Anti-Botnet Market is Black Eye for AV Industry 204
alternative coup writes "eWEEK is running a story on the emergence of an anti-botnet market to fill a perceived need for software to deal with botnet-related malware (Trojans, keyloggers, rootkits, etc.). The article characterizes this as 'another black eye' for the existing anti-virus industry — asking consumers to pay twice for protection from things that anti-malware suites are missing. Venture capital money is flowing to these anti-bot products, an implicit statement that the AV giants are not doing their jobs. 'For companies such as Symantec, which sells the Sana-powered Norton AntiBot and anti-malware subscriptions, it's a nickel-and-dime situation. Symantec officials say Norton AntiBot is for a specialized, technical market segment looking for high-end tools to deal with botnets, but [Andrew Jaquith, an analyst with The Yankee Group] said it's a case of anti-malware companies double-dipping.'"
I've already started dumping Norton (Score:5, Interesting)
Yeah...ditch these people now. AV on the client is a scam. Effective management and AV at the chokepoints can often provide enough protection I've found.
Re:I've already started dumping Norton (Score:5, Interesting)
I killed all the A/V apart from the one that comes with AOL (which was the only one being updated in any case). Machine worked again. Problem solved.
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
Re:I've already started dumping Norton (Score:4, Interesting)
Re: (Score:3, Informative)
Re: (Score:3, Interesting)
Which says that ClamAV and BitDefender are both free for Server 2003.
Re: (Score:2)
Re:I've already started dumping Norton (Score:4, Interesting)
cure worse than disease (Score:3, Insightful)
Malware has evolved from being mostly destructive juvenile pranks to subversive software with a profit angle. The more intelligent malware tries not to call undue attention to itself. Those generally don't pig out on all the resources or gratuitously trash things. It's not profitable. Overly virulent diseases such as Ebola don't do well because they kill their hosts too quickly.
Meanwhile, the security industry has become like allergies, leukemia, and AIDS in one convenient package. Overkill on the sc
Re: (Score:3, Interesting)
And you're right, real importance should be on a) properly securing workstations and b) good virus scanning at the head. I still think it's a good idea to have AV on the workstation, but there are better and less miserable malfunctio
Re: (Score:2)
Re:I've already started dumping Norton (Score:5, Insightful)
Re: (Score:2)
Personally, I ultimately solved this problem by buying Avast Pro, though there was much grumbling before I did so. Avast is a nice program, agreed, but
Re: (Score:2)
>My biggest problem with Symantec is that the software sucks, and in particular the Corporate edition. We walked away from it January,
I just made the decision to walk away from Corporate Edition as well. In my case, it was the @#$%^ memory leaks. We couldn't get more than a week's uptime out of our servers. Symantec does not offer a patch for this known problem, and their solution was for us to buy forty new licenses for their new version. Sorry, but Hell No.
Re: (Score:2)
Re: (Score:2)
Replacements for Norton (Score:4, Interesting)
So as to not garner another "flamebait mod" from the astroturfers by pointing out how insecure Windows is out of the box, I won't. Rather, I'll point out that Linux and Mac aren't being targeted by the botnet operators. Regardless of the reasons, you're safe with Mac or Linux unless a cracker targets you personally (no OS is completely secure).
Poor Microsoft, if they ever marketed a secure OC Norton and McAffee would sue for anticompetetive monopoly practices and the EU wouldn't let them sell Windows in Europe any more.
-mcgrew
(I don't do Mondays very well and I'm on a losing streak lately so please be kind to an old nerd)
Re:Replacements for Norton (Score:4, Insightful)
You want to know why you were marked troll? Could it be because of the utter crap you are spreading? Here, let me help clear that up for you:
http://it.slashdot.org/article.pl?sid=07/10/05/1234217 [slashdot.org]
*nix boxes aren't being used as a drone in a botnet but they are being used to control them. Far worse if you ask me.
Maybe a little less smugness and a little more research and you wouldn't get marked troll.
