Monthly Archives: June 2006

AntiVirus Vendors: the Barkless Dog

Posted on Tuesday, June 27, 2006 by Robin Bloor

This week AVID stands for AntiVirus in Denial. Denial, to repeat the old pun, is not just a river in Egypt, it is also the reaction of the AntiVirus industry to this blog.

If you’ve stumbled on this blog by accident, AVID is my campaign to repeatedly expose the fact that signature-based AV technology is horribly inadequate, because it fails to protect its users from new viruses for many hours and often several days after they appear. And yet complete AV protection and more comprehensive all round security capability is available (from three companies, Bit9, Securewave and AppSense). Organizations that deploy these products don’t need AV technology.

Let’s abandon AV.

Perhaps one might expect someone in the $3 billion plus AV industry to respond to this regular drum beat, by posting some kind of counter argument. But much to my lack-of-surprise, we have experienced (as Sherlock Holmes remarked in The Hounds of The Baskervilles), the strange phenomenon of the dog that didn’t bark. Much silence makes a mighty noise, as they say in Africa. Could it be that the AV vendors are too busy counting their undeserved revenues to care or are PR consultants strongly advising their AV customers not to engage with this turbulent analyst at all?

P.S. No need to wonder, it’s the second of these two. We found this out later when the AV vendors finally did begin to engage. Ed

Posted in Campaigns | Tagged , , , , , , , , | Leave a comment

The Decline of AntiVirus: A Trend in Motion

Posted on Tuesday, June 20, 2006 by Robin Bloor

I was asked last week why I keep changing the D-word in AVID e.g. Antivirus Is Dead, Doomed, Dying and Dysfunctional. To be honest, it’s a cheap and obscure trick; here’s a tortuous explanation.

I am running a campaign to bring down the $3.7 billion AV industry. The idea is simply to tell the truth, week after week about the fact that AV technology provides inadequate protection and it also happens to be unnecessary, because there is perfectly adequate technology from at least 3 companies; AppSense, Bit9 and Securewave that does the job properly and actually does stop all viruses.

This blog gets somewhere between 4000 and 25000 readers each week. The number varies dramatically because a good number of visitors are drawn by headline and topic. Apple, Firefox and Linux, for example, boost the numbers. Of course if I just repeat the message: Anti-Virus is Dead, everyone will get bored and I’ll lose at least some of the readership. And that’s not what I want. What I want is readers returning regularly every fortnight to read the AVID posting even if they read nothing else.

So every AVID posting has to be colourful and different and cover another aspect of that utterly inadequate technology that fails to protect your PCs very well. I’m expecting that some readers will drop in just to see which D-word I’ve chosen this week. This week’s D-word, by the way, is Demise and thus AVID stands for AntiVirus In Demise.

This is very appropriate because of what I have to report: I am reliably informed that a trend to abandon AV is in progress. A growing number of organizations are evicting AV technology from their networks and no longer paying the AV protection money. I have also been told that this blog has had influence in those sites.

So here’s the point. Previously, sensible businesses were buying and deploying product from AppSense, Bit9 and Securewave, because it does more than just protect against malware. It can be justified in other ways. For example, it also ensures good governance of the installation of software on PCs. However these businesses were loathe to evict the unnecessary AV technology in case some security auditor or other started to raise objections. The AV mindshare was too high and they felt exposed. Now it’s not so high.

So there’s a nascent trend here. The numbers are still small, but they include some government sites! Hearing that was big news for me, because government sites nowadays are very particular about security.

So is AntiVirus In Demise? “Not yet” is my answer. If you’re thinking it takes more than 5 blog postings to bring down a $3.7 billion lack-of-protection racket, then I agree with you. I expect it to take at least 20.

Posted in Campaigns | Tagged , , , , , , , , | Leave a comment

The AntiVirus Vulnerability Gap

Posted on Tuesday, June 6, 2006 by Robin Bloor

Imagine that your office is in an area where a sudden increase in the level of burglary is occurring. The thieves have found a way of getting into buildings that circumvents the primitive security alarms that everyone uses. Naturally, you phone your security adviser and provider, to whom you pay a handsome retainer, and he tells you, “Unfortunately, at the moment there aren’t any security alarms that work for this kind of burglar. But don’t you worry none, we have researchers with astronomic IQs working on the problem right now and when one of them comes up with something we’ll be sure to send someone in to fit a better alarm.”

Pathetic, isn’t it? That’s anti-virus software for you.

The AVID (Anti-Virus Is Dysfunctional) campaign has the single goal of destroying (or at least seriously diminishing) the $3.7 billion AV industry. The point is that there is excellent technology, which completely prevents viruses, worms, Trojans and other malware, 100 percent, and it is available now from a clutch of vendors (Bit9, Securewave and AppSense). Some of the companies that have adopted such technology no longer deploy AV technology and none of them need to. The problem is cured. If this technology were adopted across the board it would significantly diminish digital crime.

