Quoting 'Jim Warner' via Felton LUG (
felto...@googlegroups.com):
> Rick's FAQ is an interesting read. But set aside some time -- it's sort of
> long.
_Seriously_ long. ;-> It grew over many years (1995 to the present),
in part through my adding tweaks and additions as people argued with it
or found creative ways to misunderstand what I was saying.
> I followed the Sony rootkit discussion and it sure brought back
> memories.
I indirectly referred to the Sony rootkit in this passage:
(And, by the way, what's going to protect you from subverted or
just dangerously defective [link] virus checkers, themselves wielding
superuser authority? Hmm? And why on earth would we entrust our system
security to ethically suspect firms who demonstrably [link] — and please
note that both anti-virus and also commercial security-monitoring firms
(with honourable exceptions ClamAV and F-Secure [link]) were culpable in
that hyperlinked example of corrupt collusion — have a tendency to sell
their own customers down the river?)
The latter two links were to coverage of the 2005 Sony rootit scandal.
Only part of the scandal involved the fact that Sony BMG Music
Entertainment included MS-Windows malware on music CDs so that, if
you tried to play the music on a Windows box, the malware ran and
rootkitted your Windows box. That wasn't the biggest scandal aspect,
nor was the fact that Sony lied when caught at it.
The real scandal was that, of the major antimalware publishers for
MS-Windows in 2005, it turned out that only the two mentioned detected
and alerted on the Sony malware. _All of the others_ had been
obviously, deliberately induced by their publishers to ignore the Sony
malware and tell the user nothing about this sabotage of the user's
security -- even though First4Internet Ltd.'s XCP rootkit was well known
to them and corrupts Windows internals.
The point is that Symantec and all of others (except for F-Secure and
ClamAV, as honourable exceptions) on at least one occasion went out of
their way to shaft the users paying for Windows antivirus/antimalware
software, to deliberately do nothing about detected security compromise
by malware -- for no better reason than their deciding that Sony's
corporate interest was more important than that of their paying
customers.
So -- again, my point -- even if we assume that virus-checkers are
competent, please remind me again about why we should trust them to
work for us, when they've been caught doing the opposite.
The first link in the indented paragraph ("dangerously defective")
questions the "competent" bit, too: It's to an article about at 2005
Black Hat Briefings presentation in Las Vegas, where researchers
demonstrated how popular antivirus suites _create_ exploitable security
holes usable to break into the systems they're designed to protect.
Diseaase, meet cure: Shake hands. You're going to get along great.