DISCLAIMER: I run Gentoo Linux SOLELY. No Dual Boot, no virtualization.
Re: (Score:2)
Troll, mod thyself.
Here's a solution for Norton and Microsoft. (Score:3, Interesting)
#1. A bootable CD that can give you read/write access to the local hard drive.
#2. A database (that can be updated) of what the MOST COMMON files are in which directories OF THE OS and their various identifying characteristics.
Because it is far, Far, FAR easier to validate that a certain file is "good" than to determine that it is "bad".
Simple concept, no?
Anything that cannot be identified can be "quarantined" if the user so wishes. Any data files
Re: (Score:2)
Part of Microsoft's problem is their refusal to separate data from code. The only way pure data can infect a computer is if a program has a buffer overflow or other exploitable programming error.
There are, of course, some things that do require a data/code mix, like a spreadsheet, but most don't. DRM (Digital Restrictions on Media) must have code in the data. A WiMP file has built in DRM and you can imbed a virus there. And MP3 or Og
Re: (Score:2)
Re: (Score:2)
Very true, and it's one of the reasons Linus is more secure than Windows. If the source code is available to millions there's a far better chance of finding bugs and fixing them.
Fixing beats hiding any day.
Re: (Score:3, Interesting)
But then, how many Linux people want to help a Windows tool?
This... (Score:5, Insightful)
'Oh no', they tell me. 'That's different...' Yeah. I see that. Now we got this going on.
People want their computers to be protected against any form of intrusion - from within or without - regardless of how it's classified. The reality is, that there are now forms of malware out there that are either undetectable or incurable once you have them. I use a gateway to help protect our computers, but every once in a while it still happens.
Re:This... (Score:4, Informative)
Re: (Score:3, Interesting)
ClamAV works fine, but on Windows, the performance is horrid. ClamAV takes 4X+ as long to scan a hard drive as Grisoft AVG. For that big of a performance difference, I'll just pay the $30. Not to mention the lack of on-demand scanning, and the massive memory footprint.
No it doesn't. AdAware "misses" so much spyware it's not funny. Spybot easily blows it away
Re:This... (Score:5, Informative)
Being included with another application may or may not qualify it as a member of the set "Trojan Horse", depending entirely if the application intentionally installed includes the spyware in its function or if the spyware is a secondary piece of software that is not directly announced. A "Trojan Horse", in the software sense, is a piece of software that reportedly does one thing but actually does something else, either with or without including the reported functions.
However, I agree with what I believe to be the general, pervailing thought that a user should need only one anti-malware application that should be able to handle all of these. I also believe that "defense in depth", when possible (corporate environment, for example) is the best approach. I look at it this way: just because the castle has really high walls and good archers doesn't mean that the guards inside the castle shouldn't be carrying weapons of some sort. The only issue with many "anti-virus" products is that they take so much CPU time and other resources that they negatively impact the overall usability of the computer.
As a security professional, this irritates me as well. I agree with the Yankee Group's analysis that this amounts to "double-dipping", and I feel it is ethically wrong. However, in a (supposedly) free-market economy, these things will happen until the market sorts them out. (I am _not_ an economist. My speciality is InfoSec.)
Re: (Score:2)
Laugh, it's funny!
Grow or die (Score:2)
Re: (Score:2)
Re:Grow or die (Score:4, Insightful)
You just countered your argument. Our computers are meant to be servants and do stuff like this for us, that's the whole point.
Re: (Score:2, Funny)
Re: (Score:2)
Re:Grow or die (Score:4, Insightful)
Treat me honestly, fairly and openly, and I'm a customer for life. But if you sell me a "security suite" then nickel and dime me for all of the add-ons to provide the protection I thought I was getting in the first place, then I'll go elsewhere.
