Open Source and Anti-Virus Dont Mix

Opinion: But they could and should make a match of it-and we'd be better off if they did.

Ah, open source—is there anything that you cant do? Youre my operating system, my Web and app server, and the basis of my Web services architecture. You help me develop applications and then surf on the Web. You even let me create images and audio and use one client for multiple instant messaging networks.

I dont know what I would do without you, open source. From Linux and Unix to Mac OS X to Windows systems, youre always there for me.

But while our relationship has been great, I cant say that it has been complete. There are some important areas where you just dont seem to be trying your hardest—areas where, despite your unlimited promise, you just havent been able to make a breakthrough.

(OK, open source, I have to talk to these nice readers now.)

To me, one of the biggest areas where open source has come up short is anti-virus. This is too bad, as I think a lot of people would quickly fall in love with a free, reliable and always up-to-date open-source anti-virus client.

But while most everyone (except for the commercial anti-virus vendors) would welcome a marriage of open source and anti-virus, things have always been a little cold and stifled around the potential pairing.

In fact, not much has changed in the nearly two years since my eWEEK colleague Larry Seltzer wrote a column on the sorry state of open-source anti-virus technology. Basically, we are still at the same point, with ClamAV being the main open-source anti-virus product.

Ive used ClamAV on e-mail gateways, and I think its an effective product that works at least as well as many of the commercial products Ive used. But, for most people out there, anti-virus happens on the desktop, and this is where open source hasnt made its mark.

There is a Windows client for ClamAV called ClamWin, but calling this application "basic" from a desktop anti-virus perspective would be kind. And the lack of real-time scanning makes it a nonstarter for business use.

Why hasnt open-source software been more successful when it comes to desktop anti-virus? Some argue that fighting viruses is too complex and dynamic a job for an open-source project—that such projects could never compete with the dedicated teams of researchers that commercial companies use to track viruses and update signatures.

/zimages/1/28571.gifClick here to read about security vulnerabilities found in the open-source anti-virus application ClamAV.

Others argue that people see security as just too important a task to trust to open source—that people wont trust an open-source product to protect them against viruses and Trojans.

However, theres plenty of evidence to counter these arguments. People clearly trust open-source technology for security. When it comes to firewalls, vulnerability scanning and penetration testing, there are a number of highly respected open-source products that are heavily used by businesses and often are even embedded in commercial solutions.

And open source has proved that it is up to the task of tracking constantly changing threats, as there are some very popular open-source products in the anti-spam and anti-spyware arenas.

Clearly, open source could produce a capable, easy-to-use anti-virus product that would protect users desktops and save users from the increasingly onerous yearly subscription charges that the anti-virus vendors are charging. So, why hasnt it happened yet?

This is just a guess, but I think it comes down to one simple thing: For the most part, viruses are a Windows problem. For the predominantly Linux-based open-source development community, protecting Windows systems from viruses simply isnt a priority. In fact, from the perspective of Linux zealots, viruses on Windows are a good thing, as they may cause people to switch to Linux. The fact that ClamAV is strong on the Linux and server side but not on the Windows desktop side seems to bear this idea out.

But I hope Im wrong, because I think the world needs an open-source anti-virus desktop product—both for its own benefit and for the competitive kick it will give the commercial products.

(OK, open source, back to you.)

Open source, while I still really like you, until theres a good desktop anti-virus product, I dont think I can say that you complete me.

Labs Director Jim Rapoza can be reached at

/zimages/1/28571.gifCheck out eWEEK.coms for the latest open-source news, reviews and analysis.