Joe,

I've been in the software industry for the last 15 years and would consider myself an expert in all things software. However, I really don't understand what your beef is.

To give you an example, my parents have had a computer for the last 4 years. Until recently, the haven't had a Virus Scanner on their (Windows)PC and I only installed it for them recently because they've asked me to.

They've been using their PC to surf the Net and send/read email, they've installed software on it (based on my recommendation) and they manage their photos with it. They really aren't very computer savvy, however, I've given them a set of basic rules that they follow, in order to avoid running into any malware.

After installing the VS, I did a quick scan just for the heck of it. As expected, it came up finding nothing. Call me lucky but I've seen the same result with my own (private) computers over the years.

My point is that scanners only kick in when it's too late anyway. Education, however, will (successfully) prevent you from running into problems in the first place. Maybe that's what your friend's tinking ...

Heiko.

Heiko is right, i know plenty of IT managers that dont use anti-virus. They dont open email attachments or use P2P networks, and never have a problem. Most of the time a virus scanner is really helpful at telling you that you have a virus, but pretty weak when it comes to removing it.

Heiko, Matt,

There was no security software on this computer of any kind. Would you react differently if I said that his wife visited sites like AllofMP3.com?

What if her computer became infected with a keylogger and he used that PC to access his corporate network?

Thanks,

Joe

It just seems like a virus should not be able to run in the first place on a well-designed system. In a perfectly designed system, AV software would not need to exist even if users used p2p networks and other virus infested places. When you consider the number of viruses on windows compared to the number of viruses on mac/linux, it makes you realize how much this is true. I guess I would never pay for AV software. It just seems like I'm paying for something I shouldn't have to have anyway. I'll use free AV software though, but it annoys me.

Phil

I must agree with Heiko and Matt. My own desktop has no antivirus [just Zonelab's firewall]. My wife's laptop computer came with Norton Antivirus preinstalled. She just does office stuff with it. No MP3, no warez no scene. Two months after buying it the protable started to come out of hybernation for no reason at all. Norton Antivirus could not find anything wrong with it even after downloading all updates. After some digging with sysinternals' utilities I found an keylogger that has been modified by somebody, just enough that it would not be recognized by AV software. I downloaded Panda and MCafee and neither one of the products found anything wrong with the computer. I had to remove the keylogger by hand from the recovery console.
Two days later, Norton Antivirus asked me if I wanted to renew the subscription for just $60. I answered by uninstalling.

AV software is always a step behind viruses, just because of the way it is written. Slows down your computer and that's it.

Security needs to come from the application and, as Joe said from people themselves that have to maintain good security habits; change passwords often, keep passwords separate, practice safe browsing, get a good email client that does not launch just everything (Opera is my favorite).

Security software often gives you a false sense of safety when it really does not protect you. And more often than not can be exploited to gain access to your computer, thus creating a new entry for malware.

Joe, have to disagree with you about your view on AV software. AV companies are nothing but scaremongers when it comes to educating the public about the threat of viruses. I stopped using AV software years ago because I found it to be of no use whatsoever if you ever DID get infected by a virus. Subsequent tests using different AV software and a selection of virus variants I manager to acquire enlightened me to how poor AV software is at removing the virus from an infected machine. Frankly AV software isn't worth the resources it consumes.

The best form of defence against viruses is plain common sense. Then I wouldn't browse then internet using Internet Explorer - EVER! I also ensure I perform regular backups. I also have a hardware firewall on the router and a software firewall on the systems. Finally I also install a good HOSTS file.

If people get a virus or a trojan from looking for pirated warez off a p2p site then no AV software in the world is going to save them. It might warn them, but by then its too late anyway and a reformat is all that's going to save them.

If your not visiting dodgy websites or downloading warez or opening email attachments you never requested why on Earth do you need AV software?

Horse. Stable. Gate. Bolted.

With all due respect, the previous posters are missing the point.

Antivirus software is one part of a defense in depth strategy in today's computing environment. Along with keeping all installed software updated (patching), running as a non-admin, and practicing safe computing, antivirus is another layer of protection in that strategy. Take away one of the layers and a system is not as secure as it otherwise could be.

Is your home safer from intrusion by having the doors locked? How about the windows? How about a burglar alarm? How about fire protection (smoke alarms, etc.)? They are all part of the equation and each adds to the level of protection.

Any IT Admin worth his salt understands this. Obviously, many like this IT Manager don't have a clue.

All in all, it's about risk management and taking steps to mitigate those risks.

AV software is one of several layers of protection. Educating users, and staff is another. I recall a user calling me into her office for my opinion on if she should open an email attachment out of curiosity.

I told her if she didn't know the sender, and she didn't request it, not to open any email if she didn't know the source.