I used to use McAfee on my wife's Windows desktop (I use Linux, thank you very much) until I noticed two things happening: 1) the size of the product, and the resources it needed to run, kept growing, and 2) the protection it offered kept shrinking. Despite running the full malware protection on her computer, she *still* kept getting infected, and it was all I could do to keep her machine running. I've since switched to http://www.eset.com/ [eset.com]Nod32 and have been, for the most part, pretty happy with it. It's fairly lightweight, works pretty well and has some cool features that reasonably competent system administrators will like (e-mail notifications, for example), although it doesn't tolerate unstable Internet connections during updates, unfortunately.
Re: (Score:3, Interesting)
This is the problem with many industries today. They have the need to grow, like a cancer has a need to grow. Why must people be so greedy that they have to use every unethical and immoral tactic there is to sustain their greedy growth? What's wrong with settling for an honest living without stealing your way to cancerous growth like Norton does with is pr
Re: (Score:2)
> unethical and immoral tactic there is to sustain their greedy growth?
Ah, that's easy.
Because their shareholders want their 401K's to be worth as much as possible by the time they retire.
Greed is the sole point of being in business (um.., usually).
Re: (Score:2)
When money is your god, the only evil is lack of profit.
Don't you mean triple-dipping (or more)? (Score:2, Insightful)
So don't forget to get an AV program, personal firewall app, spyware scanner, and a botnet scanner in addition to the next trend that can be re branded and sold to people once again.
Re: (Score:3, Informative)
Of course! The difference between a trojan and spyware is that trojans come from e-vile hacker bad guys that want to use your computer for nefarious purposes, and spyware comes from benign, nice, everybody loves them corporations like Sony that want to use your computer for nefarious purposes.
A/V bloat due to antiquated approaches (Score:5, Interesting)
Of course, heuristics won't be a silver bullet as it brings its own set of problems (ie: false positives), but I think we'll see more of this used as time goes on. IANAB (I am not a biologist), but is seems that our body's immune system operates more on heuristics than some exhaustive chemical look up table. Considering the millions (billions?) of years nature has invested in our immune system I think we would do well to take a page from mother nature on this one.
Re:A/V bloat due to antiquated approaches (Score:5, Informative)
Yep, you're no biologist, and even less of an immunologist. You need to read up on antibodies [wikipedia.org]. Now, part of the immune system does work on heuristics, but a big part of it is all the antibodies running around your body as a "chemical lookup table", but one with a massively parallel seek mechanism.
Re: (Score:3, Interesting)
Yep, you're no biologist, and even less of an immunologist. You need to read up on antibodies. Now, part of the immune system does work on heuristics, but a big part of it is all the antibodies running around your body as a "chemical lookup table", but one with a massively parallel seek mechanism.
I stand corrected. Thanks for the link ppanon. Though I still question the approach of A/V engines relying so heavily on lookup tables. I guess my revised point would be that we (meaning the computer industry) should seek to keep these lookup tables as small as possible by maximizing the number of viruses that can be detected via heuristics.
Re: (Score:2)
Re: (Score:3, Interesting)
Your overall approach is a very good one, and it is one that has been attempted several time
Fundamentally broken (Score:5, Insightful)
It is my firm belief that AV software can never fix the real problem: broken OS security model and application bugs. For the AV software vendors this is always a game of catch up, the virus/trojan/worm/bot etc. creators have a huge advantage: numbers. They have more people figuring out ways to infect your computers, brake through your buggy and exposed application interfaces, send out executables with backdoors and viruses.... there are probably thousand times as many people working on the ways to take over PCs than there are people who are in 'business' of preventing this from happening.
And really, it is not that complex of a problem: run OS administration applications in one security level, run user applications in another security level, use hardware infrastructure to prevent these levels from intersecting and taking over each other, but of-course allow the highes level administration applications to take precedence over any user application and at least kill it. Do not allow execution of applications that are not authorized by the user. There are more good ideas than that, but basically do not allow a user application to hijack the system by pretending to be an OS administration application, do not allow user applications to change their access levels, do not allow them to hide their processes from observers. Designate protected data storage on disks, and allow that data only to be modified by certain applications that are assigned by the user.
However this is not a job for some ad on AV software.
Re:Fundamentally broken (Score:5, Insightful)
Re: (Score:3, Insightful)
Easy. Take away their admin rights.
But mores seriously, the Windows OS model sees it as ok to modify the OS in order to the applications to run on it. If the OS was impossible to change by the user or a 3rd party program we wouldn't see 95% percent of the viruses out there.
Programs should be adapted to the OS and not the other way around. I'm always leary about programs that ask you to reboot the system in order to run even if they are legi
Re: (Score:2)
I'm always leary about programs that ask you to reboot the system in order to run even if they are legit.
Why? Windows is modular - what are you supposed to do if a program updates a component that's already in use?
Granted, this doesn't happen very often unless you're installing a driver. But, most "restart your computer" warnings are, in modern times, superstition.
Go ahead - I dare you to install Age of Empires II and then run it without a reboot. The devs are just being cautious.
Re: (Score:2)
Well that is why windows has the most viruses! It needs to stop being modular and if programs need to update something in the OS then too bad. Work around it!
Re: (Score:3, Insightful)
Don't forget performance - Dragware... (Score:2)
It took almost 3 minutes just to get to network prefs. The process should have taken less than 30 seconds but ended up being closer to 7 minutes!
We tend to measure computer speed in GHz, but there needs to be a new standard set
Re:Fundamentally broken (Score:4, Insightful)
Windows started out horribly insecure. Through the years it has very gradually been getting better. Unfortunately the malware writers have been keeping up. This situation has incubated a malware industry that is now well resourced, organized, and experienced.
Now even if Windows from an objective point of view as secure as say OS X it does not matter. The malware industry that exploits Windows is mature and up to the challenge.
Re: (Score:3, Insightful)
As to viruses, there's no excuse for a virus to be able to infect your computer. That's a sign of a buggy os and/or application.
Doomed business model? (Score:4, Interesting)
We shouldn't have to add third-party tools to make an OS secure. It should be secure (or at least, secure-able) out of the box.
Charging more for a suite of software that all does the same thing sounds like a last-gasp attempt to deliver some profits before architectural changes force these companies out of business.
Re:Doomed business model? (Score:5, Insightful)
Kind of crappy, really-- but what REALLY rankled me was when MS released its OneCare; sorry, but you don't get to charge me to fix the holes in your broken systems. That's a massive conflict of interest that I'm rather surprised nobody has taken them to task for yet...
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
2: Outlook can send out to hosts x,y, and z on port 25.
3: Outlook cannot send out on port 25.
4: Outlook can hit the POP3 ports on hosts a,b,c.
5: Outlook can hit the IMAP port on host d.
6: Outlook can hit the HTTP port on host e.
7: Outlook is disallowed from any further communication out.
Call me crazy, but wouldn't rule 1 bork rules 2,4,5, and 6?
Re: (Score:2)
Outgoing connections should be restricted, so if Outlook does get hijacked by an exploit, the damage it can do is limited. It can still do some bad things (sending bogus E-mails), but a firewall ruleset would prevent it from connecting to some random IP in a botnet to pick up a new payload, or opening a listening socket so someone can connect to it.
I'm not just picking on Outlook; a lot
Re: (Score:2)
Or you could just use the combination that I have used to keep my PC spyware/virus free and no reboots except upgrades for three or so years, if not more. AVG, Spybot, and ZoneAlarm (firewall only).
All three programs are free, none of them rob you of any real processing power (or I at least haven't noticed any), they al
Re: (Score:2)
You just don't see that one everyday.
man that title was confusing (Score:5, Funny)
what does the adult video industry have to do with botnets? and nevermind the black eyes, that's a kind of adult video i'm not into
live and learn
No, you are paying THREE times (Score:3, Insightful)
Hear hear! (Score:3, Insightful)
Re: (Score:2)
Driven by market? (Score:2)
Re: (Score:2)
For example, you can go to a completely different restaurant where the food is free, and if you don't like what's offered, you can have whatever you want because because all the recipes and ingredients are listed right on the menu and the cook doesn't mind if you go into the kitchen and whip up whatever you like.
