No Antivirus Software - No Problem!?
Posted by Monte Robertson on Thu, Apr 15, 2010 @ 11:43 AM
Reportedly, about 17 million Chinese computers do not have Antivirus software. This is about 4% of their computers which is about the same percentage that do not have Antivirus protection in the USA year over year. Now that sounds like a need ready to be filled! But is it really?
Is there a real problem with this many computers (I would estimate somewhere north of 30 Million computers worldwide), not using Antivirus software?
Not using Antivirus software is considered reckless Internet behavior by some. It could also be considered minimally risky by others. Consider the user's ability, which applications, updates, settings and solutions are installed, where the machine goes and what it does on the Internet, all contributing to the risk levels when forming your opinion. It is not a simple matter. Let's take a quick look back to help us see the future.
About 20 years ago viruses spread from computer to computer via file sharing from 5 1/2" floppy disks. We love to share. It is in our nature. The web is the greatest sharing medium in history. The virus writers knew this then and know it still, 20 years later.
Antivirus software was created to make computing safer and easier, but, security is never easy or convenient. Even with the best Antivirus software many still get infected. So to state the obvious, it sounds like we might have been going about this wrong for all these years!
Signature based Antivirus software, being reactive in nature, is finally coming under fire for not being able to keep up with the threats. One might think after 20 years of antivirus software we wouldn't continue to have these problems. The threats change and then, so does the response. Maybe we don't want a vaccine to prevent infection in the first place? In a matter of seconds once a machine is infected it can be too late. That fact does not bode well for the reactive approach.
Why do we expect different results when we use the same thinking and technology as we always have? That question goes out to all the mirrors in the world.
There are well respected security experts now saying signatures are "dead, dead". So what are we to do, toss out all our security software? No, absolutely not. Some protection is far better than none. So how do we move from being reactive to proactive? That is the umpteen billion dollar question.
There is a quiet paradigm shift happening whos time has come. Dr. Peter Tippett had a Whitelisting solution (proactive), in the 1980's but no one wanted it. What people wanted (and mostly still do), is to see the bugs and then kill them (reactive). So he had to turn it into a reactive solution in order to survive. Nice try Doctor but apparently things had to get really bad before we would embrace such a technology.
We may finally be moving from reactive to proactive protection with Application Whitelisting aka Application Control. We see glimmers of it in Windows 7 (called Applocker), but functionally it is only available in the Enterprise and Ultimate versions which not many people have. It is going to be awhile before this goes main stream for whatever reason. Until then, Bit9 is the thought leader for the business sector.
We manage lots of machines that do not have Antivirus Software, are locked down tight, are processing personal information and are PCI compliant. Have for a couple years now.
With the right user knowledge, environment and settings, patch levels, other security solutions and precautionary steps, Antivirus software might not be necessary in certain settings. All that is much easier to say than it is to achieve. In other words, don't try this at home.
Nothing is going to change overnight. But we can all start somewhere, sometime, hopefully soon. The most important thing is that we start, you know, being proactive.
Stay safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070