While I’m writing this, Symantec is desperately trying to recover from a stack overflow vulnerability discovered by independent security firm eEye. Far be it from me to kick an AV vendor when it’s down, or exaggerate a security threat. Truth to tell, this high profile stack overflow never became a zero-day threat. No virus writers got anything going to exploit the threat before it got fixed. However, it was a zero day PR threat, especially as Symantec is about to launch some new product or other (called Norton 360). Symantec responded at lightning speed issuing the PR news that it had issued a patch on Sunday. It issued the patch two days later, on Tuesday (according to TGDaily.com). This behaviour by Symantec echoes the subject of this week’s AVID posting in spooky way.

A correspondent wrote to criticize my last few AVID postings, pointing out that I had missed a crucial point about the length of time you are at risk, if you are foolish enough to depend on AV software. My correspondent referred to this as the AV distribution problem. I ‘fess up. He was right. He pointed out correctly that the fix times I published in the League of Shame only give the time that it takes the AV vendor to post the new AV signature for download. The truth of the matter is that the AV software actually has to download the new signature before the user has any protection.

Thus, if a fix is available, you don’t actually get the fix until your AV software does an automatic download of it (unless you initiate the job manually). AV companies vary as to how frequently their software updates the AV signatures. With some products, automatic updates happen only once a week. Yes, hard to believe isn’t it? The most frequent is Kaspersky Labs (8 times a day).

So get this; your AV vendor may take two days (i.e. pathetically long) to get a fix ready, but you could be exposed for a further 7 days to some horribly expensive (for you or your company) virus that the AV vendor was supposed to be protecting you against.

It’s a racket isn’t it? A lack-of-protection racket.

Posted in Campaigns | Tagged , , , , , , , , , , , , | Leave a comment

Apple and The Spark

Posted on Sunday, June 4, 2006 by Robin Bloor

Gary Kasparov became the World Chess Champion in 1985, following his second match against reigning champion Anatoly Karpov. The first match (started in 1984) had been abandoned inconclusively, under unusual circumstances. The rules for the first match were that the first player to win 6 games would be declared the winner.

For Karpov, this first match began very well. He won one game, then another game, then another, with most of his wins being separated by drawn games. At this level of chess drawn games are frequent. It seemed that Karpov was destined to win after he had won 5 games without Kasparov winning any. They had played 27 games in total, at that point. Then in game 32 Kasparov won.

I remember reading Kasparov’s account of this 32nd game. He said that during the game “he felt the electricity pass from Karpov to him”. After that Karpov was unable to win the final sixth game that he needed for victory. The match was abandoned when Kasparov won the 48th game, with Karpov declaring himself unable to continue (even though he still led 5 games to 3). Another match was arranged later in the year under slightly different rules and Kasparov won it.

In my view, Kasparov’s account of the 32nd game describes a phenomenon, which I think of as “the spark”. In the 32nd game, “the spark” moved from Karpov to him and, despite the situation at the time, the reign of Karpov was over.

Think of any contest for dominance and this phenomenon seems to be present—so much so that whoever has the spark appears bullet-proof for a while. Xerxes lost the spark to the Greeks at Thermopylae. Caesar gained it when he crossed the Rubicon. Hitler lost it in the ruins of Stalingrad. It’s easy to see in retrospect, of course.

But this is exactly how I think about Apple’s current run of success. Clearly the company was rescued from oblivion when Steve-this-time-it’s-personal-Jobs returned. He may have galvanized the company, but that didn’t guarantee dominance by any means. The iPod breathed financial life into Apple, but it didn’t guarantee dominance either—after all it was just a 21st century Walkman. The spark moved to Apple when it delivered the Tiger version of OS X and then, in short order, moved to Intel chips.

What am I thinking?

Simply this. Apple is going to dominate home computing (in the developed world) for the foreseeable future and it’s too late now for Microsoft, Dell, HP, Toshiba or anyone else to change this. It hasn’t happened yet, but it will. There are too many straws in the wind for me to believe otherwise. The spark moved to Apple about a year ago.

I personally became an Apple user before then, with the release of Tiger. (I was sick of losing days of my time to Microsoft). The buzz around Apple at the time was not high volume, but since then the drum beat has been sounding louder. Many people who would never have dreamed of buying a Mac are now in the market for one. Many will buy Apple next time around and after that they wont switch easily. No matter how much noise Microsoft makes around Vista, it isn’t going to dent this. Vista is a “Tiger catch-up” and by the time it hits the streets, Microsoft will be behind yet again, and trying to catch its breath. It’s too late.

The market stats are beginning to show this—but only just. Apple now has 12 percent of the laptop market and about 6 percent of the desktop market in the US. But if you focus only on the home PC market (about 60 percent of the US PC market is corporate) the market share is bigger than it appears. Apple’s growth is running at roughly 30 percent—about 3 times the industry growth.

Microsoft got the spark when it began to divorce itself from its joint OS/2 project with IBM, just after 1990. It seemed inconceivable at the time that it could challenge IBM’s dominance of the industry. Microsoft had revenues of just over a $1billion. But Microsoft had already won—just as now, it has already lost.

Posted in Apple | Tagged , , , , , , , , , , | Leave a comment