Don’t you love it when you hear a song and it just sets you into this mood… Makes you want to dance and sing down the aisle of the airplane? NO?… oh.. maybe it is just me. Any way, the song isn’t the focus of this post. That Dell laptop the man next to me is using is the topic. You see he has antivirus running on his laptop and it sucks the life out of his system. I on the other hand do not use antivirus, on any of my systems for work and personal. The fact is that antivirus in my opinion is antiquated. Why was it created in the first place? To stop those nasty viruses from getting into your system and taking over and 
stealing your stuff. The problem with that? You have to know what the virus looks like in order to stop it. What about all those viruses that we don’t know about? What about those viruses that are sitting in the update that I have not downloaded to my system yet. Every virus that I every got on my windows laptop was based on an unknown signature. I was just a guinea pig for the bad guys. Good thing I had that antivirus running. The fact is antivirus was created to stop viruses from using your system but also from taking stuff from your system. It is about protecting our information. Protecting our passwords. The things we have been preaching for years. It is about using virtual machines to log into specific sites and then deleting that virtual machine.
I can’t tell you have many times customers bring up the antivirus issue when we are configuring their virtual desktops. This drives me crazy. Why are you using antivirus? You aren’t keeping the documents in that virtual machine, are you worried about viruses that are already found or are you worried about the new ones that are not defined yet? How are you protecting your corporate infrastructure. Then lets change your virtual desktop configuration, lets talk about other solutions and solve the REAL problem. Remember… breathe in through the nose, out through the mouth. Installing antivirus is masking the problem and giving people this false sense of security. Let me repeat that … False Sense of Security!!!
Of course people will continue to buy it and use it and it will continue to NOT do it’s job but one day you will realize that if you have something that people will want, they will do whatever it takes to get it.
The song(s) by the way was “Anna Sun” by Walk the Moon and then followed up by “Better Things” from Passion Pit, I had to dance back to my seat!
#1 by ptath2 on September 12, 2012 - 14:21
The role of anti-virus has changed but peoples expectation of it haven’t, everything you say about anti-virus by itself is largely true. Yes the AV vendor has to have seen it in order to detect it, and with the use spread and ease of making variants of malware, there is no way any AV vendor can catch up, all that is true. That fact isn’t lost on AV vendors, that’s why just about every single one offer endpoint suites that utilize other technologies, most of them rely on Intrusion prevention Technologies and reputation based services (can be very good at preventing 0-day attacks). Behavioral based IPS are also very good at blocking intrusions that have no signature, by allowing only know good behavior. while most AV vendors still feature AV (mainly because that is what people know), their detections, attack prevention leverage other technologies.
I for long time i have used a host IPS system (Symantec Critical Systems Protection, not supported on Win 7 but works) and its fantastic and blocking bad behavior without single signature, but I still run Anti-virus. It Begs the question as to why, and it has everything to do with how the role of Anti-virus has changed. AV is no longer an effective proactive control (i agree), but it does now have a secondary role. while my IPS can block attacks and keep my system from harm, that code is still on my system, it can’t do much but its there. Enter AV in its role in the new world, it is still one of the best cleaners, shortly the AV vendor will have seen the code in question and will make a signature for it and clean it off of my system. Auto protect features don’t bog down systems nearly as much as they did in the past thanks to faster processors, and memory explosions, and because I use AV as a cleaner I don’t have to run full system scans on system, and when you look at systems you find other culprits that slow down the machine, patch management software especially poorly configured patch management software is usually the culprit.
#2 by erinkbanks on September 17, 2012 - 13:19
great information, I appreciate you providing the comment. The problem I seem to have with AV (especially in the vertical I work in) is that it becomes a check box and not completely understood. It gives false hope and I am completely against it. Teaching the facts and the important tools will only make all environments “safer”