When Competition, Easy Entry, and No Government Produces Lousy Results: A Quick Look at the Anti-Virus and Anti-Malware Market
by Mike Kimel
When Competition, Easy Entry, and No Government Produces Lousy Results: A Quick Look at the Anti-Virus and Anti-Malware Market
The other day I had to take my computer in to an expert for tune-up. I had all the usual onboard – an antivirus, anti-spyware software, etc. But the machine was running very, very slowly.
The expert I took it to cleaned out a lot of malware, removed my old anti-virus and anti-malware software, and installed new stuff. He swears by this stuff, and so far, my machine is working much better than it was before.
But here’s the thing… the previous set of anti-virus and anti-malware had been highly recommended just a few years by PC Magazine and CNET users and other similar sources. I know, because that’s why I installed those programs in the first place.
Which leads me to believe that in a couple of years, I should go through the process of investigating anti-virus and anti-malware software again. It seems, in fact, one’s choices with computers come to this:
1. Live with a machine that gets slower and slower and slower…
2. Periodically go through the effort of investigating anti-virus and anti-malware software, making sure that the stuff you use continues to be highly rated and effective.
3. Pay someone else to engage in number 2 for you.
4. Pick an operating system that is unpopular enough that it isn’t targeted by malicious software and deal with its foibles. Also, switch to another unpopular OS if the one you’re using starts becoming popular enough to attract the attention of malicious individuals. You can also use Azure for your organization. What is Azure? Azure can recover and back up your data in any language and location.
That’s a lot of time and attention one has to go through simply to use a piece of equipment that is now required to do business in much of the world, and even after going through the time and effort, there is no way to know whether the product you are purchasing (or not) is the best one available for the price. Put another way – the outcome of this market is not one most of us would consider efficient. If one of your servers goes down in the middle of the night, an it support los angeles can immediately identify the issue and begin working to correct it. This relieves you of the stress of making sure your IT systems are in proper order when you are not around.
And yet, the market seems to be characterized by most of the factors that a libertarian or conservative economist look for to produce an optimal outcome. It is relatively easy and inexpensive to enter and exit the market for anti-bad things software, the market is literally global (you can buy software made anywhere and download it from your desk in minutes), the cost of such products is low (many are given away free), there’s a heck of a lot of information out there, and there’s virtually no government involvement in the process.
So why are the outcomes of this market so poor?
So why are the outcomes of this market so poor?
One of the requirements of perfect markets is perfect information. The further you get away from this ideal, the less well the market functions. There are many markets where asymetrical information interferes – everywhere from healthcare to auto repair to landscaping.
It even extends to your “expert’s” self serving advice.
Luckily, the internet has changed everything by making information so much more available. My guess is that if you spent about 30 minutes you could get great advice. Yes you might have to pay, but what worthwhile is free?
I am amazed! that you want government to help you here. Consumer protection has long been something that government tasked itself with. The reason you don’t use what is there is that it is as typically three steps behind, as the Post Office is.
Windows host OS, Virtualbox, Ubuntu guest OS with shared folder. Take a snapshot after ubuntu install.
Run firefox in the Ubuntu guest, *never* on windows; set firefox to use the shared folder for downloads by default (so windows can see it too)
In the event of a virus (not likely), restore your snapshot (one click, 10 seconds) and ubuntu reverts back to the clean install state.
Only use windows to run office or other apps, never use a browser on windows.
But if you download a windows exe that has a virus and run it, you’re still hosed.
Is the machine getting slower and slower because of viruses or the anti-virus software, or is it something else? There are all sorts of things that can slow down PCs and Macs like bloated log files or databases in need of compression, out of date device drivers that sort of work, but not well, various add ons to support devices, convenience features and the like and the usual Red Queen stuff in which your computer has to run faster and faster just to keep up with the new environment it operates in.
The usual solution – and this works for PCs, Macs and Linux boxes – is to pour out all the old software and pour in fresh, new software. My sneaking hunch is that this is what your technical support guy did for you. This gets rid of all sorts of stuff, sometimes even things you kind of liked – like the driver for that old scanner in the garage – but it also gets things running properly again. I’m guessing that the choice of anti-virus software is relatively unimportant, unless it is horribly out of date, broken, or actually malware.
It’s not clear that the problem is market failure, or even bad anti-virus software. It might simply be entropy.
—-
P.S. The Post Office was offering email as an integrated solution with print mail back in 1980, but the private sector forced them to drop it because it was too far ahead of the curve. You could have sent email to anyone with a mailbox, physical or electronic, before Reagan had even won the election, but there was no way free enterprise could compete with that. Remember, the government had invented all that technology, not the private sector.
I actually considered starting a company so you could use the system with your Apple IIE. The USPS even had laser printers and mailing list databases, so you could use the system for billing and advertising as well as general correspondence. My impression is that they were also planning to link with their existing postal money order system so you could use a computer for money transfer and payments.
Sounds like you are just ignorant when it comes to computers their software. Just how would government regulations help? All computer programs take up system resources, if you load up a bunch of programs, especially on an older computer, the resources will be depleated and your system will run slower. The trick is to only install and run programs that you want to run. Should the government choose what programs go on your computer? How would they do that? By requiring all programs to have some sort of government approved license? Don’t you think that would do more damage than good? Even that wouldn’t stop you from clogging up your computer. There’s no way to protect a fool from himself. All regulations would do is prevent people who know what they’re doing from using their computer in the way they want to.
“So why are the outcomes of this market so poor?”
Poor compared to what? For that actually is the important point. No one at all says that market outcomes are always better than not market outcomes (OK, maybe the anarchists but no one else).
Hi Mike, Do the responses here answer your question as to why?
Sammy,
I said nothing about wanting the government to help me. And I pointed out that there’s plenty of information available. But what is “good” today apparently “sucks” six months later. Is it really efficient to force the average Joe to be going through this much “research” into what works and what doesn’t every few months?
BFeng,
Where in the post does it call for government regulation?
eightnine…,
As I pointed out in the post, I can use an obscure OS and go through X steps… and hope that obscure OS doesn’t become popular enough to become targeted by malware.
Kaleberg,
Answer to your first question: both. Good anti-bad things software started bloating over time, but bad stuff started appearing anyway. Apparently if X becomes popular, targeting ways around X becomes popular too.
BFeng,
1. Where in the post does it call for government regulation? I asked why a system that theory says should work doesn’t and you come back with “well, this other approach you said nothing about doesn’t work either.” Sure, and neither does having a seance and asking Elvis to help. But it isn’t an answer to the question, is it?
2. The computer is less than a year old, and if you’ve been reading my posts, you have an idea of what I do for a living. This isn’t a bottom of the line machine.
3. I’ve been using computers for a long time. Feel free to call me a fool if you’d like, but I might be as ignorant as you think.
Tim W,
Less than a year ago, I spent some quality time looking at what PC Magazine and CNET indicated were the top pieces of software for keeping my machine free of harmful software, and then installed what seemed to be the best pieces of that software on my machine. Nevertheless, it took very little time for my machine to acquire malware… and for the anti-malware software to bloat up. I would call that a lousy outcome. I didn’t get what I thought I was paying for.
Now, you say compared to what… and upthread we have some folks indicating that I am calling for gov’t regulation, but I certainly did no so such thing in the post. But let me play along with them and describe a government intervention that would produce much better outcomes.
1. Determine how long the average lives.
2. Estimate the amount of time people spend dealing with a given virus, and sum it up. So if a million people spend 30 minutes dealing with a given anti-virus, that’s 30 million minutes.
3. If the figure in 2. exceeds the figure in 1, charge the developer of the virus with murder. If it doesn’t, charge them with attempted murder.
4. Spend some money tracking these folks down.
Now, I’m not saying that approach is legal, nor am I endorsing it. But assuming we all believe that dealing with malware is a waste of time, and should be minimized, and I think most of us have that belief, then there’s an example of a government regulation that would produce a more efficient outcome.
Anna Lee,
Not quite. But they do seem to give a good representation of the thought process held by folks who subscribe to a philosophy.
Visiting my family last year, I needed to be online but my brother’s machine had been colonized by a virus that looked like an anti-virus program, as I recall. It kept popping up and warning you to buy it because you had a virus. Horrible thing. I spent a solid week figuring out what the problem was, why my brother’s anti-vir software hadn’t worked (hint: a friend had been on his machine. arrgh) exporting my brothers images and files to CDs, wiping the damn machine and re-installing his operating system and a few programs he might use. ONE DAY of this was spent removing the clunky virus software that had been bundled with Windows (more arggh) and installing something better.
On the one hand, the quirks of lousy hardware and software have taught millions of users how to fix their machines. I suppose this could be viewed as a good thing. Is it good enough to be balanced by the thousands of man-years wasted by users every year to fix wireless printers that forgot they were connected to your machine? or operating systems that hate your software?
Maybe. If computers and their software are viewed as machines, like cars or shovels, then these millions of hours are horribly inefficient and wasteful and the market has failed. But if the computer-human interface is viewed as a biological construct, then the chaos and frequent failures are features, not bugs, with true evolution in process.
Evolution, of course, is long, slow and messy. Full of arrghs. The end point – if any – is not visible. This seems like a much better description of our interactions with computers than “market failure.”
Knowing this, however, does not reduce the frequency and intensity of my tantrums. Arrgh.
Tim W,
A further note on the US of Old Sparky as a cure for acne… it occurs to me that if any state in the US ever did impose draconian punshments for spreading viruses, it would be Texas.
Outside the US (and you know better than I that there are people living outside the US), if any jurisdiction ever came down hard on malware generators in practice (as opposed to purely in theory with toothless laws), I can imagine Singapore would be among the first.
Both (Texas and Singapore) are somewhat darlings of the right/libertarian crowd.
Noni:
On Windows, you can pick a restore point before introduction of the malware virus protection. I have also gone into the registry to delete such garbage. Google and find the solution.
At the risk of engaging with the actual original post, I’ll suggest a couple of things that might be going on. Perhaps these are already folded into existing economic theories, but I sure don’t see much in discussions that would suggest they are.
One thing is that there are several markets interoperating. Individual actors select behavior profiles that optimize their outcome over the markets in which they participate – rather than sub-optimizing over each separate market. This, in turn, may restrict outcomes for an actor who participates in a different (though overlapping) set of markets. Actors include at least users, virus writers, antivirus writers, and operating system providers, and likely other parties who benefit from the actions of viruses (e.g., those who harvest credit card numbers, though without writing the actual code that grabs them). OS suppliers are incentivized to harden their offerings to the extent that users will select another vendor because of infection concerns. That incentive must be balanced against the cost of hardening, which may (in part) be passed off to antivirus writers, etc. However (to a first approximation) OS suppliers don’t care about credit card number harvesting except as it causes users to select a different OS.
Another factor would seem to be that the “markets” are not continuously-valued – you can’t buy 0.20 of one OS and 0.8 of another – it’s an all-or-nothing choice. That might set up contrasts like the integer vs. real knapsack problem in computational complexity.
Let me posit a slightly different point of view; sadly, I do not have a solution.
I was an early programmer, researcher, and begain using networks and bulletin boards
before the www got off the ground. I believe that the same thing is happening to
the Internet that happened to tv …. in the early days there were a lot of smart,
creative people doing wonderful stuff for the fun and the love of it. But gradually,
as it filtered down to the masses, the commercial world got ahold of it and is strangling
it just like kudzo.
For o0ne thing, the commercial anti-virus products themselves use between 20% and 60%
of your entire machine resources. Cut them off and your response time will improve
dramatically. There’s very, very few viruses still circulating anymore because nearly every
machine is “protected.”
For another thing, the commercial sites are downloading more and more tracking software
and spyware and other sorts of stuff that runs on your machine wkithout your permission
but does not get caught by your virus protection. If you are very vigilante in running
spybot search and destroy, and eliminating unneded coo0kies and stuff, you can hold this
down but you cannot stop it.
To a certain extent, you have to tolerate it and expect that it is going to continue to get
worse. Gradually people will stop using the internet at all;, and that will just make the
commercial ventures push harder and harder on the people who remain.
