Hi malware fighters,
In 2007 we did not only saw a doubling of the amount of malware, also the traditional protection against these uninvited guests is no longer without risks. For years now av-vendors do good business selling their notorious "signature" model, for which after a new virus or worm found an update is presented.
Because the enormous amount of malware that appears, viruslab experts can no longer analyze every sample by hand, so the process has been largely automated, with some additional nasty outcome in the aftermath. Not only the amount of malware has increased, but also the number of false positives. So NOD32, Symantec, Kaspersky and a lot of others had quite some FP's, some that serious consumers were urged to re-install their computers. From one point of view it is senseless to test an update for 10 hours, because the malware has upgraded to ten new variants already, and has turned a new corner by then. But it is also a bad thing as a user to have to pray every time a new a signature update is launched, and hope all goes well.
This situation makes virus scans as great a risk as the malware they apparently should stop. You only need one real bad av update to completely ruin your system (delete of explorer.exe recently through an FP). And there av-vendors should be responsible, because the user is not a free beta-tester. Larry Seltzer says it this way: "I think they have the Netscape/Google philosophy: Testing? For that we have our users."
Read:
http://linuxbox.org/pipermail/funsec/2007-December/015720.htmlpolonus
