Author Topic: Are av-scanner users beta-testers?  (Read 2334 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33638
  • malware fighter
Are av-scanner users beta-testers?
« on: December 27, 2007, 11:53:19 PM »
Hi malware fighters,

In 2007 we did not only saw a doubling of the amount of malware, also the traditional protection against these uninvited guests is no longer without risks. For years now av-vendors do good business selling their notorious "signature" model, for which after a new virus or worm found an update is presented.

Because the enormous amount of malware that appears, viruslab experts can no longer analyze every sample by hand, so the process has been largely automated, with some additional nasty outcome in the aftermath. Not only the amount of malware has increased, but also the number of false positives. So NOD32, Symantec, Kaspersky and a lot of others had quite some FP's, some that serious consumers were urged to re-install their computers. From one point of view it is senseless to test an update for 10 hours, because the malware has upgraded to ten new variants already, and has turned a new corner by then. But it is also a bad thing as a user to have to pray every time a new a signature update is launched, and hope all goes well.

This situation makes virus scans as great a risk as the malware they apparently should stop. You only need one real bad av update to completely ruin your system (delete of explorer.exe recently through an FP). And there av-vendors should be responsible, because the user is not a free beta-tester. Larry Seltzer says it this way: "I think they have the Netscape/Google philosophy: Testing? For that we have our users."
Read: http://linuxbox.org/pipermail/funsec/2007-December/015720.html

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9411
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Are av-scanner users beta-testers?
« Reply #1 on: December 28, 2007, 07:16:48 AM »
Well, no software is ever final even if it says so in its interface. There are ALWAYS potential bugs and problems. But you simply have to say at some point: "This is it" and release it as stable release. This goes to all applications and is even more problematic for antiviruses which have to be constantly updated, much more often than any other generic program. Signatures and engine updates are main ones but users also demand functionality and nice interface. ALWIL guys for example have shown a great record of nicely balanced features and detection in combination with very problem free releases. Bad example is for example Kaspersky. They might have great detection all around but they rush to upgrade bunch of stuff and never actually finish it properly. Thats why it has all sorts of ridiculous problems no one wants to hear about. And thats ever after version 6 in which i also participated in testing (and be very dissapointed because they haven't fixed any reported bugs). So as long as ALWIL keeps on doing like they are, everything should be fine. Maybe some more work on generic signatures of most common malware and maybe something in heuristics way but even generics should do it most of the time.
Visit my webpage Angry Sheep Blog

Lusher

  • Guest
Re: Are av-scanner users beta-testers?
« Reply #2 on: January 20, 2008, 12:12:02 AM »
Will AVAST add something like PDM?