Av with the lowest overhaed

[Syncme]

I was wondering what people use for their antivirus solutions. I find that
some of them are becoming more and more resource hogs and launcing more and
more services. Every time I get a new version the systems become slower. I
realize that there are more and more viruses out there but I wonder if there
are some that are more efficinetly written than others.

Are there any comparisons with a kind of benchmarks/footprints on antivirus
software?

Syncme

 

[Ian Kenefick]

I was wondering what people use for their antivirus solutions. I find that
some of them are becoming more and more resource hogs and launcing more and
more services. Every time I get a new version the systems become slower. I
realize that there are more and more viruses out there but I wonder if there
are some that are more efficinetly written than others.

Are there any comparisons with a kind of benchmarks/footprints on antivirus
software?

Syncme

Try F-Prot or NOD32. Both offer good protection and the resource
footprint is relativly small.

Regards,
Ian Kenefick
http://www.IK-CS.com

 

[Melissa]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Syncme,

I was wondering what people use for their antivirus solutions. I
find that some of them are becoming more and more resource hogs
and...

For the past 3+ years, I've been very happy with nod32. Not only is
it unnoticeable with regards to resource usage, it's very fast,
accurate, and in my experience, consistently trouble free/stable.

My observations above are merely anecdotal, not scientific, but
that's my story and I'm sticking to it!

- --
Melissa

-----BEGIN PGP SIGNATURE-----

iD8DBQFB/n4QKgHVMc6ouYMRAj+eAKDFkrwQSSlF7j0eA6xKaMy0vtB2dQCdHvV1
e37hp9/kUUsOrJIrd4OCnzc=
=Tkvk
-----END PGP SIGNATURE-----

 

[Juan C. Reyes]

I went with Trend Micro's PC-cillin, after a bad experience with NIS2005. I
find no significant resource impact.

| I was wondering what people use for their antivirus solutions. I find that
| some of them are becoming more and more resource hogs and launcing more
and
| more services. Every time I get a new version the systems become slower. I
| realize that there are more and more viruses out there but I wonder if
there
| are some that are more efficinetly written than others.
|
| Are there any comparisons with a kind of benchmarks/footprints on
antivirus
| software?
|
| Syncme
|
|

 

[Roger Wilco]

Subject: Av with the lowest overhaed

On-demand as part of "best practices" - but then it would be you doing
much of the work. The more work you expect the AV to do for you the more
overhead it will consume.

 

[Ian Kenefick]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Syncme,



For the past 3+ years, I've been very happy with nod32. Not only is
it unnoticeable with regards to resource usage, it's very fast,
accurate, and in my experience, consistently trouble free/stable.

My observations above are merely anecdotal,

yet accurate - it has a small resource footprint, it is fast, it is
stable. NOD32 is probably the most transparent Antivirus solution out
there.

not scientific, but

accurate

that's my story and I'm sticking to it!

Why change it.


Regards,
Ian Kenefick
http://www.IK-CS.com

 

[Syncme]

I appreciate all the good post and sugestions.
I looked around and to my surprise, this topc doesn't get too much
attention.
I know people (users) have been asking me about such things but never
publicly voiced the concern.
I know this is a longshot but perhaps some av developers will read this and
consider some more efficiency coding.
I'm don't know the details of the coding practies but I'm sure some have
efficiency issues due to rolout deadlines.

Syncme

 

[Syncme]

Subject: Av with the lowest overhaed

On-demand as part of "best practices" - but then it would be you doing
much of the work. The more work you expect the AV to do for you the more
overhead it will consume.

I understand this, however there are many ways to do the job to achieve the
same result. I imagine that efficiency is not widely practiced because of
corporate pressures for deadlines.

Completely new Avs released every year and possibly most of them are
visually redesigned but not optimized or re-worked for more efficiency.

Just a though.

 

[Roger Wilco]

I understand this, however there are many ways to do the job to achieve the
same result. I imagine that efficiency is not widely practiced because of
corporate pressures for deadlines.

Yes, this quantity over quality has seeped into many an industry. We
have replaced our artisans with manufacturers.

 

[Syncme]

Yes, this quantity over quality has seeped into many an industry. We
have replaced our artisans with manufacturers.

Yes, it's a wide spread problem. I just hope one day it will take a turn for
the better.
It's one reason I believe open source will prevail and/or give corps. a run
for their money.

