RE: Via Slashdot: Antivirus Vendors Head to Court

["David Harley" <david.a.harley () gmail com>]

> I do. The user always has the option to uninstall the 
> offending app and switch to a competitor.

True. (Though SAV, among others, can leave dirty footprints in your registry
when you remove it.) And in a minority of cases that's an unnecessary
hassle. The point, though, is that it isn't really up to one vendor to
insist that it has the PC to itself. It's perfectly legitimate to point out
potential clashes, as some vendors do.

> I didnt mean any offence, its just that AV scanners will take 
> up more cycles and memory than most other applications on a 
> standard desktop.

No offence taken. But we're off the point here. I've already said that I
wouldn't normally run two on-access scanners at the same time. All they're
taking up is disk space and I have lots of that. What I'm saying is that I
think your point about excluding other AV programs (and the comments in the
original news article) are based on a somewhat outmoded view of the
technology.

> Why would you want to add that much overhead for a product 
> that is so crappy, you feel have to run two of them just to stay safe?

I don't add overhead, and I don't recommend that anyone else does. Not, at
any rate, if it means loading everything onto a single desktop. We did
invent something called multi-layering a few years ago, and it's neither
unusual nor irrational to use different products at different layers. 

You've evidently read my signature, since you commented on its length. Can
you think of any reason why a security researcher specialising in malware
might have multiple scanners on some machines, apart from paranoia? ;-)

> If you are having that many issues with AV, try switching to 
> a whitelisting programme.

I'm not having issues with AV. As it happens, I'm doing quite nicely out of
it at the moment, thank you. And I'm one of those strange individuals who
believe that in general that AV, while the concept of virus-specific
detection may be "crappy", does its job surprisingly well. Whether it's the
-right- job is another debate. (Actually, whitelisting makes a lot of sense.
But -that- isn't the magic bullet, either.)

> There are plenty of apps that you cant run in conjunction 
> with competing products (ever see an SAP system running 
> MAS200?), I dont see where this would become a legal issue 
> unless the operating system was doing the removal.

I've seen many curious contentions in my time. And some major app
contentions that have nothing to do with AV. But not many where a competing
product accuses another of being malware and insists on deleting it. Usually
when these things occur with AV, the companies concerned seem anxious to
sort it out. I can think of potentially valid reasons for a company going
the litigation route. I don't know whether they apply in this case, though.

> -JP<who wishes his signature was that long.. hmmm> Dude 
> VanWinkle A+, AKA Rufus Homeless Bum/4mm Dat Tape Changing 
> Junior Technician SelfStarters Guide to Stunt Bumming:
> http://tinyurl.com/38f4bh

Ah. A purist. I used to be one of those. In fact, you may notice that my
signature is still 4 lines long, even though I doubt if the length of my
signature has much impact on anyone's system in this century, and I don't
run the gauntlet of flamers and nitpickers in USENET any more. 

-- 
David Harley CISSP, Small Blue-Green World
Security Author/Editor/Consultant/Researcher
AVIEN Guide to Malware:
http://www.smallblue-greenworld.co.uk/pages/avienguide.html
Security Bibliography:
http://www.smallblue-greenworld.co.uk/pages/bibliography.html


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.