IT-Analysis.com
IT-Analysis.com Logo
Enterprise SME Business Issues Technology Services Channels
Top Level padlock  Members Area | Registration 
Archive  | Papers  | Research  | Events  | Newswire  | Blogs  Contact IT-Analysis.com 
Module Header
Fern HalperFern Halper
Dr Fern Halper
10th October - Improving Sentiment Analysis - Lexalytics merges with Infonic
Rob BamforthQuocirca
Rob Bamforth
10th October - Learning from the credit crunch to avoid a broadband crunch
Fern HalperFern Halper
Dr Fern Halper
9th October - MarketSight 7.0 - Survey Analysis Made Simple
Michael WarrilowIMHO
Michael Warrilow
9th October - This is not your grandparent's Symantec
Bob TarzeyQuocirca
Bob Tarzey
8th October - What is Symantec's vision?
Peter AbrahamsAbrahams Accessibility
Peter Abrahams
7th October - Using scripting to improve accessibility
Module Header
Q. What topics do you want covered on this site?
 
  • addtomyyahoo4
  • Subscribe in NewsGator Online
  • Add to My AOL
  • Subscribe with Bloglines
  • Add to netvibes
  • Add to Google
Blogs > Robin Bloor
AVID: Stupidity Squared
Robin Bloor By: Robin Bloor
Published: 28th September 2006
Copyright © 2006

This week AVID stands for AntiVirus Is Defunct. I'll provide yet more evidence of this sorry truth and hopefully you'll get the point.

A few weeks ago I came across an article on the Internet which was advocating installing two separate anti-virus products in order to have a better chance of stopping malware. The logical argument was; AV products don't stop all viruses and any ad-hoc test will reveal that a virus that one product lets in will sometimes be stopped by another.

I looked for other occurrences of this helpful-to-AV-vendors-but-misguided advice and discovered this on FCW.com, pre-sented as “5 tenets of effective threat management”.

“To effectively block viruses, use two gateway [AV] products rather than one, especially at your main e-mail gateway... If you are particularly sensitive to viruses because your internal network is wide open, three antivirus gateways are even better.”

Why not four or five, one wonders? Why not the full set? This piece of nonsense brings to mind tests done on 16 AV products by av-comparatives.org (see http://www.av-comparatives.org/ for full details) which tested 16 AV products against 474,759 KNOWN instances of malware, including DOS viruses, Windows Viruses, Macro Viruses, Script viruses, worms, backdoors, Trojans and other bad stuff.

This research roundly disproves one of the kind assumptions that I have been disseminating in these AVID postings of mine. I've always suggested that AV products stop KNOWN malware. My apologies, but this research proves quite the opposite. In this test none of AV products tested stopped all of these 474,759 KNOWN instances of malware. The best of them let in about 500 of this KNOWN population and the worst let in 90,000.

One commentator concluded that in order to stop all of these KNOWN threats, you would need to install all 16 AV products!!

So there's the answer; don't install just a handful of AV products, hang the expense and install them all. Sadly, this remedy falls foul of the fact that while you might be able to install 16 gateway products and have them scan incoming email in series (I'm not sure, but you might), you would paralyze a PC if you loaded 16 different AV products onto it. The products would also interfere with each other. And to cap it all, none of them would stop the UNKNOWN viruses (the zero day threats) that AV products regularly let through and which are a much greater problem.

The idea isn't just stupid. It is also impractical. Of course, it's also unnecessary because there are products from four vendors, AppSense, Bit9, SecureWave and Savant Protection which do the job properly and will stop the KNOWN and UNKNOWN viruses with equal effectiveness.

Enough for this week... Although, perhaps I should warn you that I'm now accumulating so much material for AVID that I may be forced into making it a weekly rather than fortnightly Blog item.

Reader Comments

We are no longer accepting comments against this item. We suggest contacting the author directly.
Advertisement


Analysts
Bloor Research Freeform Dynamics Hurwitz & Associates Hydrasight Macehiter Ward-Dutton Quocirca Sageza Group, Inc. The Information Difference
Amplitude Research, Inc. Applied Computer Research, Inc. Callio Technologies Computer Economics CoreBrand Cranfield School of Management DMC Valuations Group eMarketer
About The Website | Advertising | Contact | Site Map | Terms of Use | Privacy | Accessibility
Copyright © IT Analysis Communications Ltd., unless stated otherwise		 Tel: +44 (0)203 051 5760
Fax: +44 (0)870 345 9922

Published by: IT Analysis Communications Ltd.
T: +44 (0)203 051 5760 | F: +44 (0)870 345 9922
Email: