daveinpoway
Premium
join:2006-07-03
Poway, CA
| Is Antivirus Software Dead?
Always-on Internet connectivity is keeping malware concerns alive and well. We examine whether antivirus software is up to the task, or whether it's a security solution of the past:
»www.informationweek.com/news/sec···ily_html |
|
Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
| Good article, txs. 
AV software wasn't and will never be dead. But comparing with the past, today's importance decreased. Malware evolve incredible fast and a traditional AV isn't developed to combat certain (new) malware nor will be able to deal with it (anymore), anyway, many times. Today, an AV is part of a multi-layered defense approach, neither more nor less. So an AV is still important AS PART of a defense strategy. Besides, the user should also take advantage of the build-in security features of an OS (and don't try to deactivate them like e.g. now happen in Windows 7...). Important: OS and program updates should always be installed asap. And, most important: user's common sense.
--
Smokey's Security Forums »www.smokey-services.eu/forums/
Smokey's Security Weblog »smokeys.wordpress.com/
Official Jetico Inc. Support Forums »www.smokey-services.eu/ |
|
mysec
Premium
join:2005-11-29
| reply to daveinpoway
It seems like each year something like this appears. Here are some from my notes:
Anti-Virus Is Dead, D-E-A-D, Dead!
2006
»securitywatch.eweek.com/virus_an···ead.html
The decline of antivirus and the rise of whitelisting
June 2007
»www.theregister.co.uk/2007/06/27···tivirus/
Is Desktop Antivirus Dead?
2008
»www.pcworld.com/article/130455/i···ead.html
regards,
-rich |
|
Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
| said by mysec  :Anti-Virus Is Dead, D-E-A-D, Dead! 2006 OMG!!! We are doomed!!!   |
|
daveinpoway
Premium
join:2006-07-03
Poway, CA
| reply to Smokey Bear
Yes, signature-based anti-malware can't be updated fast enough to keep up with the bad guys. The solution would appear to be heuristics, but, so far at least, that technique has not done a very good job in real-world testing. Hopefully heuristics will eventually develop into a serious defense. |
|
Mele20
Premium
join:2001-06-05
Hilo, HI | Behavioral HIPS is also the "solution". At least, that is what many AV vendors think. |
|
SUMware
Premium
join:2002-05-21 | reply to daveinpoway
There exist many superb operating systems where AV is unnecessary and irrelevant.
Actually, only Windows requires it. |
|
Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
| said by SUMware :There exist many superb operating systems where AV is unnecessary and irrelevant. Actually, only Windows requires it. Examples of 'superb' OS's?
--
Smokey's Security Forums »www.smokey-services.eu/forums/
Smokey's Security Weblog »smokeys.wordpress.com/
Official Jetico Inc. Support Forums »www.smokey-services.eu/ |
|
KodiacZiller
join:2008-09-04
73368
| said by Smokey Bear :said by SUMware :There exist many superb operating systems where AV is unnecessary and irrelevant. Actually, only Windows requires it. Examples of 'superb' OS's? I am sure he is talking of the Unix variants. And I agree with him. They do not and never have needed AV because of the way they are built.
However, even on Windows, AV isn't necessary if one uses the "whitelisting" approach, and with the emergence of AppLocker this is easier and more effective on Windows than ever. There are also things like MAC and HIPS which can further fortify a 'doze install. |
|
SUMware
Premium
join:2002-05-21
3 edits | reply to Smokey Bear
said by Smokey Bear :said by SUMware :There exist many superb operating systems where AV is unnecessary and irrelevant. Actually, only Windows requires it. Examples of 'superb' OS's? As KodiacZiller indicated, all the *nix flavors, BSD flavors, Solaris, OS X, probably Google Chrome OS, the mobile flavors of them, etc. Again, everything except Windows!  |
|
Tuulilapsi
Kenosis
join:2002-07-29
Finland
| reply to SUMware
Not that even Windows requires it. Merely a certain mass of Windows users require it, and some don't. I certainly don't run any AVs on Windows any more than I do on Linux, nor do I need other security software or even whitelisting for that. It doesn't take much. Just engage brain, use a limited user account and don't execute random files. Drive-by exploits? Fat chance of those happening with an up-to-date browser & plugins and reasonable settings (there's really no reason why ihackj00.cn should be able to run javascripts and Flash vids without your permission). If you want to go whitelisting, then that'll make things so easy you can do even rather idiotic things and just get away with it.
As for AV being dead, surely not. It'll live on as long as folks are willing to pay for it, and it really doesn't matter much how useful or not it is, as long as people pay for it, it will stay alive. Right now, AVs are of limited usefulness against new malware in my experience, and of decent usefulness against some older malware. Overall, most Windows users should run an AV to provide some protection against their insecure computing practices (Like running some random file without knowing what it is and who made it - would the average Unix user do that?), but not trust it to save them from anything. Problem is, if someone actually bothered to make malware for anything that isn't Windows, and the average Windows user used those systems, many of them would infect themselves just fine due to the miracles of social engineering and human stupidity. And if they found a system so "secure" that no new code at all could execute no matter what, then they'd just give out their email and Paypal and banking account credentials in the first phishing scam they see.
In the end, the users being clueless is a much larger problem than software being insecure. That is, if you ask me, and who does? 
--
Limited User Accounts.
Software Restriction Policies. How about the short version? |
|
EGeezer
Summertime -
Premium
join:2002-08-04
Country!
 ·Callcentric
 ·RoadRunner Cable
·AT&T CallVantage
1 edit | reply to daveinpoway
As I'd mentioned in my inadvertent dup post, it's probably one of the best general reading articles on the subject. Anyone who hasn't read the entire article should do so and consider all points in the context of the whole article.
Despite some implications here, the author doesn't declare AV programs dead, but rather in need of continuous improvement to reflect changing threat environments. He also cites the need for OS and application vendors to do the same.
The OS and application vendors need to design security as part of the product functions, not as an afterthought or add-ons when the stuff starts hitting the fan. What's "safe" today may not be "safe" tomorrow, and user complacency is probably as big an issue as technical vulnerabilities.
--
The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis |
|