Syncme

 

[Julian]

Yes, it's a wide spread problem. I just hope one day it will take a turn for
the better.
It's one reason I believe open source will prevail and/or give corps. a run
for their money.

Syncme

The open source ClamAV anti-virus is very low overhead. But at present,
it's a command line only scanner, and has been mentioned in another
thread, it's detection rate lags behind the current state of the art in
certain areas (my comparison with F-Prot at
http://www.tech-pro.net/clamav.html might be of interest.)
Unfortunately, it will only improve if those with the necessary skills
volunteer their time and effort to add the capabilities that are lacking.

 

[kurt wismer]

Julian wrote:
[snip]

The open source ClamAV anti-virus is very low overhead. But at present,
it's a command line only scanner, and has been mentioned in another
thread, it's detection rate lags behind the current state of the art in
certain areas (my comparison with F-Prot at
http://www.tech-pro.net/clamav.html might be of interest.)
Unfortunately, it will only improve if those with the necessary skills
volunteer their time and effort to add the capabilities that are lacking.

don't hold your breath... people with those skills are already employed
in the anti-virus industry and are getting paid for their efforts... in
order to avoid problems with their employers regarding trade secrets
and intellectual property rights, those people with the necessary
skills would have to come up with a design and implementation that is
entirely new... that's a long and arduous job - i'm not sure 'the
goodness of their hearts' is going to be adequate motivation...

 

[Syncme]

Julian wrote:
[snip]

The open source ClamAV anti-virus is very low overhead. But at present,
it's a command line only scanner, and has been mentioned in another
thread, it's detection rate lags behind the current state of the art in
certain areas (my comparison with F-Prot at
http://www.tech-pro.net/clamav.html might be of interest.) Unfortunately,
it will only improve if those with the necessary skills volunteer their
time and effort to add the capabilities that are lacking.

don't hold your breath... people with those skills are already employed in
the anti-virus industry and are getting paid for their efforts... in order
to avoid problems with their employers regarding trade secrets and
intellectual property rights, those people with the necessary skills would
have to come up with a design and implementation that is entirely new...
that's a long and arduous job - i'm not sure 'the goodness of their
hearts' is going to be adequate motivation...

--
"we are the revenants
and we will rise up from the dead
we become the living
we've come back to reclaim our stolen breath"

There are tens of thousnads of projects hosted at just SourceForge and is
done just out of 'the
goodness of their hearts'. These are all done all by volunteers.
The internet is based on volunteers from government academic institutions.
Juts the same your input helps alot people out here with their problems. Why
wouldn't it be possible for someone with other skills donate a little time
to something else (assumin they might work in other industries).
Or perhaps students doing computer sci. doing their thesis on anti viruses
could devote time to open source. It's happening all over. That is how the
first internet browser was developed.

I don't see your point....

 

[kurt wismer]

Julian wrote:
[snip]

The open source ClamAV anti-virus is very low overhead. But at present,
it's a command line only scanner, and has been mentioned in another
thread, it's detection rate lags behind the current state of the art in
certain areas (my comparison with F-Prot at
http://www.tech-pro.net/clamav.html might be of interest.) Unfortunately,
it will only improve if those with the necessary skills volunteer their
time and effort to add the capabilities that are lacking.

don't hold your breath... people with those skills are already employed in
the anti-virus industry and are getting paid for their efforts... in order
to avoid problems with their employers regarding trade secrets and
intellectual property rights, those people with the necessary skills would
have to come up with a design and implementation that is entirely new...
that's a long and arduous job - i'm not sure 'the goodness of their
hearts' is going to be adequate motivation...

There are tens of thousnads of projects hosted at just SourceForge and is
done just out of 'the
goodness of their hearts'. These are all done all by volunteers.

we're talking about a very select group of people with highly
specialized knowledge/experience and a class of technology that, in the
commercial sector, has taken years of full-time development to evolve
to it's current state...

The internet is based on volunteers from government academic institutions.
Juts the same your input helps alot people out here with their problems. Why
wouldn't it be possible for someone with other skills donate a little time
to something else (assumin they might work in other industries).

'a little time' wouldn't be nearly enough...

Or perhaps students doing computer sci. doing their thesis on anti viruses
could devote time to open source.

comp. sci. students, in general, wouldn't have the necessary expertise...

It's happening all over. That is how the
first internet browser was developed.

I don't see your point....

because you don't understand the complexity involved or the resources
required...

