Comments on: Who Needs Antivirus Anyway? http://www.tonybradley.com/2007/09/who-needs-antivirus-anyway/ Computer Security In Plain English For Normal People Wed, 03 Mar 2010 17:29:50 -0600 http://wordpress.org/?v=2.8.4 hourly 1 By: Eric Kumar http://www.tonybradley.com/2007/09/who-needs-antivirus-anyway/comment-page-1/#comment-30 Eric Kumar Fri, 02 Nov 2007 04:39:10 +0000 http://tonybradley.com/?p=23#comment-30 Hi Tony, just stumbled upon your blog via google search. Interesting post... so I stopped by to comment. I think AV software (or anti-malware software) is an essential component and one of the many "defense in depth" strategies in order to protect computers, no matter how secure the OS "seems" to be. In the end, OS or other security products are still software - which means they are buggy, breakable and penetrable. Always better to have a layered defense, one of the components being an AV software. In spite of all protection, the average computer user is still fallible due to their own stupidity or intellectuality, widely because the average user does not take computer security seriously. I recently posted a blog entry about this on my blog. Please visit if you get a chance: http://fightmalware.blogspot.com/2007/10/average-computer-user-and-computer.html Regards, Eric Kumar Hi Tony, just stumbled upon your blog via google search. Interesting post… so I stopped by to comment. I think AV software (or anti-malware software) is an essential component and one of the many “defense in depth” strategies in order to protect computers, no matter how secure the OS “seems” to be. In the end, OS or other security products are still software – which means they are buggy, breakable and penetrable. Always better to have a layered defense, one of the components being an AV software.

In spite of all protection, the average computer user is still fallible due to their own stupidity or intellectuality, widely because the average user does not take computer security seriously. I recently posted a blog entry about this on my blog. Please visit if you get a chance:
http://fightmalware.blogspot.com/2007/10/average-computer-user-and-computer.html

Regards,
Eric Kumar

]]> By: Tony Bradley http://www.tonybradley.com/2007/09/who-needs-antivirus-anyway/comment-page-1/#comment-10 Tony Bradley Thu, 27 Sep 2007 21:51:35 +0000 http://tonybradley.com/?p=23#comment-10 My post essentially agrees with your points, I think. I do think that antimalware is more or less dysfunctional and that the reactive model is broken. I do think that those who DO know what they're doing can stay safe and clean without antimalware. However, the vast majority don't know what they're doing, and having AV- even if it does only protect against outdated issues from yesterday- is better than not having any antimalware for those users. My post essentially agrees with your points, I think. I do think that antimalware is more or less dysfunctional and that the reactive model is broken. I do think that those who DO know what they’re doing can stay safe and clean without antimalware. However, the vast majority don’t know what they’re doing, and having AV- even if it does only protect against outdated issues from yesterday- is better than not having any antimalware for those users.

]]> By: Securasys http://www.tonybradley.com/2007/09/who-needs-antivirus-anyway/comment-page-1/#comment-9 Securasys Thu, 27 Sep 2007 21:02:28 +0000 http://tonybradley.com/?p=23#comment-9 Hey Tony, I just posted a comment on Steve's article and I have to say I dont necessarily agree with this point. I do understand the issue of common sense, security awareness and how that definitely helps, but bottomline I think AV is a useful tool that forms a building block of overall security defenses. Perhaps the issue here is that AV needs to mature a bit with regard to some of the new threats that are currently being seen on the web, but AV acts as another set of "eyes and ears" on your system. My view of it is similar to airport security - when was the last time someone tried to sneak an assault rifle on a plane in the last 3 years? We do have police at the airports and the public in general is pretty aware of the terrorist threat... so maybe we should just do away with metal detectors? - Hmmm, probably not. Of course - AV is not this crucial unless of course you're using a windows based machine for air traffic control programs or maybe your doctor is using a network connected Windows machine to help you recover from a heart attack. The fact is that hospitals also deal with the issue of worms, viruses and have a huge need for a blended approach to security. (http://www.networkworld.com/news/2004/080904patchfights.html) AV definitely needs to stay included as a security tool on the workstations until a better approach is found. Dont get me wrong Tony - I'm all for security awareness but removing AV just because I feel I know enough to protect myself - not only sounds a little arrogant, but its probably not the best in security practices. Just my two cents... Jesse Valentin www.securasys.net Hey Tony,

I just posted a comment on Steve’s article and I have to say I dont necessarily agree with this point. I do understand the issue of common sense, security awareness and how that definitely helps, but bottomline I think AV is a useful tool that forms a building block of overall security defenses.

Perhaps the issue here is that AV needs to mature a bit with regard to some of the new threats that are currently being seen on the web, but AV acts as another set of “eyes and ears” on your system.

My view of it is similar to airport security – when was the last time someone tried to sneak an assault rifle on a plane in the last 3 years? We do have police at the airports and the public in general is pretty aware of the terrorist threat… so maybe we should just do away with metal detectors? – Hmmm, probably not.

Of course – AV is not this crucial unless of course you’re using a windows based machine for air traffic control programs or maybe your doctor is using a network connected Windows machine to help you recover from a heart attack. The fact is that hospitals also deal with the issue of worms, viruses and have a huge need for a blended approach to security. (http://www.networkworld.com/news/2004/080904patchfights.html)

AV definitely needs to stay included as a security tool on the workstations until a better approach is found.

Dont get me wrong Tony – I’m all for security awareness but removing AV just because I feel I know enough to protect myself – not only sounds a little arrogant, but its probably not the best in security practices.

Just my two cents…

Jesse Valentin

http://www.securasys.net

]]>