Russinovich's tools from their alleged malware lists).

In fact?

You've inspired me to contact Mr. Nir Sofer again on this, because he and I have tried to have stories of this nature posted here, albeit to NO avail... perhaps HIS reply here will also bolster your VERY VALID POINTS here also.

(Thanks for your posting, it is a big help to myself, & others devs who do freewares/sharewares by letting others know what "goes on" from these companies, even when you do their "list removal procedure" forms they have... they still don't remove your wares!)

APK

P.S.=>

"I'd love to run a second or 3rd scanner like I can for spyware" - by syousef (465911) on Monday January 11, @02:11AM (#30720570)

Everytime I've tried that, & especially during program installs, it gets the "antispyware" product's "resident scanners" into a "FIGHT" with one another (one will say "you are about to make changes to [insert XYZ here]" and when I tell it to allow it? The other resident spyware program will spit the same error/abend back that the last one did that I told to allow the installation (which, in turn, makes the first one do the error again, infininitum (i.e.-> a real "dog chasing its tail" situation)).

I am surprised you have never run into that in your running dual (or more) resident antispyware tooltray (+ service, because some use a service also, other antispywares do not, usually depending on which version of Windows it is you use really)... apk

Re:Falsies (I've been a victim of this & other (0)

Anonymous Coward | more than 4 years ago | (#30721040)

Dude, the regular perl script has fewer funky symbols than your post. You may or may not have a good point, it's hard to tell with all that noise in your posts. Hint: Stop using & all the time, there is a regular word you can use instead. 'and'. See? Wasn't that hard to type.

Please: Enough already w/ the offtopic stuff! apk (0)

Anonymous Coward | more than 4 years ago | (#30721344)

Sorry, & is a valid abbreviation for the word 'and' & I will continue to post thus... so, please: Deal with it.

Now, your use of the word "Dude"? Sure, a lot of folks use it (especially after the old film with Sean Penn (great actor, director, & INTELLIGENT guy) "Fast Times at Ridgemont High" but, it is still "slangish")...

So, that said & aside? Well, as you can see?? ANYONE can criticize another's writings... I can, and just did, do the same to you, to prove a point is all. It's very easy to do, and is needless though.

Sincerely,

APK

P.S.=> By the by, you're off topic on this subject too... apk

Re:Please: Enough already w/ the offtopic stuff! a (0)

Anonymous Coward | more than 4 years ago | (#30721370)

Please create an account and use it so we can downmod you into the oblivion you so richly deserve.

Others tend to disagree w/ you (see inside) 100:1 (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30721540)

"Please create an account and use it so we can downmod you into the oblivion you so richly deserve." - by Anonymous Coward on Monday January 11, @06:03AM (#30721370)

Idiots like yourself are the reason WHY I do not register here (so fools like yourself now have to "struggle" to find all of my posts). I don't intend to make it easy on trolls like yourself is all... so, lol, to you.

However, myself, by way of comparison to yourself & the other "trolls" around here? Well, you may not like this, but too bad, it is just statements of fact:

In this art & science/field of computing, I can (below) & have shown I have SOME small measure of notoriety in respected publications & such over time for wares I have done (and, even commercial applications code, such as in Windows IT Pro magazine and my code & ideas placing as FINALIST 2 yrs. in a row @ Microsoft Tech Ed 2000-2002 in its hardest category no less - SQLServer Performance Enhancement)... have YOU done anything remotely the same? See below:

"My Name is Ozymandias: King of Kings - Look upon my works, ye mighty, & DESPAIR..."

----

Windows NT Magazine (now Windows IT Pro) April 1997 "BACK OFFICE PERFORMANCE" issue, page 61

(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row).

WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)

PC-WELT FEB 1998 - page 84, again, my work is featured there

WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there

PC-WELT FEB 1999 - page 83, again, my work is featured there

CHIP Magazine 7/99 - page 100, my work is there

GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" 2000, where my work is contained in it

HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), 2001 my work is there, first one featured, yet again!

Also, a British PC Mag in 2002 for many utilities I wrote, saw it @ BORDERS BOOKS but didn't buy it... by that point, I had moved onto other areas in this field besides coding only...

Lastly, being paid for an article that made me money over @ PCPitstop in 2008 for writing up a guide that has people showing NO VIRUSES/SPYWARES & other screwups, via following its point, such as THRONKA sees here -> http://www.xtremepccentral.com/forums/showthread.php?s=ee926d913b81bf6d63c3c7372fd2a24c&t=28430&page=3 [xtremepccentral.com]

What do I have to say about that much above? I can't say it any better, than this was stated already (from the greatest book of all time, the "tech manual for life" imo):

"But by the grace of God I am what I am: and his grace which was bestowed upon me was not in vain; but I labored more abundantly than they all: yet not I, but the grace of God which was with me." - Corinthians Chapter 10, Verse 10

----

So, that all "said & aside"? Until you have done the same AND YOU CAN PRODUCE A PHD IN ENGLISH, to prove you are some sort of 'authority on writing'?? Please - get over yourself already, & don't even BEGIN to think you can speak for "everybody" (especially when you are clearly a NOBODY, period).

