Who Wants to Pay Twice for the Same Software?

Opinion: The latest in fake anti-malware actually comes from the legit anti-malware industry. Say no to anti-bot software.

I've said it before and I'll say it again: The security market is always looking for new ways to sell you the same thing they already sold you. The new phony category is anti-bot tools.

When this happened with spyware it somehow happened backwards. In the face of an established market for anti-malware products, known colloquially as anti-virus software, a separate market for anti-spyware developed. Spyware was a somewhat distinct category of malware, but treating it with distinct security software never made sense. As a separate category of software, anti-spyware is still just fading away.

Symantec came out with a dedicated anti-botnet tool months ago, and now Trend Micro has come out with one. I agree wholeheartedly with my colleague Ryan Naraine that these tools are a cheap attempt to exploit fear of botnets in order to create a new category of software that makes no sense being separate.

What is a bot, after all? It is the resident -- perhaps dormant -- form of a malware infection. Over the last few years there have been probably tens of thousands of new Trojan horse variants developed, the express purpose of which was to turn a PC into a bot. Everyone knows by now that the more general anti-malware software, like Norton and Symantec Antivirus, do a less than perfect job of keeping up with the new variants, but they do their level best and they block a fair number through generic definitions based on behavior.

There was a time-I thought it was still supposed to be that time, but perhaps I didn't get the memo-when you were supposed to be able to count on anti-virus software to detect existing infections on systems. There was a time when you could expect desktop firewalls and IPS products to detect malicious behavior by software installed on the system. Now I guess the time has passed, at least with respect to bots. Now you need a whole new class of software to detect the presence of bots.

The Trend Micro beta product, RUBotted, is free, as the Symantec one was while in beta. They do a relatively simple job, that of monitoring for bot-like behaviors, such as communicating with a command and control (C&C) system. It's all well and good for these companies to offer a free tool that performs these tasks for people with no security software, but what about their existing customers? Why doesn't Symantec Antivirus do this already? Why doesn't Symantec Internet Security do this? (And why don't the Norton consumer versions do it as well? Is it really reasonable to expect customers to buy and manage yet another program?)

It may be fat times for the vendors of anti-malware protection, but if I ran one of these companies I would be in constant fear that the party would be ending soon. Eventually some sort of systemic solution will come along to decrease the instance of malware drastically. Personally, I suspect Vista is it, and even XPSP2 was a big step forward. One day, all the really old systems running the overwhelming majority of the bot population will be taken out of circulation, and the problem will decrease. Until then, the anti-malware industry has to get whatever they can from us.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

For insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's blog Cheap Hack