Antivirus Software is “Completely Wasted Money???”
Posted by ThePaladin on May 24th, 2008
Many technical news nets were buzzing with the comment made by Cicso’s Chief Security Officer (CSO) John Stewart at a computer security conference in Australia a few days ago. Apparently Mr. Stewart made the following statement:
“If patching and antivirus is where I spend my money, and I’m still getting infected and I still have to clean up computers and I still need to reload them and still have to recover the user’s data and I still have to reinstall it, the entire cost equation of that is a waste. It’s completely wasted money.”
This statement garnered a lot of attention because the press, always ones to report with as little bias as possible (sarcasm intended), shortened the quote to the following headline: “‘Antivirus is completely wasted money’: Cisco CSO” (Click here to see one such article with a headline of this type).
It would probably help you to know that Cisco is one of the more prominent if not world leader of suppliers of networking equipment and such. Thus, one would think that their CSO would be a man to really listen to with respect to network security (sidenote: it is always a good idea to know who the speaker is in any communication that is supposed to be giving you credible information. For example, I for one do not listen very carefully to so called “security experts” from Microsoft…a company that has a very difficult time writing/creating a secure operating system).
Of course, if you read the entire quote, you will see that he wasn’t saying (necessarily) to go throw out your antivirus software. He was pointing out something very important for the security of your computer and home network. Namely that no one tool is going to be the end-all, be-all protection.
He was also (from the rest of his quote) speaking about defending many computers (hundreds) in a corporate environment…not the average home computer.
To use an analogy, we probably have all heard at one point in our lives that if a professional car thief wants to steal your car, they will in fact steal it very quickly. Locks on your doors with fancy computerized keys and such simply will not prevent a pro from getting the vehicle that they want.
So does this mean that the automakers should stop wasting money on car keys, door locks, and other locking mechanisms?
Of course not!
You lock your car door to dissuade the non-professional thief of opportunity from messing with your car. You make it difficult enough for him or her so that they will want to look for someone else’s car to steel. Your antivirus program is the same way.
It is true that if a “professional” hacker wants to crack into your computer (for reasons unknown) they could probably do so after applying a sufficient amount of time, effort and money. These are not the people you are trying to protect against with an antivirus program. You are trying to prevent an infection into your system from the many well known viruses that do exist on the internet, along with trying to thwart the local hacker who is just goofing around with programming.
So ditching your antivirus program is not the answer (and a careful reading of Mr. Stewart’s quote leads me to believe that his statement was probably not portrayed accurately). Having a complete security strategy (antivirus, backups, firewalls, etc.) that is commensurate with your budget and risk of loss is the answer.
So if by chance you think that to protect your computer all you need to do is install an antivirus program and you are done. Well, this is a good start, but you just might find yourself on the wrong end of an unwanted hard drive reformat someday…