Now this is one could really bring havoc.
First to understand why this is a myth you need to understand what a anti-virus does really.
Real-time scanning for unknown viruses is really the following. Checking for code attempting to use known exploit points and for any strange change in behavior of an application. Something OS security really should be doing.
If someone has a system that there user account always contains no executable data and there applications are from safe locations and there security system works most of the unknown virus scanning is covered. To be correct with exploit removal as high priority they can be at even less risk. Microsoft using patch security flaw when it breached model is kinda too late. Only now is some media starting to complain about it.
Known virus scanning is scanning against signatures of threats. Next question people never ask is how do honey pot runners find out about unknown viruses that have beaten there security. Its really simple they use the reverse of the way anti-virus works. Instead of scanning for a thread scan for what you know should be there anything else is a threat that needs investigation model.
Honey pot systems don't need anti-virus software. Heavy security OS's some of them can get by without them.
Anti-Viruses are not always needed if correct preventive action is taken. If you have an OS like Windows where the core security system is flawed you can be forced to use Anti-Virus software. Should you be happy about it no way in hell.
Its remembering everything has to suit its environment or its pointless. Running anti-virus over a stack of files that don't contain any threats that can be signature on an mirror to an anti-virus ie Host Intrusion Detection can save company many hours of computer processing time.
There are quite simply times when anti-virus software is pointless and an waste of resources. Does this mean the files don't need protection from something the answer is no. Security always has to be maintained anti-virus software is just one of the optional tools to do it.
Sad part is even some Anti-Virus companies believe this myth that they are always required. So research into Host Intrusion Detection the mirror of Anti-Virus signatures has not been done as completely as threat detection.
Subscribe to:
Post Comments (Atom)
6 comments:
Of course, an Anti-Virus isn't the ultimate protection, it's just another tool inside the security tools group.
It's up to the user to decide where that particular tool is needed and where would it be overkill to use it.
it's a drain on resources all right, I scan my linux box manually once a month out of couriosity really, nothing more, damn windows traits are hard to drop.
You wouldn't believe the amount of users out there with virus scanners and out of date signitures on windows boxes, about as much use as a choclate fire guard.
virus is the last link in the chain for windows, people shouldn't rely on it, as all it does is cure the symptoms, not the cause of infection. It's a bit like filling a bucket up with water when ther is a hole in the bottom...........
smiffy
I would 100 percent believe the numbers I do network clean ups.
Some funny enough some are caused by companies not paying there anti-virus signature updates yearly fee. Reason common given because I bought it so why would I have to pay for it again. I live with front line pain.
Hey oiaohm,
I never understood the argument "an anti-virus is a must with Windows."
Maybe I was just lucky or because I was behind NAT (my little dlink router) but I did not get any virus in last 2 years using Vista. Now, I am not stupid enough to just execute all files that I download from the internet with administrator account. So, apart from viruses that you get from executing programs, I did not have any codes executed secretly against my will. Was I plain lucky?
Plain lucky yes maybe. Visit infected sites with defective browser can cause you to get infected or use other applications like flawed verison of MSN or the like can also expose you.
Anti-virus software is basically a buffer between problem being found and updates to fix problem.
Yes your actions can reduce risk. percentage of risk is directly linked to what you do.
One of the fastest way to increase you risk is using pirated software. Most commonly because the applications miss out on secuirty updates.
Yes quality of software used is a major factor.
Dlink is a firewall. Its part of damage limitation. Problem is if a problem gets pass the firewall there is not much in windows design stopping person going to the core. Risk under secure systems is normally limited.
Other problem with Vista is a lot of applications are now running services at a higher user than administrator to perform actions that would trigger a UAC event. So really risk of major problems increased with Vista not decreased if you have installed applications using that bypass of UAC.
Correct selection of applications that don't do use services to bypass UAC does work a little better secuirty wise.
Yes luck or good selection of software and good selections of sites to visit could have kept you safe.
Secuirty should never be about luck.
Yep yep. When I was little, I used to use pirated softwares. Not anymore though. I'm in this field now and I feel guilty enough not to (and yes it's a big source of viruses).
And thanks for pointing out the service account problem. No, I never thought about that problem.
Post a Comment