30 January, 2009

How badly do you need an antivirus?

How many times have you wondered which is the best antivirus? Nod? Symantec Norton? Kaspersky? Bit defender?? My answer: None of the above. Why?? Read on.

Recently my curiosity got the best of me and I finally decided to read “The Big black book of virus programming” that I bought a while back. I’m told the book is illegal in most countries, and you could end up in jail for so much as possessing it!! The book details pretty much everything you need to know and also gives you a start by giving off some virus source code on the CD accompanying the book.

I started off writing my first virus and coded it such that it would look for a folder and deleted it. The folder was aptly named “Do Not Delete” and resided on my root drive.

I have a PC with the latest hardware. Thus , running 3 anti viruses is a walk in the park. Just for your info, I was running MacAfee, Symantec Corporate, and Nod 32. Some of the most reputed names in the antivirus industry.

The virus was written in assembler to make it faster than programs which I previously wrote in Java or C#. I fired up my “Virus”, and it promptly did its work. For a moment this really startled me because none of the antivirus programs even warned me that a potentially unsafe operation was being performed by a third party program. I convinced myself thinking that of course they didn’t detect it! It’s just another program that’s occupying memory and manipulating files. As far as other “programs” such as anti-viruses are concerned, there is NO harm being done to your computer!!

Most viruses are offshoots of “virus creation” kits available in shady websites running in third world countries like Nigeria or Kenya. So, the programmers for these “antivirus” programs have to detect a pattern in the viruses and voila, the antivirus detects the threat. But what if people like you and me started writing viruses? Would the antivirus programs have any chance at all in detecting these new “breed” of viruses?? Of course not! This is exactly the reason why the market for “network security” has grown exponentially over the past decade. We need to have fewer OS loopholes (poke at Microsoft) and fewer ways for programs to run in the background without your permission. Of course, if windows (like Symantec internet security 2008) were to ask you each and everything, you would curse your OS while click “ OK” and “Ignore” buttons , endlessly.
Yes, there is a certain tradeoff between OS security and usability, but that’s for novice users. NOT for pros like me. Well, we could probably have 5 modes for the OS, something like:

1. Novice
2. Intermediate
3. Power User
4. Expert User
5. Geek demigod ?