Is Antivirus Software the Virus?

So, what would happen if the world was suddenly rid of viruses and malware? Would the companies making millions (if not billions) of dollars from products and services aimed to keep you protected suddenly find themselves out of business? Isn’t in their best interest to make sure we’re vulnerable so that they can sweep in and protect us from harm?

Don’t you find it a bit odd that some of these companies sell protective tools that slow our systems down, but also sell products that will allegedly speed our systems up?

What if the leading anti-virus, anti-spyware, anti-malware products were open source rather than commercial in nature? Peter Schwankl doesn’t necessarily think that’s a great idea…

I like your idea that all Anti-Virus should be free! A company is indeed selling the cure for the poison that appears. It’s just a vicious cycle. But then again, I think open source is a mistake. I would think that an open source version of an anti virus would cause problems with potential hackers having access to the source code of an anti-virus, causing two things to happen:

  1. Impossibly hard-to-crack AV programs
  2. Far more devastating virii

It should be said that an AV program, open or closed, can have a hacker gain access to the source code, but making it easier is like handing it to them. Because that’s what’s happening.

So therefore, I think AV programs do indeed need to be closed source, an open source community wouldn’t have the dedicated resources that a company does to produce consistent, worthwhile, and stable-running AV software. Also, like with the Vista situation right now, open source can have a VERY long turnaround time when crossing to new OSes, leaving people crossing over, especially from OEMs such as Dell, or HP that move to the newest OS immediately, without protection while it’s updated for a new OS, where as companies are given OS Dev kits in advance.

However, while they should NOT be open source, they should on the same note be free. I WILL NOT pay to cure the poison that is omnipresent.

Certainly, some level of protection is necessary – the world is filled with evil people who seek nothing but damage and destruction. But isn’t the cost of protection getting just a little out of hand? Seems to me there’s more antivirus products than virii in the wild (an unscientific observation, but I think my point is made).

23 thoughts on “Is Antivirus Software the Virus?”

  1. Pingback:
  2. Pingback: Cell Thug
  3. There is an open source anti-virus engine that works fairly well, and relies on signature contributions from the community – Clam AV.

  4. clamav is open source, and seems to do a pretty good job of things. By Peter’s reasoning, clamav being open is contributing to the increasing nastiness and difficulty of new viruses. Has anyone in the AV industry ever made that claim? Perhaps clamav is making that contribution, yet the big commercial players don’t want to call them out on it because they feel it keeps them in business?

    Open and transparent development by quality developers will increase the security of things. I know there have been studies showing that OSS doesn’t magically create more secure software, and I don’t doubt that. I specifically qualified that by using “quality developers” as an ingredient. Just because people can see the code doesn’t necessarily mean they can get past it. And keeping the source closed hasn’t prevent people from making better/stronger viruses.

    Should encryption algorithms all be closed because it would make it easier for someone to determine how to crack the encryption otherwise? It doesn’t seem to be the case in the encryption world – some of the best tools there are open source. Why should AV be any different?

  5. Ding, Ding, Ding! We have a winner, someone get this man a prize. :)

    It’s the oldest marketing strategy in the world – create a problem, sell the solution.

    In this case though, it’s work on an exploit filled OS, offer band-aid solutions as they come up and reap the profits. ;)

  6. Peter’s wrong on this one.
    Most virii these days are written by script kiddies who can’t tell the difference between a FOR loop and a Ford Focus. Giving them the source code and preparing for new and terrible computer attacks is like giving a preschooler a recipe book expecting him to cook a cordon bleu dinner.

    I’d recommend switching OS to Linux or OS X, but that would mean those platforms would lose their current benefit of being in the minority, therefore not worth targetting, and therefore not susceptible to the same level of interest by the bad guys.

    Interestingly “Which?”, the consumer association in the UK, recently published a study saying that free security software performed as well, if not better than the paid for stuff. SO maybe we’re the mugs for buying the stuff in the first place.
    London Times article

  7. I switched to a Mac a couple years ago. When Parallels first came out I installed it (not in bootcamp) along with Windows XP Pro. I decided not to install any ant-virus or anti-spyware bloatware in Windows. I do IT support for a research laboratory so I am fairly computer savvy. I figured I was pretty safe using common sense and good security practices.

