Who Wants to Pay Twice for the Same Software?

By Larry Seltzer  |  Posted 2008-01-16 Print this article Print

Opinion: The latest in fake anti-malware actually comes from the legit anti-malware industry. Say no to anti-bot software.

I've said it before and I'll say it again: The security market is always looking for new ways to sell you the same thing they already sold you. The new phony category is anti-bot tools.

When this happened with spyware it somehow happened backwards. In the face of an established market for anti-malware products, known colloquially as anti-virus software, a separate market for anti-spyware developed. Spyware was a somewhat distinct category of malware, but treating it with distinct security software never made sense. As a separate category of software, anti-spyware is still just fading away.

Symantec came out with a dedicated anti-botnet tool months ago, and now Trend Micro has come out with one. I agree wholeheartedly with my colleague Ryan Naraine that these tools are a cheap attempt to exploit fear of botnets in order to create a new category of software that makes no sense being separate.

What is a bot, after all? It is the resident -- perhaps dormant -- form of a malware infection. Over the last few years there have been probably tens of thousands of new Trojan horse variants developed, the express purpose of which was to turn a PC into a bot. Everyone knows by now that the more general anti-malware software, like Norton and Symantec Antivirus, do a less than perfect job of keeping up with the new variants, but they do their level best and they block a fair number through generic definitions based on behavior.

There was a time-I thought it was still supposed to be that time, but perhaps I didn't get the memo-when you were supposed to be able to count on anti-virus software to detect existing infections on systems. There was a time when you could expect desktop firewalls and IPS products to detect malicious behavior by software installed on the system. Now I guess the time has passed, at least with respect to bots. Now you need a whole new class of software to detect the presence of bots.

The Trend Micro beta product, RUBotted, is free, as the Symantec one was while in beta. They do a relatively simple job, that of monitoring for bot-like behaviors, such as communicating with a command and control (C&C) system. It's all well and good for these companies to offer a free tool that performs these tasks for people with no security software, but what about their existing customers? Why doesn't Symantec Antivirus do this already? Why doesn't Symantec Internet Security do this? (And why don't the Norton consumer versions do it as well? Is it really reasonable to expect customers to buy and manage yet another program?)

It may be fat times for the vendors of anti-malware protection, but if I ran one of these companies I would be in constant fear that the party would be ending soon. Eventually some sort of systemic solution will come along to decrease the instance of malware drastically. Personally, I suspect Vista is it, and even XPSP2 was a big step forward. One day, all the really old systems running the overwhelming majority of the bot population will be taken out of circulation, and the problem will decrease. Until then, the anti-malware industry has to get whatever they can from us.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

For insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's blog Cheap Hack

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel