The antivirus business is booming. Even though there still isn't universal acceptance of the need for virus protection, the prevalence of the Internet has forced malware into much of the public's consciousness. Most people at least recognize the need for antivirus software.

Too bad the software isn't working all that well.

The overall antivirus market is churning out software of late which at best is a toothless bulldog growling at everyone and everything that passes near. At worst, it's more like that stupid cat of yours that wants to rub against everyone who walks in. Take your pick, but neither one is doing that great a job of keeping anyone out -- one just makes a little more noise when it happens.

The subscription model is a loser any way you slice it

Let's face it -- we have a lot of things in life that require subscriptions. And we gripe about every last one of them.

Moving from a one-time purchase to a subscription based model undoubtedly seemed like a good marketing move at the time. The problem is that it's handled less like paying the paperboy to bring the next month's editions full of new and interesting things and more like some Mafioso extorting "protection money" on an ongoing basis.

I say this because there is typically no friendly grace period when said subscription runs out, as any reputable insurance agency would provide. Instead, the procedure is more often an immediate loss of functionality. Even an option of waiting and reimbursing antivirus vendors for such a grace period would make a more reasonable option than cutting the customer off cold-turkey, exposing individuals and businesses to incalculable losses in a world where data is money.

Admittedly, there can be arguments made on both sides of this. This is for a substantial and relatively unexplored reason. This is a problem that has plagued the commercial software from the beginning and is not going away any time soon and can be summed up in a simple question with a very complex answer: Is software a service or a product?

One could argue it's a service because it has to be updated, improved, and fixed over time (mostly the latter). Conversely, it seems a lot like a product because, frankly, we pay sales taxes for it. That and when we buy that box of goodies and bring it home, we expect it to be ours forever, without restriction, just like everything else we bring through the door that is bought outright.

But it is and will always be complicated precisely because it's so different than anything we've dealt with before. It's symptomatic of so many of the problems in the world's new technological economy.

That doesn't make it feel any better, though.

It doesn't do what we are led to believe

If you've never tried to define what antivirus software should do, I challenge you to do it. Even the most humble description with probably leave your favorite falling short of your ideal.

Is it supposed to prevent viruses from getting on your hard drive? If it did, we wouldn't see so many that need removed.

Is it supposed to remove viruses? Don't make me laugh.

Is it supposed to warn you of viruses on your system? At the very least, one would hope so. But they tend to do even that very poorly.

In a practical setting, what happens is a combination of the three. If you are lucky, your system is virus free and happy forever. Still, there is no way to be sure. So your options are the barking dog with his false positives or the narcoleptic cat that just looks pretty sitting there in the system tray.

To air on the side of caution and best practices would be to accept false positives from time to time. Still, it doesn't seem like much to ask for such warnings to be a little more clear. After all, how many end users have a clue what "winword.exe" is and why it is trying to access the their network?

For that matter, who the hell knows what all those processes running on your Windows box are in the first place?!? Those of us on the proverbial frontlines can do a few searches and figure it out, but how many end users have that level of sophistication? I think we all know in our hearts that IT "consultants" (which seems to be "malware fixers" most days) are making way too much money for finding fixes and identifying system processes on Google for hours on end.

In my experience, the viruses I get called out on are usually so bad that nothing short of booting to a CD and working from there will put a dent in anything. The Windows operating system, though troubling and confusing to many of us trying to utilize it in some intelligent way, seems to do a pretty good job of being malware-friendly in keeping viruses outside the reach of anything trying to remove it.

We can't even nail down a good "malware" definition

As if it wasn't bad enough when it was viruses, worms, and trojan horses! Now there is all this quasi-malware to contend with that nobody quite knows how to stop or even how to classify consistently.

We give them names like spyware, adware, and anyotherware but what does that even mean? It could be a simple text file, a Web cookie, or an executable. That's a pretty broad range of nasties to ignore in bulk. And the names that attempt to classify them are either way too docile or far too imposing, depending on the audience.

Most people are shocked when they find out that their antivirus software isn't touching these things. No matter how many times I try to explain that it doesn't know what cookies are bad, it won't risk violating other software licenses, and so on, the more I'm starting to think my clients really are asking the right question: Why aren't these antiviruses removing this junk???

So how do the antivirus developers respond to this? How else but rolling out additional software. I'm all for a free market but why should consumers be paying for yet another product just because the first one doesn't do what it should be doing in the first place? The answer is because nobody is shipping a viable alternative that handles it all.

The wrong forces are entering the market

Antivirus developers are in the unique position of bucking the trend of most major software categories. Whether it's operating systems, office packages, or servers, most software categories are being consolidated into one or two large corporations and one or two open source alternatives.

For some reason, the antivirus market is behaving in an entirely different fashion in that more and more players are entering the arena. And they're coming from both ends.

On one side, you have companies like Microsoft picking up smaller antivirus and spyware companies to enter this market rather than Symantec or McAfee snatching them first. On the other side, you have every office supply store debuting its own overpriced, branded version of some two-bit antivirus that nobody would have even heard of unless "Staples" is on the box.

No matter which end it's coming from, it isn't good for consumers. For companies like Microsoft, it's a conflict of interest considering they stand to profit whether their core software is secure or not -- might remind one of seeing the Philip-Morris copyright at the bottom of most anti-smoking ads. For the little guys branding others' software, it's downright deceptive when the store is pushing its own software when it may or may not be worth a damn.

A more practical approach

There are any number of ways to improve (or rather redesign) antivirus software in an effort to address the issues above. Here are a few possibilities.

Live scanning and removal are nice ideas, but this approach has become increasingly less effective. One reason for this is that it is often necessary to bypass the operating system to remove and sometimes even detect dormant malware. At the very least, an effective antivirus needs the option of booting to a separate partition, a RAM drive, or a kernel independent of the host operating system.

Subscription-based marketing needs to be modified or, if possible, eliminated completely. There are plenty of other models available. In particular, a model based on charging per n incidents would encourage consumers to adopt best practices and would allow developers to freely distribute their software and therefore gain more potential clients. Such software could identify threats for free but then leave the user the option to remove them manually (which is all they are good for much of the time anyway) and can automatically remove them upon request and bill them later. You may not like the idea of people paying $5 or $10 to have a virus removed, but it sure beats the $200 they end up paying the repair shops.

Ignoring spyware and adware is an irresponsible stance for antivirus companies to take. On the other hand, removing them at will isn't legal in many cases. A comfortable middle ground would be to let users select specific levels of detection and leave it to them to worry about what they are legally obligated to keep. Whatever technique is adopted, pretending spyway is the concern of someone else's software is not the way to go.

Finally, antivirus vendors and developers need to be more clear about just what their software is supposed to do. This means not only in terms of marketing these products but in the development phase as well. Consumers deserve to know what they should expect from the software they buy. A more frank and honest pitch will result in a lot less disappointment once it's already too late.