    Its been something like 8 months and so far I’m still clean. I periodically download anti-virus/spyware trial versions and scan just to make sure. I have a hardware firewall, I keep Windows patched and make sure I update all my software (flash, java, media player, etc). Just common sense stuff. I do cheat and use some security scanning software from work to keep up with software updates.

    I don’t do email in Windows or share files with anyone so its not a totally true to life test. As soon as others come into play their common sense or lack thereof will be your downfall. All that type stuff is done on the Mac. I may be reckless but I’m not stupid,

    I use Windows for games, chatting with Yahoo and Paltalk and I use Firefox in Windows for all my general web browsing. And I’m not at all careful about where I surf. I don’t use IE at all.

    I have a clean backup of my Virtual machine just in case I get hit but so far its not been needed.

    It’s been a fun experiment.

    Don’t try this at home.

  8. Howdy, BenR from the chatroom…

    You say open-source, but I say just make the damn thing free.

    If you expand your view to include plain ‘free’ av, you’ld see there’s so much more.

    True, most free av is trialware… but on occasion there’s actually a free version available for personal use. I am currently using AVG, a totally free for personal use AV. It has done a wonderful job of cleaning anything and everything… it includes a real time scanner- something most free AV is lacking. Couple this with the free spyware protection they provide… and my machine is adequately protected with DAILY updates.

    Open source AV…. good idea methinks in principle… in practice, it might never work methinks…

    How’s about simply creating an OPEN SOURCE DEFINITION UPDATE? That way, anyone could get the damn patch out for the latest nasties… and it would promote comparing different companies strategies for removing virii… so, say… how CompanyA can’t kill msblaster if it is in one stage of infection, but CompanyB can ONLY kill it in this one stage…. then CompanyC can come along and ‘fix’ both of those to make a cure-all single solution.

    The idea that ‘most’ virus makers would use this information to make better viruses is true… but it would take them forever en masse… most of these virri nowadays are script kiddies toys to begin with, and those kids ain’t going to suddenly stop scripting and start coding…

    By the time those virii makers get there individually [in stepping up to becoming real programmers], the larger collective of users would have progressed even farther. The real worry here is defection to the dark side… If you can solve that somehow, then we’ve won.

    just my $2.00 (too much posted for pennies)

  9. Anyone recall Terminator 3???
    Using an Intelligent computer to track down a virus, a virus that was caused by that same computer.

    Of course AV programmers are writing viruses.

  10. The only app that stopped and eliminated the sasser worm – remember that? It’s thanks to Lockergnome I was alerted to it – on my system at the time was WinPatrol, which is a non-specific protection system. At work, it took those MS certified guys running MacAfee and Norton whatnots a month before they were even aware of being infected. Go figure.

  11. It is a vicious circle, has been since the start. Come up with a business idea thats self sustaining. Its no different than Judges letting killers out to kill again. Keeps them in kickbacks and the Lawyers makin money.

  12. Firefox is opensource… for those of you too slow to realize the implications of what I’m saying (like the person who posted saying AV programs should be Closed-source), firefox is more secure than Internet Explorer, an closed-source browser maintained by Microsoft.
    And as far as hackers being able to input malicious code into the AV program, many open-source projects have a psuedo-company that oversees development and would prevent this from happening.

  13. PS. I really doubt that judges intentionally let killers go in hopes that they will go out and kill again. That concept sounds like an internet conspiracy theory to me. I’m not denying anythin about AV makers making viruses though.

  14. IMO, He is wrong. Security by obscurity is not good security. ClamAV is an a free program and it is a success so far.

    I don’t use any anti-virus software anymore because I take care about what I download and which files to execute (common sense)

    On Windows, You can live without any av software if you keep your Windows copy constantly really makes a difference. The only annoying thing is that viruses that comes through USB pens (I clean them on Ubuntu).

    Same applies to Ubuntu (=linux :P) , Running sudo apt-get update; sudo apt-get upgrade every now and then keeps your system in good shape. I still haven’t seen a linux virus.


  15. nortan anti virus is to me i used to use it an it eats up your memory its a joke how much it take up and it has been this way for a few years i go with nod 32 its light on the hardware and its updated auto at least once an hour its a great choice for all windows users

  16. i don’t think it’s would be a good idea to open source anti virus programs
    if that did happen i think computers over the world would die from virus’s that were put in anti virus programs from hackers!

Leave a Reply

Your email address will not be published. Required fields are marked *