AntiVirus?

Mike Hearn mike at navi.cx
Mon Mar 21 15:36:26 UTC 2005


On Mon, 21 Mar 2005 08:35:32 -0500, Paul A. Houle wrote:
> 	One of the reasons why security products for Windows are so bad is that  
> there isn't really a firewall API in Windows so every firewall product  
> finds a set of hooks that look good and then they pray that they don't  
> blow up the network stack.

There is a firewall API, at least in Windows XP SP2+. 

The main reason they all suck is that they're all based on badly flawed
assumptions that have no relation to usability, eg "I can ask users to
confirm each outgoing connection and they will make the right choice".

This is clearly ridiculous, if I had a pound for every time I've been
asked by friends whether they should allow XYZ app to connect to the
internet I'd be a rich man. It's pretty much a textbook case of why you
shouldn't ask users to make complicated security decisions.

Even worse, from the perspective of malware authors it's trivial to hide
yourself so the programs identify is obfuscated or appears benign. So
asking these questions achieves nothing and just confuses users - bad
plan!

thanks -mike




More information about the devel mailing list