The real disappointment in Anti-virus

All anti-virus applications do one major disservice to their owners: they provide a false sense of security.  The major infections are zero day exploits which are not caught by anti-virus. 

This is from Wikipedia:
Zero-day protection is the ability to provide protection against zero-day exploits. Since zero-day attacks are generally unknown to the public, it is often difficult to defend against them. Zero-day attacks are often effective against "secure" networks and can remain undetected even after they are launched. Thus, users of so-called secure systems must also exercise common sense and practice safe computing habits.[8]

But what about the advanced heuristics detection every anti-virus program claims?

A zero-day virus (also known as zero-day malware or next-generation malware) is a previously unknown computer virus or other malware for which specific antivirus software signatures are not yet available.[11] Traditionally, antivirus software relies upon signatures to identify malware. This can be very effective, but cannot defend against malware unless samples have already been obtained, signatures generated and updates distributed to users. Because of this, signature-based approaches are not effective against zero-day viruses.Most modern antivirus software still use signatures, but also carry out other types of analysis.

That brings me back to the false sense of security provided by these companies. 95% of my clients need little more than MSSE aka “windows defender.” The rest who tend to be prone to infection can achieve a marginal benefit from a lesser known anti-virus app.
At the end of the day, the proper way to prevent viruses is to limit your vulnerability to them, not trust a scan performed by me or anyone else.

More posts