Get it?

APK

P.S.=> Funny - I can show (in seconds) 100++ people who tended to disagree over time here & rated my posts upwards in fact on grounds of "INFORMATIVE", "INTERESTING", & more... that's a 100++:1 ratio vs. your "mere opinion" & you're no expert on writing.

Until you show me a PHD to YOUR NAME? So much for "your opinion"... get over yourself.

----

+5 'modded up' posts by "yours truly":

http://it.slashdot.org/comments.pl?sid=1139485&cid=26975021 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=1139485&cid=26974507 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=170545&cid=14210206 [slashdot.org]

http://hardware.slashdot.org/comments.pl?sid=175774&cid=14610147 [slashdot.org]

----

+4 'modded up' posts by "yours truly":

http://slashdot.org/comments.pl?sid=161862&cid=13531817 [slashdot.org]

http://developers.slashdot.org/comments.pl?sid=167071&cid=13931198 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1290967&cid=28571315 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1461288&cid=30273506 [slashdot.org]

----

+3 'modded up' posts by "yours truly":

http://developers.slashdot.org/comments.pl?sid=155172&cid=13007974 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=166850&cid=13914137 [slashdot.org]

http://slashdot.org/comments.pl?sid=175857&cid=14615222 [slashdot.org]

http://slashdot.org/comments.pl?sid=273931&threshold=1&commentsort=0&mode=thread&cid=20291847 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=1021873&cid=25681261 [slashdot.org]

----

+2 'modded up' posts by "yours truly":

http://it.slashdot.org/comments.pl?sid=158231&cid=13257227 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=1361585&cid=29360367 [slashdot.org]

http://science.slashdot.org/comments.pl?sid=158310&cid=13263898 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=1361585&threshold=-1&commentsort=0&mode=thread&cid=29358507 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=158231&cid=13257227 [slashdot.org]

http://slashdot.org/comments.pl?sid=290711&cid=20506147 [slashdot.org]

http://slashdot.org/comments.pl?sid=245971&cid=19760473 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=416702&cid=22026982 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=174759&cid=14538593 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=233779&cid=19020329 [slashdot.org]

http://ask.slashdot.org/comments.pl?sid=970939&cid=25093275 [slashdot.org]

http://yro.slashdot.org/comments.pl?sid=978035&cid=25176955 [slashdot.org]

http://yro.slashdot.org/comments.pl?sid=978035&cid=25176841 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1001489&cid=25441395 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1010923&cid=25549351 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=1021733&cid=25675515 [slashdot.org]

http://news.slashdot.org/comments.pl?sid=1135717&cid=26941781 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1143349&cid=27012231 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1143349&threshold=-1&commentsort=0&mode=thread&pid=27012231 [slashdot.org]

http://linux.slashdot.org/comments.pl?sid=1162247&cid=27211247 [slashdot.org]

http://slashdot.org/comments.pl?sid=978035&cid=25176841 [slashdot.org]

http://developers.slashdot.org/comments.pl?sid=1309763&threshold=-1&commentsort=0&mode=thread&pid=28768721 [slashdot.org]

http://yro.slashdot.org/comments.pl?sid=1218837&cid=27787281 [slashdot.org]

http://hardware.slashdot.org/comments.pl?sid=1497268&cid=30649722 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1490078&cid=30555632 [slashdot.org]

----

+1 'modded up' posts by "yours truly":

http://tech.slashdot.org/comments.pl?sid=1314993&cid=28827429 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1461288&threshold=-1&commentsort=0&mode=thread&cid=30272074 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1255487&cid=28197285 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1287729&cid=28539111 [slashdot.org]

http://slashdot.org/comments.pl?sid=1504756&cid=30711074 [slashdot.org]

http://yro.slashdot.org/comments.pl?sid=1244697&cid=28100153 [slashdot.org]

http://hardware.slashdot.org/comments.pl?sid=1273501&cid=28375697 [slashdot.org]

http://slashdot.org/comments.pl?sid=154725&threshold=-1&commentsort=0&tid=109&mode=thread&pid=12973723 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=157615&cid=13208800 [slashdot.org]

http://slashdot.org/comments.pl?sid=157321&cid=13190570 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=154868&cid=12988150 [slashdot.org]

http://linux.slashdot.org/comments.pl?sid=160244&cid=13414756 [slashdot.org]

http://linux.slashdot.org/comments.pl?sid=160290&threshold=1&commentsort=0&tid=109&mode=thread&cid=13419053 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=161697&cid=13526010 [slashdot.org]

http://science.slashdot.org/comments.pl?sid=162717&cid=13598832 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=165958&cid=13843462 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=166174&cid=13863159 [slashdot.org]

http://linux.slashdot.org/comments.pl?sid=164039&cid=13698742 [slashdot.org]

http://hardware.slashdot.org/comments.pl?sid=168793&cid=14070783 [slashdot.org]

http://books.slashdot.org/comments.pl?sid=168931&cid=14083927 [slashdot.org]

http://linux.slashdot.org/comments.pl?sid=236367&cid=19291677 [slashdot.org]

http://yro.slashdot.org/comments.pl?sid=237091&cid=19362755 [slashdot.org]

http://linux.slashdot.org/comments.pl?sid=170296&cid=14192885 [slashdot.org]

http://slashdot.org/comments.pl?sid=154997&cid=12998477 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=235621&cid=19229493 [slashdot.org]

http://linux.slashdot.org/comments.pl?sid=174277&cid=14498965 [slashdot.org]

http://slashdot.org/comments.pl?sid=170983&cid=14242283 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=359507&cid=21347933 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=173564&cid=14442403 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=233227&threshold=1&commentsort=0&mode=thread&cid=18969947 [slashdot.org]

http://ask.slashdot.org/comments.pl?sid=447752&cid=22361236 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=173016&cid=14398069 [slashdot.org]

http://slashdot.org/comments.pl?sid=162921&cid=13614370 [slashdot.org]

http://books.slashdot.org/comments.pl?sid=169549&threshold=-1&commentsort=0&tid=109&mode=thread&cid=14132540 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=236547&cid=19310513 [slashdot.org]

http://slashdot.org/comments.pl?sid=169309&cid=14112880 [slashdot.org]

http://linux.slashdot.org/comments.pl?sid=170126&cid=14177851 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=236049&cid=19261269 [slashdot.org]

http://slashdot.org/comments.pl?sid=367219&threshold=-1&commentsort=0&mode=thread&cid=21434061 [slashdot.org]

http://developers.slashdot.org/comments.pl?sid=170925&cid=14238424 [slashdot.org]

http://slashdot.org/comments.pl?sid=286721&cid=20452183 [slashdot.org]

http://developers.slashdot.org/comments.pl?sid=176229&cid=14641701 [slashdot.org]

http://slashdot.org/comments.pl?sid=543962&cid=23310698 [slashdot.org]

http://news.slashdot.org/comments.pl?sid=548476&cid=23353722 [slashdot.org]

http://ask.slashdot.org/comments.pl?sid=970939&threshold=-1&commentsort=0&mode=thread&no_d2=1&cid=25092677 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1014349&cid=25591403 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1027095&cid=25747655 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1139705&cid=26977225 [slashdot.org]

http://news.slashdot.org/comments.pl?sid=1135717&cid=26948399 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=1159209&cid=27178753 [slashdot.org]

http://hardware.slashdot.org/comments.pl?sid=1160287&cid=27191729 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1197039&cid=27556999 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=1198841&cid=27580299 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1206409&cid=27661983 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=267599&threshold=1&commentsort=0&mode=thread&cid=20203061 [slashdot.org]

http://ask.slashdot.org/comments.pl?sid=1328371&cid=28981169 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1300193&cid=28672649 [slashdot.org]

http://hardware.slashdot.org/comments.pl?sid=1319261&cid=28872833 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1339085&cid=29106629 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1339085&threshold=-1&commentsort=0&mode=thread&cid=29106629 [slashdot.org]

http://it.slashdot.org/comments.pl?sid=1266651&cid=28307523 [slashdot.org]

http://hardware.slashdot.org/comments.pl?sid=1497268&threshold=-1&commentsort=0&mode=thread&cid=30649722 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1339085&threshold=-1&commentsort=0&mode=thread&cid=29106629 [slashdot.org]

http://tech.slashdot.org/comments.pl?sid=1461288&cid=30272074 [slashdot.org]

----

ALL THOSE "mod ups" FOR ME, an "A/C poster" here, no less? Gee, that's a LOT OF PEOPLE in your alleged "Everybody" that tend to disagree with you troll... again/once more - so much for YOUR opinion & those are proof you are not "everybody" period.

(Fact is? It's MUCH harder for us AC's to get modded up, because /. buries our posts, and we also start @ zero instead of 1 or 2 like you easily tracked registered users here are)... apk

Re:Falsies (I've been a victim of this & other (0)

Anonymous Coward | more than 4 years ago | (#30721490)

Hello APK...

I'm sure you are aware, big vendors don't like small independent developers... They threaten to upset the applecart, offering superior software for a better price (often free)...

Big vendors want to rest on their laurels and give their shovelware a new coat of paint every year and sell more overpriced copies. They like the status quo, being able to make minor changes and infinite copies to sell for ridiculous prices.

Naturally, the software market should have extremely low barriers for entry, resulting in a huge amount of competition forcing prices down and quality up. In reality, you have a few big companies and cartels keeping the market artificially immature so they can continue to rip people off.

The software market as it stands now looks like it's still in the early adopters phase, with prices kept unrealistically high and no dominant standards.

Hello, & agreed, 110% (& thanks for your r (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30721576)

Per your reply above, see my subject-line: You are 100% correct!

In fact, prior to the year 2000-2001? Most SHAREWARE/FREEWARE websites didn't even DISPLAY commercial apps, & we freeware/shareware folks actually made a good buck from it... then, what happened?

Well - the "big names" (who you are often correct on in that their wares are mass produced & buggy or of lesser quality (because it's just a JOB to their devs, not a "labor of love" or "pet project" you put your heart & soul into so-to-speak))? They came around into "OUR TERRITORY" on those sites (places online like majorgeeks.com & such for example, or softpedia.com etc. et al).

I agree, because I took another look @ LINUX lately (KUbuntu 9.1.0 for example) & it is TRULY good stuff... even me, an "MS Fanboy to the bone" concedes that much now here. They're probably scaring the HELL out of Microsoft in fact because of it.

Linux (a prime example of what you speak of in fact) is an OUTSTANDING example of what can happen when people INTERNATIONALLY cooperate in fact... in a strange way, it's almost a "socio-technological phenomenon" & proof that the peoples of the planet earth CAN work together (much like the U.S.A. itself proves really).

Anyhow, thanks for your words, & I agree, 110%...

APK

P.S.=> I still like Microsoft's stuff though, & respect the HELL out of what they've accomplished, but... even I have to admit that "Linux is knocking on the door" & closing the gap in quality, for sure... apk

How about latin names (5, Interesting)

starbugs (1670420) | more than 4 years ago | (#30720860)

5) Every vendor seems to have their own names for a virus. For pity sake can we have some kind of standard naming mechanism?

How about a (latin/greek) Biological-like [wikipedia.org] naming system. After all, it works for biology and many (computer)viruses are derived from earlier versions of those viruses, so we could have actual hierarchies.

So you could have a name such as: "userus.dumbus.clicktus.pornolinkus.diabolicus"

Of course after the latin name we could come up with a "common" name - based on the name of the unfortunate tech who had the displeasure to remove it first.

Re:How about latin names (1)

jez9999 (618189) | more than 4 years ago | (#30721162)

The trouble is, everything would be under userus.dumbus.clicktus.pornolinkus so it would just be a common namespace and wasted characters.

Re:How about latin names (0)

Anonymous Coward | more than 4 years ago | (#30721460)

The trouble is, everything would be under userus.dumbus.clicktus.pornolinkus so it would just be a common namespace and wasted characters.

No, there's also: "wantus.seeus.cumlingus.gotbotnetus.spamus" or "gotbotnetus.deeoesus"

Re:Example of competition gone wrong (1)

couchslug (175151) | more than 4 years ago | (#30721470)

"Why can't I run 3 different products side by side and decide which one's resident scanner I want switched on? I'm sure there are technical issue but I'm also sure they're not insurmountable."

Tried running different products using Thinapp thin installs? That would be one way to experiment.

Running multiple products (2, Funny)

DodgeRules (854165) | more than 4 years ago | (#30720594)

Not only do the various security companies use different names for the threats they identify; they don't even identify the same threats.

This is why I have to run 6 different scanners: because there isn't one that detects all the threats. I currently run 2 antivirus programs along with SpyBot, SuperAntiSpyware, Windows Defender, and Malwarebyte's Anti-Malware.

Re:Running multiple products (2)

Kleen13 (1006327) | more than 4 years ago | (#30720706)

That's too much shit running for me, though I agree with you - no one scanner is God's answer... I gave up and just do good backups and run MSE. I've implemented a Don't Click That policy with my wife and 2 kids, so far I've dodged the bullet.

Re:Running multiple products (1)

Kleen13 (1006327) | more than 4 years ago | (#30720740)

I know, I know... Should have bought a Mac. shhhhh

Re:Running multiple products (3, Insightful)

Anonymous Coward | more than 4 years ago | (#30720716)

... and then you complain Windows runs like a snail.

Only six products? (1)

symbolset (646467) | more than 4 years ago | (#30720758)

That's not nearly enough. I get good results with twelve usually, but for porn surfing 16 is not near enough! So I use a Mac or Linux instead. They've got some magical anti-malware internals - probably thirty or forty heuristic engines in there I suspect, but man are they fast! They don't slow the machine down at all.

