Saturday, October 04, 2008

do we really need anti-virus

thanks to alan shimel for pointing out this post by kai roer asking if we need anti-virus in 2008...

alan is right, of course, that anti-virus does a lot more than just catch viruses these days, and that anti-virus helps control older virus populations (good on ya alan, most people don't consider that)... kai asked a variety of interesting questions, thouhg, which i tried to answer in his comments... like lonervamp mentions at the start of this post, discussions like this are something i'd prefer not to lose to the sands of time so i'm reposting my comments here (and i may start doing this more often, 'cause it seems like a great idea):
"Have the virus authors started to write smaller virus that stays below the radar - and thus are not detected by the AV-products?"

many of the virus authors of old have simply grown up and found more fulfilling things to do with their lives...

"Are they now only targeting special targets - like particular banks, SCADA or singled out corporations? Or countries and causes? Or are they too busy writing malware to care about virus? "

viruses are malware... non-viral malware, however, seems to be what the cyber-crooks prefer these days... self-replication has a way of getting out of hand and calling attention to the malware...

"Do we really need to pay out on gateway and client AV solutions if there are no virus knocking on the door? "

who says there isn't? just because you aren't hearing about new epidemics doesn't mean new viruses aren't getting written or even that the old ones have stopped... some of the most prevalent email-born malware are mass-mailing worms that are already a few years old (like netsky.p)...

"Do you believe that there are no more virus out there?"

absolutely not... some people are still getting infected by decades-old boot infectors...

"That other threats are taking over and rendering AV-solutions useless?"

other threats are just as detectable with av as viruses are...

"Is this the whole truth? Or have the AV solutions became so good that they catch everything, even without us noticing? That they are an absolute critical part of the solution for any entity connected to the net?"

let's put it this way - old viruses never die, their populations just shrink to a size too small to accurately report/track... av is one of the things that helps keep those populations small...

and when it comes to newer non-viral malware, av is what helps keep it's usability limited... without the blacklist, the bad guys would just find something that successfully bypassed other defenses and keep using it over and over because other defenses cannot be updated as fast as a blacklist...

0 comments: