Accuracy problems get even worse when other threats are added to the mix. Anti-virus companies came late to the anti-spam and anti-spyware battlefield, and half a decade later, most still do a poor job defending against those threats.
Aside from becoming less accurate, anti-virus scanners are more frequently cited by administrators as a major cause for downtime. They are buggy, often falsely flag common operating system and application files, and frequently contain exploitable holes themselves. Add the predatory nature of their update schemes, and the anti-virus industry -- whether it realizes it or not -- is headed for a consumer precipice.
It all begs the question: Is the anti-virus scanner necessary?
At first, I thought this would be an easy question to answer: It would be crazy to not have an up-to-date anti-virus program running, right? Then it occurred to me -- I’ve never used an anti-virus program, and neither does my family. In the last two decades we’ve had a single malware infection. Well, two, if you include the Cascade virus that broke out of my virus lab in 1989, but back then my lab was a single, un-networked PC.
You might think that I have an uber-technical family that's highly aware of malicious programs and that they can easily spot rogue code. You would be wrong. My three teenage daughters are blissfully unaware of anything computer and technical beyond Microsoft Office and instant messaging. When I asked if any of them planned to follow in their father’s footsteps and enter the field of computer technology, you would have thought I told them they were going to be served liver for dinner.
The reality is that I deploy defenses that don’t allow malicious code to get to their desktop. I convert all e-mail to plaintext; I block most file attachments and spam; I use perimeter and host-based firewalls. I keep my systems patched, and tightly controlled. I approve all software installs. I harden configurations. That’s it. No secrets.
Despite all this, I’m not sure if anti-virus software should be completely removed from a company's security infrastructure. Scanners are responsible for blocking more threats than any other computer defense program available, and they are great at detecting known threats. For that alone, they are often worth their weight in gold.
Unfortunately, the landscape has changed, and the prevalence of new, undetectable malware is quickly headed toward a tipping point. If anti-virus vendors don’t take a serious look at the state of their products as compared to the current threats and build a better mousetrap, it’s clear to me that they won’t last another five years.