Immunet - Parasitic Products

This blog is about a new startup based out of Calgary called Immunet. How is this related to Norton you might ask. Well, a few of the top executives (that shall remain unnamed) are ex-Symantec employees. Hmm.. I am always suspicious when I see a defection from well-known brand to an upstart company that lo and behold happens to be working on something identical. See this thread for names and places http://www.wilderssecurity.com/showthread.php?t=251402

They have also been busy astro-turfing, flooding the internet with good news about their crappy product. See http://www.dslreports.com/forum/r23305665-Anyone-else-using-Immunet-Protect

Their idea is nothing new, signatures in the cloud, correlation across other users, collective intelligence, same ol, same ol. This area has probably been patented to death.

This product is whats called a PARASITIC product. They monitor detections of other products that may be running on the machine, and claim those very same detections as their own. Nasty!!

The implications of this are interesting to say the least.

1. Immunet can never detect anything that is not detected by at least one other product. That is, it doesn't bring anything new to the table. So why would you need it ?

2. Because it in essence siphons of detections from other product, it always runs the risk of not seeing the detections if it can't hook into the events that a product like Norton generates when it detects a threat. In fact, I hope Symantec, McAfee, Kaspersky, AVIRA and others see this posting and lock down their event/alert interfaces so they can't be read by Immunet. Lets get rid of the parasite.

I predict that in about 3 years at most, Immunet will be relegated to the ever increasing pile of failed security-wannabe startups... that is, unless they get bought out by some clueless company like IBM with deep pockets. I have a feeling that Symantec will not be one of contenders for a buyout :-)

There is an interesting blurb at the very bottom of their website site and it reads

" Dont wait for other vendors to re-architect their products when you can use Immunet Protect today. "

Wow, if there is one skill startups have, its FUD. I suspect that comment is targeted at Symantec given the pedigree of the company. However, I am sure that by now the defectors know that Norton has successfully ships their "re-architected" products with Quorum technology to millions of customers. No need to wait, get the best, get Norton.