Sunbeltblog comments
Surely this is a sign of the end of the world?
Is this why all my clients complain their AV and spyware apps seem to take up more than half the system resources to run?
Ed -- probably part of the problem, but the reason for piggish performance has more to with legacy code, modern coding practices, and the like.
"Surely this is a sign of the end of the world?"
Nope, that would be human sacrifice, cats and dogs living together and mass hysteria.
Or, when all the dolphins leave.
Then you know you're in trouble.
... saying "So long and thanks for all the fish.". I met Douglas in the green room of a Macworld Expo where I was on a panel after him. Needless to say, the crowd liked him much better. 
When you say "you need a brigade", how many people are you thinking of?
Does Sunbelt Software have a 'brigade'?
Does Sunbelt Software have a 'brigade'?
Pretty close 
Well definitely a wake up call to all small companies relying purely on fingerprint scanning methods.
Hasn't it reached the point where it now becomes easier to whitelist all good software than to blacklist an endless stream of new variants?
I think the bigger companies may be in the same boat as well if numbers of malware samples multiply faster in the coming years.
Signature based detection is still widely used by many of the big companies.
I was having a discussion earlier today about a system solely based on real time blocking by behaviour. ThreatFire is doing that... But once you install the app (I believe there's a free version), you don't really need continuous updates.
Norton and others make big money on virus definitions updates that you have to renew every so often... even though you purchased their software.
So, in the long run, is malware going to change how security companies sell their software, or at least is that going to impact their business models?
Also, working for a small company, I feel your post is a little harsh Alex... It kind of sounds as though the battle is not worth fighting if you're too small.
What about individuals reporting malware samples (CastleCops), Phishing scams etc... Most of those guys are not paid to do that, and sure it may just be a drop of water in the ocean, but still it matters.
That's my opinion at least.
A log plot shows the # of samples grew 10X every ~5 years in the '80s, slowed to 10X every ~7 years in the early to late '90s, had no growth to 2004, and exploded 10X every ~2 years from then on. Looks like the bad guys figured out something in 2005 that greatly increased productivity.
@PG
lol @ "cats and dogs" - made me think of the movie...
@Alex
if it was the dolphins, I d be in trouble. Lol, we dont have them here on the river Elbe. So I d be washed away when the big tidal wave hits Germany 
@Ed
Resource hog mainly goes to coding. You could always do a comparison of AV tools, taking into account their detection and resources used. I bet, NIS is on last place lol. KAV used to use a lot of resources but supposedly got better. Avira's resources seem fine to me.
@Jerome
I agree. I spend a lot of my free time at Bleepingcomputer and HijackThis.de, additionally to a few other forums. All trying to make a difference. If no one ever thought to try and make a difference, I believe we would be at a far worse position.
@Michael
It generally seems that Malware has come along in its Evolution since then, but also the amount of "home made" tools and helpers trying to fight the case have increased too. They thus are on the watch all the time and immy seem to create new files / signatures for their malware to not be detected and do its thing.
*Johannes signs off and apologises for the rant
It's capitalism. It's gone from the hobbiest to the paid professional.
Hasn't it reached the point where it now becomes easier to whitelist all good software than to blacklist an endless stream of new variants?
Well, whitelisting is a nice idea, but it's not a trivial task... Think of everything that has to be whitelisted. You may get the first batch whitelisted, but then think of things like updates -- Windows Updates, java updates, Winzip updates, etc., etc.
The best spies are true amateurs as are the best professionals in anything ...which is a very Enigmatic Conundrum, currently being XXXXPlored to reward the Best of the Best.
It'll probably mean a whole NeuReal Class of XXXXPloitation which is actually AIMetaMorphosis of Code into Binary Instruction for Human Endeavour aka NEUKlearer HyperRadioProActivity for Virtual Reality Drive despite IT being thought an Infinite Improbability ..... http://en.wikipedia.org/wiki/
Inf...obability_Drive
A Prodigal Sun for Uncle Sam? Or a SASsy SISter for Big Blues Brothers? Or at least Both and More in a Quantum Computer SMARTer Enabled for Base CyberSpace Control and therefore AIDominion Wizard of IT Domains...... AI DominaMatrix and Mistress Serving Stars.
Now that would be akin to a Virtualised New World Order Operating System 42 Replace the decrepit Chaos Sub Prime Model and its Puppet Feeder Modules which would be Progress, n'est ce pas, mes Amis/mon Amour?
A Rhetoric Question in Registered Circles, they can assure you, if you would choose not to believe what you can clearly read.
@Jerome -- I'm sorry, I really didn't mean to insult your company. We're all a bit staggered by the volume of malware, so I was feeling a bit grumpy about the whole situation.
And, my point was certainly not against Castlecops, etc. That's not the argument. The point was on small antispyware and antivirus companies. The work required is really signficant, and I personally don't get how it's even possible to keep up.
Alex,
No worries, I know you mean well and, we feel grumpy too eheh
Should we ask malware authors to take a break, go on vacation or something?? lol
Hi Alex!
Well, yes, you are right with a "brigade" statement in case of out-to-date anti-virus and anti-malware solutions. But, if we taking into account new, behavioural-based technologies- one men can do this job. For instance, the current defense rate of my anti-malware sandbox HIPS is about 90% without any signatire or heuristics. And a "brigade" too...
Commenting by HaloScan
