Tuesday, May 6, 2014

Antivirus: not quite useless

But almost:
Symantec, a company that has made huge amounts of cash as the largest antivirus software vendor for the last quarter of a century, looks to be getting out of that business and into fixing hacking problems rather than stopping them.

"We don't think of antivirus as a moneymaker in any way," Brian Dye, Symantec's senior vice president for information security, told The Wall Street Journal, adding that antivirus was "dead."

Dye said that modern antivirus software only stops around 45 per cent of attack on computer systems and lets the rest through. That's a bit embarrassing for the firm's Norton team, who are still advertising the software as "secure and reliable," rather than "works less than half the time."
This is no surprise, actually: the effectiveness of antivirus software has been falling for more than a decade.


Dave H said...

Antivirus software isn't totally useless. It's good for reducing bloat in corporate IT budgets.

burt said...

Hey BP, you and I worked for a company that once had a reasonably good system protection program, but the CEO decided that current market share was more important than building for the future.

IIRC, that product also protected against Day-One events.

Yet another case of "I want profits this quarter, not next year" thinking.

Dave H said...

burt: The problem with any sort of protection product is if it works really well, the user doesn't see it working at all.

If you're going to sell a protection product, it needs to be very vocal when it catches something. Kind of like Fred Sanford from Sanford and Son. "Oh, Lordy! This is the big one!"

burt said...

Dave H: If the user doesn't see it working, then the user forgets that it's doing its job and may think that it is no longer needed.

There's a parable told about a systems support engineer who was hired to come in and fix an environment where viruses ran rampant, malware was everywhere, and the network kept going down. After weeks of work with the engineer very busy and visible everywhere, the systems were clean, the malware was gone, and the network was operating in a solid manner. Soon, the engineer was no longer visible in the workplace all the time. The CEO walked into the engineer's office... and fired the engineer. After all, his job was done and he wasn't needed any more - right?

That's the problem with system security. You may finally get to the point where the network is clear, the systems are clean, and you have protections in place that help mitigate problems - for the moment. At that point, since everything seems to be humming along, the typical user doesn't know that the protection is still needed... and cancels the support contract.

GOOD security doesn't have to be noisy, as long as it does its job. But I agree with you: NOISY security at least lets the user know that a job is being done and to NOT cancel the security updates.