Safety and the little guy October 1, 2009 at 2:16 pm
I went to a talk given by a man from Symantec, the publishers of the Norton computer ‘security’ products last night. It suggested that their business model is broken, and that their solution is both likely to have many more false positives – files they suggest are malware but aren’t – and to make it much harder for small houses to distribute software.
Let me explain. At one end of the spectrum the security providers are good at blacklisting large infections. If a worm or virus infects millions of computers, they find it, discover what makes it unique, and update their program to stop the malware getting any further. At the other end, big software publishers have their programs white listed, so for instance the latest update to Office does not trigger a malware alert.
The bad guys have responded to this by producing malware in small amounts. These are not virulent enough to trigger black listing, and there are anyway too many of the to catch.
Norton’s utterly misguided response is to gather information about what their clients are doing, and thus to be able to signal when a program is sufficiently new that it might be dangerous. There are, they claim, other criteria than newness and number of installations which are used to decide if something is dangerous, but the basic issue is obvious: Norton is going to decide whether something is malware not based on an analysis of the program, but simply on general criteria such as how many other people have installed it. For legitimate programs with a small user base, that is going to be a problem. I even wonder if it is legal: it feels like a restraint of trade to me (but of course I am not a lawyer).
In any event, it is yet another case of one large corporation – Symantec – protecting others, and leaving the little guy out in the cold. Given that there are perfectly good no cost anti virus and firewall programs out there, why would anyone install something that only told them software was safe if it passed arbitrary tests that had little to do with its actual safety?