Re:Running multiple products (2, Insightful)

RAMMS+EIN (578166) | more than 4 years ago | (#30720814)

``This is why I have to run 6 different scanners: because there isn't one that detects all the threats. I currently run 2 antivirus programs along with SpyBot, SuperAntiSpyware, Windows Defender, and Malwarebyte's Anti-Malware.''

And yet, people insist that Windows is user friendly. More so than other operating systems, even.

Re:Running multiple products (1)

drinkypoo (153816) | more than 4 years ago | (#30720850)

If you don't engage in risky behavior you don't have to worry so much. For example, paying for all your software should be enough to get you down to one virus scanner and two anti-malware programs :)

Re:Running multiple products (2, Informative)

ozmanjusri (601766) | more than 4 years ago | (#30720952)

If you don't engage in risky behavior you don't have to worry so much.

Really?

Researchers Hijack a Drive-By Botnet.
They found more than 6,500 websites hosting malicious code that redirected nearly 340,000 visitors to malicious sites. Drive-by downloading involves hacking into a legitimate site to covertly install malicious software on visitors' machines

"Once upon a time, you thought that if you did not browse porn, you would be safe," says Giovanni Vigna, a UCSB professor of computer science and one of the paper's authors. "But staying away from the seedy places on the Internet is no longer an assurance of staying safe."

Re:Running multiple products (1)

Bert64 (520050) | more than 4 years ago | (#30721528)

Warez doesn't typically come with malware, if anything pirate copies of various things often have malicious (defined as doing something detrimental to the user or his machine) code such as drm schemes removed.

I have done many incident response jobs, where one or more machines inside a company becomes infected with something that the av they subscribe to fails to detect, and it falls upon me to investigate the infection. Very few of these machines have any warez on them, or evidence of trying to view things like porn (most of these companies use a filtering proxy which would detect that anyway). The vast majority of these users were infected through visiting legitimate websites that had been hacked.

Re:Running multiple products (1)

Jeppe Salvesen (101622) | more than 4 years ago | (#30720984)

Get an iPhone. Seriously. Requiring signed and approved applications along with a mechanism to withdraw applications is the only feasible way I can see to somewhat secure a computer. Plus, http and smtp must die, instead requiring https and some better mail protocol with encryption and signatures.

Certificates should be issued by government, by the way. Preferably at a cost that will cover a reasonable identification procedure for the certificate holder. And I realize this raises a lot of issues with regards to authoritarian regimes. Sorry, but that's the only way we'll get this beast under control. We'll have to accept these limitations, and do our best to put checks and balances to increase transparency in the processes. This is our infrastructure. And anarchy has failed, like it always has: The bad guys get the edge when there are not enough restrictions/not enough enforcement of the restrictions.

Re:Running multiple products (1)

Zontar The Mindless (9002) | more than 4 years ago | (#30721402)

Let me get this straight -- you're saying that the way to avoid to losing any control over our computers is... to give up all control over our computers?

Re:Running multiple products (1)

hyades1 (1149581) | more than 4 years ago | (#30721456)

Is the problem that bad, or is this just the latest version of Chicken Little? I use Avast! Antivirus, Malwarebytes, Spybot and Comodo's firewall. They update and scan each night when I'm not at the computer (which is on 24-7, by the way, and has been for more than five years). I've never had a virus or any serious malware infestation. Never. A few tracking cookies, the occasional inactive trojan and the like are invariably sacrificed at the nightly slaughter.

And yet you believe I should give up what freedom I have to governments with a track record that would make any intelligent person cringe in a futile quest for perfect security. They're more dangerous than the malware, and much, much harder to keep under control. I really hope your fear doesn't spread, and stampede people to give up freedom they'll never get back.

Re:Running multiple products (0)

Anonymous Coward | more than 4 years ago | (#30721566)

That is a totalitarian level of control that would have many other unintended consequences...

What i would advocate instead, is that users be required to pass a test before they are allowed to connect a general purpose computer to the internet, like a driving test.

Without passing such a test, you should only be permitted to connect a "managed" device to the internet, that is a machine where someone else controls it and you only have extremely limited access to it.

Re:Running multiple products (1)

Erikderzweite (1146485) | more than 4 years ago | (#30721562)

Six scanners?! You can't be serious...

If that's true you either REALLY need Windows or are plain masochistic. I don't use Windows for years now, but I still remember how a scanner trashes the hard disk and slow the whole system beyond acceptable for some hours. With six scanners it would take a whole day to run them through your disk once.

Thanks but no, thanks.

I gave up on viruses a long time ago (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#30720598)

I use Linux. Its true that there are some viruses for Linux, its just that I haven't ever had one. When I was in college, the monkey virus (long ago) was the baddie. When I was unfortunate enough to manage windows systems, code red, nimda, I love you and a few others were all the rage. I got real disappointed when they started listing viruses in the ten thousands, then fifty thousands. For Linux, its been in the teens. Mostly root exploits, proof-of-concept stuff, and virii that you have to allow in and set to execute yourself (change permissions, etc). Its possible, but not probable to kill your system with these viruses. Perhaps it is good fortune, but I've never been infected (under linux). I'm not trying to troll, its just that the virus writers don't ever get tired trying to be destructive (mind you, kids come and kids go), and the anti-virus folk always seem to have some kind of real specific remedy, which keeps people buying. Its a bit like homeland security. In order to have a budget, there has to be a threat level. In order to sell anti-virus software, there have to be viruses. Shutting an airport for 6 hours because a man kissed his wife sounds like an over reaction. Its stupid. Its non-sensical. Its someone sounding the klaxon too loud so that the danger-danger-danger mentality and the budget both are accepted. No terror, no budget (or sales). Its a game. I refuse to play. If there are viruses on some system, I use the other. Terrorists always target planes, I use car, or bus or something else. The virus researchers never seem to offer anything all encompassing. Its always piecemeal, just like the homeland security rules. The terrorists always always target at the last hour, so we worry about just the last hour (very piecemeal). A stupid approach if you are trying to solve a problem like terror or security, but a real boon if you are trying to sell software or get a budget passed. Milk it baby! Milk it hard. But please, count me out. It just looks like a pile of crap to me (both). Thanks.

Re:I gave up on viruses a long time ago (1)

The Mighty Buzzard (878441) | more than 4 years ago | (#30720668)

Yeah but wouldn't it be nice if we could bomb/shoot/waterboard virus writers?

Re:I gave up on viruses a long time ago (1)

delta98 (619010) | more than 4 years ago | (#30720756)

I wouldn't go to that extreme. Do not throw the baby out with the bath water. I see the anger I have to deal with it on a day to day basis with some of these turds but I would also like to see the holes they punched in. Hate to say it ,but freedom has a price. I am pissed off sometimes but as a professional I do give props where they are due.Keeps on on their toes.

Re:I gave up on viruses a long time ago (1)

delta98 (619010) | more than 4 years ago | (#30720710)

How many possible combinations of code makes viri? I hear over 30,000 or so a year since 1993 so it would suggest that most possible combinations plus mutations should play out by now. New names makes no difference. The thing that gets my attention is the fact that of all viri threats only a few every year make it to the "scary" level. So I wonder how do these writers know what to write. Sql and other attacts aside there is only enough room. That is what makes a computer eloquent in it's on little way.You can only hose a system for so long. Time is running out for once to our benefit.

Re:I gave up on viruses a long time ago (0)

Anonymous Coward | more than 4 years ago | (#30720744)

+1 meandering stream of consciousness that exposes that while the topic is about viruses, the writer is only thinking about airport security stories.

Re:I gave up on viruses a long time ago (0)

MBaldelli (808494) | more than 4 years ago | (#30720748)

I use Linux. Its true that there are some viruses for Linux, its just that I haven't ever had one.

That's because it has what? 1% or 2% of the worldwide desktop machines? It really doesn't qualify to warrant the attention of serious hacking... There's no need because 1. it's free, 2. the community that it supports cherishes it, and 3. it's users are generally savvy enough to know what to click on and what not to click on when they're out on the net.

If Linux ever does gain more popularity in the desktop market, rest assured it'll suffer the same fate as Apple/Mac did when it grew in popularity. This will definitely happen when 1. it is no longer free, 2. the community becomes snobbier than it already is, and 3. it becomes easy enough for Windows users to migrate without being afraid of seeing a terminal window.

Impossible I know, but I thought the same when Mac became more popular.

I think we can kiss this meme good night now. (1)

symbolset (646467) | more than 4 years ago | (#30720788)

There are now at least 20 million linux users. That's a large enough market that if somebody could do it he would have - if just to prove he could.

Re:I think we can kiss this meme good night now. (2, Interesting)

drinkypoo (153816) | more than 4 years ago | (#30720836)

Linux is too fragmented. Get 20 million Ubuntu Karmic users (or whatever) and you'll see some malware. Of course, if you see much Linux malware crop up, then you'll see some userspace tools for SElinux... or such is my hope.

Re:I think we can kiss this meme good night now. (1)

JoshDD (1713044) | more than 4 years ago | (#30720852)

I've been using linux without the dual boot to windows since 2001 when I decided windows wasn't for me. (I run way to many distos to be happy with one windows) But when I did use windows I never once got a virus that I didn't put there myself. (Strictly for testing purposes...hhmmm I wonder what this does?) most virus/malware is not really a problem for someone even remotely competent with a computer. Most leave clues and its kind of a challenge to figure it out. (Kind of like Kings Quest...oh no save/find my files...) And really most windows problems can be avoided by checking the file extension of what your executing.
Now I used to run a second windows (dual boot) to test stuff I wasn't sure about. Kind of a little bomb proof room.

Re:I think we can kiss this meme good night now. (3, Insightful)

flyingfsck (986395) | more than 4 years ago | (#30720904)

You are super pessimistic. There are more than 2 billion Linux machines out there and pretty much every Windows home user has a dinky little Linux based modem and firewall thingy for his desktop to hide behind. Linux devices are much more prevalent than Windows devices. Windows is only dominant if you define the market segment so narrow that it is the only thing that fits...

Re:I think we can kiss this meme good night now. (1)

mogness (1697042) | more than 4 years ago | (#30721096)

Again it's Linux vs Windows. I like linux, and I like that it's free. I used it for about two months straight and now still occasionally use it to do some specialty tasks. The problem is, I have to continually switch back to windows to do certain things (primarily, use my USB phone which is only compatible with windows, and play any newer games). It just becomes more convenient for a potential convert like myself to stay with windows because software vendors don't support Linux. It's not the users that need to wisen up- we're ready. I think the problem is that software vendors aren't ready to make the change. BTW, I think in a discussion of malware it's not really relevant to bring up things like routers or drive by downloads on reputable pages. Sure there are edge scenarios that someone might have a vulnerable router, or maybe a New York Times advertisement is actually a drive by trojan, but these cases are few and far between. The main issue with malware is the uninformed user. People clicking the wrong things, they let it run as an higher privileged user, and then... "OMG, Windows is so vulnerable!" If you run some junk software on Linux, it can just as easily own your box as on windows. I think the low occurrence of Linux malware has to do with the fact that anyone who installs Linux on their PC has to be somewhat computer literate, as opposed to just buying a computer at the store which has Windows. I just don't understand how people can be so biased. Microsoft makes good software. I mean, it's certainly not any more buggy than my Ubuntu installation.

Re:I gave up on viruses a long time ago (1)

Bert64 (520050) | more than 4 years ago | (#30721602)

Linux has a significantly higher proportion of the server market however, and is dominant in the supercomputer market... The areas where Linux is strong are generally more useful to a hacker, as the systems are more likely to be running 24/7 and have access to far more bandwidth. So yes, Linux is very much a target and has plenty of people working to find ways onto Linux machines.

Re:I gave up on viruses a long time ago (3, Insightful)

AdmV0rl0n (98366) | more than 4 years ago | (#30721322)

I'm going to reply to your comments in "".

"I use Linux. Its true that there are some viruses for Linux, its just that I haven't ever had one."

Do you understand the difference between a Virus, and Spyware, Malware, Worms, and Root Kits? This idea you have is a mirage. Linux boxes have multiple serious security flaws, as all our systems do today, The idea peddled by some is that one side is immune, while the other is an open door way. I'd really rather people talked sensibly with a realisation that our current systems and how they are built remains fundamentally flawed.

"When I was in college, the monkey virus (long ago) was the baddie. When I was unfortunate enough to manage windows systems, code red, nimda, I love you and a few others were all the rage. I got real disappointed when they started listing viruses in the ten thousands, then fifty thousands."

Windows has fundamental flaws, and since win95, its architechture and design had some serious problems. In XP, users by default are created as Admins, and the bulk of the Windows world, developers, suppliers and ISVs continued with a lot of flawed security. This 'ease' of use operation, leaves security mired in a serious hole. And its one that Anti Virus companies and Anti Spyware and Malware companies and organisations are still chasing down today, as well as Microsoft. However, for a very very long time now, Microsoft, and others have stated quite clearly one of the steps that should be taken, and often, even today, is still not taken, and that is _do_not_run_as _admin.

"For Linux, its been in the teens. Mostly root exploits, proof-of-concept stuff, and virii that you have to allow in and set to execute yourself (change permissions, etc)."
http://www.pcworld.com/article/113636/linux_groups_servers_hacked.html [pcworld.com]

The arrogance of your point is noted. However, its badly placed. Linux systems that are actually placed in the real world, live, facing data ports. One of the large advantages this does exist, is the majority of users are created as users, not as the admin account. This alone is a primary basis for its better record. The point however, is that its not immune, and people should be very careful in assuming that it is.

