Sunday, June 24, 2007

Anti-antivirus, someone?

Many years ago, in good old DOS days, I thought that antivirus software was great. In these days it was common for antiviruses to start on system startup and scan drives (thankfully, the drives weren't that large).

In these days, most viruses could be considered a great work - most of them were technically difficult to write, were introducing very interesting tricks for infection and stealth techniques. However, after Windows OSs and the Internet became popular, a whole lot of new possibilities has appeared, how to break into computers. These times have brought trojans and worms to the attention of the public, which has mostly shaded viruses. Now, we receive a lot of email worms written by script-kiddies and call them 'viruses'.

Of course, as malware transformed, antivirus software
needed to follow up: they started to detect a lot more things that can be potentially harmful to poor computer users. Moreover, as these computer users don't usually understand what are they doing and what is dangerous and what is not, antivitus software vendors has taken a new mission: to protect from everything.

This is arguably a good mission, but IMHO it has started getting in the way too much. Nowadays, antivirus scanners have their hooks everywhere in the system: they monitor network traffic, they scan every opened and yet unopened file, they slow down the computer a whole lot. Sometimes it feels that we are back a few years in terms of computer performance - it is like Moore's law seems to be broken.

However, as everybody knows, nowadays the world is being controlled by money - so are the antivirus scanners. In order to make more profit, they tend to frighten the users by 'detecting' all kinds of stuff they may have on their computers and saying that it is dangerous. Moreover, this also has a side-effect of increasing the size of their 'virus' databases: "We detect 75,000 viruses, we are the greatest!". I wonder how many of these are REAL viruses! Even worse, now antivirus makers are close to controlling the world in some way - they tell users what they can use and what they cannot. They delete software without warnings.

Recently, McAfee and then Symantec started 'detecting' my open-source tool Angry IP Scanner. McAfee was the first, but they even didn't give any explanations. After long email discussions with them they told me that this is a 'potentially unwanted program' for their users and therefore it must be deleted. No matter that it is open-source, no matter that it has no installers and is never distributed automatically (the only way is to download it manually) nor it somehow abuses the system. It is just a tiny little exe file. If a user doesn't want - they can just hit the Delete button - and it's gone! Later, the trend was followed by Symantec. They at least have provided some information and classified the program as 'hacktool'. See their description here.

Actually, they both have hit a lot of their customers. There are thousands of thankful users of Angry IP Scanner around the world, especially among network administrators. I have got a lot of emails asking me to 'fix' this problem, but unfortunately I can't: antivirus makers, seeking for their profits, just don't listen to me.

So, if you are a user of antivirus software, please help to stop the evil: tell your vendors that they have gone too far. They are taking our freedom and ruining our computers.

I hope that antiviruses will never become popular on Linux. Almost complete lack of malware dangerous to regular users as well as freedom make it an unbeatable choice. Happy switching and fighting for the freedom in this imperfect cruel world! :-)