Content-type: text/html Set-Cookie: cookiehash=D8TIX1F9GFT8ITNIDQI3DC1UDL31CF7Q; expires=Thu, 26 Feb 2026 00:00:00 GMT; path=/; DMI News

DMI News

Previous Entry.. Next Entry..

A note to anti-virus programmers

August 30, 2010 20:34

I never used to have such a problem. Several years back, catching a virus or some other type of malware was almost entirely a behavioral oriented activity. It required you to be foolish enough to execute an untrusted program or use software that was insecure. Doing most of my work on linux boxen, the whole issue was mostly moot, not that linux didn't get its share of problems, but catching a virus by executing a program or browsing some site wasn't one of them.

I was, sadly, just enough of an idiot to catch one on occasion. I usually was able to figure it out within seconds of doing the stupid thing that launched it, and cleaning it up, while an annoying experience, wasn't usually too difficult. The point is, I always knew HOW I caught it and was able to learn from that mistake.

Today is a totally different story. Browsers, even those completely up to date on all known security issues, will still allow malicious code to install unwanted programs on windows boxes without the knowledge or even implied consent of the owner. And the worst part is, you can't even blame it on porn sites anymore, since all is required is that an ad network have one malicious ad and any site that uses that network will be vulnerable. The New York Times website was even serving up malware not too long ago.

The end result is that I can no longer rely soley on my own safe internet habits to prevent the contraction of malicious crap, I have to frequently scan my systems for anything malicious. What brought upon this post is the fact that right now there's something suspicious on my machine, but the two scanners I typically use aren't detecting anything. I've attempted to research the problem, but it seems that although other people have recognized the same issue, nobody seems to know for sure if it's even a malware issue.

The problem I'm specifically having is that when I do a google search, the links on the results sometimes appear to be hijacked to forward through various ad network sites first before sending you onto your destination. Sometimes this is through a google owned network like doubleclick, but there are others. Looking up all of these networks that I have seen so far at least appear to be legitimate, although that does not mean that the injection into the search results is. However, nobody how has seen the problem can identify any specific malware that causes it, and many believe that google is actually the one responsible here.

Since this is the only problem I'm seeing, I could just write it off as either an odd glitch or a google-gone-evil event, but even so, I was determined to at least assure myself as best I could that there was nothing malicious on my system that anyone actually knows about. To accomplish this, I downloaded about 10 free anti-virus programs that seem to be highly recommended. I'm not going to name which ones they were, and I never even installed all of them. The behavior of a couple convinced me that the problem I was having wasn't nearly as bad as the antivirus software itself was.

So, my message to the programmers of this software is as follows. Any future releases need to have the following capabilities:

First, I need to be able to shut down the program. COMPLETELY. Without uninstalling it. This means I need an exit option on the menu, or I need to be able to kill it in task manager. A non-system program I can't shut down makes me think it's a virus, and that has me chasing the wrong problem.

Secondly, a quick 20-30 second quick scan at boot is acceptable. Causing a 2 second delay on launching executables is also acceptable. But that is the limit to the delay I wish to notice with any such software. If periodic scans must be run, they are to be run ONLY when the cpu is not otherwise occupied with other applications. The scanner can wait.

Third, uninstall must do exactly that. Uninstall EVERYTHING.

It's simple. I need to be able to trust the antivirus scanner more than I trust the virus. And right about now, the virus is winning.