It’s time to toss out your antivirus software - My ass

May 29, 2006

There’s been plenty of debate lately that maybe with the release of Windows Vista, we might be able to get away with not using antivirus on our computers. Well I’m about to make an even bolder assertion, that running antivirus or even additional third party security software such as firewalls on your computer makes you even less safe! Now before you start the flaming, hear me out first. [.continue.]

I am not that familiar with this so called expert George Ou, but I must take exception to most of his rambling. First Ou starts by saying antivirus programs are bad since ‘virtually every Antivirus vendor had their share of remote exploits’. This seems to be true with the link he gave. Curious as I am, I checked out the McAfee exploit since that is the product I use. There it is on March 17, 2005 a Library Stack Overflow for the engines prior to version 4400. The thing is version 4400 had been available since December of 2004. So yeah McAfee had an exploit and you would be vulnerable to it if you didn’t keep the software up to date. I really don’t know a piece of software where this would not be the case. Would this make all software programs bad that had exploits? If so, your choice of OS and programs would be rather limited.

The software firewalls are also bad because they also at some point had exploits. I have not seen any data but I am sure just with the antivirus programs that these programs have helped a hell of a lot more than they have hurt. This continues to be the case in my organization. You know seatbelts save lives, but they have also been the cause of deaths in accidents. Should we also stop using seatbelts because of a miniscule percentage of deaths?

Ou goes on to praise the Windows built in firewall since it ‘has never had any remote exploits’, yet. And he goes on to praise the firewall in Vista, an operating system that is in beta and probably won’t be out this year. I don’t use XP’s firewall and Vista is not out yet so I really don’t have an opinion on them.

Ou has owned personal computers for 15 years running Windows, so have I. Actually it’s been only 14 years, the first year I had a computer it was DOS only. Anyway Ou has never had a ‘virus problem’ in 15 years? Nor has ‘every expert’ he has talked to? This is where I have to call bullshit. In 15 years I find it very hard to believe someone working in IT has never had a ‘virus problem’. Either this guy doesn’t remember things or he has never had to support a dos/windows computer connected to a network or one that used any sort of removable disks.

‘I personally can’t stand the performance overhead and extra expense of third party security software and I simply don’t use them.’

Antivirus software and software firewalls just slow down the computer so much, please give me a break. My PC CPU is 95-99 percent idle as I type this. Any slow down you are sensing is in your head. Even if there was a miniscule amount of slowdown that’s not really noticeable would you not mind it since it offers you some protection? But maybe he is right. I can’t stand the time and expense of putting on a seatbelt when driving somewhere, especially since I have never had an accident problem anyway.

Ou goes on to touts Vista security features. Again we are talking about an Operating System that probably won’t see the light of day until 2007. Why should I be throwing away my antivirus for an OS that won’t be released until at least this winter?

But not all antivirus is bad according to Ou, we should be scanning at the gateway. Mail, ftp, http all scanned at the network edge. So now I need to have more devices between the lan and internet besides the firewall, load balancer and packetshaper, nice. But the extra equipment won’t scan floppy disks, USB drives, files transmitted over IRC, P2P, IM, etc. What about them? Apparently Ou’s stance is in Vista people won’t be running as admin, just as regular users and current virus’s won’t infect Vista running as a standard user.

Will the virus writers come up with ways around Vista’s security features? Of course they will. What then? Wait for a patch by MS? Virus definitions are updated daily. I would rather put my trust in software specialized at stopping virus’s then security features of an OS that may or may not work and might take a month to be patched.
What about environments where we are required to give users administrative rights? People that click icons and dialog boxes that don’t read them? I guess they are screwed.

Running antivirus on a personal computer is like having the bomb squad inspect a suspicious package inside the house right next to you.

There is your FUD. While this might scare the PHBs and computer illiterates to the rest of us this just makes you look like a scare mongering idiot. Antivirus programs protect you for that 1% of the time that something goes wrong and you end up with a virus. When that 1% happens 98% of the time antivirus does its job.

My philosophy has always been CYA and do it in layers. Virus scan on the mail gateway, mail servers, file servers and desktops. For the same reason people usually have more than one lock on their front door, if one link in the chain fails hopefully others will stop it.

But what do I know I am just a c list blogger, a network admin trying to keep 700+ desktops and servers running virus free. I am not an ‘expert’ a/b list blogger like Ou telling me its time to toss out my antivirus because an OS that no one is/should be running in production, that isn’t out yet or will be this year might not need antivirus software.

Raise your hand if are going to deploy Vista to your organization as soon as it gets released (maybe) this winter. Raise your hand if you will be waiting at least a year after its release. Raise your hand if more than half of your current machines can’t even handle Vista.

Thought so.
Once Vista becomes reality we will see how much virus protection it will need.

Share and Enjoy: