Who Needs Antivirus Anyway?
Well, actually, I believe the answer is “most people”. But, that is more a commentary on their level of information security savvy and common sense than a fear of the malware itself. Antivirus, which has now evolved in most cases to a multi-faceted antimalware suite to protect against viruses, worms, spyware, spam, phishing and more, is accepted as default essential for home computer users and enterprise desktop systems alike. However, as Steve Riley points out in this blog post, computer professionals who have some common sense and show some discretion, mixed with just an ounce of information security knowledge, don’t really need the extra protection. Steve is not the only security expert I have met that feels that way either. The fact is that antimalware software eats system resources and may impact the overall performance of your system. In extreme cases, it may even cause conflicts and system crashes.
One of the biggest problems with antimalware, however, is its reactive nature. While most products provide some sort of heuristic detection designed to catch new threats based on characteristics of previous known threats, it generally misses much more than it catches. So, the net result is a system where you are constantly updating your software to protect yourself against yesterday’s threats, but with no real protection against the threats of today or tomorrow.
As Steve points out in his blog, some of the other security controls built in to Windows Vista, such as UAC (User Account Control), Internet Explorer Protected Mode, WIC (Windows Integrity Control), and more provide more proactive security against malware and other threats without the need for constant updating. Using the security controls provided in Vista, and a little common sense, savvy computer users don’t really need antimalware protection.
Still, even the Windows Security Center in Vista will display as Yellow and warn you that your system is less than secure if you are not running a recognized antivirus product. The bottom line is, I agree with Steve when it comes to me, him, or other information security professionals. But, I think that the majority of home users and enterprise desktop users still benefit from having the antimalware software running to act as a little “digital common sense”.
September 27th, 2007 at 9:02 pm
Hey Tony,
I just posted a comment on Steve’s article and I have to say I dont necessarily agree with this point. I do understand the issue of common sense, security awareness and how that definitely helps, but bottomline I think AV is a useful tool that forms a building block of overall security defenses.
Perhaps the issue here is that AV needs to mature a bit with regard to some of the new threats that are currently being seen on the web, but AV acts as another set of “eyes and ears” on your system.
My view of it is similar to airport security – when was the last time someone tried to sneak an assault rifle on a plane in the last 3 years? We do have police at the airports and the public in general is pretty aware of the terrorist threat… so maybe we should just do away with metal detectors? – Hmmm, probably not.
Of course – AV is not this crucial unless of course you’re using a windows based machine for air traffic control programs or maybe your doctor is using a network connected Windows machine to help you recover from a heart attack. The fact is that hospitals also deal with the issue of worms, viruses and have a huge need for a blended approach to security. (http://www.networkworld.com/news/2004/080904patchfights.html)
AV definitely needs to stay included as a security tool on the workstations until a better approach is found.
Dont get me wrong Tony – I’m all for security awareness but removing AV just because I feel I know enough to protect myself – not only sounds a little arrogant, but its probably not the best in security practices.
Just my two cents…
Jesse Valentin
http://www.securasys.net
September 27th, 2007 at 9:51 pm
My post essentially agrees with your points, I think. I do think that antimalware is more or less dysfunctional and that the reactive model is broken. I do think that those who DO know what they’re doing can stay safe and clean without antimalware. However, the vast majority don’t know what they’re doing, and having AV- even if it does only protect against outdated issues from yesterday- is better than not having any antimalware for those users.
November 2nd, 2007 at 4:39 am
Hi Tony, just stumbled upon your blog via google search. Interesting post… so I stopped by to comment. I think AV software (or anti-malware software) is an essential component and one of the many “defense in depth” strategies in order to protect computers, no matter how secure the OS “seems” to be. In the end, OS or other security products are still software – which means they are buggy, breakable and penetrable. Always better to have a layered defense, one of the components being an AV software.
In spite of all protection, the average computer user is still fallible due to their own stupidity or intellectuality, widely because the average user does not take computer security seriously. I recently posted a blog entry about this on my blog. Please visit if you get a chance:
http://fightmalware.blogspot.com/2007/10/average-computer-user-and-computer.html
Regards,
Eric Kumar