Antivirus

[Bart Silverstrim]

Jonathan Dlouhy wrote:
> Good point. Thanks for mentioning it. Slightly off the topic, I have never 
> ceased to be amazed at the attitude some Windows users seem to have. I think 
> it's due to ignorance, mostly. Most don't know that Avast or AVG are good 
> anti-virus programs and Norton and Mcafee are not. I have had countless friends 
> call me in desperation upon having one of those programs let a virus through. 
> Sometime it's next to impossible to fix the problem.

Because AV isn't a silver bullet. It's reactive, not proactive; there's 
always a window of time open when a virus is created/modified/altered, 
released, discovered, reverse engineered, a signature is created, then 
released by the vendor, then your update time has to come up to get the 
signature, and hopefully you weren't infected by then.

And since AV's don't normally get along with each other, you can't run 
multiple engines to overlap protection.

And of course there's overhead in your AV's running, since they look at 
all execution of files, along with the scheduled checks.

And you are at the whims of what the AV vendor defines as a threat. This 
was rehashed on Clam's mailing list, since ClamAV isn't really an AV 
anymore as much as it is a malware scanner targeted for mail servers; 
the team was including signatures for spoofing and phishing sites in the 
signatures to scan for. To be fair every AV vendor pulls this now, as 
all sorts of cookies and javascript crap pops up as a "virus" or threat.

This is all assuming that the AV will work properly. I've had a number 
of times where either the AV product implodes (Vexira liked to get stuck 
with some updates not working properly, or we find a system that needs 
to have the site license key updated and until then it annoys the user 
with a stuck command prompt going haywire until we reinstall) or 
interferes with other products (McAfee screwing up email). The only one 
I haven't had a headache with of some sort has been AVG. But that 
doesn't solve the other problems mentioned.

But hey, it's status quo using a broken system model and these companies 
profit from it, and it's another requirement when you're dealing with 
the alternative of making users care enough to learn how to use a broken 
system properly. Otherwise you have to wait until a system comes along 
properly built to protect users from themselves.