The Malware Scanner Lifecycle

Two_Face

You either die a hero, or you live long enough to see yourself become the villain.

Malware comes and goes [mostly comes], but good malware scanners are few and far between.

Very big names have gone into this arena and come out emptyhanded; the battle to keep the computers of the world safe and infection is a three-way fight between platform builders who battle to patch mounds of buggy code, security experts who monitor for plagues and vectors, and bands of rogues who want to keep exploits secret and nefariously useful.

In the midst of the second group lies the home of the malware scanner.  Having largely supplanted the virus scanner over the last decade, malware looking to turn any given network node into a quick buck has faced off against a small army of independently produced scanning systems.

Essentially, they rely on detecting rogue software and feeding a database shared with all other users of the software.  It might be more obvious to develop a unified response (like WordPress’ Akismet spam-blocking agent) — but Microsoft has always taken a hands-off approach to security, save for a handful of years it mounted a half-hearted effort with the Windows Defender program.

Malware scanning is left to the wider market, where the story always goes like this: idealistic IT student makes malware scanner, does it for fun and donations, then slowly sells out as the software gets popular and too big to manage.  And then comes the point where you insist on receiving payment before users can remove malware.  Now your software has itself become ransomware, and rounded the circle from hero to villain.