The AV Industry from the Outside In and the Inside Out

General

25

I have a rather unique perspective on the antivirus industry. I used to work for Microsoft before they were a competitor. Come on, you can’t call MSAV from DOS 6 an antivirus product :)

For over seven years my job at Microsoft was to make sure that Microsoft did not release any infected software. All I had to do the job was antivirus software. If you know how much the best products miss then you understand what a scary job that could be. Still in 7+ years only one got past me and that one was practically inaccessible. Nobody ever accidentally got infected by that one. I also told my management at the start that we would be very lucky to five years without an incident. It was 5.5 years in when the one got by. I showed my bosses the email I had previously sent describing the exact scenario in which it would happen and what I needed to prevent it. I got the support after the fact.

One thing to know about the antivirus industry, as is the case with most industries is that companies are made up of individual people. This is an incredibly important distinction, especially in antivirus.

When I started attending Virus Bulletin conferences in 1997, Microsoft was positively detested by almost every researcher in the antivirus industry. I had to prove my integrity as a person to the researchers to become accepted as a trusted and contributing member of the community. As I learned more about the antivirus industry it was a real eye opener to me. As I watched the marketing departments of antivirus companies fight tooth and nail I saw researchers from a variety of companies working together. I wasn’t around then, but I have heard of the EICAR conference in which several researchers from a variety of companies set up their own little network and worked together to reverse engineer a Microsoft Word document format because Microsoft would not provide file format information. On the research side of things there is little “company” and a ton of “individual”. Antivirus companies do not generally share samples with antivirus companies. Researchers share samples with researchers that they trust from most any company.

As a Microsoft employee I was able to be accepted in the industry because as a person I was inside of Microsoft fighting to get Microsoft to share more information with the antivirus industry so as to have better product for me to use and to protect users. I certainly had no interest in falsifying the abilities of AV products, and still have no such interest.

Now, working for ESET, an antivirus company I often review marketing materials and reject that which is untrue. To their credit, the marketing professionals at ESET are genuinely happy to change material if it is not true. I am sure that this is also the case at most other AV companies as well. The Virus Bulletin tests are real, and they do have some value *if* you understand what the tests mean. That will be another blog though. Bottom line is that the marketing people have a job to do and theirs is to highlight the features and accomplishments of a product. I was asked at a recent press conference in Beijing if a product can succeed without the marketing. It can succeed, but obviously will not be as successful without marketing. There are far too many examples to list of inferior products capturing market share because they have better marketing. To ESET’s credit I have never been asked to change what I say when I tell people that we don’t detect everything and that unless you get educated and learn safe computing practices no product is going to prevent you from getting infected. I’ve often made this statement at trade show presentations. Is that hype?

More often than not it seems that the researchers at the antivirus companies are completely at odds with sales and marketing. What has been fun for me is that when I present at trade shows and other venues and ‘in the wild’ is mentioned I can explain exactly what that means to people. Yes, I actually tell them that a VB100% award does not mean a product detects close to everything that is out there.

So what does all of this have to do with the “Race to Zero” and other such ignorant projects? It is not the antivirus companies who are complaining. It is not the sales or marketing departments who are complaining. The PR firms are silent on this. It is the research community who are complaining. It has nothing to do with “embarrassing” an antivirus company. The people who are complaining are the people who are actually trying to do something about the problem. The people who are complaining are the people who will openly acknowledge the limitations of security products and staunchly promote defense in depth. These people also sign their real names to what they say and do not hide behind pseudonyms. We are proud of what we have to say and will openly say exactly who we are.

Not a single antivirus company is against the “Race to Zero” contest, only the people who are actually trying to help protect consumers are railing against the contest.

If the Race to Zero organizers wanted to do the contest right then here is an approach they could use.

Have the contestants set up honey pots and the winner is the team that collects the most undetected samples. This does not involve creating new malware. This shows the real world problem of real world threats that are actually out there and getting past every antivirus product. That is much more convincing than a simulated scenario that involves creating more of a problem.

Of course they also could have a contest to see who can build a better scanner, but that would require significantly more skill than the contestants possess. It’s easy to tear down. Let’s see them try to build for a change.

I specifically joined an antivirus company when I left Microsoft because I enjoy working with a bunch of very smart and dedicated professionals form a variety of companies who are actually working to help protect consumers.

The comments that “the antivirus companies have their backs against the wall”, or are afraid, etc., are simply ignorant and completely lack substance. The truth is that the only people complaining are the people who are trying to improve the situation and are not pro-hype by their companies or by miscreants creating more malware. The people complaining also will use their real names because they stand behind their views. It took guts to work for Microsoft and stand up and speak at an antivirus conference. It takes guts for the researchers to come out and tell it how it is knowing full well that rather than be acknowledged as the individuals they are they will be cast as a “company” with a marketing department. It takes only a coward to hide behind a pseudonym ignorantly advocating the creation of more problems.

Randy Abrams
Director of Technical Education
ESET LLC

Author ESET Research, ESET

  • solcroft

    When you’re done tooting your own horn and playing the self-righteous defender of truth and justice, Mr Abrams, here’s some food for thought.

    First, the honeypot contest would be a great idea… the fact that antivirus companies have long pooh-poohed at them previously notwithstanding. To the best of my knowledge, many tests of similar nature have been done before, only to be dismissed on the grounds that they contain too many corrupt and unverifiable samples and are insignificant. Fact is I don’t care how it’s done, the public just needs to know that the way they’ve been interpreting the statistics from Virus Bulletin and AV-Comparatives is flat out bs, and the statistics they’re seeing is NOT the protection they’ll get. Maybe you could use your individual influence to get ESET or Virus Bulletin to stage a test that shows something to that effect. But then I guess that would *gasp* expose the public to the facts, and cause them to ditch their AVs and run around completely naked without any security (at least according to you), so I guess maybe it’s better for them to spend their lives never finding that out… hmm.

    Second, I wonder how many of you have realized that this contest represents an opportunity for the antivirus industry. New viruses come and go every day whether one likes it or not, and I believe this is an ideal opportunity for companies to show, in the aftermath of the contest, how they go about dealing with these problems. Surely one hopes that antivirus companies have ways of meeting these challenges other than just making blog posts with fire and brimstone and copious amounts of vitriol, but judging by the way you speak of the contest, it almost sounds like you guys are completely at the mercy of the results come this August. Actually you guys still have ~2 months time to fix as many weaknesses in your scanning engines as you can before the contest, and then after that to show how a company who names itself Essential Security against Evolving Threats lives up to its name, and I’m sure your customers would rather see you guys do that than trying to play thought police.

