Pages

Tuesday 6 May 2014

Symantec claims that their antivirus is rubbish

It's called "doing a Ratner".

Gerald Ratner jokingly said that his products are total crap. And that some of the earrings were "cheaper than an M&S prawn sandwich but probably wouldn't last as long."

 As a result, the company nearly collapsed.

But Brian Dye, a Symantec senior VP isn't joking. He's saying "antivirus is dead", and as evidence, he explains that their product stops less than half of attacks. To be accurate, he said that modern antivirus software only stops around 45 per cent of attack on computer systems and lets the rest through. But I think that he's talking about his own product; I believe that most other products do a lot better than that.

It'll be interesting to see what happens next. I know that if I were still in the AV business, I'd happily quote him at every opportunity. Will Symnatec go the way of Ratner the jewellers?

But how accurate is he?

I stopped using an antivirus a long time ago, because I couldn't see how it could work in a world where you would need daily updates, which means that each update is tested for ... how long? Not very long, obviously. Because these days, we're looking at around 100,000 new malware samples PER DAY. Or 200,000, depending on who you talk to.

I remember, a long time ago, in 1987, us AV people would phone each other up and speculate on when the next virus might appear. Or maybe the dozen that we'd seen, would be all there ever were. We called it the Great Drought, and it lasted a couple of months. Happy days!

Instead, I switched to Linux. There doesn't seem to be much malware for Linux. I don't know why. Some say it's because Linux's security is better, some say it's because fewer people use it. I'm not really bothered.

The last time I got a virus was over a decade ago. What happened, was I was using Windows, and I visited "The Register", a serious web site devoted to tech news, based in the UK. They outsourced their advertising, which was run off a server somewhere in Europe, and something happened to that server. As a result, I visited The Register, and (without me clicking on anything) using an "iframe exploit", something nasty was installed on my computer. I spent half an hour trying to get rid of it, then decided that the simplest solution would be to reformat my hard drive and reinstall ... and then I thought, I won't reinstall Windows, I'll go 100% Linux. And I did, and it worked, and I haven't had any trouble since then.

So anyway. If you're using Symantec antivirus (which is usually called "Norton antivirus", although it wasn't written by Peter Norton, but by David Chambers (and when I looked at the version 1.0 that he wrote 27 years ago, I fell about laughing), I think that Brian Dye, a Symantec senior VP, is suggesting that their product isn't really up to the job that you were hoping it would do, and maybe you need to switch to something else.

How about Dr Solomon's antivirus ?

Sadly, no. That 100% detection report was done in 1998. The world has changed since then.

But if you're still using Windows, I have no idea what you should switch to.

18 comments:

  1. I think you should come out of retirement :)

    ReplyDelete
  2. This was my favourite press release from the Dr Solomon days...

    http://www.prnewswire.co.uk/news-releases/mcafee-pleads-with-dr-solomons-to-reduce-virus-detection-rate-156451045.html

    ReplyDelete
    Replies
    1. Hello,

      Truly a classic.

      Regards,

      Aryeh Goretsky

      Delete
  3. I'm not retired, actually.

    I remember - at that point in time, McAfee were in terrible trouble with their engine. It needed a complete rewrite, but I don't think they had anyone who knew how to do it.

    ReplyDelete
    Replies
    1. Hello,

      Sounds about right. John often boasted about how clever it was for him to hire new programmers (either just out of college, or still in it), saying they did "75% of the work for 50% of the salary," but the problem was the group knowledge and experience of how to do the large scale engineering effort just wasn't there.

      They did have a lot of very talented people, and those folks accomplished some pretty amazing things, but I don't think it was until they acquisition of S&S that they gained the engineering talent they needed to pull that off.

      Funnily enough, we were always terrified that F-Prot, S&S and/or Sophos were going to enter the US market and utterly destroy us, but that never happened.

      Regards,

      Aryeh Goretsky

      Delete
  4. Hell has frozen over! The GDS is using Unix! :-)

    ReplyDelete
  5. And has been for the last 17 years ...

    ReplyDelete
    Replies
    1. This comment has been removed by the author.

      Delete
  6. Wow, this brought back some memories - I was a Dr Solly customer back in the 1990s, when my PC still ran on Windows 9x.

    I stopped using paid anti-virus software around the mid-2000s, and I've been a Mac user full-time since 2012. I do still have anti-virus software installed - Sophos, as it happens - but that's mainly out of habit and because I've been using Macs long enough to know that they're not actually that much more secure than their Windows brethren once they're in use for a while. (I also have Windows 7 installed in a VM, and have MSE running inside of that.)

    I wouldn't say Mr Dye did a Ratner, because I think that unlike Gerald, many people already suspected the product might be crap. There have been more that enough high-profile screw-ups by Symantec and others over the years to get the message across that these products are more of a liability than a boon.

    ReplyDelete
  7. This comment has been removed by the author.

    ReplyDelete
  8. If a legend like DR Solomon uses Linux, that bolsters my faith in my own decision.
    Sadly I too gave up on keeping Windows® malware free almost 10 years ago, and have been using Linux almost exclusively for browsing and all online activities especially.
    The sad part is, I still have to Use Windows® because so much proprietary software, usually expensive software, like my Pro Tools audio recording program that doesn't run on Linux, and even has to have a dongle ( iLok) to run, so I keep a Windows machine or 2 but only connect them to the outside world to aquire updates.
    I never had much luck at all with antivirus programs and I tried most over the years. But usually some obscure new malware would get me without me ever clicking on anything either, and there would go a nights work reinstalling and then updating the OS and all my extraneous software that I used on it.
    I was creating (writing my own) programs on old personal, computers before they had hard drives,like the Commodore 64's and similar devices, I even wrote some video games, (circa 1980's) although they sure seem primitive to what I've seen these days! (I don't play games at all) so I have been using Windows® since their beginning pretty much,well more accurately, I started at 3.0 I skipped the first couple versions as we were using other types of computers at work in those days in the electronics lab.

    ReplyDelete
  9. I actually used Windows 1.0. It was very poor.

    Windows 3.0 was when they tried to get serious. But I used it, and I didn't think that it was ready for beta testing, let alone release. Too many problems.

    Windows 3.1 was the first usable version of Windows, and with 3.11 came networking built-in (before that, I used Trumpet for TCP-IP).

    I do have a couple of Windows machines, used for Memory Map and GSAK (geocaching software). But I wouldn't do email or broswing from those machines.

    ReplyDelete
  10. As you say: I do know who you are! Nice to see you're still engaged in the tech biz in some way, Alan.

    ReplyDelete
  11. Yes, using Linux may lower your malware exposure, but there is still malware for Linux. Google "Finfisher" if you don't believe me.

    I know ESET NOD32 and HitManPro are good solutions for malware.

    ReplyDelete
  12. We must have read it all about how to keep safe, use this internet security and use that antivirus. but once you are infected with something like a rootkit they won't really do any good job. 

    Internet Explorer Deleting Tips

    ReplyDelete
  13. We just need to have a best antivirus for iPhone or iPad. Without an antivirus app for your ipad or iphone or iOS device,you cannot escape from viruses. So thank you so much for the article that you have given us today. antivirus for i phone

    ReplyDelete
  14. I am using Protegent 360 antivirus software which gives complete protection to computer system from viruses and spywares.

    ReplyDelete