 

[Syncme]

Julian wrote:
[snip]

The open source ClamAV anti-virus is very low overhead. But at present,
it's a command line only scanner, and has been mentioned in another
thread, it's detection rate lags behind the current state of the art in
certain areas (my comparison with F-Prot at
http://www.tech-pro.net/clamav.html might be of interest.)
Unfortunately, it will only improve if those with the necessary skills
volunteer their time and effort to add the capabilities that are
lacking.

don't hold your breath... people with those skills are already employed
in the anti-virus industry and are getting paid for their efforts... in
order to avoid problems with their employers regarding trade secrets and
intellectual property rights, those people with the necessary skills
would have to come up with a design and implementation that is entirely
new... that's a long and arduous job - i'm not sure 'the goodness of
their hearts' is going to be adequate motivation...

There are tens of thousnads of projects hosted at just SourceForge and is
done just out of 'the
goodness of their hearts'. These are all done all by volunteers.

we're talking about a very select group of people with highly specialized
knowledge/experience and a class of technology that, in the commercial
sector, has taken years of full-time development to evolve to it's current
state...

The internet is based on volunteers from government academic
institutions.
Juts the same your input helps alot people out here with their problems.
Why wouldn't it be possible for someone with other skills donate a little
time to something else (assumin they might work in other industries).

'a little time' wouldn't be nearly enough...

Or perhaps students doing computer sci. doing their thesis on anti
viruses could devote time to open source.

comp. sci. students, in general, wouldn't have the necessary expertise...

It's happening all over. That is how the first internet browser was
developed.

I don't see your point....

because you don't understand the complexity involved or the resources
required...

--
"we are the revenants
and we will rise up from the dead
we become the living
we've come back to reclaim our stolen breath"

(Please consider my comments with no disrespect or any other malice intent,
simply a discussion)
I'm not sure if you're aware there are extremely skilled of groups of
volunteers and even companies doing all kinds of things for the open source
community.
You're right, I, personally don't understand complexity however it doesn't
make it impossible.
When we think about it there are quite a few successful projects out there
with immense complexities beyond comprehension of the average developer who
is not involved in it.
To site a few examples:
Apache - Open source web server currently used by 60% if the internet.
Linux - An operating system designed from scratch started by 1 student
(can't get more complex than that)
BSD - An other operating system used by some of the most secure places in
the world. Open BSD has had 1 remote security flaw in 8 years.
Mozilla(Netscape) -
Darwin - Apples OSX is based on it again quite complex.
TCP/IP stack - Originally even used by Microsoft
LADP - Currently Windows security structure is based on it.
Sendmail - Most email systems are based on it.
These are just a few that I would think are all quite specialized in their
own area.
The argument that it is more complex and requires resources doesn't stand.
Me personally, all these are over my head. I would have the impression that
it is all impossible but it isn't.
Even Av companies rely on the participation of its users to submit viruses
to them. (as far as I understand)What they do is reverse engineer them and
derive signatures from them that would identify them.
How about the biggest open source project I know of, mapping the human
genome. Can't be more complex and resource intensive than that.

 

[Frederic Bonroy]

Syncme a écrit :

To site a few examples:
Apache - Open source web server currently used by 60% if the internet.

Hmmm... to be honest I doubt that it is as complex as a modern
anti-virus program. To be even more honest, I have no idea. ;-)

Linux - An operating system designed from scratch started by 1 student
(can't get more complex than that)

Since you mentioned computer science students elsewhere, here is a
thought: computer science students are usually taught the basics of
operating system design. They are not taught virus scanner design
however... in fact, not many people know how scanners operate internally.

Consider that operating systems and the like, while they are complex,
are popular programming projects. Not many people are interested in
writing virus scanners so there is a general lack of competence in this
area. Also, writing a (decent) virus scanner from scratch now is simply
infeasible because in addition to the scanner, you need a database of
virus definitions, and to get those you have to analyse all existing
viruses - unless

a) you can use someone else's definitions (which is unlikely if your
scanner has a different architecture)
b) your scanner works only heuristically/generically.

 

[Syncme]

Syncme a écrit :


Hmmm... to be honest I doubt that it is as complex as a modern
anti-virus program. To be even more honest, I have no idea. ;-)

Not sure either but i would think its more different than more complex.

Since you mentioned computer science students elsewhere, here is a
thought: computer science students are usually taught the basics of
operating system design. They are not taught virus scanner design
however... in fact, not many people know how scanners operate internally.

Virus wrtiting and Antivirus design is offered as electives in various
universities.