  • Robert Scroggins

    I know antivirus companies have dedicated, hard-working people working to improve their products, but the average computer user hears/sees more of their marketing than anything else. Perhaps this is an opportunity to get the marketing people out of the way for a while.

    Regards,

  • azd

    antivirus companies have dedicated, hard-working people working to improve their products, but the average computer user hears/sees more of their marketing than anything else.
    NOD 32 is the best AntiVir

  • Randy Abrams

    > When you’re done tooting your own horn and playing the
    > self-righteous defender of truth and justice, Mr Abrams,
    > here’s some food for thought.

    This must be your intellectual response to the fact that it isn’t the marketing arm of AV companies complaining. Great argument. No horn tooting, simply sharing a perspective that most people never get to see. Obviously this challenges and threatens your misconceptions.

    > First, the honeypot contest would be a great idea…
    > the fact that antivirus companies have long pooh-poohed
    > at them previously notwithstanding. To the best of my
    > knowledge, many tests of similar nature have been done
    > before, only to be dismissed on the grounds that they
    > contain too many corrupt and unverifiable samples and
    > are insignificant.

    Of course you have to verify the samples. But what you are mistaking is the problem with the tests in the past. It wasn’t that a honeypot was used. the problem was with the conclusions drawn. People would take a honeypot or two and then try to determine what the best AV product was based upon the results of the limited test. It was the conclusion that was in error. If the conclusion is to be that there is a lot of malware in the wild that is getting past all of the virus scanners, then there is no problem with using honey pots to collect samples to prove the point. The researchers are not going to have a complaint about that.

    > Fact is I don’t care how it’s done, the public just
    > needs to know that the way they’ve been interpreting
    > the statistics from Virus Bulletin and AV-Comparatives
    > is flat out bs, and the statistics they’re seeing is NOT
    > the protection they’ll get. Maybe you could use your
    > individual influence to get ESET or Virus Bulletin to
    > stage a test that shows something to that effect.

    Care to suggest how to demonstrate with real world examples??

    Instead of whining, how about presenting some well thought out solutions. I’ll be happy to blog about the limitations of wildlist testing, etc. The fact is that to do a proper test that comes statistically close to reality it costs too much money. You would be talking about in excess of 30 million samples, and probably more than 50 million files in the false positive test set. To get real meaning out of it, you have to maintain the collection (add 100k samples a day) and test repeatedly, because a track record is important.

    > But then I guess that would *gasp* expose the public to
    > the facts, and cause them to ditch their AVs and run
    > around completely naked without any security (at least
    > according to you), so I guess maybe it’s better for them
    > to spend their lives never finding that out… hmm.

    If presented competently it wouldn’t cause the public to ditch their AV. A well balanced perspective would encourage defense in depth. It also doesn’t require adding more malware to the mix. “Antivirus is dead” is not a balanced perspective that encourages defense in depth.

    > Second, I wonder how many of you have realized that this
    > contest represents an opportunity for the antivirus
    > industry. New viruses come and go every day whether one
    > likes it or not, and I believe this is an ideal
    > opportunity for companies to show, in the aftermath of
    > the contest, how they go about dealing with these
    > problems.

    Let’s have a murder contest to see how the coroners deal with the aftermath. Hey murders will happen! Better yet, lets all go to the bar, get drunk and puke on the floor to see how the bartender deals with the aftermath… it’s going to happen anyway.

    > Surely one hopes that antivirus companies have ways of
    > meeting these challenges other than just making blog
    > posts with fire and brimstone and copious amounts of
    > vitriol, but judging by the way you speak of the contest,
    > it almost sounds like you guys are completely at the
    > mercy of the results come this August. Actually you guys
    > still have ~2 months time to fix as many weaknesses in
    > your scanning engines as you can before the contest, and
    > then after that to show how a company who names itself
    > Essential Security against Evolving Threats lives up to
    > its name,

    Actually, Essential Security Against Evolving Threats is not and never has been the name of the company. That was a former marketing guy’s acronym. ESET is the Slovak word for the Egyptian goddess ISIS, the goddess of protection. Obviously she doesn’t have a perfect track record either.

    > and I’m sure your customers would rather see
    > you guys do that than trying to play thought police.

    Oh, so expressing an opinion is playing “thought police”. Look who’s playing cranial-cop now.

    The simple fact is that no matter what I say, Mr. Solcroft, you’ll just disagree. If I say you are a swell guy, you will swear that you are the south end of a north bound horse. When I fail to disagree you’ll claim victory :)

    Randy Abrams
    Director of Technical Education
    ESET LLC

  • solcroft

    “This must be your intellectual response to the fact that it isn’t the marketing arm of AV companies complaining. Great argument. No horn tooting, simply sharing a perspective that most people never get to see. Obviously this challenges and threatens your misconceptions.”

    In your blog post, you claimed that those of us who hide behind pseudonyms were cowards, while people like you were experts and professionals of unquestionable integrity. I would like to offer another way of seeing it, Mr Abrams. Some of us prefer to let our facts, not our names, do the talking, while some others appear to prefer repeatedly underscore their identities, perhaps in the mistaken belief that it would somehow lend credence to their claims, or fleece people into believing that they aren’t just singing the same old tune as the marketing guys.

    “It was the conclusion that was in error. If the conclusion is to be that there is a lot of malware in the wild that is getting past all of the virus scanners, then there is no problem with using honey pots to collect samples to prove the point. The researchers are not going to have a complaint about that.”

    There are no errors in the conclusions. There are only conclusions that certain individuals would rather the public not come to. Hiding behind the excuse that some tests are ‘limited’ is really quite meaningless, since as no testing body can possess every single piece of malware, every test that has ever and will be conducted are all ‘limited’ in some way. Not to mention that while certain parties are quick to cry foul when these ‘limited’ tests are used to draw comparisons, they obviously have no compunction against doing just exactly that themselves (http://www.eset.com/products/compare-NOD32-vs-competition.php). Last but not least, while certain parties claim to be pro-education, and to have no complaints about tests just so long as the public is suitably guided by ‘responsible security professionals’ to drawing the ‘right’ (nudge, nudge, wink, wink) conclusions from them, how many such tests have we seen from the antivirus vendors? I’ll gladly accept any corrections, but to the best of my knowledge, that number equals a grand total of zero. And of course, when someone else tries to do it – I’ll leave it to the public to judge whether the acts of certain parties mirror their verbal commitment to educating users about the facts.

    “If presented competently it wouldn’t cause the public to ditch their AV. “Antivirus is dead” is not a balanced perspective that encourages defense in depth.”

    Your argument rests on the ridiculous premise of treating the public like idiots: that they will strip themselves of all security and run around naked once they learn about this contest. Granted, knowing the human race, some probably will, but many others will learn the true nature of antivirus products and be better off for it. If presentation was your core concern, Mr Abrams, then focus your efforts on educating the public on what this test really means, and provide a balanced view for the other side of the story. What you continually dismiss as my ‘misconceptions’ are only reinforced by your zealous and vitriolistic attempts to do away with the contest entirely, both the good and the bad, fearful that the public may see what you do not want them to.

    “Let’s have a murder contest to see how the coroners deal with the aftermath.”

    If this is something on the scale of murder, or illegal and improper somehow or other, then I say bring in the lawyers and file a case. Let an official court try them and we can all see that you’re telling the truth instead of just spewing vitriolistic ranting. I can appreciate the fact that it’s convenient for your preconceptions, Mr Abrams, but the samples will not be released, and will be deleted from their servers afterwards. But of course, to acknowledge that would be to let your arguments all fall apart, so I’m not very hopeful.

    “Oh, so expressing an opinion is playing “thought police”. Look who’s playing cranial-cop now.”

    I suppose that even the worst of censurers will protest when it’s their ability to dictate the thoughts and opinions of the public, and to prevent them from seeing what one doesn’t want them to see, that is being oppressed.

  • Randy Abrams

    > In your blog post, you claimed that those of us
    > who hide behind pseudonyms were cowards, while people
    > like you were experts and professionals of unquestionable
    > integrity. I would like to offer another way of seeing
    > it, Mr Abrams. Some of us prefer to let our facts, not
    > our names, do the talking,

    Or perhaps you work for the marketing arm of a white listing company and prefer not to have your affiliation known.

    I didn’t say anything about unquestionable integrity. But you know who I am, You know what my affiliation is, and you know who is standing behind what they say.

    The white listing companies are really big on “anti-virus is dead” while failing to reveal that the way they determine if a file gets onto the white list is by using a boat load of antivirus products.

    > or fleece people into believing
    > that they aren’t just singing the same old tune as the
    > marketing guys.

    The marketing people (not all guys) are not singing any tune at all about the contest. You seem to be the one trying to pull fleece here.

    > There are no errors in the conclusions. There are only
    > conclusions that certain individuals would rather the
    > public not come to.

    Yes, incorrect conclusions. Do you realy think you can conclude which AV product is best from a 5,000 sample test set? Get real.

    > Hiding behind the excuse that some
    > tests are ‘limited’ is really quite meaningless, since as
    > no testing body can possess every single piece of
    > malware, every test that has ever and will be conducted
    > are all ‘limited’ in some way.

    It’s all about understanding the limits. The smaller the test set the less statistical significance it will have. Much more margin of error is another way to say it.

    > Not to mention that while certain parties are quick to
    > cry foul when these ‘limited’ tests are used to draw
    > comparisons, they obviously have no compunction against
    > doing just exactly that themselves
    >(http://www.eset.com/products/compare-NOD32-vs-competition.php).
    > Last but not least, while certain parties claim to be
    > pro-education, and to have no complaints about tests just
    > so long as the public is suitably guided by ‘responsible
    > security professionals’ to drawing the ‘right’ (nudge,
    > nudge, wink, wink) conclusions from them, how many such
    > tests have we seen from the antivirus vendors? I’ll
    > gladly accept any corrections, but to the best of my
    > knowledge, that number equals a grand total of zero.

    Vendor tests lack credibility due to the potential for bias.
    Marketing prefers to have independant tests for promotional materials.

    > And of course, when someone else tries to do it – I’ll
    > leave it to the public to judge whether the acts of
    > certain parties mirror their verbal commitment to
    > educating users about the facts.

    > “If presented competently it wouldn’t cause the public
    > to ditch their AV. “Antivirus is dead” is not a balanced
    > perspective that encourages defense in depth.”

    > Your argument rests on the ridiculous premise of treating
    > the public like idiots: that they will strip themselves
    > of all security and run around naked once they learn about
    > this contest.

    That may be your conclusion, but it is not my premise at all.

    > Granted, knowing the human race, some
    > probably will, but many others will learn the true nature
    > of antivirus products and be better off for it.

    I see that as pretty unlikely.

    > If presentation was your core concern, Mr Abrams,

    We don’t need any more malware. That is the core concern.

    > What you continually dismiss as my
    > ‘misconceptions’ are only reinforced by your zealous and
    > vitriolistic attempts to do away with the contest
    > entirely, both the good and the bad, fearful that the
    > public may see what you do not want them to.

    I’ve already suggested how you can achieve the same result using honey pots, but creating new malware seems to be the real objective.

    > “Let’s have a murder contest to see how the coroners
    > deal with the aftermath.”

    > If this is something on the scale of murder,

    The comment was not designed to compare malware writing to murder, but rather to show the ludicrous nature of your argument.

    > I can appreciate the fact that it’s convenient for your
    > preconceptions, Mr Abrams, but the samples will not be
    > released, and will be deleted from their servers
    > afterwards.

    The samples may not be released by the contest organizers, but the people creating them will know how to recreate what they did. The organizaers have no control over that.

    > “Oh, so expressing an opinion is playing “thought
    > police”. Look who’s playing cranial-cop now.”

    > I suppose that even the worst of censurers will protest
    > when it’s their ability to dictate the thoughts and
    > opinions of the public, and to prevent them from seeing
    > what one doesn’t want them to see, that is being
    > oppressed.

    The fact that I repeatedly approve your comments really blows your thought police and censurers theory out of the water.

    Protesting against something one believes is wrong is neither censorship nor thought policing.

    Sorry for the delay in posting your comment. I have been traveling. I’ll try to get these posted more promptly.

    Randy Abrams

  • solcroft

    “The white listing companies are really big on “anti-virus is dead” while failing to reveal that the way they determine if a file gets onto the white list is by using a boat load of antivirus products.”

    Antivirus researchers use tools like debuggers and disassemblers – would you recommend the general public to use those too? I don’t think so. If the whitelisting companies themselves use antivirus products as a means of doing their job, does that mean that antivirus products must be effective and suitable for everyone else? Not necessarily, but then again, that’s not the point I want to make here, and is best left for another discussion.

    “Yes, incorrect conclusions. Do you really think you can conclude which AV product is best from a 5,000 sample test set? Get real.”