Best wishes, life sucks and then you die.
The internet is like the weather. The consumer is always wrong. Maybe the insurance companies can solve this with some insurance product.
I don’t understand this idea of what is good security software today sucking 6 months later. For one thing, most security software that I know of updates itself all the time. For another, there are people who have been at this for a long time and know what they are doing. One such is Steve Gibson, who was a legend already in the 1980s. Here is the URL for the Gibson Research Corporation: http://www.grc.com/default.htm
Back when I was using Windows, right at the beginning of the spyware epidemic, when all most machines had was anti-virus software, Gibson was telling people that they needed software to watch what was going out of their machines not just what was coming in, and recommended software that did that. I got the software and discovered that my machine was sending data to a computer in North Carolina. I was able to check it out, could not tell who it really was, and told the software to prevent outgoing messages to it. A couple of weeks later I got some free anti-spyware software that detected a couple of spyware programs, which I quarantined. 🙂 What happened to that software, you may ask? A couple of years later the company was bought by one of the big names in anti-viral software. The big name software, if it watched for outgoing messages, did not yet offer the capabilities of the software I had. I waited in vain for it to do so, but apparently it bought the smaller company to eliminate the competition.
IMO, spyware is a bigger problem now than viruses. There is no reason for your computer to send messages that you don’t know about to computers you don’t know about. It is true that I made some mistakes with that software. I once stopped communicating with a site that stored pictures for a site that I regularly used. Oops! But that was easy to fix. People are writing new malware all the time. The beauty of the software I had was that it did not have to identify the spyware, it just detected suspicious outgoing messages. I didn’t have to wait until my anti-spyware program could detect the malware to stop the spyware from sending messages. 🙂
Gotta run. More later. 🙂
bob,
Great points.
chistletoe,
Your first paragraph sounds remarkably like what my father keeps telling me. I agree with it, by the way.
Mike, All of the discussions aside about how and why the “market” did or did not fail, there actually IS a fairly simple solution to your problem, which is more with Windows itself than with malware.
Windows originated as a graphic interface to DOS, and gradually evolved into an operating system. It was not designed to be secure, and it is literally full of security holes. Almost any computer-savvy yobbo can easily find a hole to exploit, Patching security holes over and over again in Windows is like trying to waterproof a screen door with duct tape.
Your solution? Truck your heav-duty computer down to your computer guru and have him install a Linux distribution on it as a dual boot. Then you do ALL your on-line work, downloading and uploading files, with Linux. You work on your files under the Windows boot, but NEVER go on-line with Windows. Just make sure your guru sets up a directory that can be accessed from both Linux and Windows so that both can get to your data.
Linux operating systems are small, and won’t bog down your computer. Better yet, they are extremely secure (as well as obscure) and don’t NEED antivirus programs. Even if they ever become popuar, they are still difficult to write viruses for, because Linux was designed to be a secure operating system from the ground up.
I have been using Ubuntu on an underpowered netbook for going on three years now, with no antivirus programs, and no “issues.” Ubuntu pretty much works like Windows, so it’s easy for a newbie to learn. I also have a Ubuntu dual boot on my 6-year-old Windows laptop for the rare times I need to use a Windows program.
This is easier than it sounds- trust me. If I can do it, anyone can!
Good luck!
Cynthianne,
I may do that with the next computer I buy, but I’m not trekking back to get more work done.
Thanks.
Less than a year ago,
Err, yes, but there’s tens ofmillions of script kiddies out there trying to break those a-virus softwares.
You’re in a market whether you like it or noit. And, being in a market, you the consumer, have to be awake.
My two cents worth.
Having owned and operated a computer service business for over 15 years, I have resigned myself to re-evaluate anti-virus and anti-malware products every couple of years. I have had problems with all of the commercial products failing to detect and remove viruses and malware in the past. The anti-virus software certification agency sets a very low bar for anti-virus and malware manufacturers in that the software must only detect the offending software and does not necessarily neutralize (remove) the software from your system.
Some organizations have tested commercial anti-virus programs and have found that even the best the anti-virus and malware products will only detect about 60% of all the known (and I stress known – any good virus or malware will do its very best to keep from being detected) viruses and malware agents.
What’s a user to do? If you must use Windows use Firefox (Adblock is nice) and Microsoft’s no charge anti-virus product. Do not let your kids use your work machine!!! They will always find some bit of spyware, adware or scareware that you do not want and will let it install on your machine. Lastly, do not use your work machine to participate on Social Networking sites (you know the ones I mean – recent IPO for instance). About 20% of social network users report getting viruses from downloading shared files, pictures etc.
Good luck, it’s a jungle out there.
The point of this isn’t just using an obscure OS, the point is that using a virtual machine allows you to take a snapshot of the VM’s clean machine state and roll back to that state if anything bad happens.
You could do the same thing using a windows OS as your VM (ie, roll back to a clean state), but you’d have to buy an extra license (one for your host OS and one for your guest OS). Since the whole purpose of the VM is just to run your browser (norhing else!), and Ubuntu is free, you might as well use ubuntu.
I’m happy to help if you need more info. I’ve been doing software for about 30 years, and I know what’s simple to me seems really complex to ‘civilians’, but it really isn’t that bad once you get the basic concepts down.
Another alternative:
If your current machine is windows-based, and you have a old, dead XP machine with a valid windows key, you can install XP as a VM using your dead machine’s license.
You just need a fair amount of ram (read 64 bit host, >4gb is good) to run the xp vm on top of your ‘real’ OS.
Mike,
Then why does the title to your post include the phrase “No Government”?
I’m philosophically against the concept of intellectual property. Though I don’t argue against IP on utilitarian grounds, I would have to imagine that a world without it would be likelier to have a plethora of OSs than the one we inhabit, thus lessening many of the malware issues we have.
But you KNOW this, as do I. My brother did not, and had no idea what had happened. I forgot to mention point 3, or whatever — that a large number of people don’t use the net at all because they see it, rightly, as a hazardous place where they will risk money and the security of their machine and spend numberless hours trying to learn how to avoid such dangers. Actually that’s sort of the reason I don’t play computer games — the up-front time to learn the vocabulary of the game and its move is simply opaques to me, an effective barrier to participation.
Noni
“The other day I had to take my computer in to an expert for tune-up. I had all the usual onboard – an antivirus, anti-spyware software, etc. But the machine was running very, very slowly.
The expert I took it to cleaned out a lot of malware”
Sounds to me like your anti-whatever software wasn’t working.
I have commercial-product-X* on all my computers and I have no such problems. Your point is?
* I’ll reveal the name if it’s important.
sammy,
For the same reason it mentions competition and easy entry before it mentions no government and yet doesn’t represent a call for banning competition or easy entry into markets.
To use an analogy, if I had a post with the following title: “Restaurants Fail More Frequently Than Airports” would you really start with the assumption that the goal of the post is to require everyone who is planning to open a restaurant to build an airport instead?
Tim Worstall,
If we had too many of these markets where “good” becomes “bad” very quickly, and which require as much testing or research to tell “good” apart from “bad” most of us would never get anything done. That is not a good outcome.
Large amounts of anti-malware software are fraudulent – for example almost all such products for smartphones. They do nothing useful and give a false sense of security.
Switch to the Mac or Linux, avoid porn websites, don’t click on links in email, and leave those products behind.
You have to pay me good money to use a Windows machine, and it’s been a while. Of late I mostly program Linux clusters across the internet, using my Macintosh as a workstation and terminal. On my own time I surf where I please, including places those above have warned you never to go. After six years on my current machine my partner convinced me to run a high-quality virus checker. I found only a handful of viruses: one updater for a Mac virus I don’t have, and a few Windows viruses which won’t run on a Mac anyway. So I’d argue that to an extent the market has not failed, but the customer has failed to choose the quality product. Caveat emptor.
“So why are the outcomes of this market so poor?”
The outcomes are not poor. Your taking your computer in because it got slow is like taking your car in for an oil change. Cars need maintenance; so do computers.
You can learn to do it yourself, have your kids do it for you, or take it to the shop. You did learn how to drive a car didn’t you? Well, now you need to learn how to drive a computer.
“It is relatively easy and inexpensive to enter and exit the market for anti-bad things software….”
I’m not sure about this either. Anti-virus, anti-malware software is complex, sophisticated and requires lots of research to keep up with the threats out there. I think it’s amazing that you can get this type of software for so little, even *free*
You are getting a bargain and don’t even realize it. Maybe you are a bit spoiled by how well most of this stuff works most of the time?
“So why are the outcomes of this market so poor?”
The outcomes are not poor. Your taking your computer in because it got slow is like taking your car in for an oil change. Cars need maintenance; so do computers.
You can learn to do it yourself, have your kids do it for you, or take it to the shop. You did learn how to drive a car didn’t you? Well, now you need to learn how to drive a computer.
“It is relatively easy and inexpensive to enter and exit the market for anti-bad things software….”
I’m not sure about this either. Anti-virus, anti-malware software is complex, sophisticated and requires lots of research to keep up with the threats out there. I think it’s amazing that you can get this type of software for so little, even *free*
You are getting a bargain and don’t even realize it. Maybe you are a bit spoiled by how well most of this stuff works most of the time?
“So why are the outcomes of this market so poor?”
The outcomes are not poor. Your taking your computer in because it got slow is like taking your car in for an oil change. Cars need maintenance; so do computers.
You can learn to do it yourself, have your kids do it for you, or take it to the shop. You did learn how to drive a car didn’t you? Well, now you need to learn how to drive a computer.
“It is relatively easy and inexpensive to enter and exit the market for anti-bad things software….”
I’m not sure about this either. Anti-virus, anti-malware software is complex, sophisticated and requires lots of research to keep up with the threats out there. I think it’s amazing that you can get this type of software for so little, even *free*
You are getting a bargain and don’t even realize it. Maybe you are a bit spoiled by how well most of this stuff works most of the time?
“So why are the outcomes of this market so poor?”
The outcomes are not poor. Your taking your computer in because it got slow is like taking your car in for an oil change. Cars need maintenance; so do computers.
You can learn to do it yourself, have your kids do it for you, or take it to the shop. You did learn how to drive a car didn’t you? Well, now you need to learn how to drive a computer.
“It is relatively easy and inexpensive to enter and exit the market for anti-bad things software….”
I’m not sure about this either. Anti-virus, anti-malware software is complex, sophisticated and requires lots of research to keep up with the threats out there. I think it’s amazing that you can get this type of software for so little, even *free*
You are getting a bargain and don’t even realize it. Maybe you are a bit spoiled by how well most of this stuff works most of the time?
“So why are the outcomes of this market so poor?”
The outcomes are not poor. Your taking your computer in because it got slow is like taking your car in for an oil change. Cars need maintenance; so do computers.
You can learn to do it yourself, have your kids do it for you, or take it to the shop. You did learn how to drive a car didn’t you? Well, now you need to learn how to drive a computer.
“It is relatively easy and inexpensive to enter and exit the market for anti-bad things software….”
I’m not sure about this either. Anti-virus, anti-malware software is complex, sophisticated and requires lots of research to keep up with the threats out there. I think it’s amazing that you can get this type of software for so little, even *free*
You are getting a bargain and don’t even realize it. Maybe you are a bit spoiled by how well most of this stuff works most of the time?
“So why are the outcomes of this market so poor?”
The outcomes are not poor. Your taking your computer in because it got slow is like taking your car in for an oil change. Cars need maintenance; so do computers.
You can learn to do it yourself, have your kids do it for you, or take it to the shop. You did learn how to drive a car didn’t you? Well, now you need to learn how to drive a computer.
“It is relatively easy and inexpensive to enter and exit the market for anti-bad things software….”
I’m not sure about this either. Anti-virus, anti-malware software is complex, sophisticated and requires lots of research to keep up with the threats out there. I think it’s amazing that you can get this type of software for so little, even *free*
You are getting a bargain and don’t even realize it. Maybe you are a bit spoiled by how well most of this stuff works most of the time?
As Cynthian explained, Windows is ful of security holes. A well-designed OS and browser should be very resistant to infection. Windows and Internet Explore fail that test.