eWeek - December 1, 2008

JASON BROOKS
What is anti-virus worth?
even 'free' anti-virus products are costly in the end

Microsoft recently announced plans stantly changing signature databases, requires frequent they have no reason to trust, we’ll continue to have mal-to discontinue One- updates to operate. ware problems.

Care, the company’s consumer-ori- And while there are freely available anti-virus systems The first part of the solution is a clearer division between ented, subscription-based anti-mal- out there, a huge amount of licensing dollars is spent user and administrator roles, which Microsoft has begun to ware product. Instead, Microsoft will each year on these products, and management of promote with User Account Control in Vista. However, UAC offer a free-of-charge anti-malware these licenses by administrators with plenty of other must be paired with whitelisting policies that prevent regular offering called Morro. CALs and seats and entitlements to wrangle doesn’t users from running arbitrary, untrusted applications.

I know that conventional wisdom, certain government and industry regulations, and Windows’ “Danger, Will Robinson” Security Center alert shield all disagree with me, but I’m ^As ^long ^as ^users ^run ^softwarenot convinced that anti-virus products (as we know them) are even worth what Microsoft plans to charge for Morro. they have no reason to trust, That’s because no matter how much you pay (or don’t pay) in anti-virus licensing fees, these products carry consid- we'll have malware problems. erable costs.

First, as anyone who’s regularly used anti-virus software has experienced, the scanning, updating and come for free, either. Rather than persist in the Sysiphisian struggle to spot and heuristics functions of these products add up to sig- Finally, the costliest characteristics of traditional anti- quarantine bad applications, user organizations must take nificant system overhead. Who among us has never virus products—which purport to follow helpfully behind control of the applications they allow onto their end points, stepped out to grab a cup of coffee or chat idly by users, cleaning up any messes that occur along the and security vendors must build out the products and ser-the water cooler while Windows cranked through way—are a false sense of security and the poor vices that facilitate this control. some ill-timed system scan? administrative practices they enable. If you think I’m undervaluing anti-virus, I’d love to hear you

Second, anti-virus products add considerable update Anti-virus products are an integral part of the admin- tell me why. ´ and maintenance overhead to the systems on which rights-by-default assumptions around which the Windows they’re used. The blacklisting approach employed by ecosystem has long been organized. The fact is that as e WEEK Labs Executive Editor Jason Brooks is at jbrooks@ traditional anti-virus, which checks files against con- long as users are willing and able to run software that eweek.com.