How hard can it be

[Guest]

[rangermenace]

To make a new version of an Virus program. All you have to do is copy the best and add to it like Microsoft does. All antivirus programs must pretty much work alike and be a like under the skin since they work to detect the same virus definitions. Is there a Central virus Defection data base that supplies these for all programs? I felt Comodo was dumping their Firewall since it never updated but it's nice to hear they are coming out with a version 3.

[LeoniAquila]

I suppose the number of available quality AVs reflects how hard it is. Also, the market is quite dominated by a couple of large companies, so I think it can't be very easy to establish something. Comodo is on its way, but the way is long.

LA

[Little Mac]

It'd be nice if it really was that simple!  Any time you're developing software, it's never as easy as just copying the best and adding to it (like you say, as MS does - this is probably a large part of why their products have so many problems).

There is no central database of virus definitions, and mostly each AV company is responsible for its own R&D.  Some sell their scan engine, but I don't know if that includes updates to definition files or not.  All in all, it's not a level playing field; there is competition, which is what drives the market, and each company has to have something to say that they're better than the opposition.

Inasfar as "dumping" the FW because of no updates, most firewalls that are just firewalls don't "update" as such.  It's not like an AV where definitions change daily.  If there is a serious problem with the software, a fix version may be released, but other than that, there's nothing until the next full version.  Which is where we are now, less than a year later...

LM

[Luketan]

Is there a Central virus Defection data base that supplies these for all programs?

No, and that is one of several things that make AV competition against established companies much harder than in say the firewall industry.

[aladinonl]

How about one company come up w an engine that can translate update from another AV product to its own?

For instance, company X buy a KAV retail product so A can obtain update from Kaspersky Lab. X translates update file *.abc from KAV to its own update file *.xyz So X's customers receive update from X actually receive update from KAV but they mite never know. And if X's engine can utilize several other products then it is invincible.

Since X has its own engine, its own database and wat it does can be seen as a 'research' in other 's products, does X violate?

[Luketan]

Yes.

[aladinonl]

Luketan, ur answer is so simple and not satisfy me.

Can u b more specific (askin for which line in the regulation is too much?)  coz wat I concern is dat is there anyway around?

[Little Mac]

I think part of the problem, aladinonl is that you are getting into the legal area regarding the licensing of intellectual property.  Software does not belong to the end user; they are only licensed to use it.  The software, and every piece of code connected to it is the property of the developers thereof (this would include DAT updates as well as application updates).

The only way it would potentially work (as I see it) is if Company X purchased not only a license for the AV engine (possibly to include redistribution) but also a license for redistributing the DAT files.  If that is possible, it might be as simple as purchasing a license to redistribute the DAT files, without ever having the AV.

My bet is that no AV company is going to let go of their virus database very easily.  It is a big part of their competitiveness in the market.  They might sell some access, but it would be for a steep price, I'm sure.

LM

[aladinonl]

Thanx LM, u got me.

But I stil have question here. It deals w the technology of writing update files in which Im blind.

To write the update file, X needs the code of nasty. So if the update file reflects the code of nasty, then instead of actively tiring collecting nasties, X, thru getting update from Kaspersky, also get the code of nasty from Kas.

So if X do dis w several products, the result is that: it has a large database; but its update will less reponse (but not a big concern).

Does X stil violate since it is a process of collecting samples?

[Little Mac]

They wouldn't be getting the "code" for the malware; only a definition file which looks at certain pieces of that code in order to identify it... it's "signature."  At least, that's how I understand it.

Each AV develops their own signatures for each malware they study.  It is very likely that even if it were legal, the DAT file would not work in a different AV.  As it is, since the AV develops the way to identify the malware - the signature/DAT file - it is their intellectual property.

I don't think this could be said that Company X is just collecting virus samples; they would be collecting signature samples, which is a different thing altogether.

LM

[aladinonl]

Ok, thanx LM.

Actually there r some apps dat regconize several anti-malware databases and can scan w each database one after one (not at the same time w a combined database). But most databases r not free like KAV, McAfee, Spysweeper...

I just wonder why nobody develop a same function app dat uses all free databases: comodo, avg, antivir, avast,a2, SB S&D...? it is gr8.

[Tags:]