I scribed yesterday on Bruce Schneier’s theory the that the security industry only exists to compensate for the shortcomings created by culpable IT programming standards. Today, I encounter a subtle demonstration of why Schneier has a point.

I ran a routine scan on a laptop using a Webroot’s Vista-capable Spy Sweeper, using a custom scan list that includes certain types of files but not others. I thought I’d erred on the side of speed by excluding most types of compressed archive, as well as other assorted files I’m willing in my pathetic complacence to trust won’t be used to sneak malware onto the Vista machine in question.

The scan took an astonishing two plus hours, or thereabouts, which baffled me. In fact, the REAL scan took about 30 minutes, and was extended into processor-crunching inconvenience by the programme’s determination to scan the directories associated with a single application – AOL’s IM suite.

(and, yes, before the question forms, I need to have that on my PC because it is a standard application at US publishing house IDG, publishers of Techworld).

The files that caused problems were labelled .PAK, a compressed file format. Webroot obviously hates and mistrusts them, and who can blame it. AOL leaves tens of thousands of these on a hard disk, out of a program total north of a staggering 127,000 files. I’m not going to blame Webroot, however, because it’s not clear to me why AOL has to land so many files, compressed or not, on my hard disk just to give me a single P2P application.

AOL has a reputation for the lazy, crass liberties it takes with people’s hard disks, and has rightly acquired a bad image. This is one that annoys me intensely. I can, of course, exclude the .PAK files in future scans, but if enough people do that the malware writers will have a fat target to aim at.

The industry would be more secure if companies such as AOL didn’t abuse computer users in this way.