Monday, December 04, 2006

anti-virus is dead - not!

well, it looks like yet another (ahem) security expert (albeit one who apparently worked for an anti-virus company in some capacity a decade ago) is sounding the death knell for anti-virus software...

don't be alarmed though, the sky is not falling... people have been prognosticating the end of anti-virus software since the last millennium... it hasn't happened yet and it probably never will..

this example isn't much different than the previous hundred and one instances of av doomsayers... i've written about the supposed failure of anti-virus software in the past - does that address this situation? you betcha... the author (amrit williams) trots out 3 whole examples of worms that anti-virus software didn't stop, but seems to have forgotten the tens of thousands that it did stop... perceptual bias? sure... mike rothman previously made an elegant comment about mismatched expectations and judging by how far outside of av's scope most of mr. williams' examples of av's failures are his expectations are very mismatched...

what he really seems to be getting at is that av sucks because it's not UTM... the argument seems to be that anti-virus on it's own doesn't do as good a job at solving the business problem of security management as a security suite would and perhaps he's right about that narrowly defined part of the malware problem, but certainly not about the malware problem as a whole which neatly transcends your field of vision while you've got business blinders on...

stand alone anti-virus isn't going anywhere, not so long as the world is more than just a collection of businesses, not so long as there are home computers/networks out there, not so long as my security needs differ from your security needs, not so long as best of breed still has benefits, and not so long as we collectively still remember the saying "jack of all trades, master of none"...

stand alone av is evolving mind you, by including detection of additional forms of malware (that most people, and the av products themselves, were calling viruses anyways), but that doesn't stop it from being stand alone anti-virus...

0 comments: