January 27, 2004

The pointless existence of anti-virus software

The situation is clearly getting out of hand: it is barely the end of the first month of 2004 and a new mega-virus hits the Internet.

It is becoming one huge joke: a new virus is unleashed, thousands of systems are infected, anti-virus software companies scramble to produce a signature and then tell you in their virus encyclopaedia that you should always have the latest set of signatures.

What about all the systems which were infected before the anti-virus companies produced a signature?

This is where the whole castle collapses in one fell swoop. The business model is shrewed: get users to pay for an "update" service which most of the time is reactive and late. A few lucky users, the ones who use their machines once in a while, escape unscathed from the virii while the others end up shaking their heads muttering "if only I had updated the signatures...".

It is pretty obvious really: the anti-virus companies cannot produce a signature before seeing the virus in action. By the time the virus is "in action" it has often spread far and wide. Take Sobig.F or indeed Mydoom: if the anti-virus software was doing its job it wouldn't have spread so far and so deadly.
All that remains is the insult of being told that to stop the virus you need a certain revision of the anti-virus signatures which simply wasn't available when you got hit, even if you were to attempt an update every 10 minutes.

Why don't users demand better? Why do they still accept software which will happily execute an attachment "no questions asked"? In an era when you can't bring on board of a plane something that remotely resembles a blade we have people continuing to accept dangeous attachments as if nothing had ever happened before, including people who have already been hit by virii!

Wouldn't it be the anti-virus software's job to stop the execution of these attachments outright, perhaps mentioning that it isn't normal for a document to be called "document.doc.exe"?

It would but unfortunately there would then be little incentive to keep updating the signatures and finance the business model of the anti-virus companies...

Posted by arrigo at January 27, 2004 04:05 PM