Consider that operating systems and the like, while they are complex,
are popular programming projects. Not many people are interested in
writing virus scanners so there is a general lack of competence in this
area. Also, writing a (decent) virus scanner from scratch now is simply
infeasible because in addition to the scanner, you need a database of
virus definitions, and to get those you have to analyse all existing
viruses - unless

a) you can use someone else's definitions (which is unlikely if your
scanner has a different architecture)
b) your scanner works only heuristically/generically.

The virus definitions a certainly available on the net. They are all over
the place along with the viruses.
That's how most av companies get them. All the av companies do is develop
signatures for them for recognition.
Anyway, there are open source av projects out there.
openav
clamav, clamwin
softlabsav
Perhaps not as popular because possibly people and developers don't know
about them.
Using someone else's definitions is out of the question because they
wouldn't give it up to a competitor. How do you explain the 300 or so other
av companies out there? I'm quite sure they don't share too much considering
they are in direct competition. Not all of them are as big as MacAfee and
Symantec. I'm sure that some only consist of a few people that actually are
core developers.
If there are rouge virus writers can write tiny programs that open
connections on your computer and connect to thousands of other computers and
all be controlled remotely and decipher passwords and turn on cameras [even
drink the beer from your fridge ] while bouncing of an other thousand
computers to make tracing impossible, I'm sure there are people out there
that can write a program that looks for signatures in application and email
attachments.

 

[kurt wismer]

Syncme wrote: [snip]

It's happening all over. That is how the first internet browser was
developed.

I don't see your point....

because you don't understand the complexity involved or the resources
required...

(Please consider my comments with no disrespect or any other malice intent,
simply a discussion)
I'm not sure if you're aware there are extremely skilled of groups of
volunteers and even companies doing all kinds of things for the open source
community.

you're kidding right? there are a lot of skilled *programmers* in the
open source community, but programming skills aren't the issue... all
skills were not created equal... the fact that clam av hasn't gotten
appreciably closer, technology-wise, to it's commercial counterparts
over the years is strong evidence that the skills i'm talking about are
demonstrably *not* in the open source community in any great abundance,
if at all...

You're right, I, personally don't understand complexity however it doesn't
make it impossible.

no, complexity alone doesn't make it impossible, but complexity
combined with time-scale, man-power, and the shear number of viruses
that have to be analyzed and accounted for when designing the scanning
engine make it close enough to impossible to write a new scanning
engine from scratch that you can safely bet it won't happen...

When we think about it there are quite a few successful projects out there
with immense complexities beyond comprehension of the average developer who
is not involved in it.
To site a few examples:
Apache - Open source web server currently used by 60% if the internet.
Linux - An operating system designed from scratch started by 1 student
(can't get more complex than that)
BSD - An other operating system used by some of the most secure places in
the world. Open BSD has had 1 remote security flaw in 8 years.
Mozilla(Netscape) -
Darwin - Apples OSX is based on it again quite complex.
TCP/IP stack - Originally even used by Microsoft
LADP - Currently Windows security structure is based on it.
Sendmail - Most email systems are based on it.
These are just a few that I would think are all quite specialized in their
own area.

yes, so specialized they teach you these skills in school...

The argument that it is more complex and requires resources doesn't stand.

because, as i said before, you don't understand the complexity involved...

Me personally, all these are over my head. I would have the impression that
it is all impossible but it isn't.
Even Av companies rely on the participation of its users to submit viruses
to them. (as far as I understand)What they do is reverse engineer them and
derive signatures from them that would identify them.
How about the biggest open source project I know of, mapping the human
genome. Can't be more complex and resource intensive than that.

perhaps not more resource intensive, but more complex? easily... i'm
probably wasting my time here since you admit to not even understanding
how a web server works, but let me try anyways...

av companies do often rely on users to submit samples, but they don't
just derive dumb signatures for those samples - some viruses try to
fool dumb signature scanning by encrypting themselves with a variable
key, some by encrypting themselves with a variable engine, some by
replacing parts of their code with different but equivalent
instructions, etc, etc, etc... there's even one that recompiles it's
host with it's own code scattered around inside...

dumb signature scanning can't hope to be able to handle these types of
problems because these types of problems essentially boil down to
viruses for which there can be no dumb signatures because no two
instances of the virus look alike (until you have a very large number
of instances, thanks to the birthday paradox)... the scanning engine
has to be able to literally pull the virus apart autonomously in spite
of all the tricks virus writers use to try and prevent that from
happening and then try and match the results from *that* against it's
database... and in order to do that, it first has to be able to
accurately locate the virus, which in turn means it needs in-depth
knowledge of all the data formats (MZ-exe, NE-exe, PE-exe, OLE2, MBRs,
PBRs, script files, com files, etc, ad [nearly] infinitum) in which
viruses can appear... none of which is done by clam av, nor does it
appear they'll start any time soon...

 

[Nick FitzGerald]

Not sure either but i would think its more different than more complex.

I'd side with Frederic (and indirectly with Kurt, from his comments elsewhere
in this thread) -- the internal complexity of modern virus detection engines
(this does not include Clam's engine -- it is decade-plus old technology only)
puts them amongst the most complex of software development projects.

A further comment I'm surprised Kurt and Frederic did not make here...

The projects "Syncme" offers as examples of the open-source community dealing
with large, presumably rather complex, development projects are examples of
products that have grown "organically". Both were started many years ago --
one, just a few years after the first AV engines were started. They have had
many years to develop along with the increasing sophistication and complexity
"expected" of them. However, whilst Linux and Apache are both good examples
of "state of the art" projects, there status, as such, is largely dependent on
the fact that both "grew up" with the needs and developing interest in such
products. The world (well, important parts of it) was "ready" for a cheap,
reliable, Unix-ish, POSIX-ish (maybe) OS when Linux started (well, shortly
thereafter actually and after Linux had developed "enough" to show it
(probably) "had the right stuff". Ditto the "need" for a cheap, reliable web
server (recall that although Netscape gave away its browser for personal (and
education?) use, it charged like a wounded bull for its web _server_) neatly
matched the genesis and early development of Apache.

Antivirus software is quite different. Depending where in the corporate pile
you are, there has been a strongly felt "need" for AV software for more than
a decade; it almost became a critical, "must have" item with the arrival of
macro viruses and became essential with the arrival of the mass-mailers.
Open Antivirus, Clam, et al. came late to this party (long after the "need"
had been filled), so would have had to play serious catch-up if they were to
become the Linux or Apache of the AV world. Not only have they not played
catch-up, they have hardly developed at all (nor shown much interest in, or
inclination to, develop) along the lines obvious to anyone with a few clues
about how known virus scanning works and what is necessary to have a
reasonably competent, by late-90's standards, scanner.

The reason is (largely) because there are enormous problems, from an open
source perspective, for the potential developer of a new virus detection
engine, to overcome.

Virus wrtiting and Antivirus design is offered as electives in various
universities.

And these courses are (with about two or three notable exceptions) offerred
by academics with as much clue about what the antivirus problem is and how to
tackle it as the implementors of Open AntiVirus, Clam, etc clearly have.

The virus definitions a certainly available on the net. They are all over
the place along with the viruses.

Excuse me?

You have no idea how modern (i.e. not ClamAV, not OAV) virus detection
engines work, do you?

There is very little "virus definition" information available on the net,
short of reverse engineering a detection engine and its "virus definition"
database, but if you can do that _AND_ get meaningful virus detection
information for your own engine, you would almost certainly have the skill
and knowledge to be able to design your own engine from the ground up.

That's how most av companies get them. All the av companies do is develop
signatures for them for recognition.

Are you confusing "virus samples" with "virus definitions"? I guess if your
mindset of virus detection is "grep on steroids" then I can see how you
could make such a naive mistake...

Anyway, there are open source av projects out there.
openav
clamav, clamwin
softlabsav
Perhaps not as popular because possibly people and developers don't know
about them.

And they all suffer basically the same problems (as they are really based
on the same engine).

Using someone else's definitions is out of the question because they
wouldn't give it up to a competitor. How do you explain the 300 or so other
av companies out there? I'm quite sure they don't share too much considering
they are in direct competition. Not all of them are as big as MacAfee and
Symantec. I'm sure that some only consist of a few people that actually are
core developers.

We do share samples, all the time. The marketeers won't tell you that,
but the virus analysts at all the major AV companies spend a great deal of
effort developing and maintaining strong trust relationships with other
analysts. This eases sample acquistion between companies...

If there are rouge virus writers can write tiny programs that open
connections on your computer and connect to thousands of other computers and
all be controlled remotely and decipher passwords and turn on cameras [even
drink the beer from your fridge ] while bouncing of an other thousand
computers to make tracing impossible, I'm sure there are people out there
that can write a program that looks for signatures in application and email
attachments.

