The desktop AV debate

The desktop AV debate

Summary: I knew that Jim Allchin's comments about allowing his seven year old son to use a Vista box without antivirus software installed would cause a bit of a stir. After all, it goes against the grain. It challenges a way of thinking that's become the norm. What's become quite apparent from the conversation that this caused is how antivirus companies have Windows PC users over a barrel - the accepted thinking has become that every desktop PC needs to have antivirus software installed on it. Period.I don't totally agree with this view. There are better alternatives. Allow me to explain why.

SHARE:
TOPICS: Security
24

I knew that Jim Allchin's comments about allowing his seven year old son to use a Vista box without antivirus software installed would cause a bit of a stir.  After all, it goes against the grain.  It challenges a way of thinking that's become the norm.  What's become quite apparent from the conversation that this caused is how antivirus companies have Windows PC users over a barrel - the accepted thinking has become that every desktop PC needs to have antivirus software installed on it.  Period.

The reality is that desktop antivirus, for better or worse, is here to stayI don't totally agree with this view.  There are better alternatives.  Allow me to explain why.

Over the past decade I've watched the antivirus industry (and the whole security industry) grow and change dramatically.  The main reason behind this growth has undoubtedly been the Internet.  The access to and from your PC that the Internet offered meant that users needed to put in place a ring fence around their PC to protect it from everyone else out there.   Threats such as viruses no longer came from shared floppy disks, they can come from anywhere in the world.  As you can imagine, this sort of change meant a bonanza for security firms. 

[poll id=26]

But ten years on, are we safer for having all this security software installed on desktops?  Nope.  Why?  Because security firms have actively encouraged that users resort to software for protection rather than falling back on common sense.  A huge number of people operate a PC with the idea that if a piece of software gets by the antivirus scanner or if an email gets past the spam filter, then it must be OK.  In an ideal world where all software was 100% reliable then this kind of thinking would be fine, but in the real world where software is far from being reliable, this kind of thinking can get your PC taken over or trashed.  Heck, just look at the wording used by security companies to promote their products, most give the impression that their software provides the ultimate defense against all threats.  No extra thinking required.  I wonder how many systems have been compromised or trashed because of security companies encouraging that kind of sloppy thinking.  On top of that you have software which gives users confusing, jargon-loaded feedback they can't understand and aren't really in a position to find out about.  All this adds to the overall confusion.

Another serious problem is the amount of system resources that AV consumes.  Each new feature that companies add to their product means that the end user sees an ever increasing performance hit.  Fellow ZDNet blogger George Ou estimates that this performance hit slashes the performance of your PC four fold - I think it depends on your system.  But what's certain is that there's a serious performance hit which is there all the time - even at times when you need the power - when you're playing games, rendering video, manipulating photos.  AV companies have been slow to respond to criticism that their products take too much system resources and put too much of a strain on systems.  Add a software firewall on top of that and you have a serious load for the PC before anything else is run on it.

The idea of running security software on a gateway PC makes a lot of sense.  First off, you're offloading all the work of scanning files and Internet traffic onto a dedicated machine where a performance hit isn't going to be felt.  Also, if you have a handful of PCs at home you're going to be saving yourself a fair bit of cash every year - AV software isn't cheap and using a gateway PC is a good way to save money.

But I'm also a realist at heart.  I know that gateway PCs aren't for everyone.  In fact, they're a tool that only a small fraction of PC users can hope to make use of.  The reality is that desktop antivirus, for better or worse, is here to stay.

What I'd like to see are more streamlined security apps.  Throw away the fancy graphics and eye candy interface and write code that's fast, tight and lightweight.  Some security vendors are heading in that direction (for example, the latest offerings from Symantec are better – performance wise – than they've been for years) and releasing products with a smaller system footprint, but they have a long way left to go.  If Vista is as secure as Microsoft claims then this might force security companies to rewrite their software because they'll need to tighten up the code so that they themselves don't become the focus for attack - antivirus and software firewalls present a huge surface area for hackers to attack and a more secure OS is going to mean more pressure on other applications, especially deeply embedded applications such as antivirus and firewall software.  

