Are anti-virus companies behind the viruses?
Avecho, Britain’s ‘complete worry-free mail service’, reckons “the world needs to wake up to the fact that the anti-virus industry is not an anti-virus industry, it is a definition-selling industry and they just love these viruses. The more afraid you are, the more money you spend with them.”
This problem is solvable, quickly, according to avecho. It points to avecho’s own ThreatCENSOR, which “applies a wonderful, simple piece of logic which has stopped MiMail, SoBig, MyDoom and all variations of Bagel and NetSky. It is not rocket science, it is simple and fool-proof. It is based upon the reality of how we work.” ThreatCENSOR works on the simple premise that:
- viruses are executable code — in other words, globs of computer programs that attach themselves to emails and try to get you, the recipient, to open them.
- 99% or more of all normal communications do not contain any executable code. “These are documents, graphics, sounds or text. If you want a piece of executable code, you invariably know that you want it, and from whom.”
- by applying a simple rule ‘I will only accept executable code from people I know – and that I am expecting’, ThreatCENSOR stops over 98% of all viruses, with no traditional anti-virus at all.
It’s not a bad idea, a bit like one mentioned in this blog a week or so back. Of course, avecho have an axe to grind, and they’ve been doing it entertainingly for months, if their press releases are anything to go by (all links are to PDF files):
- industry passes the blame for infection and propagation of email viruses onto the users;
- Are viruses here to stay? Only 18 months left for the £2bn traditional anti-virus industry;
- avecho.com stopped sobig A technology has existed for over a year which could have completely stopped Sobig. Why are the AV vendors still beating the same old drum?
- On Wednesday 6th August 03 avecho GlassWall stopped a variation of the MiMail virus that had already successfully passed through a leading industry virus scanner, with up to date virus definitions.
But they do have a point. Somehow we’ve got to find a better way to stop viruses than using updating libraries. What I want to know is: Is there something like this that can work on end-users’ machines, or does everything have to be server based?