    That’s EXACTLY what the antivirus companies themselves are doing. But it’s wrong for anyone else to do the very same. Am I the only one who sees the sheer, absolutely disgusting hypocrisy in this? Please tell me, Mr Abrams, what on earth is the front page of your company’s website doing promoting its 50th VB100% award, with very clear insinuations on what the public should take that to mean? Or better, the comparisons page I gave in my last post, where, this time, your company does away with the insinuations altogether and goes the full mile, again based on VB100% results? I honestly wonder who’s the one who needs to get real here. Why are you so concerned about “misinformation” from an obscure contest organized by little-known hacker convention that, according to you, nobody will pay attention to, when you have real misinformation in copious amounts gratuitously splashed all over your own company’s website?

    “The samples may not be released by the contest organizers, but the people creating them will know how to recreate what they did. The organizers have no control over that.”

    Jackpot, Mr Abrams. Well done! The organizers have no control. People who know how to create malware, know how to create malware, with or without the contest. Those of them so-inclined to release their creations into the wild will do so, again with or without the contest. So why the finger-pointing at the organizers, when, as you obviously very well know, they have no control over other people’s individual actions?

    “Sorry for the delay in posting your comment. I have been traveling. I’ll try to get these posted more promptly.”

    Take your time, I don’t particularly mind. And if I were really the marketing representative of a whitelisting company, Mr Abrams, suffice to say that I’d probably have much more profitable things to do than to come here every couple of days to chitchat with you. :)

  • Randy Abrams

    > “The white listing companies are really big on
    > “anti-virus is dead” while failing to reveal that the way
    > they determine if a file gets onto the white list is by
    > using a boat load of antivirus products.”

    > Antivirus researchers use tools like debuggers and
    > disassemblers – would you recommend the general public to
    > use those too? I don’t think so. If the whitelisting
    > companies themselves use antivirus products as a means of
    > doing their job, does that mean that antivirus products
    > must be effective and suitable for everyone else?

    Antivirus researchers don’t go around saying that debuggers are dead. That they use AV so extensively is a contradiction to their statements that AV is dead. But if one wants to spread that message without divulging their affiliation, pseudonyms make sense.

    > “Yes, incorrect conclusions. Do you really think you can
    > conclude which AV product is best from a 5,000 sample
    > test set? Get real.”

    > That’s EXACTLY what the antivirus companies themselves
    > are doing. But it’s wrong for anyone else to do the very
    > same.

    That is what the marketing departments at all of the AV companies do. It’s pretty much their job. that isn’t what the researchers do. It is, the researchers and not the AV companies who are criticizing the race to zero contest. The researchers often criticize the same tests that marketing at all of the compnaies boast about. In fact that is why AMTSO was created. AMTSO has nothing to do with sale and marketing. AMTSO is researchers and testers working together to try to improve the state of testing.

    > Am I the only one who sees the sheer, absolutely
    > disgusting hypocrisy in this? Please tell me, Mr Abrams,
    > what on earth is the front page of your company’s website
    > doing promoting its 50th VB100% award, with very clear
    > insinuations on what the public should take that to mean?

    I would imagine they are doing the exact same thing all of the AV comanies are doing when they display the VB100 logo. OIf course now you are the one saying the public are to stupid to understand what a test means :)

    But of course this is a diversionary discussion to evade the fact that it is technical people wiuth experience who are against the race to zero contest and not marketing people and not “antivirus” companies. It is individuals who do not hide behind pseudonyms who are working to try to improve security. Since you have no real argument against this, and have a *personal* grudge against ESET, you have to steer the conversation in other directions.

    > I honestly wonder who’s the one who needs to get real
    > here. Why are you so concerned about “misinformation”
    > from an obscure contest organized by little-known hacker
    > convention that, according to you, nobody will pay
    > attention to, when you have real misinformation in
    > copious amounts gratuitously splashed all over your own
    > company’s website?

    The misinformation is a secondary concern. The fact that the organizers are promoting the creation of new malware is primary. I have already proposed an alternate means of demonstrating their alleged point without creating new malware. It can be done, but the alleged intent does not appear to be the real intent.

    > Jackpot, Mr Abrams. Well done! The organizers have no
    > control. People who know how to create malware, know how
    > to create malware, with or without the contest.

    And still there is no justification for encouraging this.

    > Take your time, I don’t particularly mind. And if I were
    > really the marketing representative of a whitelisting
    > company, Mr Abrams, suffice to say that I’d probably have
    > much more profitable things to do than to come here every
    > couple of days to chitchat with you. :)

    Good point. That last sentence more aligned to a PR person than a marketing person :)

    Randy Abrams
    Director of Technical Education.

  • solcroft

    “Antivirus researchers don’t go around saying that debuggers are dead. That they use AV so extensively is a contradiction to their statements that AV is dead. But if one wants to spread that message without divulging their affiliation, pseudonyms make sense.”

    They wouldn’t have to. Debuggers never “lived” in the first place. It would largely depend on your definition of “dead” – here I take it that the whitelisting companies mean that antivirus products are no longer needed by the general public, only by a small subset of technical people who use them for specific purposes. But in any case, it looks like this whole issue is another one of the malicious misinformation you propagate for your own convenience, because I have never heard Bit9 claim that antivirus is dead – on the contrary, they advertise their partner affiliations with McAfee and Kaspersky on their front page. I have never heard Comodo claim that antivirus is dead – in fact, they produce and market an antivirus product themselves. I have never heard any vendor of HIPS software claim that antivirus is dead. OTOH, it’s Symantec (Zero-Impact Software), McAfee (Project Artemis) and Kaspersky (the PDM in their 2009 line of products) themselves who are actually embracing whitelisting technology. Your emphasis on my pseudonym is, as I have already pointed out, just a desperate diversionary tactic where you try to cast doubts and shady insinuations, when you know the facts aren’t on your side. We may know who you are, Mr Abrams. But that doesn’t mean you’re being honest.

    “I would imagine they are doing the exact same thing all of the AV comanies are doing when they display the VB100 logo. OIf course now you are the one saying the public are to stupid to understand what a test means :)”

    As hard as you may try to pretend to be unable to see it, there is a very big difference between simply displaying a logo and a short press release, and pages of detailed analysis carefully explaining why product X is the best, based solely on VB100% results. Refer to your own arguments of why this is so. Of course the public is too stupid to understand what VB100% really means, Mr Abrams! After all, they’ve been fed YEARS of hype about the supposed excellence of VB100% awards, and that is exactly what the marketing departments of certain companies were counting on when they created those analysis pages! Marketing techniques are only a reflection of public mentality. The public believes in the VB100% hype, so feed it to them and watch them gobble it all up!

