JOIN
Get Time
forums   
Search | Watch Thread  |  My Post History  |  My Watches  |  User Settings
View: Flat (newest first)  | Threaded  | Tree
Previous Thread  |  Next Thread
antivirus job | Reply
In a few hours I'm going to an interview at an antivirus company: a guy contacted me saying that they have a "senior c++ programmer" position available and he saw my name at Brainbench c++ top scores. What I know from the Internet is that the guy is the manager and they are a "research and development lab" of a russian antivirus company (Kaspersky); and many/some (?) employees are guys who worked for Romanian AntiVirus (RAV) that was bought about a year ago by Microsoft.

I had nothing to do with viruses & antiviruses until now. I'm curious what you guy think about this domain. Could it be interesting? Frankly, the virus/antivirus race seems a bit pointless to me -- I belive the solution will ultimately be better OSes and better applications, not an ultra-knowledgeable and up-to-date antivirus. But maybe I'm blind because I'm ignorant about this domain.

So, what do you think?
Re: antivirus job (response to post by rgrig) | Reply
I'm not very up-to-date either, but I would think it's an exciting domain. I've read some interview with people working in the antivirus business (the "analyze-the-assembly-code-of-this-or-that-virus" department) and they never seem to have a boring day.

As for pointless, I like the following quote by Rich Cook (I think): "Programming today is a race between software engineers striving to build bigger and better idiot- proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning."

You will always have stupid and ignorant users who will trigger viruses or trojans etc. If will take decades before understanding of computers and how they work become common knowledge.
Re: antivirus job (response to post by rgrig) | Reply
Go for it. While most viruses are boring and elementary, there are some that are true pieces of art :)
Re: antivirus job (response to post by Yarin) | Reply
My suggestion - Antivirus software is most like a hoax.
It does stop mass distribution of well-known executables, but it does not stop 0-day old evil binaries.
This problem will only increase as more code morphing tools will be developed.

While working in banking industry I've submitted about 5-6 different custom trojan binaries for inclusion to antivirus databases. Those files were found by aggressive filtering at our network borders, no one antivirus were aware of them (even with "heuristics" analysis enabled).
By taking a look on "New 300+ virus signatures were added today" and "New Trj/Small.GJ version found" antivirus update logs you will understand problem.

The only way to be protected - is to configure your systems to resist attacks, not to clean them after successful one.
Fix the cause - not results.
In my environment - if system were compromised - it's immediately taken down, analyzed for cause and completely rebuilt from scratch (or known backup image) using new information obtain. As well law enforcement contacted/notified ;-)

As well I've used another different technology to keep systems working since 1997 - imaging and disk write protection. Making a system drive read-only will make costs of cleaning / maintenance equal to cost of system reboot.

This is how you can make you a little bit more protected (it's never enough).
Do not rely on antivirus. They give you false sense of security.
Re: antivirus job (response to post by rgrig) | Reply
Thanks for sharing your opinions. For now I said "pass" for at least two reasons: (1) I don't like to leave a project in the middle and (2) they have openings for the "development" part not for the "research" part. They use some libraries and develop various virus searching programs, like a sendmail filter. This really doesn't sound much fun.
RSS