In the past two or three years, I’ve mentioned more than once that anti-virus software is a joke. That was probably a slight exaggeration, but the fact remains that anti-virus software does a horrible job protecting a computer from malicious software. Apparently I’m not completely crazy. John Stewart, the chief security officer at Cisco, says anti-virus software purchases are “completely wasted money“. Although I would not go that far, there is some truth to what he says.
When I was still doing work for residential customers, about three out of four service calls were to clean viruses. Most of those whose computers fell prey had already installed respected, up-to-date anti-virus software. Anti-virus vendors simply cannot keep up with the bad guys writing bad software. In my opinion, the only real anti-virus is some caution employed by the person using the computer.
The interesting part of John Stewart’s opinion is the idea of using a software “whitelist”, where only those programs you’ve explicitly allowed will be able to run on your network. It’s a new concept for me, but it seems like a workable one at least for the enterprise. Most larger businesses have a documented inventory of software in use on their network, so making a whitelist wouldn’t be too difficult. The only question is how updates would be handled. It seems you would have to modify the whitelist every time an update for Adobe Acrobat or Flash Player became available. Maybe the best way would be to make a vendor whitelist. Hmm….