Hi All,
Long time didn't contribute to the list,
I think that your assessment is right and wrong :-) , you are viewing it
from the wrong perspective.
The only guys that actually care if product A removes registry keys or
product B is looking for other keys are us! In my humble opinion there
is no customer that will even understand what it is.
The market drivers are mainly psychological, just got a survey that the
majority of managers in the EU think that if they installed products by
categories from a well known list (FW,AV,IDS,etc) all is ok, features is
a detail. The survey added that 72% percent are afraid of losing their
jobs if attacked, which brings us for covering their behinds.
Microsoft has a brilliant technique of market penetration.
1. Establish presence - do you remember Netscape vs. IE 1.0 ?!
2. Give for free - media player, IE, AV, MSN ...
3. Cover all known and existing - they will not develop anything new
4. Make the product better.
Ask yourself, Netscape who ?
After some time, they are killing the market, no creativity, nothing.
Back to the corporate manager or the consumer's way of thinking: 'I have
AV, why should I buy a new one ?', the only customers that will be left
are the advanced, which are a tiny fraction of the market.
As I see it, it is not how good your product but rather your costumer's
psychology is.
Regards,
-- Zak
__________________________
Zak Dechovich,
Managing Director
SecureOL Ltd.
Mobile: +972 54 21 20 555
Office: +972 2 675 1291
Fax: +972 2 678 3301
-----Original Message-----
From: th-research-bounces@linuxbox.org
[mailto:th-research-bounces@linuxbox.org] On Behalf Of Rob, grandpa of
Ryan, Trevor, Devon & Hannah
Sent: Wednesday, March 16, 2005 8:04 PM
To: focus-virus@securityfocus.com
Subject: [TH-research] Microsoft antivirus - is it beta?
Some months back, Microsoft announced the purchase of an antivirus
company.
For those in malware research, this appeared to be an indicator that
Microsoft
would be getting back into the field. Apparently, very few of us are
old enough to
recall the first time Microsoft "produced" an antivirus product, but
those who are
remember that the kindest way to describe the attempt would be "not
fully
thought through." Therefore, we did not look forward to this event with
any
great enthusiasm.
Subsequently, Microsoft announced it had acquired an anti-spyware
company.
Then it announced a beta test version of an anti-spyware product. Then
there was
a flurry of announcements about legalities, copyright infringements,
products that
would be free, settlements of copyright infringement suits, products
that would be
charged for, and so forth, so I hope I can be forgiven for not recalling
exactly
where in that timeline came the announcement of a beta version of an
antivirus
product.
I viewed the antivirus beta with some trepidation. The announcement was
not
particularly clear about the capabilities of the product. It did
indicate that the
antivirus would be a) limited to specific malware programs, b)
concentrate on
"worms," and c) there seemed to be hints that the program would run in
the
background. With apprehension I downloaded the beta antivirus and
installed it on
one machine.
Nothing happened.
Nothing appeared in the Start menu programs list. Nothing appeared in
the
"Program Files" directory. Nothing appeared in the "Remove Programs"
list.
Nothing disappeared from my malware samples directory.
Subsequently, I have been receiving announcements from "Auto Update"
that the
"Windows Malicious Software Removal Tool" was ready for installation.
Previously I found this completely bewildering. In the latest instance,
if you
choose "Custom Install," it does inform you that the tool will run once,
and then
be deleted from your computer. This makes a bit more sense.
According to Microsoft, more information for this update can be found at
http://www.microsoft.com/malwareremove. This page states the same "run
and
then disappear" process, along with the assertion that the program will
generate a
report on the status of your computer. (So far, in my experience, this
hasn't
happened.)
The page lists seventeen pieces of malware that the program "cleans."
The
mention of "background" operation now seems to be tied to the Auto
Update
process, although it isn't completely clear that the antivirus itself
doesn't run in
the background. (The "run and delete" description would seem to
indicate that the
antivirus doesn't run in the background.)
I am interested in results from any others who have studied the program
in more
detail, including issues related to where the program looks for
infections, what is
cleaned, removal of malware from memory, cleanup of the Registry,
scanning of
mail files (many of the malware items listed are spread via email
attachments),
and so forth.
====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@sun.soci.niu.edu
Press any key to continue. NO, NO, NOT *THAT* ONE!
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
_______________________________________________
TH-research, The Trojan Horses Research mailing list
Home page: http://ecompute.org/th-list
https://linuxbox.org/cgi-bin/mailman/listinfo/th-research