Re: (Score:2)
of course they are double dipping (Score:2)
Meanwhile they are preventing nothing. Car analogy time: Lets pick on Ford today. Ford sells you a new car, and a yearly maintenance contract to keep everything working. Of course it is your responsibility to take the car in for that maintenance each year. If you put low profile tires/wheels on the car, it voids part of the maintenance warranty,
Am I alone? (Score:4, Interesting)
Use Opera to browse porno. (Or just about anything at all).
Don't run crack.exe (it's a trojan).
Problem Solved. Am I alone here?
In the off chance that I get infected (Ok, I ran crack.exe), just take the hooks out of the system (hijack this, pv if neccessary, unlocker, done). Restart. Problem soved.
Re: (Score:2)
Why in the name of everything vile and evil would you want your computer on crack? [uncyclopedia.org] I mean come on, even your mom [uncyclopedia.org] wouldn't let her computer do crack!
"Why you be lookin' up crack in da uncyclopedia when you can have yo PC on crack? I gots da best crack dey is, I have you computer in a two hunnat dolla a day habit, my crack so good! Sheeit!"
I hope you're at least using a firewall... or a Mac.
Re: (Score:3, Interesting)
Anti-purse (Score:2, Insightful)
Get a Mac, or Run Linux! (Score:3, Interesting)
People are really, really stupid. Once your system is compromised, it is *not-fixable*. There is no reliable, effective way to insure that your system is untampered with unless you can do a bit-wise verification of every executable on the system, and even that isn't 100%; you really need to check *every* file against a "known-good" one.
I've seen plenty of systems with "up-to-date" antivirus get hosed, and they generally don't seem to be the same afterwards. Not to mention that few, if any antivirus packages are better than 95%.
If you can't keep your system clean, it isn't reliable. The only thing antivirus is really good for is as a means to determine if you need to wipe and re-install. For business purposes, I believe this to be unacceptable, and I cannot fathom why people don't switch to systems that do not require this ridiculous kludge.
Re: (Score:2)
Because a quarter century ago nobody ever got fired for buying IBM. These days nobody ever got fired for buying Microsoft. In a culture that worships money, the man who has the most of it is God.
Re: (Score:2, Informative)
You still don't get it... (Score:3, Insightful)
I'm one of those people. I've tried Linux "equivalents", but they simply doesn't work the way I need.
Until I can switch ALL of my software needs to Linux, I simply cannot go over 100%. I keep Linux installed on my PC (Fedora 8 has an entire 160GB drive dedicated to it), but still have to switch back over to XP for the bulk of what I do.
A mac would be better for me
Re: (Score:3, Insightful)
Its amazing how a properly configured (and locked down) environment can be pretty effective.
Anti-Virus worse than a Virus (Score:2, Insightful)
If I look at all the problems Anti-virus software causes compared to that caused by actual viruses it is clear viruses have caused little damage compared to the Anti-virus software.
The dominant anti-virus software vendors hav
Some people work with high turnover (Score:2)
Two different symptoms, same cause (Score:4, Interesting)
It seems to me that, superficially at least, it makes sense to talk about a "botnet market" as separate from the anti-virus software market if you are talking about a higher-level network solution, not simply another program that consumers run on their PCs. But from the article, it's not clear what the focus of this supposed market is. If it's software that's run by companies with large PC networks, or ISPs, and if its purpose is to track botnet-like behavior by network clients with the aim of isolating suspect clients from that network, then it makes some sense to me. This could be a good thing...if it works. If it's yet another "safe computing" package marketed to Joe Sixpack, then it's an outstandingly stupid idea. If a computer is part of a botnet, the critical failure has already occurred, and no application package is going to fix it.
I suppose the people who are boosting this new "market" are responding to a money-making opportunity created by a real social problem: the fact that massive botnets exist, and that such phenomena rob us of collective resources--that is, resources that exist for our common use. Ultimately such collective thievery boils down to every individual having to pay more for services, and to endure degraded service quality to subsidize the thieves. Surely preventing this is a worthy goal...or a goal worth paying money for.
