[clug] Anti-Virus Software

[Scott Ferguson]

Apologies for the part-posting. Continued:

On Tue, 22 Jun 2010 17:05:45 +1000 I wrote:
> What next?  :-/
> Perhaps "an internet drivers license"?? (as proposed by Microsots'
> Mundie) - a stalking horse for user identification.
>
> When I worked for Telstra (not Big Ponds' Teletech) we developed an
> internet support policy which included firewall advisories - then the
> bureaucracy (marketing) decided that a tech's job was to sell firewalls...
>   
ISPs and carriers spend a lot of time dealing with angry and anxious
customers who cannot connect to the internet, or their connection is
slow/intermittent - because of malware. A large number of those
customers will spend months trying to get someone to fix a problem they
are incapable of fixing themselves. Therein lies part of the problem...
user ignorance.
While the obvious answer is educate the user it transpires that many -
perhaps those that most loudly demand attention, continually make their
own problems.
I presumed that we could just point point customers at a list of
software solutions and allow them to make their own choice. Legal was
concerned that would appear to favour certain products and attract
complaints - hence the decision to sell firewalls.
A number of customers "demand" service - "I paid for it - the bloke who
sold it to me said it will work - my mate down the pub doesn't have this
trouble" etc. Suggesting that an anti-virus or firewall might solve the
problem doesn't always work. "I've already spent enough money/time" "it
should just work". If I'm prepared to lie about my OS to get
satisfaction (yes, Windows Vista, um, ifconfig, I mean ipconfig) many
will lie about having a firewall or anti-virus.

ClamWin was considered as an "anti-virus" solution to recommend - and
rejected as support requires an easy way to "talk" the customer through
the problem and determine if, and what, anti virus they are running. The
simplest way to do that (with Windows) is to check the Security Centre.
As ClamWin does not (yet) scan-on-demand it's not supported by the
Windows Security Centre.
Recommending a "paid" firewall/anti-virus reduces the support
requirements. It still doesn't completely resolve the problem of users
running malware infected machines - that's an education problem.

So far the commitees recommendations have attracted the usual fears that
it will lead to greater erosion of internet users "freedom" and
"rights". Mostly though it seems to have upset egos. "I don't need the
government to tell me what to do - I can secure my machine just fine".
Perhaps - but many cannot/will not. As GNU-Linux grows in popularity so
will the number of "unmanageable" people using it.. by which I mean
people who "won't be managed" - but certainly need it.

I suspect that the recommendation that ISPs require users to have an
anti-virus and firewall solution will simply be an agreement without
checks. How ISPs will determine when a machine is infected/spamming is
another matter.

Of more concern is how GNU will meet security requirements. I suspect
that commercial software companies will successfully argue that
compliance with "secure software engineering protocols" (or similar) be
a primary requirement (similar to CPA type arrangements). My worry there
is how much would that cost GNU - Suse might be able to afford it,
perhaps Ubuntu - but where does that leave Debian?

I really don't see anything extreme or unworkable in the committees
recommendations - only the possible implementations.
The main failing I see in the report is it's *failure to make retailers
responsible for what they sell*. Which is the main "education" problem.

Cheers