[funsec] Re: The AV.

Drsolly drsollyp at drsolly.com
Mon Mar 20 05:58:50 CST 2006


On Mon, 20 Mar 2006, Gadi Evron wrote:

> Drsolly wrote:
> > In an ordinary collection of business computers (which means they're
> > mostly running Windows), do you think that AV is some sort of luxury 
> > extra?
> 
> I'd go as far as, on the user and engine side: it serves an important 
> purpose, using a technology that was good at the floppy disk days. It 
> still vastly uses the same technology and relies on the Internet mostly 
> for nothing save updating.
> 
> It's slow, it's old, it's reactive, it's out.

Like I keep saying, I don't know of an AV that's good enough that I'd want 
to use it.
 
> It's good for detecting and controlling old threats and cleaning up 
> relatively old threats. I believe it will always be good and even 
> important for that.
> 
> Trying to fit it in a new box every few years doesn't work, and the 
> industry itself is so stagnant it finds out about what I call "pop" 
> Trojan horses and then spyware years after-the-fact.
> 
> So, you think packaging it with a new cool exterior every year or so, 
> and a couple of nifty marketing features is going to do it?

Not at all.
 
> This is not to say the AV isn't part of the solution or even an 
> important part - I strongly believe in that, or to say most AV-ers 
> aren't great guys - most of them are amazing. It just comes to say that 
> the industry is inhibiting progress by sticking to it and sticking it to us.
 
It's breathtaking to me that you can say that the AV companies are
"inhibiting progress". There is absolutely nobody and nothing stopping you
from writing something that is ten times better than any of the existing
antivirus products - apart from the small problem that you don't actually
know how to do it (and neither do I).

We live in a capitalist society. If you can make an AV that's ten times 
better than existing products, and ten times cheaper, then I really cannot 
imagine why you haven't done so.

The reason why it hasn't happened, is *not* because the AV companies don't 
want to. It's because they don't know how to - and neither do I.



More information about the funsec mailing list