All posts

Developer claims anti-virus does not improve security

Anti-virus is bad, dead (again) and worse, its corpse is poisoning the ecosystem of good software.

There is, according to former Mozilla developer Robert O’Callahan, negligible evidence that anti-malware software produced by third-parties provides any additional security. His arguments have spread from his blog to Twitter and then to IT news websites like IT Pro and The Register.

Is anti-virus useless? Is it worth your time and possibly money?

Continue reading “Developer claims anti-virus does not improve security”
All posts

The Great Anti-Virus Conspiracy

20110517023616-6824093One problem with the internet is that anyone can set themselves up as an expert. There’s money to be made from convenient messages. Examples abound in nutrition and health, as well as many other areas.
There are certainly internet opinions on security tests!
 
Despite widespread public ridicule, such sites thrive and make their owners rich because they play into what people already believe. The tendency being exploited is called confirmation bias, and it can even exert enough power over us to compromise the online safety of entire nations.

Anti-Virus Conspiracy

Take this post from the Above Top Secret forum from 2008. The author began with the hunch that the biggest beneficiaries of malware are the anti-virus (AV) companies themselves. However, Google only returned stories explaining why this view on an anti-virus conspiracy was incorrect.
This raised the author’s suspicions. Did anyone else have any information?
 
The ensuing nine pages of comments were a tour de force of ideas, theories and claims, but a recurring theme was distrust. Many commenters simply don’t trust what they don’t understand, and they don’t understand computers or AV. 

above2btop2bsecret2bpost2b2-2590096

 

above2btop2bsecret2bpost2b1-5852347
 
It took a few seconds to find similar examples from other forums, some dating back to 2005 and even 2002. There are many more and they usually cover the same ideas, but a common theme is still distrust. Compounding this, some commenters vaguely remember something about John McAfee once claiming to have written viruses to create demand for his first AV product, which of course proves everything.

anandtech2bpost2b1-8075294
 
That was a decade or more ago, but with phishing and ransomware now firmly in the public eye, the benefit of online protection will be obvious, right? Not necessarily.

Detection issues

In August 2016, the Daily Mail reported that some AV products can fail to adequately secure your computer. The research being reported actually identified the potential for man-in-the-middle certificate attacks. It’s something our own Simon Edwards wrote about in a more general context in his own blog over 18 months earlier
 
As usual, the comment section of the Daily Mail’s report was far more revealing than the article:
 
daily2bmail2bpost2b3-6769095

 

daily2bmail2bpost2b1-8831954

 

daily2bmail2bpost2b2-8316150
 
And so on. Perhaps what’s most disturbing is that despite living in a world now publicly trying to cope with a grand cybercrime epidemic, such uninformed views are so mainstream. There’s even a certain pride to some of them.
 
The McAfee virus-writing story is also still doing the rounds. Mr McAfee hasn’t helped matters by claiming to have planted keyloggers in laptops he then gave away to government officials in Belize. But did he really write malware to create demand for his own AV software?

John McAfee, virus author?

In March 2014, McAfee went on the Alex Jones show to talk conspiracies (what else?). A caller asked if he was indeed responsible for writing early malware. Despite Jones talking over portions of his answer, this was the nub of his reply:

There were at the time thousands of computer viruses, he said. We could barely keep up with the viruses that were out there, so we certainly had no time to build new ones. It would just be a senseless thing to do. So I can categorically say, and you can talk to any of the McAfee employees that were there are the time, that thought never crossed anyone’s mind.

Indeed, in his book Computer Viruses and Malware, John Aycock of the University of Calgary in Canada also points out that if AV companies really are writing malware and yet simultaneously failing to detect some of it, then what’s the point in all that effort being expended for zero gain? The anti-virus conspiracy is starting to look less likely…
 
So, how do you protect the distrustful, the misinformed, and even the downright cynical online? One solution is to do it automatically, but this demands that governments, their intelligence agencies, and the ISPs become involved in actively blocking malicious content. Public reaction to any such suggestion is predictably very bad.
 
When GCHQ recently proposed their DNS filtering technology to block malicious domains, there was instant outrage. The Guardian, which broke the Edward Snowden story, has little love for the Cheltenham Doughnut, and was predictably upset. As usual, it’s the public’s comments that are really interesting. 

grauniad2bpost2b1-7296248

Trust no-one

So, we’re at an impasse. Despite their poor reputations, governments and the intelligence agencies they run are the only entities with the authority and capabilities to attempt to protect entire nations online. However, the tools they use are by their very nature shadowy, double-edged and closed to scrutiny. The public at large worries that policing cyberspace means the erosion of freedom and privacy. Nothing will convince us that this isn’t the start of a dictatorship or a new world order. Too much evidence of past lies and misdeeds confirms this deep-seated bias. 

grauniad2bpost2b2-7557116

If the public won’t listen to the government, who will it listen to? Who is it listening to?

Something about the caller who asked John McAfee if he wrote early viruses keeps coming back to me. He seemed to remember being told something by some old OSS guy. This idea of an unnamed source vaguely remembered is a common feature of discussions where facts are scarce and conjecture runs free. It’s a feature of the threads I referenced above about the anti-virus conspiracy.
 
That being the case, maybe it’s down to us, as infosec professionals, to be those sources in future. Maybe it’s down to us to engage friends and family, to explain how cybercrime works, how it relies on them not protecting themselves, and what to do about it.
 
But then again, I would say that wouldn’t I. 😉

Contact us

Give us a few details about yourself and describe your inquiry. We will get back to you as soon as possible.

Get in touch

Feel free to reach out to us with any questions or inquiries

info@selabs.uk Connect with us Find us