[edit on 7-5-2008 by Sublime620]

Originally posted by me262
Sorry, this is not the way it is. The first reaction is to suspect this, but after some thought and experience you realize it's not the case.

Actually, my first reaction was to trust norton and mcafee until I tried getting rid of it and realized it wouldnt leave from my computer no matter what I deleted.

The points in your overall post are valid, but...

...do we know where and when it all started?

...do we know who inspired it?

...can we ever be sure that AVcompanies are innocent?


What worries me is that the world at large isnt asking any questions but just taking for granted that viruses exist and have to be countered with costly AV software.

Most people dont even know yet that you can get good protection for free.

Originally posted by cybertroy
Well, I've considered moving over to Linux or Mac OS.

Yeah, I run several *nix machines in my small cluster at home - but what makes them so much fun is not the "viruses" per se, but is the fact that installing rootkits and otherwise breaking in via TCP/IP is such a fun challenge.

Sure - if you've got a nice iptables setup you might think you're safe - but I've done it in a number of ways... No, I'm not a "black hat" per se, just a curious person with a desire to know how things work. A so-called "ethical hacker"...

I am an extremely big advocate of Linux (I was writing kernel code for it back in the early 90s) but it's a fallacy to think that it is somehow "safer". It can be so very much more safe than Windows (well, D'uh) but it's not a panacea. And the best tool out there (selinux) was developed with funding from the NSA and with DoD style access controls. Do you know how long it takes to go through all of that source code to see wht is really going on "undermeath-the-hood"? It's scary!

Woody

Think: Means, motive and opportunity.

Means: Programming labs; hundreds, if not thousands of independent programmers (mostly hungry students world-wide) hacking away day and night.

Motive: Government contracts, organized crime (didn't I just say that?) Billions of dollars in direct and ancillary profit opportunities. 'nuf said.

Opportunity: Conventions where the hacking elite gather to compare their 'products'. Hand-in-hand development projects with OS makers mega-corporate concerns. Government black-ops projects.

Let's see the counter argument. Their all moral and incorruptible people. OK..., you choose.

The case for fraud is all too real. Forget 'money trails' or documentary proof, that's just asinine.

[edit on 7-5-2008 by Maxmars]

Originally posted by Blaine91555
Considering the money involved, I have no problem suspecting there is some nonsense going on.

No kidding, the cost to profit ratio is outrageous. A small, cheap paper box, one small piece of paper, and a disc...........80 BONES!!!!! That's an 8000% markup!!!! And yeah, I do realize they have to pay their programmers/virus writers as well.

I don't know how much programming is actually on the disc you buy, but I'm sure somewhere in the programming it contains the phrases "You're an idiot loser" and "Scoreboard"!

Peace

[edit on 7-5-2008 by Dr Love]

Originally posted by ianr5741
Don't like viruses? Switch over to Linux. It's 100x more secure, and FREE! And none of the code written into it is a secret, unlike M$ Windows.

Again, this is very true. And as I said above, I believe in Linux - but come on now, how many out there really take the time to go through the source code to understand what is going on?

Don't get me wrong, as I said in a previous post, I use Linux for all of my external firewalls, but it simply is not a panacea as so many people think. I'm not suggesting we have a "my-OS-is-better-than-your-OS" flame-fest (particularly since Linux clearly wins... ) But I am suggesting that while it is easier to get a virus on Windows it is a whole lot easier for me to get root on your Linux machine. (And conversely, for you, or the NSA, or whomever, to get root on my Linux machines).

As I mentioned though, the scariest thing of all is this beast (behemoth, really) called "selinux" developed by the NSA and with DoD style access controls. All of the National Labs must now run selinux - even on the desktop machines whether on the unclassified or classified networks - it's that good. But, it is also incredibly hard to understand what is truly going on and (for me at least, who has been struggling with selinux for over a year now) to understand how easy it is/would be for the NSA to pop a module in to say, one of my web hosting servers that I might not even have physical control over and if I would even notice this! I mentioned "Carnivore" (the FBI's data-mining and TCP/IP wiretapping software) in another thread. Why wouldn't it be easy to (or at least easier) to write an selinux module, pop it into your ISPs server(s), maybe with or without their consent (most likely with, given the request by Bush et. al. for telecom immunity) and then you no longer have to worry about putting random TCP/IP packets back together - which is very much non-trivial!

