.

Anti-virus: waste of money?

<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Wed Mar 07, 2012 2:52 am

Anti-virus: waste of money?

http://www.wired.com/wiredenterprise/2012/03/antivirus

Wired released an article a few days ago regarding anti-virus and its usefulness.  In it, a few infosec guys said they don't use it.  Since then, there's been a lot of chatter in my Twitter feed about it and it seems to have shifted from the perspective of an infosec person using it or not, to the perspective of whether or not to use it in an enterprise.  I've seen a lot of arguments...

Using it:
- Pros: It does stop some malware
- Cons: It doesn't stop everything

Not using it:
- Cons: Machine is completely vulnerable, doesn't even have the benefits of the vendor definitions that will block some malware.
- Pros - ...?

Most of the arguments for not using it seem to be playing devils advocate and are looking for data to prove one way or the other.  But one thing I've noticed is that I haven't seen is a "pro" argument for not using it, and the only thing I can think of is that you gain some CPU cycles back.  I remember awhile back when AV really used to bog down a machine depending on the vendor, but it's gotten a lot better since then and can run quite idle in the background.  Am I missing something else?
GSEC, eCPPT, Sec+
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Wed Mar 07, 2012 4:30 am

Re: Anti-virus: waste of money?

In the past few years working in IT in a corporate environment, I cant really remember to many incidents where AV was triggered. our IDS sometimes alerted us to file downloads, or other things, but rarely if ever have I seen av in the corporate realm find malware.

just a note, at home, i always use free av/am.
sectestanalysis.blogspot.com/‎
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Wed Mar 07, 2012 11:30 am

Re: Anti-virus: waste of money?

I think if more products such as Bit9's Global Software Registry solution come out, the less you will need a full time AV on a client.  If you can successfully whitelist the environment then you will prevent almost any malware from running.  Until someone can learn to fool MD5 checkers.  Not saying no AV is required but moving your AV detection to the gateway should prevent much of the stuff from entering.  The whitelisting will prevent any unknown software from running on the clients.  The nice thing about GSR is that it makes much of the work categorizing your software environment much easier.  Currently with the AV products, you are required to do a lot of logging and analysis before you can start blocking.  Bit9 has already done the work and vetted thousands of software packages.

Sorry if this sounds like a plug, but this was one of the few things I saw on the RSA expo floor last week that gave me hope.  I don't even think they used "APT" in any of their promotional material.
Certs: GCWN
(@)Dewser
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Wed Mar 07, 2012 5:46 pm

Re: Anti-virus: waste of money?

I thought the article was interesting, but not the "hey I'm doing to ditch my AV now too" kind of interesting. To keep the same argument, but change the setting a bit, "I never wear a condom because I'm really careful who I fsck, and besides condoms aren't 100% anyway". Sounds a bit thin to me...  :-\
<<

millwalll

Post Wed Mar 07, 2012 7:42 pm

Re: Anti-virus: waste of money?

I think Av is like anything in security not 100% secure but another layer so its good to have it in place. I think its better to have it in place and maybe need it than not have it your IDS fails or something get past or whatever and you dont have any other protection.
<<

hell_razor

User avatar

Jr. Member
Jr. Member

Posts: 90

Joined: Wed Jul 14, 2010 10:44 am

Post Thu Mar 08, 2012 4:08 pm

Re: Anti-virus: waste of money?

If you don't have AV you (or your help desk) will get eaten alive by nuisance viruses.  They will cover many of the script kiddies out there.  However, in a very targeted attack, you are right, AV is probably only one layer of defense and should not be counted on exclusively.
A+, Network+, Server+, CISSP, GSEC, GCIH, GPEN, GCIA, GISP, GCFW
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Mar 08, 2012 5:56 pm

Re: Anti-virus: waste of money?

hell_razor wrote:If you don't have AV you (or your help desk) will get eaten alive by nuisance viruses. 


This. It's a simple cost/benefit analysis. If $50/year in licensing saves hours upon hours of labor (not to mention the costs associated with dealing with something more serious than irritated users), it's a very straight-forward decision.
The day you stop learning is the day you start becoming obsolete.

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software