JIM RAPOZA
Don’t disregard good security
Anti-virus, patch management systems still the first line of defense
Stop using anti-virus and been easily prevented. authority) has cleared as safe.
patch management systems! Stewart’s argument was a lit- I generally like the idea of
They don’t work and they are tle more nuanced than “Using whitelisting, with some caveats
a waste of time and, worse, a anti-virus and patching is a (such as that it matters who
waste of money. OK, I’m kid- waste.” He was making a point gets to control the whitelist).
ding. I would never say that. that companies invest money But just like anti-virus and
But John Stewart, Cisco’s in anti-virus and patch manage- patching, whitelisting is not a
chief security officer, would. At ment and still get infections, silver bullet either.
the AusCERT (Australian Com- making the investment a waste. Just because an application
puter Emergency Response My response to this is, Was is on a whitelist doesn’t mean
Team) conference in Australia it a waste for those times it it hasn’t been compromised or
May 19 to 23, Stewart essen- prevented an infection? Or is it doesn’t have a bug that can be
tially said money spent on anti- that, since nothing happened used by malware. Whitelisting
virus and patch management is (systems weren’t infected), then needs something to work with
completely wasted.
Now, it’s true that using anti-virus and patching systems is
really just the most basic first Just like anti-virus and
step to security and shouldn’t by patching, whitelisting is
any means be seen as a com- no silver bullet either.
plete security solution. But saying that it’s a waste to even use
anti-virus and patch management is sort of like saying it’s a no one noticed the anti-virus it to make sure the whitelisted
waste to have locks on the door doing its job? applications stay clean.
of your car, since any serious But the worst thing is that What could do that job? Are
crook can get by them. some CEO or chief financial there tools that can scan appli-
Just as leaving your car door officer will see the headline, cations for infections and make
open with keys in the ignition “Cisco says anti-virus and sure they don’t have holes that
is an invitation to any passing patching is a waste of money.” can be exploited? You know,
thief, unpatched and unpro- And some poor CSO or IT some kind of virus-stopper
tected PCs are an invitation administrator will have to again thing and a hole patcher-upper.
to viruses or malware, even defend a necessary security Oh wait, there are. I guess
ones that are old and would budget. even with whitelisting, anti-be easily stopped by patching The other part of Stewart’s virus and patching aren’t that
and anti-virus methods. Just message was that the real solu- much of a waste of time and
because your company could tion is to use whitelisting, in money after all. ´
still fall prey to more advanced which the only applications that
malware doesn’t mean you can run on computers are those Chief Technology Analyst Jim
want to have your systems pol- that the company (or some- Rapoza can be reached at
luted by things that could have times some central vendor or jrapoza@eweek.com.
