I still maintain that AntiVirus software is a necessity for computers these days. But after reading some thoughts from Michael about AV, I’m wondering if my long-standing Top 5 Security Step is less and less founded in rationality. As a quick summary, I’ll say that AV is dying in the enterprise, but as a consumer protection, it is still an easy and easily understood suggestion. In the enterprise, AV is simply evolving either migrating into other layers or into things like HIPS. As a bottomline, be open and think about the role of AV in your situation. I expect (and welcome!) strong reaction from Wismer on any holes in this post! 🙂
(I run AV on my home Windows boxes. I also use it on my mail gateway. My Linux boxes do not run AV. At work, we use AV and soon HIPS on all systems, and we’re a fully Windows shop.)
So what is AV supposed to be doing? Well, it is supposed to block, detect, and clean various bits of malware from my system. It does this in realtime and with regular scans.
While I feel, personally, that the role and importance of AV in the enterprise is dying or greatly diminished, I would not recommend any shops abandon AV without doing a couple things.
Great post, LV.
I’ll tell you one thing, the term “anti-virus” needs to die. The old “pure” AV function died long ago…
/Hoff
I agree with you that it isn’t time to jettison AV yet. It still provides at least *some* level of protection. However, it certainly is time to put pressure on the vendors to radically rethink their models.
I don’t have a lot of the minute details thought out myself on what AV should look like in the next 10 years, but here are some of the things I’ve thought of recently (almost all of which focus on the browser, which is currently the front lines in this war on malware);