The hype surrounding Conficker and the Twitter worm has only served for security experts to issue warnings about installing antivirus software. But is it really necessary? Can you survive without a security suite? Two experts give us their views.
Now that Rick Broida has stated his case, it's time for our security advocate to weigh in. Is Rick correct to say that security apps are just a waste of time, money, and system resources? What say you, Robert?
Why security software makes sense today
I understand the motivations of people who say you don't need to spend money on computer security. If you have the time and knowledge to lock down your PC, then you are certainly welcome to fly in the face of the billion-dollar security software industry.
But as a security reporter for the past 10 years, I've seen some really scary stuff in the wild, enough to convince me that a nominal investment of £30 a year or so for a decent internet security suite is well worth it. Besides, I don't have the spare time to be clever about my PC: I just set it and forget it.
I agree that good behaviour online goes a long way toward avoiding a significant share of the malware lurking out there. If you never stray from 'safe' e-commerce sites, and if you never download porn, grab free games, or gamble online, then your chances of acquiring malware are considerably lower. But recently even legit sites have been festooned with hidden iframes, each silently directing your browser to download content from who knows where.
Unfortunately, even the latest web browsers can't detect compromised sites within the first few minutes after the attack hits. Although browsers have made tremendous strides in malware protection, in tests that I've done with Internet Explorer and Firefox, I've seen a latency of up to one hour before they'll report a newly compromised site as bad. Without active heuristics from a security software product, how would you know whether your favorite travel site has fallen victim within the last 10 minutes?
Rick is right to say that a network router can block a good amount of malware, and that Windows XP SP2, Vista, and 7 all have built-in firewalls for blocking inbound traffic. But the Windows Firewall is not a good defense against rogue outbound traffic. Despite what Microsoft claims, its firewalls are not true two-way firewalls; they still leave outbound ports open.
Why? Microsoft Office software (Word, Excel, Access) communicates with various servers such as the SharePoint Server, so by default Microsoft makes that process easy - even if you don't run SharePoint at home. As a result, what Microsoft actually says is that its outbound firewall permissions remain open 'except where excepted'.
Sure, I suppose I could sit down and configure my own firewall rules to block this and that; but then again, I could simply download and use the free version of Comodo which blocks unusual in and out traffic and be done with it.
NEXT PAGE: More views from Robert