On the question of whether I trust the defenses built into Windows Vista, I remain open-minded.  It's a new OS that hasn't had much in the way of real-world testing.  I'm optimistic that Vista brings a greater level of security to the desktop, but I'm also cautious.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

24 comments
Log in or register to join the discussion
  • A few points...

    Not all anti-virus are resource hogs, look beyond Norton, McAffee and Panda and you'll get glimpse of ones like Avast. (I've been using it for about 2 years.. It has not slowed my PC to a crawl, or slowed my internet connection where it's noticeable).

    Second, do we really want to trust Microsoft software to security based on their past? I sure as hell want to see it proven that their processes work first before I even look at changing.

    Last but not least, trying to train 80% of the population who don't know anything but browsing what "not" to do. To train them on security measures is futile because they will not understand, nor do they care to. A computer is meant to be something easy to use (ie: windows) not something they have to take a course on to effectively browse the internet.

    Is it the wrong way of thinking... Yes. Is it easier to make applications that can prevent the majority of the problems or train those 80% of users (which amount to millions and millions of people).
    ju1ce
    • seconded!

      I second Avast. Not only is it fast and simple, it's free for personal use! It doesn't get any better than that!
      lostarchitect
    • Completely agree!

      [i]"... trying to train 80% of the population who don't know anything but browsing what "not" to do. To train them on security measures is futile "[/i]

      Some user's shouldn't be let near the keyboard - I spent a frustrating 15 minutes yesterday trying to get a user to type a web address into his browser. It didn't work - he could never see the website. It turns out his browser starts with Google as the home page and that was were he was typing the URL - into the Google search bar! :-(

      Someone with that level of computer literacy barely understands the [i]concept[/i] of viruses. Expecting him to avoid them is fantasy, and there millions just like him and probably more millions even less competent than he is......
      bportlock
      • Shouldn't do that

        You were telling that computer illiterate to do something unsafe. If you type a web address and make a typo, you can be redirected to a malicious site. Much safer to use a search engine to get a link to the site, and click on it. That person may be ignorant, but has a good habit.
        Greenknight_z
    • Training is the key

      For all the effort done to make a computer secure all it takes is little social engineering to make that a moot point.

      Take telephone scams, they get people everyday and those people hand out money and personal information just because they are asked to or tricked into doing. The same is on a computer. People are asked or tricked into running something they shouldn't. The only way to avoid this is educating the user. Anti-virus software is a reactive tool not pro-active. Education is pro-active.
      voska
  • Intel has a solution

    Use a quad-core processor and have three of the cores work on anti-virus and other support tasks while the fourth does user processes.

    I kid you not, this is actually an Intel proposal.
    Yagotta B. Kidding
  • Wasn't this MS official policy at one point?

    [i]After all, it goes against the grain. It challenges a way of thinking that's become the norm. What's become quite apparent from the conversation that this caused is how antivirus companies have Windows PC users over a barrel - the accepted thinking has become that every desktop PC needs to have antivirus software installed on it. Period.[/i]

    Maybe I'm remembering this incorrectly, but I seem to recall a period a few years ago when every story about a new worm, etc had a refrain to the effect of "Microsoft suggests users keep windows patches up to date and install anti virus software"

    This isn't a criticism, but I think the story here is a change in MS policy, not a reaction by MS to a fear mongering AV SW industry. But even if it is the latter, a valid question is why did they wait so long? So either way there seems to be a significant shift in MS's perspective on the issue.

    I hope they are correct, and that Vista in default (non admin) mode doesn't need AV.
    enduser_z
  • My AV system uses no resources on my desktop

    Simply because I don't have one on my desktop. I use a gateway AV device.
    voska
  • This needs to be stressed

    [i]But ten years on, are we safer for having all this security software installed on desktops? Nope. Why? Because security firms have actively encouraged that users resort to software for protection [b]rather than falling back on common sense.[/b][/i]

    First off, I think we are safer because people are generally more aware of the danger that attachments present and MS's email clients no longer make it as easy to run attachments. Obviously there are just as many attacks but where there used to be several really bad infections a year, we haven't seen any serious infection rates now for quite a while. Lots of stories about how the sky is about to fall with the next zero-day exploit and then nothing... no (or minimal) infections. Go to [url=http://www.mcafee.com/us/threat_center/default.asp] McAfee Threat Center [/url] and notice that [b]every[/b] single one of their Top Malware entries are rated as low risk. So while securing your desktop is obviously important, the fear and panic that is spread about XP simply isn't based on empirical evidence.

    Second, thank you for pointing out the section of your post that I bolded. While I can't speak for anyone else, I'm not so much against AV as much as I am against people relying solely on AV. I won't even classify AV as a layer of security, it is more of a reactive safety net in the case your proactive security measures have failed. Every piece of malware caught by desktop AV is a sign of [b]failed[/b] security, not proof of it. George has pointed this out and I agree 100%: a computer with proactive security measures and no AV is safer than a computer that relies solely on AV. Use both if you want but it is the AV that is optional, not the proactive security measures.
    NonZealot
  • And in 2 years time?

    The only aspect of Vista protecting it from infection by virus/trojan/worm/spyware/keylogger is the fact that it hasn't been released yet. We'll see if Allchin is still letting his son lose on the internet withour AV in a year or two, shall we?

    Even Allchin has already backed down in his blog -

    http://windowsvistablog.com/blogs/windowsvista/archive/2006/11/10/windows-vista-defense-in-depth.aspx
    "After reading the transcript, I could certainly see that what I said wasn?t as clear as it could have been, and I?m sorry for that. However, it is also clear from the transcript that I didn?t say that users shouldn?t run antivirus software with Windows Vista! In fact, later in the call, I explicitly made this point again, because I had realized I wasn?t as clear as I should have been. It?s important for me that our customers are using the appropriate security solutions for the right situations, whether that?s security functionality integrated in the operating systems, or add-on products"
    whisperycat
  • Vista = A playground for hackers

    Anyone who believes Vista is more secure than any of the other Windoze failures is in for one Helleva reality check real soon. Just wait a couple weeks for proof.

    By the very nature of the Net, you need A/V and Anti Spyware/Spam filtering far and above any crap MICROSUCKS might dream up. Pause for a moment and reflect on MICROSUCKS approach to protecting their customers from hackers...

    Once a month MICROSUCKS releases some hack patches to correct publicly identified security issues. MICROSUCKS knows of thousands of other security holes in their O/Ss but does nothing to correct these product defects until someone publicly discloses the security risk. So basically MICROSUCKS does nothing to protect it's customers from the defective code they have sold consumers under the guise of a safe, secure, reliable, stable O/S. (Yeah, right and the check is in the mail...).

    If you wait for MICROSUCKS to provide a secure computing environment, you're a fool. Your PC is owned in less than 20 minutes if you are online without A/V software or a hard firewall. That's a fact and I have tested new PCs as others have and confirmed this.

    Not only should MICROSUCKS not be trusted, they should be prosecuted for knowingly selling defective O/Ss that are fraudulently advertised as safe, secure, reliable or even usable not counting the BSODs of course.
    BeGoneFool
    • It's true

      [i]Anyone who believes Vista is more secure than any of the other Windoze failures is in for one Helleva reality check real soon.[/i]

      Considering that XP has been 100% secure for me, it is impossible for me to believe that Vista will be [b]more[/b] secure than that. I do hope, however, that it isn't any worse!

      [i]Your PC is owned in less than 20 minutes if you are online without A/V software or a hard firewall.[/i]

      Ahh, I know what your problem is... you are operating your PC without a firewall. Why you would specifically turn off XP's firewall is beyond me but I guess the only way you can get an exploit onto XP is by sabotaging its default security settings. I did something similar with Linux actually. I took the hard drive out and smashed it with a hammer. I put it back in and Linux wouldn't boot. LINUX SUCKS I GUESS!!!! ;)

      I also think you would probably have more luck if you ran a copy of Windows from the company that wrote it: Microsoft. MICROSUCKS sounds like some sort of pirating group so who knows what they've done to the cracked copy of XP they sold you? Spend the $99 and I think you'll see that your eXPerience will be much more positive.

      Good luck BeGoneFool! Let us know if any of my tips have helped you out!
      NonZealot
    • That was a foolish statement by M$, even by their standards

      They are a massive propaganda machine, and are regarded as an authority on software. That comment that Vista doesn't need AV protection was irresponsible and inaccurate.
      Most people only hear about truly secure software in the news, but have been scared off trying it by the Redmond FUD.
      M$ has recently started running a commercial on an Atlanta AM radio station saying that people should go to their website to check that their software is genuine. More like looking for pirates. Pathetic. They also are touting this Defender, which is lousy s/w. Finally, they recommend that people purchasing a PC make sure Windows is pre-installed. There are two reasons for this. First of all, OEM installs CANNOT be moved to another computer legally, and secondly, they don't want the average user to find out that installing Windows is no easier than Linux.
      The fear and disinformation campaign will remain in full swing for the forseeable future, but Linux is taking over the desktop. People can download an OS or order a disk today from Ubuntu for absolutely free, and it finds all their hardware and installs device drivers without user intervention. It looks better than Vista will look when it is released two months from now. There will never be a charge for an update. There are thousands of free programs that only cost you the time to check an 'install' box. It is no contest.
      Starderup
    • Why...

      would you want to connect after turning off the system firewall (i.e. the OS security feature designed to help prevent malicious infection)? Of course you had problems!

      PS, how do you KNOW Vista is not as secure? Have you "tested" Vista yet? Or are we just taking guesses at this point? Perhaps is is true what you are saying, and Vista will be no more secure than XP. Given MS track records it is possible. Until that is proven true though, your comments come across as being rather Trollish in nature.
      wcb42ad
  • Symantec went from worst performer to third worst performer

    "for example, the latest offerings from Symantec are better ? performance wise ? than they've been for years"

    Symantec went from worst performer to third worst resource hog. That's an "improvement", but nothing to be proud of.
    georgeou
  • There are cheap gateway AV devices

    http://www.dlink.com/products/securespot/info/

    This is $100 for 4 users and an $80/year renewal subscription fee. It's about the same price you'd pay for AV anyways so why not offload it from the PC! I realize people can't always build their own devices, but this would do the job at the same price WITHOUT the performance hit on the desktop.
    georgeou
    • RE: There are cheap gateway AV devices

      Adding complexity to the system is not a good solution. This is the trap that Microsoft has got itself into. Good machines = simple machines. The fewer moving parts (or moving electrons), the better. Just stick the important bits in ROM and forget about it.

      gary
      gdstark13
  • AV is not enough anyway. We need Firewall, Anti-spyware and safe browsing

    AV was enough a few years ago. Tosay we need a solution that covers modeern attacks. Since no good integrated solution exists we need a firewall (best is ZoneAlarm), anti-spyware (most popular is Adaware) and safe browsing (best is CallingID). They are all free and provide what we really need
    yoramnis
    • RE: AV is not enough anyway. We need Firewall, Anti-spyware and safe browsi

      I disagree. You need a simple solution for solving all of these problem. Put the code in ROM and you're done.

      gary
      gdstark13
  • Common Sense and Clamwin

    I use mostly commonsense and Clamwin. Have never had a problem in 10 years. Surf all the time.
    But for unsafe surfing... and you men know what I'm talking about... nothing beats a Linux partition or even a Knoppix boot-from-disk. Fast surfing. No need for any protection.
    susancragin9