Friday, February 12, 2010

Antivirus has failed for long enough!

I just read on a LinkedIn discussion, about how Kaspersky created some fake executable files, and then created REAL detections for them. Within ten days, 14 other AV vendors had blindly added detection for these files as well!

I've been a strong anti-AV advocate for as long as I've been using computers. In corporate environments, I feel it is a necessary evil, as you have little control over what risks individual users might take. On personal machines, however, I've always felt that AV is more of a disruption than the potential risk of getting a virus. What do I hate so much about AV software?

  • It Doesn't Work - I've set up my friends and family with a variety of AV software over the years, and they still get infected.
  • Performance - Depending on whether you have an AV client with a small footprint, like the new Panda Cloud AV software (which I recommend if you are looking for a good free AV client), or a full big-vendor suite, there will be a performance cost. It doesn't seem to be much with the smaller clients, but I've seen the larger ones make a computer completely unusable.
  • Add-Ons - Speaking of big AV suites, some of these come with an unbelievable amount of crap that you neither asked for, or needed. They even have the gall to include software that "improves your PC's performance". You could be installing VPN, Backup, Tune-up, Email proxy/scanning, web proxy/scanning, web filter, firewall, encryption, file shredding, and who knows what other software, when all you wanted was anti-virus. I've seen systems with 30+ active processes belonging to the anti-virus vendor suite.

I am the "Virus Sanitation Engineer" for my family and friends. Do I put AV software on their machines? Absolutely. Do they still get infected with malware anyway? Absolutely. I think that a few precautions can make AV software largely unnecessary.

  • Use a Web-Based Email Client - Not only do all web-based email clients scan attachments and emails for malicious files or content, but most malicious content sent via email will not execute when opened in a browser.
  • Delete or Ignore Anything you Don't Explicitly Trust - I know you're curious, but really, don't click it. Don't open it. Just delete it. If you are really that curious, take precautions before checking it out.
  • GMail - GMail also has a nice feature that can help protect you: Weary of that Powerpoint presentation or Excel attachment that has been forwarded to you from people you don't know? Open it in Google Docs. Any malicious office macros embedded in the document won't run.
  • Don't Use Internet Explorer - There may be a day when it is safe to use, but we're not there yet. Until then, use Firefox with the NoScript add-on installed (best scenario), or Chrome. Or Safari. Or Opera. Just not IE. The last TEN infections I cleaned up for friends and family computers were all due to Internet Explorer use.

    Though it isn't a 100% guarantee you will never get infected, these four simple suggestions have worked extraordinarily well for me, and my wife (who was already doing what I suggest here before I even met her!).

    As for the enterprise, I'm hoping whitelisting and other technologies that work on a principle of trust, rather than maintaining a database of known malicious software, will eventually be able to replace antivirus software.

No comments: