2006-02-17

Fear Not the Viruses, Trojans, Worms

Anti-virus software and Anti-spyware software vendors frequently issue so-called press releases which proclaim imminent doom to all computers in the entire universe if people don't pay them lots of money. The so-called press releases proclaim, "Pledge allegance to XYZ Brand Antivirus Pro 9 and your computers will be completely invincible!"

Nearly every Microsoft Windows based computer I have ever encountered is filled with malware (viruses, trojans, worms, spyware, and other undesirable software). Especially those Windows computers with anti-virus software installed on them. Anti-virus software often proclaims "Your Computer is Now Clean" at the conclusion of its run. But upon closer inspection it is almost always wrong. Often it takes 4 or 5 separate programs from different vendors to remove all of the malware. There are very few exceptions to this. And most exceptions are because of the people using and maintaining those computers: not anti-virus software.

The other day I read about an oh-so-terrible "virus threat" to Macintosh Computers that will leave Macintosh owners "shellshocked". So the story goes, no instance of malware has ever caused significant damage to more than a few Macintosh computers. The anti-virus software vendors would have you believe that Macintosh computers aren't worth attacking...yet. They claim, "Any day all Macintosh computers in the world will be obliterated...unless everyone purchases XYZ Brand Anti-virus." Of course the anti-virus vendors are going to tell everyone to buy anti-virus software. That's their job.

Any reasonable person knows malware exists for Macintosh, Linux, and UNIX systems. The reason malware doesn't spread very widely on Mac, Linux and UNIX systems is because software applications on those systems are very diverse, well designed, updated immediately after a flaw is discovered and the users of those systems are attentive to potential threats. Users of Mac, Linux and UNIX systems aren't brainwashed into thinking that they are invincible by anti-virus corporations whose only concern is the bottom line. It is infinitely more likely that an actual person will infiltrate a Mac, Linux, and UNIX system because of a bad password or loose lips than malware would successfully attack it.

True computer security only comes with properly written software and well-informed computer users. No amount of anti-virus software will ever protect a computer system from attack by malicious people who wants access. However, properly written (operating system, email, web, instant messenger, office, etc) applications and sufficiently skeptical users will protect a computer system every time.

I would argue that anti-virus software leads to complacency. People who use antivirus software tell you, "I'm protected! I have XYZ Brand Anti-virus! They promised me a pony if I subscribed!" You might even find yourself explaining to them that their anti-virus software isn't even running or their subscription has never been renewed. Worse, those people fail to recognize real security threats because they are under the false impression that anti-virus software protects them. The true believers in antivirus feverishly update their software many times a day and verbally attack anyone who suggest it is a waste of time. Often the anti-virus users themselves run and spread viruses and trojan programs which they have acquired via instant messages, emails, and random websites. Their infected messages are followed with "I ran XYZ Brand Antivirus on it so I know it's clean!"

Anyone who knowingly uses a computer without antivirus software will do so with a healthy amount of skepticism. And they will be all the better for it.

Am I saying to stop using anti-virus software? No, not really. Use it if you want. Do you need anti-virus software? No, of course you don't. But it can be a useful supplement to your security. Anti-virus is not a substitute for making good decisions about where you get your software and how you use it. I am saying that if you implicitly trust anti-virus software to protect your computers then you are selling yourself short.

Stop using poorly written software and start using common sense.

A good starting point is to order free copies of Ubuntu Linux for you, your family and friends.

Labels: , ,