Nearly Handheld Anti-virus Protection
from the yawn-but-I-guess-it?s-sort-of-important dept
Mcafee will soon start shipping its own version of a handheld virus protection program(so they say), amusingly enough it isn?t even really for handhelds it?s for the node connection points between a computer (or network) and a handheld. Call me when we get real handheld anti-virus programs, Ha!
Comments on “Nearly Handheld Anti-virus Protection”
AFAIK, there are no known viruses that propagate through handhelds, so this is pretty stupid. In fact, it seems to me that virus “protection” programs, in general, are completely worthless and a scam propagated on clueless corporate IT departments. Any time there’s a major virus outbreak, McAfee/etc. always have to revise their scanners, and it will always be this way, with the scanners lagging the outbreak. Back in the days when data was exchanged via floppies, it was possible to stay ahead, but not any more.
Perhaps I’m a little biased, because I work for McAfee.com, but you’re not entirely right. One of the most recent virus outbreaks was the Life Stages virus. When Life Stages broke out, it had already been included in McAfee’s antivirus DAT files for several weeks. The only reason it ran rampant was because people had neglected to update their DATs.
Granted, virus companies (McAfee included) always jump at any chance to get mentioned in the press…it’s good publicity! So of course, whenever there’s a big outbreak, McAfee and Norton and all the others immediately send out press releases and release special emergency DAT upgrades. These ‘extra DATs’ as we call them at McAfee are released whether or not our current DATs already have the virus’s signature. This is because when people grab the extra DAT, they come to our website, and while they’re on our website in a paranoid mood they’re very likely to buy other software.
The fact is, most viruses are reported to AVERT Labs (NAI’s virus research laboratory) long before they actually make it into the wild. This gives AVERT time to create a virus signature and toss it over to the McAfee guys who silently throw all the new signatures into the weekly DAT releases. If you’re running VirusScan with the latest DATs, chances are you’re nearly invincible. Even better, if you’re running ActiveShield from McAfee.com, you’ll always be using the latest DATs because it automatically upgrades itself.
Here’s another secret for you, though: All antivirus programs suck. Some just suck less than others. McAfee’s VirusScan engine sucks less than the competition. That’s the only reason anyone should use it. The last actual good virus scanner on the market was F-Prot, and I don’t know what’s happened to them.
Why a 'real' handheld antivirus program will never
McAfee’s PDA virus protection works on the principle that in order for a virus to infect your PDA, it must first go through a desktop machine. This is true. So McAfee’s PDA virus protection software sits on your desktop machine and scans the connection between your desktop and your PDA. This is currently the most effective and reliable way to provide PDA virus protection.
So…why can’t we have a virus protection program that actually runs on the PDA? Because virus protection programs require huge DAT files full of known virus signatures in order to be effective. These DAT files are way too huge to fit in the meager 4 or 8 megs of RAM on your PDA. Thus, a PDA-based virus scanner would be completely ineffective. Without DAT files, virus scanners are worthless.
Hi Other Ryan (AKA Wonko)
I tend to agree that most virus progams tend to suck and are pretty big but I was wondering if you guys are doing any research into modeling anti-virus programs on the human immune system?
I read about a while ago but seems to have disappeared since then, I have a feeling that these programs would be less huge than current antivirus programs (maybe even small enough for PDA’s) and of course much more flexible (just in case people start making viruses for handhelds).
If we were working on that, I couldn’t tell you….but as far as I know we’re not working on anything like that. 🙂
Then again, I work for McAfee.com, which is a separate company from NAI. NAI owns the McAfee brand, although NAI does not own McAfee.com (despite the fact that, for some odd reason, my paychecks come from NAI). It’s all terribly confusing. Anyway, if you go to McAfee.com you’ll see the stuff I work on…it’s basically web-based versions of all the NAI apps. We take their code, modify it to work as an online app, and sell it to customers on a yearly subscription basis. So all I do really is web work…the actual R&D and VirusScan engine hacking goes on in NAI’s offices in Santa Clara.
The only problem I can see with a virus program that works like the human immune system is that when the immune system encounters a new virus, you’ve already been infected by the time antibodies are produced. So let’s say you’re running McAfee ImmunoProt 5.0, and someone emails you a VBScript virus. Since McAfee ImmunoProt doesn’t use DAT files, it can’t just scan everything looking for malicious code…it has to sit there and wait for malicious code to actually do something malicious. Then, once bad stuff starts happening, ImmunoProt says “Aha! I bet this is a virus!” and halts the code execution. But then you’re stuck. Once again, since there are no DAT files with virus signatures or information, ImmunoProt doesn’t know how to clean the virus from the infected files. Your only option is to delete anything that’s been infected. No fun.
I’ll have to think about this some more. There are various ways to write a virus scanner without using DAT files (anyone remember Microsoft’s old DOS-based scanner?), but none of them are as good (yet) as DAT-based scanning. It sure would be nice not to have to keep downloading a huge update every week!
It sounds like your giving this immuno model based program some thought, good stuff! I wonder whether a VC would fund a company like that?
Re: Re: hmm...
*cough* If someone funds an idea that comes out of here, think of giving me some equity for “facilitating” the discussion. 🙂 Maybe that could be a business model for Techdirt since everyone keeps insisting I need one (for the record: Techdirt is not trying to make money. It’s just for fun. Why doesn’t anyone understand that?).
Re: Re: Re: hmm...
Sounds good to me 😉
I don’t think there is a real need for these programs yet, even 10 years later. The antivirus companies do put them out, but it is more to keep the files from being stolen if the device is nabbed than anything else. Maybe we shoul revisit this in ten more years?