One has to wonder how the anti-virus industry sleeps well at night. On one hand, it purports to serve the world by defending our computers and networks from any number of electronic critters and malicious code. On the other hand, sometimes its "cure" is worse than the problem its companies and products allegedly treat. Add to that a decades-old concern over business, market share, and publicity, and you have all the ingredients for a confused industry, product, and service. This situation regularly benefits the antivirus software industry and victimizes its customers. . . .
One has to wonder how the anti-virus industry sleeps well at night. On one hand, it purports to serve the world by defending our computers and networks from any number of electronic critters and malicious code. On the other hand, sometimes its "cure" is worse than the problem its companies and products allegedly treat. Add to that a decades-old concern over business, market share, and publicity, and you have all the ingredients for a confused industry, product, and service. This situation regularly benefits the antivirus software industry and victimizes its customers.

Let's start with malicious code outbreaks in general. Unlike hurricanes and tsunamis, there is no standard way of naming malicious code -- and thus is the greatest problem facing the antivirus industry. Gone are the days when simple names like "Jerusalem", "Michaelangelo" and "Stoned" were accepted and used by all antivirus vendors and their products. Today, what one company calls "Worm_Minmail.R" another calls "W32.Novarg" -- someone else calls it "MyDoom.A@m" and another may classify the same thing as "W32/MyDoom." What is needed is a return to industry-wide nomenclature for malicious code that can be used by all vendors in describing their products and making the reporting, analysis, and resolution of such outbreaks easier and more productive for customers and researchers alike.

Then there's the matter of marketing and mindshare. First and foremost, antivirus vendors are in business to make money, and it behooves them to capitalize on as much free publicity as they can. Thus, with each new outbreak we see vendors stumbling all over themselves to be the "first to detect and defend" against the latest malicious code and probably explains why there's no longer a standard outbreak naming scheme after nearly two decades. From press releases to interviews on television, radio, and newspapers, antivirus industry executives race to establish their companies and products as the most vigilant and capable on the market, an activity often made more amusing when backed by questionable, if not fabricated, statistics and predicted damage assessments (usually in the billions of dollars) from each outbreak -- and almost always followed by a pitch espousing the cost-effective security that only their products provide.

The link for this article located at net-security.org is no longer available.