    But let’s not get thrown off-track here, Mr Abrams, lest you try some confusion tactics. The public are overhyped about computer security, but in the favor of security software. They may eagerly swallow whatever VB100% crap that marketing divisions of antivirus companies feed them, but they will not take a look at the contest and strip themselves naked of all security – if anything else, they would start adding more, very likely to the point of overloadedness.

    “But of course this is a diversionary discussion to evade the fact that it is technical people wiuth experience who are against the race to zero contest and not marketing people and not “antivirus” companies. It is individuals who do not hide behind pseudonyms who are working to try to improve security. Since you have no real argument against this, and have a *personal* grudge against ESET, you have to steer the conversation in other directions.”

    You have been prancing around treating your own deluded presumptions about the motives of the contest and the idiotic mentality of the public as irrefutable fact all this while, Mr Abrams, so I suppose it is but a trivial matter to add another one that says I have a personal vendetta against you and/or ESET. What is really diversionary here is your evasion of my questions. As a “responsible security professional” who is speaking independantly from the rest of your company, it is really telling that you will flip-flop between asserting your individual status when it suits you, and defaulting the blame of company policies to your company when it is convenient. Equally revealing is the fact that a thump-on-the-chest, self-proclaimed “responsible security professional” with the supposed capability to act and speak independently from his employers is blasting the Race to Zero contest based on fantastic stretches of logic and made-up preconceptions that are wildly off-course, but chooses to remain silent and evasive when the real rot is happening so close to home. To any rational human being, this can only beget the question: how “responsible” and “independent from the rest of the company” are these security professionals, really?

  • Randy Abrams

    > “Antivirus researchers don’t go around saying that
    > debuggers are dead. That they use AV so extensively is
    > a contradiction to their statements that AV is dead.
    > But if one wants to spread that message without divulging
    > their affiliation, pseudonyms make sense.”

    > They wouldn’t have to. Debuggers never “lived” in the
    > first place.

    Ah, silliness. Always a place for that! Of course antivirus scanners never “lived” either.

    > It would largely depend on your definition
    > of “dead” – here I take it that the whitelisting
    > companies mean that antivirus products are no longer
    > needed by the general public, only by a small subset of
    > technical people who use them for specific purposes.

    An argument against defense in depth. If, as the alleged aim of the race to zero contest” is to show how easy it is to get malicious code past all scanners, then it stands to reason that it is also easy to get malicious files on to a whitelist.

    > But in any case, it looks like this whole issue is
    > another one of the malicious misinformation

    Perhaps I should concede this point. You have considerably more expertise in malicious misinformation than I do. I have spread no malicious misinformation.

    > you propagate for your own convenience, because I have
    > never heard Bit9 claim that antivirus is dead – on the
    > contrary, they advertise their partner affiliations with
    > McAfee and Kaspersky on their front page.

    There are non so blind as those who refuse to see.
    http://www.bit9.com/resources/index.php#whitepapers
    Look for the antivirus is dead white paper. I have spoken in person with a senior researcher with Bit9 and he knew that Bit9 marketing has been a proponent of the “antivirus” is dead propaganda. Robin Bloor wrote the whitepaper. Robin is a paid consultant who does not hide his affiliations though and does not hide behind a pseudonym.

    > I have never heard Comodo claim that antivirus is dead
    > – in fact, they produce and market an antivirus product
    > themselves. I have never heard any vendor of HIPS
    > software claim that antivirus is dead. OTOH, it’s
    > Symantec (Zero-Impact Software), McAfee (Project Artemis)
    > and Kaspersky (the PDM in their 2009 line of products)
    > themselves who are actually embracing whitelisting
    > technology.

    As I said, the researchers are fans of defense in depth.
    http://www.scmagazineus.com/Whitelisting—-White-horse-or-white-lie/article/35903/
    If you read the last paragraph you will see that I also advocate defense in depth. I also stand behind what I say and odn’t hide behind a pseudonym.

    > Your emphasis on my pseudonym is, as I have
    > already pointed out, just a desperate diversionary tactic
    > where you try to cast doubts and shady insinuations, when
    > you know the facts aren’t on your side.

    Actually there is nothing desperate about it. There are no shady insinuations. The commentary of a person who hides behind a pseudonym and does not reveal affiliations while criticizing an industry is obviously of dubious merit. The facts are on clearly on my side.

    > We may know who you are, Mr Abrams. But that doesn’t
    > mean you’re being honest.

    Another PR style comment. Do you work for a PR firm?
    You haven’t shown that I said anything dishonest. In fact each time to you try to argue against something I say you quote something I didn’t say. Because I say things that are different than the ESET web site you call it hypocrisy. NFind me contradicting myself, not someone else. You are the master of diversionary tactics.

    > As hard as you may try to pretend to be unable to see it,
    > there is a very big difference between simply displaying
    > a logo and a short press release, and pages of detailed
    > analysis carefully explaining why product X is the best,
    > based solely on VB100% results.

    ESET touts the heuristics. The vast majority of VB samples, if not all of them, would be detected by the signatures in the product. VB100s are only one indicator of product quality.

    > Refer to your own arguments of why this is so. Of course
    > the public is too stupid to understand what VB100% really
    > means, Mr Abrams!

    It isn’t stupid to not know what something means. I know you were upset because you didn’t realize “in-the-wild” is a specific term in the industry that does not refer to everything out there. I am constantly explaining what it means at a variety of speaking engagements where I could choose to simply leave it alone. I have just posted a blog about the VB100 and what it means though. I explain this a bit in that blog too.

    > After all, they’ve been fed YEARS of hype about the
    > supposed excellence of VB100% awards, and that is exactly
    > what the marketing departments of certain companies were
    > counting on when they created those analysis pages!
    > Marketing techniques are only a reflection of public
    > mentality. The public believes in the VB100% hype, so
    > feed it to them and watch them gobble it all up!

    I’ll leave that to marketing. I tell people exactly what it means.

    > But let’s not get thrown off-track here, Mr Abrams, lest
    > you try some confusion tactics. The public are overhyped
    > about computer security, but in the favor of security
    > software. They may eagerly swallow whatever VB100% crap
    > that marketing divisions of antivirus companies feed
    > them, but they will not take a look at the contest and
    > strip themselves naked of all security – if anything
    > else, they would start adding more, very likely to the
    > point of overloadedness.

    Ok, let’s get off the diversionary tactics then.

