More on the necessity of antivirus software

A few days ago, I wrote a brief post about my non-use of antivirus software on my own computers. A number of people have asked me privately if I am recommending such a stance to other individuals or to organizations. Let me be perfectly clear: absolutely not. For the vast majority of folks, the four important steps to protect your PC still hold:

  1. Run the Windows Firewall
  2. Keep Windows and your applications up-to-date
  3. Use current antivirus software
  4. Use current antispyware

These are good recommendations for organizations, as well.

But as I've talked about many times in the past, security decisions always involve tradeoffs. They also (should) involve an intimate understanding of what the users will be doing with their computers. Fact is, most individuals who are not full-time security professionals often make mistakes when trying to decide whether something is legitimate -- witness the ongoing success of phishing and 419 scams. And organizations, unless they run highly locked-down environments, often can't know everything their users are doing.

As I said in the previous post, anti-malware is not useless. It is a necessary element in your suite of defensive technologies to help keep the bad guys at bay. In my post I'm simply explaining a personal tradeoff I've made on my own machines at home--that by not running as admin (which I didn't mention before), by using UAC, by relying on the firewall, and by training my family--I have made the decision not to use anti-malware.

So should you make the same tradeoff? Well, that depends. If you're asking me about your own use of your own personal computers at home, I can't answer that for you, you need to. Remember what I wrote: "I know what to click and what to skip, what to visit and what to avoid. I have control over what I choose to open, what I choose to load, and what I choose to run." Do you have similar self-control? :)

If you're the security administrator for an organization, you should not make this tradeoff. Again, remember what I wrote about my own self-control; I doubt that anyone could make such a statement for everyone in their organization! Antimalware definitely belongs on machines where users can store or transfer files:

  • client computers
  • email servers
  • file servers
  • SharePoint servers

The purpose of my earlier post was to spark a little discussion, to see what other opinions there might be. Some folks are doing the same thing I am, others always run anti-malware on every computer. Neither stance can be declared "right" or "wrong." It's simply a reflection that we all make tradeoffs, every day, when we decide how to manage and use our computers. And as I suspected, different folks make different tradeoffs, based on their own risk tolerance and experience. These are always good conversations to have.

Comments

  • Anonymous
    January 01, 2003
    Have you ever tried feeding something you wrote into an online language translator, then doing it a second

  • Anonymous
    January 01, 2003
    TheGoldFish.net Blog » Blog Archive » No Server-Side AV: http://blog.thegoldfish.net/no-server-side-av

  • Anonymous
    January 01, 2003
    TheGoldFish.net Blog » Blog Archive » No Server-Side AV: http://blog.thegoldfish.net/no-server-side-av

  • Anonymous
    January 01, 2003
    Joe-- As I have repeatedly said, my own decision not to use anti-malware on my computers is not a recommendation that I'm making for everyone. Because many people have asked me, I decided to write about my own decision, for my own machines. There's absolutely nothing wrong with continuting to use anti-malware software if you want to. Just like I believe it's wrong to state that anti-malware should never be used by anyone, it's also wrong to state that anti-malware should always be used everywhere by everyone. Security decisions must descend from individual risk analyses, never from reading someone else's list of "best practices."

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Michael, I suppose if you think my position is "elitist," that's your opinion. However, you're making an overstatement. Anti-malware is just one of many many choices we all have when it comes to securing our systems. But before making any choices, we must first understand the risks each of us faces and also have a feel for our individual "risk tolerances." For example, I have long been recommending that folks not use account lockout, because it creates more risks than it alleviates, and you can satisfy the supposed threat by using long passphrases. Is it also "elitist garbage" not to use account lockout as well? Just because a security feature exists, does it have to be enabled or used? Nowhere have I said that avoiding anti-malware is something for everyone. I said that I don't use it on my own computers because I am addressing the malware threats in other ways. This is always an option, of course: for every threat, there are multiple mitigations.

  • Anonymous
    January 01, 2003
    Donna, unfortunately I can't help you with the Norton problem--I've never used any of those products. Have you contacted Symantec? That's about the only thing I can think of. Have you tried entering that error message in your favorite search engine? Maybe you'll find something that way.

  • Anonymous
    September 25, 2007
    The comment has been removed

  • Anonymous
    September 26, 2007
    The only reason I have AV software installed on my computer is that there are several networks I connect to that require it. But I always have all the unnecessary features turned off, and leave the file monitor deactivated - unless I'm about to connect to a network that requires up to date AV software. I would never recommend this to anyone of my friends or family though!

  • Anonymous
    September 26, 2007
    I couldn't agree more. Your original post actually sparked me to write a post on my own blog- referencing yours- where I discussed some of the issues with antimalware and why it may be unnecessary for some. But, as you do here, I stressed that this is not the case for the vast majority of home PC users or corporate network users.

  • Anonymous
    October 10, 2007
    Ok, I have a question in regards to the Microsoft Firewall and Norton.  I have the Microsoft Firewall on and a Corporate Edition of Norton.  But ever since I turned on the Microsoft Firewall I get a message that says "Norton Internet Worm Protection is turned off".   Is there a need to be concerned? Is there a way to fix this? I am searching for all kinds of help. Thanks, Donna

  • Anonymous
    November 01, 2007
    Now it just sounds like elitist garbage. I don't run av, but it's not because I think I know what not to click but most other people don't. It's because AV software is pointless and useless.

  • Anonymous
    November 13, 2007
    The comment has been removed