Re: Via Slashdot: Antivirus Vendors Head to Court

["Dude VanWinkle" <dudevanwinkle () gmail com>]

On 7/8/07, David Harley <david.a.harley () gmail com> wrote:
> > This is very confusing... The install instructions for SAVCE
> > 10.x are "remove any and all other antivirus or antispyware
> > applications before beginning installation".
>
> I'm not sure they'd dare put that into the EULA. If they did, they'd
> probably argue that they meant that you shouldn't have AV or antispyware
> running during the install, not that your license is invalid if you run
> other security software concurrently. That said, Symantec do tend to expect
> to have the whole playing field to themselves, and some other products won't
> load into memory if they think they may have to co-exist with a Symantec
> product.

If Symantec goes ring0 then I would load in ring-1. Kinda beat 'em to
the catch ;-)

> > Seems to me if Kaspersky or Rising Tech put this kind of
> > disclaimer in their EULA, they wouldnt have to go to court
> > (or would win if they did). If its not unfair business
> > practice for Symantec, then lesser
> > (sized) companies should have no fear.
>
> Who says it isn't unfair business practice, if it's intended to make the
> user totally reliant on one vendor?

I do. The user always has the option to uninstall the offending app
and switch to a competitor.


> > Even if they dont, its common knowledge that if you are dumb
> > enough to pay for and run two AV apps on the same box, that
> > you include the respective app files and folders in the
> > exclusion list of the other.
>
> Whoa there. I run more than one AV/anti-malware app on some boxes, and I'm
> not dumb. What I -don't- do (normally) is have competing on-access scanners
> running at the same time, essentially for performance reasons. And common
> knowledge isn't always common sense. AV apps aren't immune to compromise,
> and shouldn't store virus definitions in a form that might yank another
> scanner's chain. If one scanner identifies another as compromised or
> infected, that shows a problem with one or both scanners: it ain't
> necessarily my fault!

I didnt mean any offence, its just that AV scanners will take up more
cycles and memory than most other applications on a standard desktop.
Why would you want to add that much overhead for a product that is so
crappy, you feel have to run two of them just to stay safe?

If you are having that many issues with AV, try switching to a
whitelisting programme.

> > Like I said, a very wasteful and confusing lawsuit.
>
> Not necessarily. If Kaspersky really think it's a dirty marketing campaign,
> you can't blame them for taking action. If Rising really think Kaspersky are
> targeting their product in some way, you can't blame them, either. Without
> knowing the facts behind the article, how can you be sure?

There are plenty of apps that you cant run in conjunction with
competing products (ever see an SAP system running MAS200?), I dont
see where this would become a legal issue unless the operating system
was doing the removal.

> > Nothing
> > good will come of this..
>
> You may well be right about that...
>
> > Maybe a law preventing AV apps from
> > behaving as they should..
>
> What, a law against FPs? Not very practical, I agree, but it's not as though
> AV is -supposed- to get it wrong...
>
> --
> David Harley CISSP, Small Blue-Green World
> Security Author/Editor/Consultant/Researcher
> AVIEN Guide to Malware:
> http://www.smallblue-greenworld.co.uk/pages/avienguide.html
> Security Bibliography:
> http://www.smallblue-greenworld.co.uk/pages/bibliography.html

-JP<who wishes his signature was that long.. hmmm>
Dude VanWinkle A+, AKA Rufus
Homeless Bum/4mm Dat Tape Changing Junior Technician
SelfStarters Guide to Stunt Bumming:
http://tinyurl.com/38f4bh


>
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.