    Plain and simple… I and virtually all of the researchers in this industry believe that creating malware is fundamentally a bad thing. That is why this contest is a bad idea. I have provided an alternate suggestion that will make the point that the contest is allegedly supposed to make. You dismiss it based upon an incorrect assumption that the researchers will be against it. Never mind the fact that the researchers are against the current plan. If a honeypot approach is used to collect samples that no AV is detecting it will make the point. Researchers will not be against that approach, and even if they were new malware is still not being created. Using a honeypot approach the organizers could run a demonstration that researchers can support and I can use the results of to emphasize defense in depth. I can’t support people encouraging the development of malware though.

    > You have been prancing around treating your own deluded
    > presumptions about the motives of the contest and the

    No delusion. There were significant discrepancies between the contest and stated goals.

    > idiotic mentality of the public as irrefutable fact all

    You are the only one calling the public idiots. If I believed that I wouldn’t waste my time trying to provide education to the public.

    The “idiotic public” is your malicious deception and wrong attribution.

    > As a “responsible security professional” who is speaking
    > independantly from the rest of your company, it is really
    > telling that you will flip-flop between asserting your
    > individual status when it suits you, and defaulting the
    > blame of company policies to your company when it is
    > convenient.

    Yet another unsubstantiated accusation with no merit, integrity, or honesty.

    > Equally revealing is the fact that a thump-on-the-chest,
    > self-proclaimed “responsible security professional”

    You, and not I are the one doing the proclaiming

    > with the supposed capability to act and speak
    > independently from his employers is blasting the Race to
    > Zero contest based on fantastic stretches of logic

    Of course more diversionary tactics. That I believe it is wrong to create and encourage the creation of malware is no stretch of logic.

    > To any rational human being, this can only beget the
    > question: how “responsible” and “independent from the
    > rest of the company” are these security professionals,
    > really?

    I don’t get the impression you are very good at defining “rational human being”.

    I have got to know many of the researchers in the AV industry for several years before I joined an AV company. I know from experience that these professionals do hold views that are often contrary to the marketing arms of their companies. I have seen the independence of their thoughts and actions. In fact many of the people who have attended the Virus Bulletin conference, the EICAR conference, and the AVAR conference, who do not work for an AV company also know this. The people who actually know these people know that what I am saying is true.

    You are only able to try to cast doubts from the perspective of an uniformed person who hides behind a pseudonym. If oyu want some credibility, stand behind what you say.

    Randy Abrams
    Director of Technical Education

  • solcroft

    – “Ah, silliness. Always a place for that! Of course antivirus scanners never “lived” either.” –

    More word-twisting from you, as usual. I was simply pointing out the fact that claiming “antivirus is dead” and “debuggers is dead” are very different things. It would make no sense to claim the latter, since the majority of the general public don’t even know what a debugger is. But I suppose by now I’m getting used to your evading the argument, and hiding behind nuances of language.

    – “An argument against defense in depth. If, as the alleged aim of the race to zero contest” is to show how easy it is to get malicious code past all scanners, then it stands to reason that it is also easy to get malicious files on to a whitelist.” –

    Of course it is. I haven’t argued otherwise at all. Not that I know enough about how whitelisting companies carry out their operations to present an argument, anyway. Depending only on antivirus scanners (even a whole bunch of them) is a very dumb method of running a whitelisting operation anyway, and if that’s really how it’s done, then I don’t have much faith in them either.

    – “There are non so blind as those who refuse to see.
    http://www.bit9.com/resources/index.php#whitepapers
    Look for the antivirus is dead white paper. I have spoken in person with a senior researcher with Bit9 and he knew that Bit9 marketing has been a proponent of the “antivirus” is dead propaganda. Robin Bloor wrote the whitepaper. Robin is a paid consultant who does not hide his affiliations though and does not hide behind a pseudonym.” –

    Thanks for the link. The whitepapers require registration for viewing and I’m not inclined to do that right now, but I’ll take your word for it, and I stand corrected. Now that you’re done beating on the whitelisting companies, perhaps we can get back on the main topic at hand: the Race to Zero contest.

    – “The commentary of a person who hides behind a pseudonym and does not reveal affiliations while criticizing an industry is obviously of dubious merit.” –

    I have no affiliations, Mr Abrams, only a member of the public. The above would also be a very scary opinion indeed if you really believe in it – it would mean that you are so narrow-minded that you lack the capability of evaluating an argument based on its own merit, and instead judge statements based on who said them.

    – “ESET touts the heuristics. The vast majority of VB samples, if not all of them, would be detected by the signatures in the product. VB100s are only one indicator of product quality.” –

    I know that very well, Mr Abrams. In fact there is much more to know about the nature of VB100% tests than you care to describe in those short sentences. What I’m saying is that if the technical people are truly as concerned about hype and misinformation as they claim, there’s your hype and misinformation right there, if a little too close to home for comfort. Here’s your golden opportunity to PROVE that you’re actually capable of expressing your individual opinion independent of your superiors, Mr Abrams, as you repeatedly CLAIM. Here’s your opportunity to prove that you’re not just the proverbial kettle calling the pot black when you tar the Race to Zero contest organizers as dishonest hypocrites: when oh when, Mr Abrams, will we see from you the same vitriolistic attacks and expressions of outrage at these marketing tactics?

    Some companies were clever to send their “technical” staff on the warpath against the contest instead of their marketing/PR people. These “technical” staff can then repeatedly tout their identity and make the same spiels that marketing would usually make, yet claim immunity from the stigma that typically surrounds the marketing people. But I’m afraid their efforts will be all for naught and you will be exposed right here on your own blog, Mr Abrams, if you do not show us some spine and stand up to true hype and misinformation where it exists.

    – I’ll leave that to marketing. I tell people exactly what it means. –

    Are my claims really all unsubstantiated accusations with no merit, integrity, or honesty, Mr Abrams? You have asserted the independence of your decisions and actions from your superiors. Yet when what you so passionately denounce happens right in your own company, you pay lip service to it, defer the policies to your superiors, and move on. Your so-called responsibility and independence is on public display for all to see here, and so are your *true* reasons for condemning the Race to Zero contest. After all, what kind of honest individual would try to sucker others with a make-believe claim of impartiality?

    Lastly, since I have a dinner appointment with friends to keep, I’d like to briefly address your concerns about the contest (at least, the ones you’re willing to share with us). You have provided no shred of evidence, beyond your own wonderfully biased preconceptions that the contest goals are not what they claim to be. The organizers take care to point out, for the record, that they are not anti-AV. The created samples will be deleted from their servers and not released. And as you’ve so poignantly observed, the organizers are not responsible for other people’s individual actions. Saying that the contest encourages virus-writing is like saying that computer games encourage violence, or that Formula One races encourage reckless speeding, or that skimpy clothing encourages sexual crimes, or that Harry Potter advocates witchcraft – the list goes on and on – you’re so obviously not a sociologist, Mr Abrams, so if you’d take a word of friendly advice, please don’t try to make yourself look more bigoted with your medieval-era style of thinking than you already have.

