Defending Reactive Virus Fighting
from the easiest-way... dept
We’ve written before about the difficult position antivirus companies find themselves in. If they were really effective, wouldn’t they risk putting themselves out of business? There are plenty of stories of antivirus firms overhyping the risks of certain viruses (and seeing their sales increase dramatically as a result). At the same time, it’s pretty clear that the current process of reactive virus fighting (writing a way to block each virus after it’s out) isn’t working all that well. While some accuse the antivirus firms of keeping it this way on purpose to keep people worried so they buy keep buying, the antivirus firms fire back that that’s not true. It comes down to a very similar problem to the one that anti-spam technologies are facing – dealing with false positives and false negatives. With more proactive antivirus measures there’s much more likelihood of a false positive (calling a non-virus, a virus), which would require the end-user to make adjustments on their own. The antivirus firms believe that a better solution is with the current reactive method – which minimizes false positives, but also lets through a lot of false negatives (not calling a virus a virus). Of course, it seems like some anti-spam companies have done a pretty good job minimizing these problems, so perhaps a better approach is needed. It seems like (just as with anti-spam technologies) there should be a way to use a combined approach, that looks for signature viruses, but also tries to spot suspicious activities. Also, just like many anti-spam tools, there should be an easy, user-friendly way to override a suspected virus if the user knows that it’s safe.