Ahh yes, you clearly suffer the "virus detection == signature scanning"
mindset...

 

[Syncme]

Not sure either but i would think its more different than more complex.

I'd side with Frederic (and indirectly with Kurt, from his comments
elsewhere
in this thread) -- the internal complexity of modern virus detection
engines
(this does not include Clam's engine -- it is decade-plus old technology
only)
puts them amongst the most complex of software development projects.

A further comment I'm surprised Kurt and Frederic did not make here...

The projects "Syncme" offers as examples of the open-source community
dealing
with large, presumably rather complex, development projects are examples
of
products that have grown "organically". Both were started many years
ago --
one, just a few years after the first AV engines were started. They have
had
many years to develop along with the increasing sophistication and
complexity
"expected" of them. However, whilst Linux and Apache are both good
examples
of "state of the art" projects, there status, as such, is largely
dependent on
the fact that both "grew up" with the needs and developing interest in
such
products. The world (well, important parts of it) was "ready" for a
cheap,
reliable, Unix-ish, POSIX-ish (maybe) OS when Linux started (well, shortly
thereafter actually and after Linux had developed "enough" to show it
(probably) "had the right stuff". Ditto the "need" for a cheap, reliable
web
server (recall that although Netscape gave away its browser for personal
(and
education?) use, it charged like a wounded bull for its web _server_)
neatly
matched the genesis and early development of Apache.

Antivirus software is quite different. Depending where in the corporate
pile
you are, there has been a strongly felt "need" for AV software for more
than
a decade; it almost became a critical, "must have" item with the arrival
of
macro viruses and became essential with the arrival of the mass-mailers.
Open Antivirus, Clam, et al. came late to this party (long after the
"need"
had been filled), so would have had to play serious catch-up if they were
to
become the Linux or Apache of the AV world. Not only have they not played
catch-up, they have hardly developed at all (nor shown much interest in,
or
inclination to, develop) along the lines obvious to anyone with a few
clues
about how known virus scanning works and what is necessary to have a
reasonably competent, by late-90's standards, scanner.

The reason is (largely) because there are enormous problems, from an open
source perspective, for the potential developer of a new virus detection
engine, to overcome.

Virus wrtiting and Antivirus design is offered as electives in various
universities.

And these courses are (with about two or three notable exceptions)
offerred
by academics with as much clue about what the antivirus problem is and how
to
tackle it as the implementors of Open AntiVirus, Clam, etc clearly have.

The virus definitions a certainly available on the net. They are all over
the place along with the viruses.

Excuse me?

You have no idea how modern (i.e. not ClamAV, not OAV) virus detection
engines work, do you?

There is very little "virus definition" information available on the net,
short of reverse engineering a detection engine and its "virus definition"
database, but if you can do that _AND_ get meaningful virus detection
information for your own engine, you would almost certainly have the skill
and knowledge to be able to design your own engine from the ground up.

That's how most av companies get them. All the av companies do is develop
signatures for them for recognition.

Are you confusing "virus samples" with "virus definitions"? I guess if
your
mindset of virus detection is "grep on steroids" then I can see how you
could make such a naive mistake...

Anyway, there are open source av projects out there.
openav
clamav, clamwin
softlabsav
Perhaps not as popular because possibly people and developers don't know
about them.

And they all suffer basically the same problems (as they are really based
on the same engine).

Using someone else's definitions is out of the question because they
wouldn't give it up to a competitor. How do you explain the 300 or so
other
av companies out there? I'm quite sure they don't share too much
considering
they are in direct competition. Not all of them are as big as MacAfee and
Symantec. I'm sure that some only consist of a few people that actually
are
core developers.

We do share samples, all the time. The marketeers won't tell you that,
but the virus analysts at all the major AV companies spend a great deal of
effort developing and maintaining strong trust relationships with other
analysts. This eases sample acquistion between companies...

If there are rouge virus writers can write tiny programs that open
connections on your computer and connect to thousands of other computers
and
all be controlled remotely and decipher passwords and turn on cameras
[even
drink the beer from your fridge ] while bouncing of an other thousand
computers to make tracing impossible, I'm sure there are people out there
that can write a program that looks for signatures in application and
email
attachments.

Ahh yes, you clearly suffer the "virus detection == signature scanning"
mindset...

I'm not a programmer or really understand the innerworkings of a virus or Av
engine. I'm not saying I can do it or even know where one would start,
however I find it hard to believe that it wouldn't be possible.