  "Its possible, but not probable to kill your system with these viruses. Perhaps it is good fortune, but I've never been infected (under linux). I'm not trying to troll, its just that the virus writers don't ever get tired trying to be destructive (mind you, kids come and kids go), and the anti-virus folk always seem to have some kind of real specific remedy, which keeps people buying. Its a bit like homeland security. In order to have a budget, there has to be a threat level. In order to sell anti-virus software, there have to be viruses. Shutting an airport for 6 hours because a man kissed his wife sounds like an over reaction. Its stupid. Its non-sensical. Its someone sounding the klaxon too loud so that the danger-danger-danger mentality and the budget both are accepted. No terror, no budget (or sales). Its a game. I refuse to play. If there are viruses on some system, I use the other. Terrorists always target planes, I use car, or bus or something else. The virus researchers never seem to offer anything all encompassing. Its always piecemeal, just like the homeland security rules. The terrorists always always target at the last hour, so we worry about just the last hour (very piecemeal). A stupid approach if you are trying to solve a problem like terror or security, but a real boon if you are trying to sell software or get a budget passed. Milk it baby! Milk it hard. But please, count me out. It just looks like a pile of crap to me (both). Thanks."

When I last spent time with a team from Mcafee, they spoke about how their labs a few years ago, were getting 60,000 unique samples of virii and malware code, and how only a couple of years later they were being bombarded with 255,000 a month. No security company in the world can protect, or help defend an environment that is fundamentally flawed, and under such heavyweight bombardment Don't expect the security companies to align results either, The numbers involved are now so large this is improbable.. Users, Buyers, Managers, Directors, and anyone involved, need to change it. Running an AV, anti spyware, and anti malware products alone simply won't stem this tide. People have to avoid running as admin, and default changes are required (Vista and 7 go part way down this road, work still to do).

Today, no anti virus product protects in any way comprehensively against what is out there, and if anyone reading this thinks that they can remain as is, and not put work in to tighten and change things fundamentally regarding admin rights and behaviour, they are wrong. Windows is actually quite capable of being locked down and being in a relative sense 'secure', - people just have to stop being dumb, and stop ignoring the vendor advice that has been there for years.

If you are a windows user, and you are reading this, then make a simple change today.
Make a new Admin account for your machine.
Change your day to day account to a user account.
Learn to login on the admin to do admin work and restrict that to doing so in so far as you can.
Learn to use right click 'run as' from your user account for running things that require the admin rights.

Alternative.
If you really really have to run as admin, then create a user account, and use right click, 'run as' for things like web browsing and enter the lesser user account for running that process. Do the same for web facing tools. (this is at best a stop gap, but better than browsing as admin.)

The AV companies are not evil, they try their best to make up for the huge self inflicted hole many people persist in leaving there. Before looking to blame them, there are aften people you can look at first.

Should know better (1)

findoutmoretoday (1475299) | more than 4 years ago | (#30720684)

News agencies know better,  for years now they offer us the 1000 reporters, one main story approach.  As they know that customers discredit uncertainty.

Apples and Oranges - A Comparison (4, Funny)

scapermoya (769847) | more than 4 years ago | (#30720768)

one of my favorite papers ever: Apples and Oranges: A Comparison [theamericanview.com]

Who reads them anyway? (1)

Phurge (1112105) | more than 4 years ago | (#30720878)

They're all the same anyway: "Big Scary Virus, so buy my overpriced antivirus software"

I use Antivirus 2009 (1, Funny)

Anonymous Coward | more than 4 years ago | (#30720914)

It stops attacks all the time. It's very good.

rainaki (0, Troll)

rainaki (1718198) | more than 4 years ago | (#30720972)

Malware is a very effective and dangerous virus for computer security .Whenever you scan your computer every time you get directed malware ..Its very powerful virus . Ultra Rezv 1000 [ezinearticles.com]

Missing threath (1)

gmuslera (3436) | more than 4 years ago | (#30721056)

Believing all that say those reports, and doing quick and wrong choices.

Sunbelt is an AV vendor now ? (0)

Anonymous Coward | more than 4 years ago | (#30721366)

The antivirus of this $cientology (*1), (*2), (*3) company is not included in the AV-comparatives tests. And considering $cientology activities on the Usenet, I wouldn't trust this company on anything security-related (*4).

*1 http://www.skeptictank.org/hs/wiselist.htm [skeptictank.org]
*2 http://myreligion.scientologist.net/stusjouwerman/myself.htm [scientologist.net]
*3 http://www.sunbeltsoftware.com/About/Management/ [sunbeltsoftware.com]
*4 http://it.slashdot.org/comments.pl?sid=158250&cid=13259081 [slashdot.org]

I not English write much good (1)

codeButcher (223668) | more than 4 years ago | (#30721522)

Not only do the various security companies use different names for the threats they identify; they don't even identify the same threats.

Doesn't make sense to me. I mean, if Schemester Antivirus wants to identify a threat that is "not the same" as the one Flybynight Computer Security wants to identify, wouldn't one expect them to use different names?

That's like saying Ford calls its car Fiesta, while Toyota calls its car Tazz, but they are not the same car. (To include the obligatory car analogy.)

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?