The need for antivirus technologies
0 Comments
Roger Grimes, fellow CISSP and Microsoft MVP, wrote an article about value of antivirus products.
He reports antivirus tools are unable to recognize and clean a lot of recent malware code. But most of all he firmly claims they are unnecessary to stay uninfected. Pure truth.
Antivirus shouldn't even be called this way. Anti is a term leading to think about proactivity, while antivirus solutions are just virus cleaners. Something to use when you are already infected.
The most important point is Roger never suffered an infection even if he never used an antivirus. Me too, and probably many others.
He never got infected because he blocks source of malware instead of allowing them and then clean damage.
He does what I would call traffic sanitization:
Plus he maintains his system in good health, hardening and patching it every time is needed.
It's all the things you need to remain uninfected? It's true the fact he is a high profile security guy doens't help here?
I don't think so. And even if so, I still see many problems in this approach (which is the one I apply too).
For sure Roger knowledge granted him capability to recognize, choose, configure and update security tools mentioned above.
No matter if a less experienced user (his daughter) is then able to run virus-free even without skills. He secured the system at beginning.
It's easy to avoid troubles when every tool is at the right place.
Also, every time a threat bypass security defenses experience becomes the most powerful tool.
In some cases, when surfing or reading emails, there is something strange around and only experienced users are able to recognize the risk they are going to face, even if the malware or the technique is completely new and they never saw it before.
Not every system administrator or home user out there has same skills. But even having them, how much time costs deploying all mentioned tools? Surely 10 times what you would spend configuring and updating an antivirus tool.
Antivirus are useless and should disappear not because other tools exist and defend better, but because the way they try to provide fast and easy protection is fault.
We still need fast and easy protection, but with a different approach.
He reports antivirus tools are unable to recognize and clean a lot of recent malware code. But most of all he firmly claims they are unnecessary to stay uninfected. Pure truth.
Antivirus shouldn't even be called this way. Anti is a term leading to think about proactivity, while antivirus solutions are just virus cleaners. Something to use when you are already infected.
The most important point is Roger never suffered an infection even if he never used an antivirus. Me too, and probably many others.
He never got infected because he blocks source of malware instead of allowing them and then clean damage.
He does what I would call traffic sanitization:
- blocks unwanted traffic using a personal firewall
- blocks unwanted HTML malware converting incoming email in plaintext and (probably) using an ad-blocker in its browser
- blocks unwanted attachments using an antispam tool
Plus he maintains his system in good health, hardening and patching it every time is needed.
It's all the things you need to remain uninfected? It's true the fact he is a high profile security guy doens't help here?
I don't think so. And even if so, I still see many problems in this approach (which is the one I apply too).
For sure Roger knowledge granted him capability to recognize, choose, configure and update security tools mentioned above.
No matter if a less experienced user (his daughter) is then able to run virus-free even without skills. He secured the system at beginning.
It's easy to avoid troubles when every tool is at the right place.
Also, every time a threat bypass security defenses experience becomes the most powerful tool.
In some cases, when surfing or reading emails, there is something strange around and only experienced users are able to recognize the risk they are going to face, even if the malware or the technique is completely new and they never saw it before.
Not every system administrator or home user out there has same skills. But even having them, how much time costs deploying all mentioned tools? Surely 10 times what you would spend configuring and updating an antivirus tool.
Antivirus are useless and should disappear not because other tools exist and defend better, but because the way they try to provide fast and easy protection is fault.
We still need fast and easy protection, but with a different approach.
Most Recent Articles
0 Comments:
Post a Comment
Links to this article:
Stay up to date |
|