  • Randy Abrams

    > Some companies were clever to send their “technical” staff
    > on the warpath against the contest instead of their
    > marketing/PR people. These “technical” staff can then
    > repeatedly tout their identity and make the same spiels
    > that marketing would usually make, yet claim immunity from
    > the stigma that typically surrounds the marketing people.
    > But I’m afraid their efforts will be all for naught and you
    > will be exposed right here on your own blog, Mr Abrams, if
    > you do not show us some spine and stand up to true hype and
    > misinformation where it exists.

    I’m done with you “Solcroft”. You demonstrably are dishonest, continuously flip flip, and are the king of malicious misinformation.

    I’ve got nothing to prove as I already have proven myself and, in fact you know it. You quoted me.

    http://www.wilderssecurity.com/archive/index.php/t-188591.html
    ———————————————-
    solcroft
    October 18th, 2007, 10:31 AM
    To add to my previous post, here’s what Randy Abrams, Eset’s own Director of Technical Education and one of the frequent posters on Eset’s Threatblog, had to say to Microsoft when the latter announced they’d earned a VB100% award:

    {QUOTE-> No, actually this does not mean anything close to what you say. Virus Bulletin VB100 means you detected an incredibly small subset of known threats, specifically viruses that are on the WildList. The wildList is known to be a very small set of known threats that are affecting users. ICSA certification uses the wildlist. WildList tests do not include trojans, such as bots, rootkits, spyware, adware, etc. Checkmark has multiple certifications, but none include a set that come anywhere close to approaching the set of known threats. At best these certifications say a product detects a small sampling of known threats.

    Kudos are in order for passing these tests, but let’s not mislead customers. A certification only says that you are as good as the worst product to pass.
    … < -QUOTE}
    http://windowsonecare.spaces.live.com/blog/cns!C29701F38A601141!4299.entry#comment

    Even Eset itself already knows what winning a VB100% award actually means. Perhaps it’s time for some of it’s more “dedicated” customers to learn this wisdom too.
    —————————————————–

    And again on the same page

    —————————————————-
    awareness about what VB100% really is is growing, and even Eset itself has been inclined to reveal the true nature of VB100% awards, as I’ve mentioned above in an earlier post.
    —————————————————–

    Or was that another person hiding behind a pseudonym to avoid taking responsibility for their comments.

    You have been exposed and you lack credibility.
    You knew all along that what you were saying was patently untrue. Yes, I’ll take your words for what they are worth, even with you hiding behind your pseudonym. Your words do not stand on their own merit because you have been proven to be dishonest.

    Randy Abrams
    Director of Technical Education
    ESET LLC

  • solcroft

    I see you’ve been googling me, Mr Abrams. :)

    You cry dishonesty, Mr Abrams, but unfortunately you do not point out where this dishonesty lies – perhaps because it doesn’t exist? Again, your actions only reinforce what you continually dismiss as my “misconceptions”.

    Now, let’s step back a bit so we can put it all in context – quoting a chunk of text and expecting readers to take them all at face value is just a typical, underhanded PR trick, carried out with a deft consummateness that I never expected from someone who is supposedly from the technical department. First of all, your words quoted above were posted at a Microsoft blog, and were directed at Microsoft developers and customers. Secondly, you claimed in this blog post that “to their credit, the marketing professionals at ESET are genuinely happy to change material if it is not true.” So what does this mean? This means that you are quick to jump out to “educate” people when it is other companies who are claiming a VB100% victory, but the shameful and hypocritical promotion page that declares “NOD32 is best!” based on VB100% results remains on your company’s website, spreading hype and misinformation like nobody’s business.

    So either the marketing professionals at ESET aren’t really all that willing to change spuriously misleading material at all, Mr Abrams, or you haven’t been playing your part as a technical staff of integrity and advising the marketing people that their material isn’t true. Which is it?

    And yes, Mr Abrams, I quoted your words from the Microsoft blog at Wilders, simply because there were too many people there who bought the VB100% hype hook, line and sinker, and nobody from ESET was willing to tell them that the whole spiel was just actually marketing hype. Back then I thought that your post was an indication that ESET was finally beginning to come clean and trying to wean its customers off the VB100% hype. But I was wrong, and it was just an individual “technical” *cough, cough* staff member rushing to tick off a competitor, while they themselves were busy being hypocrites doing the exact same thing.

  • Randy Abrams

    I see you’ve been googling me, Mr Abrams. :)

    Try googling the following:

    “Randy Abrams” VB100 wildlist small set

    i was looking for past instances of what I said about the VB 100 and the wildlist as I know I have consistantly been honest about it. A fact you know and refuse to acknowledge because the truth is inconvenient for you. I didn’t need to google you.

    But, after this comment, which i do acknowledge the smiley at the end of, I decided to google

    “Randy Abrams” VB100 solcroft

    to see what you have been saying about me with respect to the VB100.

    I found http://bbs.kafan.cn/viewthread.php?tid=93266&extra=page%3D5%26amp%3Bfilter%3Dtype%26amp%3Btypeid%3D46

    where you appear to have posted a fairly widely quoted statement of mine.

    “Agreement was virtually unanimous that the WildList is no longer useful as a metric of the ability of a product to protect users.” – Randy Abrams, ESET

    Also you quoted my friends Andrew Lee, a researcher who I also report to as ESET, and Myles Jordon, now with MS, formerly with CA and Vet, who is also researcher and has been, if he is not still, an engine developer.

    “The hot topic was the impending demise of the WildList. As Andrew Lee pointed out, anti-virus testing exists primarily for marketing. Myles Jordan of Microsoft stated that the reason the industry has hung on to the WildList for so long, and will fight to continue doing so, is because WildList testing is easy to pass.”

    The interesting thing about this is that the AV tester workshop

    And so, as I said, it is the researchers who are denouncing the “race to zero”, and not the marketing departments or the AV companies. Again, another truth you conveniently refuse to acknowledge.

    It is now very obvious that you know and have known that what you post here is not true.

    Go ahead and reply. I’ll let you get the last word in. It’s pretty obvious that you can’t admit what you know to be true.

    Randy Abrams
    Director of Technical Education

  • Don

    Wow,is this a blog or other?

  • Randy Abrams

    Hi Don, this particular thread is a kitchen. We’re feeding the troll :)

  • Don

    Eugene has the same views at http://www.viruslist.com/en/weblog?discuss=208187517&return=1.

    Randy,I’m interested in why you’re so free?Are you a virus research?

  • solcroft

    – I was looking for past instances of what I said about the VB 100 and the wildlist as I know I have consistantly been honest about it. A fact you know and refuse to acknowledge because the truth is inconvenient for you. It is now very obvious that you know and have known that what you post here is not true. –

    There is a term used to describe the act of putting arguments into the opponent’s mouth during a debate, Mr Abrams. It was mentioned sometime before in philosophy class, but I can’t seem to recall it right now. Suffice to say that at NO POINT throughout this whole debacle have I ever claimed that your position was pro-VB100% – your stance on it was quite clear. Because the fact is that if I had believed that you were of the opinion that VB100% tests were a suitable indicator of antivirus product quality, then it would have been completely nonsensical for me to ask you, as I have been doing all along, the core question of: why are you not presenting your stance to your superiors? Why do you remaining meek and unprotesting, and consent via silence when your company uses promotional material, which you believe to be completely misleading, to market its products? Does your ability to express a stance depend on who your opponent is?

    THAT was the core question, Mr Abrams, which you have failed spectacularly to acknowledge, let alone provide any semblance of an explanation for. While serfs may swagger in front of others, they tremble in the presence of their master. I notice that you have taken to ignoring my arguments that relate directly to the contest itself, Mr Abrams, and constructed the core of your argument around the premise that since you are a research staff who is free to speak independently from your superiors, your views regarding the contest must hence be accurate. Now, for the record, I would have gladly debated this matter with you as well even if you were from marketing, because I firmly believe in the principle of judging arguments based on their merit instead of the identity of the arguer. Your arguments are not necessarily true, Mr Abrams. And neither, it appears, is the premise that they is based upon.

  • Yousuf

    @ Randy & Solcroft…

    Now whatever AV Comparatives and Virus Bulletin might say, I firmly believe that an AV/IS solution that (1) keeps the nasty stuff away and (2) keeps the machine running smoothly (Are Symantec and McAfee listening? Will they listen? Ever?) should be the software-by-choice to be installed for security.

    Agreed, that at the time of decision, independent software reviews from atleast the authentic and credible sources should be kept in mind. The claim high lighted on the website of every vendor (and I’ve carefully read them all) says that they’re the best.

    Additionally, if someone’s as lucky as me to be working in a hostile environment then there’s always the opportunity to test a number of AV/IS solutions.

    The other attributes which the ideal AV/IS solution must posses depends on the vision of the company…how they perceive it to be and how they incorporate the multiple and dynamic perceptions of the end-user.

    @ Randy…Yes, I used to be a fan of the very efficient and awkward NOD32 2.7 until it started dozing off.

    @ Solcroft…please be a little direct. Subliminal innuendos have never helped anyway.

    Gentlemen, the bottom line remains…that we must mutually ‘educate’ and strive to see a malware-free environment.

    Regards.

  • solcroft

    – @ Solcroft…please be a little direct. Subliminal innuendos have never helped anyway. –

    Well, I have been as direct as I know how to, since with someone like Mr Abrams as a debating partner, subtlety is more or less wasted. But things have been getting a bit sidetracked over the last few posts, so I thought I’d do a quick rehash for the benefit of all.

    1. The contest spreads hype and misinformation. Anyone wanting to find out the real deal about the contest is recommended to visit the website itself, as all the necessary literature is conveniently located there for your reading pleasure. The people who cry hype and misinformation are welcome to point out which bits of info on the website are untrue. And for what my opinion’s worth, ESET’s own website trumps Race to Zero, no contest, in terms of hype and misinformation, but nobody seems to be worried about that for some reason.

    2. The contest encourages virus writing. Yes, and we all know that computer games are pro-violence, BitTorent encourages software piracy, and Harry Potter is an advocate of witchcraft and satanism. I think (hope!) we’re all mature enough by now to see past such petty, 19th-century-ish stereotypes. The contest does not teach people how to write malware. Yes, the contest rewards people for creating malware, but those created malware will not be released to the wild, and if those people wish to continue creating malware outside the contest, you cannot reasonably expect the contest organizers to have any control over that, nor to have encouraged that desire at all. I appreciate that it may be the self-imposed moral obligation of certain parties to superficially condemn virus writing no matter what and without looking at the overall picture, but that doesn’t mean their opinions are necessarily accurate.

    3. It’s the research staff, not the companies themselves, who are against the contest. Pardon me, mate, but… so what? Research staff are human, and can come packaged with just as many biases and ulterior motives as anyone else. I’ll just take a certain individual here as an example, who goes to great lengths to emphasize his identitity as a research staff and not not NOT marketing personnel, but he has obvious problems taking a stand when it’s his bosses who endorse what he claims to oppose. What gives?

  • Yousuf

    Here’s what I commented earlier on Eugene’s piece…

    In the recent past, Microsoft organized a controversial event where they invited malware writers and other urchins. MS faced serious resistance from within but this event later turned out to be an annual affair and it eventually paid the dividends. It enabled MS to understand the psyche of troublemakers and together they started creating better (read safer) products, faster updates (read accurate) and the works.

    Remember, that the objective was to ensure a ‘safe’ end-user.

    The same objective should be read between the lines here…fun element apart…Race to Zero should serve both as an eye opener for the AV companies (to ensure that their researchers ‘learn’) and as a warning to the malware authors.

  • JOhn

    You guys are nuts arguing back and forth. Especially at 3am. Go to sleep. Get some rest. Wake up with a smile and go about your day. Quit stabbing at each other. An opinion is just that. This forum is not as widely public as you might think. It seems your only goal is to antagonize one another. Go out and make a positive contribution to society instead of tearing down someone else’s efforts to do so.

  • http://www.smallblue-greenworld.co.uk David

    Well, no-one can accuse you of not taking your time and producing a considered response. :) A couple of points I should make. (1) You can’t make any assumptions about when someone was posting unless you know which time zone they’re currently in. (2) I’m all in favour of making positive contributions. In a situation like this, however, there are clearly very differing views on what is “positive”. I personally dislike the tone of some of the anti-AV comments posted here, and I’d rather hear more debate andless personal abuse. However, it’s an important issue, and I’d be reluctant to stop anyone having their say as long as it’s not for unequivocally malicious reasons.

    By the way, this forum is read by more people than you might think…

    David Harley
    ESET Research Team

  • Hattie Guttirez

    Very fascinating post.

  • Richard Harrison

    Hi there… all this dialog is way too much for me! I’m just a simple guy, working from home, and using a couple of PC’s that need to have good anti-virus protection operating on an ongoing basis

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
30 May 2008
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.