This was my first realization that many people are not security savvy when it comes to computers..."ooooh, 'click'"

The other disturbing thing is the IT manager took no interest in security either. With a 150+ Netware/Windows environment there were no policies, or systems in place for applying patches/updates centrally. A user could turn on/off automatic updates, some weren't sure if they should apply the updates, and some didn't want the updagtes...and everyone had admin privileges.

I admit that I introduced a worm into the network from an unchecked laptop...wasn't thinking, ouch!

The calls came it, but it was quickly contained. The worm infected about ~10-15% of the computers, because although I was discouraged from spending extra time on 5 minute trouble tickets, I patched every system I visited.

The firewall couldn't stop inside attacks.

I learned a hard lesson. I'm all for layers of security which includes training staff, and users.

Just because anti-virus software isn't perfect is no reason to go without it. Those who complain of it slowing down their system should keep in mind how slow their system will be with a bunch of malware in place. They should also research the vendors, as there are several who are much less onerous and more effective than the old stalwarts.

So far as Macs go, the only widely available AV tool is Symantec, and it causes more problems than it solves (in my experience anyway). I wish some of the better AV providers (are you listening, Kaspersky and Trend?) would provide consumer level versions for OS-X.

It seems to me that having AV software tends to make people complacent. Perhaps this is the reason why the my.doom and blaster worms had not affect on me (without my AV software), yet decimated my friends systems (who did).

Besides, AV software is only as good as its virus signatures. Unless your connected to your AV company by an umbilical cord your always going to be at risk of viruses anyway. And your AV company isn't going to be the first place a Virus writer is going to send his wares.

Besides, no amount of AV software will stop social engineering.

A good defense is a layered defense. The problem is : how much system resources are you going to use in preventing/fixing a malware attack? Most AV today suck at removing malware and are resource hogs. You don't get value.
I added a layer by putting a firewall enabled all-in-one modem/router/switch/WiFi on the system.
Then we have the ZA incompatibility issue on the system. Lets face it, vendor products do not play well together. When that happens, the end-user either spends time on the phone or chucks the software.
Make it convienient for the end-user to use ( ideally, transparent ) and the end-user will use it.

Joe, just because someone doesn't like bloatware doesn't necessarily mean (although it can) that they're an irresponsible user. I've been a daily online computer user for two decades and I've never in my life used anti-virus software, or a client firewall, and I run anti-malware and anti-adware software at most once a year. And yet I have *never* had one of my many dozens of computers infected with a virus, malware, trojan, or botnet client, nor do I need to "R"e-install my systems except when they're brand new. Really it all comes down to common sense.

I don't install software unless it's from a trusted source, and I avoid like the plague any software that sounds too good to be true. I don't use IE or a POP3 e-mail client, I long ago added a simple hardware firewall between my LAN and the internet, and I keep my systems current with patches. It's truly amazing how many layers of electronic bloatware protection can be replaced by a little bit of education and common sense. I'm not sure if your friend was an idiot or a savant, but it's incorrect to assume that just because someone doesn't run A/V software that they must be a fool.

First, I quit using Norton AV in 2001 because it was such a resource hog. I then switched to Panda, which I keep up to date. There are two AV vendors that I do not recommend and they are Norton and McAfee because these programs are not only resource hogs but they are know for creating problems for users.

I have been impressed with Kaspersky and I am planning on trying it out on one of my computers, when my AV expires. Kaspersky includes all forms of malware (Spyware, etc.) in their AV package.

I endorse the layered approach to security, educating users and deploying best practices.

As a member of a non-profit group, I discovered with horror that our system administrator had decided that our servers didn't need either a hardware firewall or AV or any security. Both of these servers were connected to the internet's backbone and lo and behold both were infected. Our newest server had to be completely rebuilt.

For the people who say that they don't need AV or security measures because they have never been infected, I would ask them these questions.

Would you go without homeowners insurance because you have never had a fire or a break-in in your home? Same goes for health insurance and car insurance?

If these network administrators - CIOs felt that they could lose their jobs because of their security practices, I bet that some of them would clean up their act super fast. Sooner or later, these bad practices may very well cost them their jobs.

BTW, all computers (including Macs) should have security software installed and users should be educated as to security best practices.

For most home systems, splitting OS, software, and data to different drives/partitions and keeping known good backups is a better (cheaper, faster, easier) solution than using AV or malware detection.

Most home systems get set up and rarely get new software added. If you are going to add new software, restore your OS/software backups, install the new software (preferably while off-line) and make new backups. With a disk-based backup system this is not even terribly time consuming.

If your system starts acting up, or you suspect a problem, restore everything.

The hard part is ensuring that data is kept separate and backed up regularly.

This would probably work well in most corporate environments also, but the logistics might be a problem.