May 13, 2009
There must be something in the Internet waters, because recently I keep coming across opinion blogs and articles pushing the notion that either the government or Oprah needs to encourage everyone to use antivirus software. Ironically, this seems to be exactly the sort of campaign I should get behind; after all, I've been writing about antivirus software for over a decade. But instead of getting behind it, the government / Oprah / antivirus push just reminds me of an old saying "if you can't dazzle them with brilliance, then baffle them with bs".
The premise seems to be that if Oprah or the government began pushing antivirus, we'd somehow nip the problem of malware in the bud, save everyone some money, and make the world a better place. The idea revolves around the notion that infected computers are infecting other computers and if we could disrupt that spread, we'd solve the problem.
For starters, those assumptions are oh so ten years ago. Today's big risk doesn't come from email and Internet worms. Circa 2007 to present day, the big risk comes from compromised websites; today's malware typically doesn't even include an email or Internet worm component (though it typically does include an autorun component that can enable local or sneakernet spread).
The arguments also seem out of touch with the sheer volume of today's malware. Largely because of the shift to the Web, today's malware growth is explosive. Antivirus vendors routinely process tens of thousands (at a minimum) of new malware samples per day. As a result of this overwhelming volume of new malware, antivirus software has a pretty high miss rate. Encouraging people to use antivirus software is fine and noble, but antivirus software alone will not solve the problem and suggesting that it will does far more harm than good.
This isn't to say you shouldn't use antivirus software - most certainly you should. Antivirus software still detects the majority of threats and most is definitely better than none. But if you really want to get behind the malware problem, the big push should be a campaign to get the Web cleaned up.
Levy fines against hosting providers who give safe haven to malware domains. So-called bullet proof hosting providers should be first on that take-down list. Enforce a limit on the number of infractions a hosting provider can have before being cut off from the rest of the 'Net. In other words, if it's too hard to stop the perpetrators then instead of going after the victims let's try going after the facilitators for a change.
And while we're at it, let's have an educational campaign to have everyone apply security patches and a lobbying effort to get Microsoft to stop introducing stupid features like autorun. Let's push to get Adobe to make safe versions of Reader, Acrobat, and Flash so they stop getting used as conveyors to deliver malware to our systems. Let's take it a step further and add penalties to all software companies when exploitable bugs are found in their products, the proceeds of which should be used to support free addons such as NoScript.
Antivirus software is a wonderful tool to have in your defense arsenal. But antivirus only treats the symptom. If we are going to expend government resources or Oprah's reach, let's not squander it. Let's try to get to the root of the problem and make a long term difference in the fight against malware.