As many here know, the virus/botnet problem is due to two factors: a massively deployed operating system that is by design insecure, and a multitude of ignorant users. Of the two, the OS is most to blame. If Joe couldn't get his PC zombified by clicking some link to download stupid stuff off a web page, or reading some mystery email, the problem would be much diminished. However, I judge on the basis of their track record that Microsoft is unlikely to ever create a truly secure operating system; it's just not a priority. Because of Microsoft's ability to get computer retailers to bundle only their OS with every computer that is sold and because of most buyers' disinclination to learn about what they are purchasing, the situation is likely to continue—unless computer users are given a strong incentive to change their buying habits.
And here's where network-level anti-botnet software might change things. Suppose ISPs started to identify PCs that are compromised to the extent that they constitute a public nuisance or threat—and isolate them from the network. Obviously, the anti-bot software would have to be very good; you don't want a significant number of false positives. But it seems to me that if you do automated traffic analysis, it wouldn't be that hard to identify the zombies (here's where those who really know about this stuff get to jump in and tell me why I'm wrong). Once identified, the zombie is isolated, the owner gets a singing telegram notifying him of the action that was taken and why, and what he should do to fix the problem. ("Reinstall Windows" will probably not be the recommended solution.)
I think that this would help, but it would require several other changes. For one thing, it's not clear to me that ISPs actually care about botnets or viruses. I'm not sure why that is. (Again, someone with a better understanding of the communications infrastructure might want to help me out here.) For another, the [L|U][n|i]n[u|i]x OS has to become a commercial product. That's right: it has to be pried out of the hands of the well-meaning and hardworking people who have made it what it is today, and put into the hands of some money-grubbing capitalist who will make deals with computer retailers, guarantee support to end-users, and above all give it a decent name. You see, normal people don't trust free things; they only trust people who take their money. That's the fundamental stumbling block of the free software movement: in the market place, anything that's to be had for nothing is perceived as having no value.
Anyway, the result I'm hoping for is that, as a result of penalizing stupid user behavior, people will either start using one of the epigonoi of Unix, or that MS will crumble under market pressure and actually create a decent secure OS. Well, I can dream.
the problem is "what is a problem"? (Score:2)
Maybe it only finds the problems it can find, maybe it only tells you about the problems it can fix. Maybe the definition of 'fix' is up in the air too. For too long the AV vendors have created products that can't be compared head to head reliably. They ALL claim to do something called AV scanning, but no one can really tell you w
In related (old) news... (Score:2)
AV industry is Black Eye for Microsoft.
The Yankee Group said that? *THUD!* (Score:2)
And I actually AGREE what what was said and find it sensible?
OMG! The end times have come!
Re: (Score:2)
Re: (Score:2, Insightful)
I think it's bad enough that some ISP's may track your bandwidth usage.
Once they start inspecting each packet who knows where it will stop.
Just moves the problem... (Score:5, Insightful)
That doesn't solve the problem - it just moves it. Onto the vendors of networking hardware.
Core routers are "dumb as rocks" and can be relatively low reliability. The idea there is to treat each packet as a hot potato and move it on with as little "thought" about it as possible - so limited processing power can handle large numbers of packets. If the box goes down the others can find a way around it. But not thinking about each packet means these boxes are gullible.
Edge routers (the last router before the customer, or sometimes the one between two competing ISPs) are smarter and more robust: In the core there are multiple connections, but at the (customer) edge there is usually only one line to only one box, so it has to be as reliable as a phone switch. (If the ISP hasn't routed ALL traffic to/from the user through an extra box at the Network Op Center) it has to act as a "reverse firewall" to protect the gullible network routers from the users and keep the user from using resources he hasn't paid for. It's also the only box on the carrier side where all the customers' packets come together. So if the carrier is to provide comprehensive anti-malware service, that's where it ends up.
Edge routers have a lot of brains and a significant amount of memory. But for their main jobs they only have to look at headers and keep a small amount of state per customer. Add "deep packet inspection" for anti-malware on the current model and you explode the resources required. Now they have to look at the whole content of every packet and apply thousands of tests to it, exploding processor requirements. Worse they have to keep the state for every flow rather than just every customer - and a single tool-generated web page may be hundreds or thousands of separate flows, running in parallel due to browser optimization. And the state for each of the flows is enormous, including the state of the processing of each of the signatures being tested. Finally, they may actually have to hold the packets themselves, to reorder and/or defragment them for the analysis. So the storage requirements explode. And this resource requirement increases their susceptability to DOS attacks.
Further, smartening up the edge routers still further and giving them massive storage upgrades and inbound firewall duties makes them, not the users' machines, the primary target for malware vendors. They'd now have to spoof or subvert this machine to get their stuff to the users. But what a prize! Once it's subverted they get access to ALL the users and their traffic, regardless of the users' OS or anti-malware tools. (The zero-day window becomes "pwnership" of ALL the customers' data - no race between the infection spreading and the AV companies working out and deploying a signature.) Once in control, tapping should be a snap: The routers already have a government-mandated "lawful intercept" capability in place - just reconfigure it to send to the malware operation rather than the authorities. And talk about monocultures: The number of edge router vendors can be expressed with a single digit, likely with (at least at first) only one deep-packet-inspection product each. And they'll no doubt ally with the current anti-malware vendors to obtain their algorithms and signature updates.
So going to ISP-based filtering transfers the computational load of defense from a distributed web of end-users' machines to a small set of ISP boxes, increases the "software monoculture" vulnerability, provides an upstream target that the end user can't defend with a limited number of instances, makes it as vulnerable as the current worst-of-breed approach (microsoft OS and tools plus signature-based active immunity), gives access to ALL users on EVERY success, and raises the cost of the network boxes (and thus your networking bill).
Lowered security at a higher price doesn't seem like a good approach to me.
Re:surely... (Score:5, Insightful)
That will only hold true as long as the market share for the non-Windows operating systems remains at its current levels. Whether Mac or Linux is intrinsically more secure than Windows is a subject for another (lengthy and heated) discussion, but the fact remains that practically, an OS is only as secure as the user running it lets it be. Linux users are much more secure from threats than Windows users for two reasons. One: since Linux accounts for such an infinitesimally small percentage of market share, malware coders don't waste their time coding for Linux. Two: since most Linux users are enthusiasts who generally know what they are doing, they can harden their installs to a greater degree than your average Joe-Sixpack Windows user.
A large upsurge in Linux use, especially by the 'typical' user that clicks on anything and everything, and runs their console session as root, would be irresistible to the malware coders, and you'd see the same situation you're seeing with Windows now.
Re: (Score:3, Interesting)
Usually it's just common password stuff (because there are a lot fewer services that can be compromised through the usual buffer overflow stuff...I did have a couple of weeks where a guy was spamming an overflow exploit for some version of FTP I wasn't running), lookin
Re: (Score:3, Interesting)
Which has repeatedly taken place here and you apparently never bothered following. Mac and Linux ARE intrinsically more secure than Windows.
A Trojan [wikipedia.org] can hit any computer. That's why Linux folks are always cautioning to never run untested binaries.
There are no viruses [wikipedia.org] in the wild for Mac or Linux. Your method of securing your PC works fine for Mac and Linux but will not for Windows.
One: sinc
Re: (Score:2)
You must be new around here.
Re: (Score:3, Interesting)
Re: (Score:2)
#3. Linux users get their software from an organized and centralized location... The idea of visiting some random website, and downloading useful binary software from them is completely foreign.
Re: (Score:2, Insightful)
Re:surely... (Score:5, Insightful)
Clueless users given the ability to become administrators (which they can if they own the machine) will defeat any OS security.
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
Has any non-signed agreement ever held up in court? Rather, the true answer is that Microsoft has such a big team of lawyers they can defeat the DoJ. What can any lawyer do against such weaponry?