Hey there, I just finished writing an article for my security blog (found here). It was about anti-virus. Anyways, I'm just curious to what people think. Microsoft releases vulnerable operating systems and applications all the time. You'd think a team of coders could code something with way less vulnerable code; but obviously not. Also, anti-virus companies could have string decryption and decoding + real-time application monitoring instead of running off of their stupid "virus database" crap. This would provide much more security, and would mean less updates. So if Microsoft payed more attention to their code, and anti-virus companies built applications that actually work, than the internet would be FAR more secure. But if these 2 little things do happen, anti-virus companies will start to lose money. What comes with every new windows machine out there? Norton! To me it all sounds like one big scam... what is your guys opinions?
Your argument isn't exactly sound. Regardless of whether or not Microsoft makes a secure os, it is still possible for a hacker to gain access to a remote system. Microsoft is not different than any other business, there WILL be vulnerabilities found as time passes on and they will be fixed. I think it would be safe to say that MOST applications released have fixes for security. Realtime Scanning - Not always the smartest thing to do. This would be similar to Windows Vista's UAC. The anti-virus would have to question anything and everything that is going on. Virus Databases - You find a better way to detect a virus. Do you even know how virus databases work? They look for virus signatures in the file. This means that even if a virus is modified slightly, it will most likely still contain the signature and therefore be detected. Blaming Microsoft - You're full of it. The only reason malware targets the Microsoft operating system is because 90% of users will be running windows on their box. No hacker is going to go through the trouble of writing a virus for linux machines when only a fraction of the population uses a linux machine. Linux machines CAN and HAVE BEEN infected in the past. But the fact is, it's nearly impossible for a virus to thrive on a linux machine. Typically, linux users are smarter. And almost everything available for linux is open source. Making it even harder to obtain a virus. But please, don't fool yourself into thinking that linux distributions are 100% vulnerability free. I'm POSITIVE that they have had their share of fixes. FBZ - I'd love to see you write and maintain millions of lines of code without having a single vulnerability. kanip - Uh, what? So please, research, and maybe think a little more before you assume that antivirus companies are in deep with microsoft.
"Virus Databases - You find a better way to detect a virus. Do you even know how virus databases work? They look for virus signatures in the file. This means that even if a virus is modified slightly, it will most likely still contain the signature and therefore be detected." Yeah, that's why it is so easy to bypass. You can use the most basic, and public type of encryption just to bypass these little signatures... Also, I can and have coded thousands of lines of code without leaving it vulnerable; and when I distribute something; I (unlike Microsoft) check over it to see if I left anything. Also, where did I ever put linux is 100% vulnerability free? Please read before discriminating next time. You say I'm full of it. But you obviously do not know what a hacker is or anything about vulnerabilities and exploiting in general. Hackers don't write viruses, script kiddies (novice hackers) do. Obviously if you knew what I was talking about, you wouldn't be hosting your websites on a server with 79 other websites (so easily exploitable). But thanks for your input.
May be it was happening in past. But now with release of chrome os and other open source OS like ubuntu and fedora microsoft have to make its OS more secure and reliable. So there is no chance of thing like that.
Yeah. Open source is good, but also easier to audit to find vulnerabilities than to reverse engineer and debug apps to find them.
Script kiddies do not write viruses. Script kiddies download the latest release of a password stealer or botnet server and crypt it with whatever they can get their hands on. Good thing about these cryptors is that they get picked up on very quickly and are therefore recognized by AV's. About my sites being hosted on shared servers, I don't store sensitive information on those servers for a reason. I must admit that I was a bit harsh in writing my first response and I apologize. I wasn't in the best of moods upon writing it. I just highly doubt that AV companies are in on a deal with microsoft. I've done my share of messing with malware, never releasing it, mostly just testing them. And it is hard for me to believe that microsoft is behind it. But hey, you may be correct.
Well a virus takes no skill whatsoever to code. Its pretty much the first thing a coder learns how to do. Most script kiddies just download a trojan source, compile it, and crypt it with some crypter like zizi said... but still some script kiddies with little knowledge of C++ can write half of these trojans out there. Just because somebody can code, doesn't make them not a script kiddie . I've had people tell me they're hackers only because they can code; and yet when I start talking about spotting vulnerabilities they get confused within 1-2 sentences xD
I'll agree with FBZ on one thing, I originally got into coding because I wanted to see how computer viruses work. But as I learned more and more, I migrated away from them. Back on subject: While I'm sure that there are partnerships between microsoft and AV companies, there are AV solutions that don't necessarily profit. I struggle to say this but; there are many "good" free anti-viruses available. Take AVG Free for example. I'll leave it at this... There may be an alliance between microsoft and some antivirus companies but I doubt microsoft would purposely leave their operating systems vulnerable so that a 3rd party company can profit.
Hi There I don't think the blame lies with either the operating system or the anti-virus software. I believe most of the problems are user based. See my guide - How did my computer get infected? I will update this as appropriate. Regards
Well Lanark, it doesn't matter if a computer has a firewall or not, it can be hacked easily due to 0day exploits and such. Although having a brain does prevent many viruses out there, some you just can't get past.
With a codebase as big a Windows OS, not to mention several hundreds of programmers working on it, it's easy to get something screwed in the process. So I wouldn't be surprised if bugs will always be there. No software is 100% bug free, I believe.