Are anti-virus programs actually useful?
It may sound like heresy but more and more voices are being heard that claim anti-virus software is not worth much. I have myself written some time ago about the inadequacies of the classical reactive methods of recognizing malware. Although I have anti-virus software, I use it only for periodic checks and do not let it run in the background. But I also do a number of other things to avoid malware.
Over a year ago George Ou wrote:
A few months ago I declared: “It’s time to toss out your (desktop) antivirus software!” As far as I was concerned, running desktop antivirus software was a liability in and of itself because “Running antivirus on a personal computer is like having the bomb squad inspect a suspicious package inside the house right next to you.” The effectiveness of antivirus software is also questionable since it won’t work at all for zero-day exploits that haven’t been updated yet.
In another blog at about the same time Amrit Williams proclaimed Anti-virus is Dead!:
Signature based AV isn’t protecting anyone anymore, it certainly wasn’t providing any protection against spyware or some of the nastier threats that have popped up recently. It didn’t stop blaster, or sasser, or slammer, it did nothing to help choicepoint, or the VA or the orgy of disclosure we have all become numb too. It was running happily along, updated and content on my mom’s machine when it turns out her Windows XP box was infected with some pretty nasty bits.
Noting Williams’ comments, Ryan Naraine wrote:
This is the security industry’s worst-kept secret, of course. For me, the Sony BMG rootkit drama was the final nail in the AV coffin. That episode wasn’t so much about copy protection or Sony’s greed. It was about the rank incompetence of the anti-virus sector.
The spyware guys are having a field day playing — and winning — cat-and-mouse with AV vendors. Quick spam run with a new Trojan; sit back and watch the AV guys scramble to ship signatures; tweak the code, send another spam run, watch and giggle as another round of .DAT files get built; repeat, rinse, dry.
By the time the AV vendors send out their gushy press releases hailing another blocked virus, the botnets are replenished and the cycle repeats itself next month.
Today. Naraine posts:
Amidst growing chatter that the anti-virus/anti-spyware market is gasping for air, a veteran virus fighter says desktop security products must add new protection mechanisms to keep pace with aggressive online criminals.
Eugene Kaspersky, founder/CEO of 10-year-old Kaspersky Lab, says next-generation anti-malware products will have to combine whitelist/blacklist approaches with HIPS (host intrusion prevention system), sandboxing and virtualization to provide what he calls “hybrid protection†for desktops.
Sounds like what I wrote several years ago when I began an article with:
Ways to secure computers against malware that are different from the standard reactive methods presently used are discussed. The methods include roll-back software, virtual machines, sandboxes, and behavior sensing.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.