Tuesday, January 19, 2010

My view on the effectiveness of antivirus software is vindicated

I have always formed the opinion that antivirus is a very ineffective and blunt device in protecting one from being attacked. This is not to say that I am flirting carelessly with danger on the Internet. What I am saying is that there are far better and efficient way to protect oneself than to rely on antivirus software.

Recent attack on Google in China invoked a number of comments and postmortem analysis and one of them has vindicated my view,
nCircle's Storms believes that one "lesson from this breach is that antivirus software really is dead. For quite a while it's been the least effective tool in the IT enterprise security toolset because it's only effective against known malware. It only takes one piece of customized malware to infiltrate your network."

In my e-mails with Kurtz he wasn't as bold about declaring the death of antivirus tools, but he did suggest a new approach as well. "There are technologies like whitelisting--McAfee Application Control, that would have prevented successful exploitation of this zero day and many others--without signatures. Companies really need to start augmenting their blacklisting with whitelisting protection technologies."
Antivirus is often like looking in the rear vision mirror. It is totally useless until its database has been updated.

No comments:

Post a Comment