Selinux is flexible enough to do that kind of logging (I've personally written modules along those lines). "But it's not on my own computer" one might object - well. sure - there is no need for it to be. So long as there is a fully digital hop somewhere in the path (and there is for nearly everything these days - even land-line phone circuits generally take at least one digital hop) then there you go - voila!

So what's the best thing to do these days? Just give in. Be assimilated...

Woody

Originally posted by Demandred
in my youth i wrote a couple of viruses just cause i was bugger of a kid and i wanted to see if i could do it [...snip...]

Me, too. I remember the first time I was able to put a self-replicating virus on a 5 1/4" floppy on my Tandy 1000TX running Deskmate... There was no great way to distribute it (other than Bulletin Boards) but the d*mn thing was too viral - I couldn't keep it off my floppies! I had to call and get a new set of floppies for that computer... (I had no hard drive, just two 5 1/4" floppy drives).

Ahh.... youth....

Woody

Remember the chernobyl virus, that wiped your BIOS?? You had to buy a new chip after that one. I don't think the AV companies would write that.

However, the AV companies are guilty of hiring virus writers once released from jail. Remember Kevin Mitnik? Now he's some kind of security expert, and paid well for it. THAT'S why the kids write the virus's.
If we want this to stop, make the virus writers eternally unemployable in technology as they should be. And demand the AV companies have an enforced policy barring employment for those convicted of cybercrime, or choose the AV company that has such a policy.

Originally posted by Skyfloating
What worries me is that the world at large isnt asking any questions but just taking for granted that viruses exist and have to be countered with costly AV software.

Most people dont even know yet that you can get good protection for free.

Very good point! And why? IMO it's because almost all brand-name computers come with some kind of default AV software with its claws already wrapped around your system! To many folks it's easier to go the "path of least resistance" (or so it would seem) and just pay for the updates rather than try and uninstall the default software and try for something else.

Many of these packages require that you be in "Safe Mode" in order to even uninstall them! I don't know how many times I've received calls from clients asking me to remove a particular AV software because they cannot figure out how to (usually it's a McAfee or Symantec product). And even then one sometimes has to manually edit the registry file in order to completely remove the piece of junk!

Woody

It is a fact that these anti-virus companies create viruses and there programs are used for viruses and stuff.
I know this because a friend of mine used to be a hacker and used to do IT for the goverment (he's had topsecret access to things like HAARP and stuff).
Use Spybot Search and Destroy, it's open source so the developers are'nt getting paid so they have no hidden agenda.
It's the only thing I use of my compy and it works great.

-Jimmy

Originally posted by jimmyjackblack
It is a fact that these anti-virus companies create viruses and there programs are used for viruses and stuff.
I know this because a friend of mine used to be a hacker and used to do IT for the goverment (he's had topsecret access to things like HAARP and stuff).

You're claiming hearsay from some unnamed friend who "used to be a hacker" as fact? Facts rely upon evidence, and I'm afraid this statement of yours doesn't meet muster. Please try to restrain yourself from perpetuating such myths. If you can provide some sources or evidence of anti-virus companies creating and releasing virii into the wild, then certainly, I'm all ears. For your reference, such facts would come in the form of legal cases won and documented in the press or admissions by said companies or employees of said companies again in the press.

Also, to clarify, companies such as Symantec using trojan-like capabilities to ensure the persistence of their software is not evidence of such a conspiracy. The same techniques that virii/worms/trojans use to do their work have very legitimate purposes as well.

Originally posted by jimmyjackblack
Use Spybot Search and Destroy, it's open source so the developers are'nt getting paid so they have no hidden agenda.
It's the only thing I use of my compy and it works great.

Spybot Search and Destroy is not an antivirus product, it is an adware and spyware detection product and only marginally effective at that taskl. There are plenty of malware that Spybot doesn't detect and cannot remove. You're welcome to consult google with the search terms "spybot spyware 'can't remove'" if you have doubts.

Some years back I worked briefly on a contract for an e-commerce company. Shortly after I got there, one of the VPs went to a trade show and got into deep conversations with an antivirus/security company as potential clients, and gave them some details of the company setup.

A few days later I noticed an anomaly with one of the development workstations, and located a trojan (not by using AV software, I might add). I did a thorough exam of the company server and router logs and was able to identify the machine as being targeted from outside using a fairly well-known Windows networking exploit. I followed the trail of the attack back to the software distribution server used by the antivirus company.

This finding was not conclusive - my core expertise is not IT forensics - and no legal action took place; however the combination of timing and methods was highly suspicious.