Thursday, May 10, 2012

Chaos In The Field Of Anti-Malware

Today I wrote a comment in response to an article at ZDNet by my colleague and anti-malware collaborator Ed Bott.

The subject of Ed's article brought to mind my main discomfort with the field of anti-malware. When I started studying the subject back in 2005, I was expecting something professional, along the lines of my extensive training in science. Instead I found the field to be remarkably chaotic.

Here is the comment I posted in response to Ed's article:

Common Terminology, Scientific Approach
As an amateur in the field of Mac malware and writer about the subject since 2007, I've consistently found that the anti-malware community, particularly the anti-malware business, is unscientific and uncooperative. It's full of contention with people arguing over what means what, who named what first, whose malware naming convention is the best, on and on. The result is a chaotic mess that obviously confuses anyone casually trying to understand what's going on. There is no overview organization for the field. There is no peer review. There are some standards, but breaking those standards is the rule.
Therefore, when casual viewers mess up their terminology or make incorrect emphatic statements, I tend to be forgiving. If the anti-malware community really was scientific by nature, I'd take a stricter view. But it's not. Therefore, casual viewers are going to get things wrong without having any thoroughly reliable source of information from which to gather knowledge or opinions. 
For example, I had a conversation with the owners of a software download site on the net a couple years ago which revealed they had no comprehension of common terminology applied to malware. Every malware was a 'virus' to them. In turn they were sharing this misunderstanding with their users, who in turn repeated the same misinformation within their social circles.
As an example of pointless contention between anti-malware companies, why did Kaspersky have to come up with its own name for a Mac Trojan horse series, 'Flashfake', for what had already been published as 'Flashback' months ahead of time?
In this field, confusion is inevitable.

Maybe with time and experience, the field of anti-malware will mature. Meanwhile, we flounder.

No comments:

Post a Comment