Antivirus software -- who needs it?
In the newsgroups a few weeks ago, someone asked about which anti-virus software is best for experts. This is a really curious question. I've been involved in computer security -- as a practitioner, a consultant, and an instructor/speaker -- for several years. I feel fairly confident in calling myself an expert. I don't run anti-malware on any of my own computers. Why not? It's simple: I know what to click and what to skip, what to visit and what to avoid. I have control over what I choose to open, what I choose to load, and what I choose to run. And yeah, before the question arises, every four months or so I run a scan, and I've never gotten infected with anything.
Now don't think that I run totally naked (the other residents of my house probably would object, and I shudder to imagine how hot the laptop would feel then, haha). Because there's no way to control what someone else might throw at my Ethernet port, I do run the Windows firewall. I also run with UAC enabled because I want IE's protected mode, but I configure the policy to elevate without prompting.
Am I saying that anti-malware is useless? Absolutely not. In many instances, and for many people, it's still necessary. But we can't ignore the fact that malware is getting more sophisticated. Nor can we ignore the fact that, as I have this conversation with other security experts and similarly-minded folk, I often ask this question: "When's the last time your antivirus or antispyware detected anything?" Invariably, the answer is, "Never."
Comments
Anonymous
January 01, 2003
An  interesting comment recently appeared on my older post about whether or not to use antimalwareAnonymous
January 01, 2003
By Steve Riley Senior Security Strategist Trustworthy Computing Group, Microsoft Corporation (originallyAnonymous
January 01, 2003
The comment has been removedAnonymous
January 01, 2003
Have you ever tried feeding something you wrote into an online language translator, then doing it a secondAnonymous
January 01, 2003
Ah, "defense in depth." Eric, please don't take this personally at all -- however, I hate that phrase! It's been so overused that it's lost its meaning. I avoid it now completely... Anyway, back to the idea at hand. Anti-malware is just one of many many choices we all have when it comes to securing our systems. But before making any choices, we must first understand the risks each of us faces and also have a feel for our individual "risk tolerances." Not every security feature is good. And not every feature needs to be used by everyone. For example, I have long been recommending that folks not use account lockout, because it creates more risks than it alleviates, and you can satisfy the supposed threat by using long passphrases. Just because a security feature exists, does it have to be enabled or used? Nowhere have I said that avoiding anti-malware is good for everyone. I said that I don't use it on my own computers because I am addressing the malware threats in other ways. And, as I wrote, it's working for me: I've avoided infections in all my machines for as long as I've been in computing (hint: who remembers the S-100 bus? haha) Remember this important fact: for every threat, there are multiple mitigations. What works for one person might not work for someone else. It all comes back to building your own risk profile and understanding which threats you are vulnerable to (and which you can ignore).Anonymous
January 01, 2003
A few days ago, I wrote a brief post about my non-use of antivirus software on my own computers. A numberAnonymous
September 23, 2007
Agreed. Don't run as admin and surf the web. Antivirus won't do anything for you, no matter how up-to-date it is, if you click on every single link and run application you download.Anonymous
September 23, 2007
How can I configure UAC to elevate without prompting? Please help, Thank youAnonymous
September 23, 2007
Remo, check out the documentation on technet2: Windows Vista User Account Control Step by Step Guide http://technet2.microsoft.com/WindowsVista/en/library/0d75f774-8514-4c9e-ac08-4c21f5c6c2d91033.mspxAnonymous
September 23, 2007
The point is well taken that malware's capability has outstripped AV software, but nonetheless I think you should always run AV - even software from reputable sources has been known to ship, inadvertently, with malware.Anonymous
September 24, 2007
Windows comes with malware included, even if you don't consider Windows to be malware. Install a fresh copy of windows and then you run adaware without connecting to the internet and it will detect malware right away.Anonymous
September 25, 2007
Agreed. I find that running as a limited user offers plenty of protection when you know what to avoid, and software restriction policies give a little more peace of mind when sharing your system with others.Anonymous
September 25, 2007
> "When's the last time your antivirus or > antispyware detected anything?" Invariably, > the answer is, "Never." Hey - you folks tell me from time to time, that the fact, that my antivirus won't find anything does not mean that there isn't anything... With this in my mind, I don't understand the above question.Anonymous
September 26, 2007
The comment has been removedAnonymous
September 27, 2007
The comment has been removedAnonymous
October 02, 2007
The comment has been removedAnonymous
November 02, 2007
The comment has been removedAnonymous
November 11, 2007
The comment has been removedAnonymous
November 23, 2008
i think every computer user need it.Anonymous
January 04, 2009
The comment has been removedAnonymous
January 09, 2009
The comment has been removedAnonymous
April 12, 2009
i think antivirus is must otherwise it will damage yours pc, may be as some say with sandboxie and other virtualisation tools youmay be safe even returnil sometime hacjks then i think if no antivirus then widos steady stse on is a ghood option