Norton Antivirus and "Why antivirus is a con"

I buy a local PC magazine here in Australia called “APC

The May 2005 edition has a very interesting interview with a guy called Peter Tippett.  Do you know who this guy is? I didn't.  Apparently, he is 'the person behind Norton Antivirus'. 

Yes, that's right - Peter Tippett apparently developed the product that eventually became Norton Antivirus (NAV).

If you can, get your hands on a copy of the May 2005 edition of APG Magazine and read the interview. 

I have tried to find an online copy of the article to link to, but have been unsuccessful.  That being said, a small quote falls within the scope of “fair use”, and is sure to encourage you to go out and buy the magazine so you can see what else Peter had to say, so here is a taste:

“The first version I produced stopped any virus that could be produced. 'No updates required' was the byline.  It recorded the state of all software on your system and anything new just wouldn't run ... As an afterthought we added virus signature scanner and sold it to Symantec. ... Symantec felt that nobody could understand the generic new software-blocking stuff, so that feature quietly dropped away.”

Peter Tippett, nowadays the Chief Technology Officer of security consulting firm Cybertrust, has definite opinions about antivirus programs based on signatures and their usefulness (or lack thereof) and network security.

Just imagine how different the internet world would be if Peter's idea of allowing the good guys instead of trying to block the bad guys had been allowed to stay after Norton bought in.  Is it too extreme to say that spyware wouldn't exist?  I wonder.

I admit, 'good lists' can be problematic - blocking the wrong thing can certainly cause problems, but such blockings are easily fixed, unlike modern malware, but as Peter (and many others, including me) have said - it is a lot easier to create and maintain a good list, than it is to maintain a bad list.

We're fighting a losing battle here guys. It would be worth revisiting the good guys list.

Published Thu, May 5 2005 22:15 by sandi

Comments

# re: Norton Antivirus and "Why antivirus is a con"

Thursday, May 19, 2005 3:14 AM by sandi
You might want to check out the AVG anti virus product - it is touted as not requiring constant pattern file updates.

Here is a link to their free version:
http://free.grisoft.com/doc/11/lng/us/tpl/v5


As to Tippett - he is taking a lot of flack over at Schneier's blog at
http://www.schneier.com/blog/archives/2005/05/fearmongering_a.html

I have plenty of respect for the man - and am not willing to discredit him because of an article that quotes him - he has been one to buck the standard security positions and provoke the ire of the orthodox...

# re: Norton Antivirus and "Why antivirus is a con"

Thursday, May 19, 2005 4:20 AM by sandi
Ooops sorry!
The anti-virus company that doesn't use patterns files is Eset at
http://www.eset.com/home/home.htm

AVG had an interesting product too - but does use pattern files.

# re: Norton Antivirus and "Why antivirus is a con"

Sunday, May 22, 2005 8:01 PM by sandi
Read the same article and was gob smacked - but only for a minute.

Much more $$$ for the company that makes the software if you go the blacklist way.