We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Analysis: does your PC need security software?

Two experts argue for, and against antimalware

The hype surrounding Conficker and the Twitter worm has only served for security experts to issue warnings about installing antivirus software. But is it really necessary? Can you survive without a security suite? Two experts give us their views.

Now that Rick Broida has stated his case, it's time for our security advocate to weigh in. Is Rick correct to say that security apps are just a waste of time, money, and system resources? What say you, Robert?

Why security software makes sense today

I understand the motivations of people who say you don't need to spend money on computer security. If you have the time and knowledge to lock down your PC, then you are certainly welcome to fly in the face of the billion-dollar security software industry.

But as a security reporter for the past 10 years, I've seen some really scary stuff in the wild, enough to convince me that a nominal investment of £30 a year or so for a decent internet security suite is well worth it. Besides, I don't have the spare time to be clever about my PC: I just set it and forget it.

I agree that good behaviour online goes a long way toward avoiding a significant share of the malware lurking out there. If you never stray from 'safe' e-commerce sites, and if you never download porn, grab free games, or gamble online, then your chances of acquiring malware are considerably lower. But recently even legit sites have been festooned with hidden iframes, each silently directing your browser to download content from who knows where.

Unfortunately, even the latest web browsers can't detect compromised sites within the first few minutes after the attack hits. Although browsers have made tremendous strides in malware protection, in tests that I've done with Internet Explorer and Firefox, I've seen a latency of up to one hour before they'll report a newly compromised site as bad. Without active heuristics from a security software product, how would you know whether your favorite travel site has fallen victim within the last 10 minutes?

Rick is right to say that a network router can block a good amount of malware, and that Windows XP SP2, Vista, and 7 all have built-in firewalls for blocking inbound traffic. But the Windows Firewall is not a good defense against rogue outbound traffic. Despite what Microsoft claims, its firewalls are not true two-way firewalls; they still leave outbound ports open.

Why? Microsoft Office software (Word, Excel, Access) communicates with various servers such as the SharePoint Server, so by default Microsoft makes that process easy - even if you don't run SharePoint at home. As a result, what Microsoft actually says is that its outbound firewall permissions remain open 'except where excepted'.

Sure, I suppose I could sit down and configure my own firewall rules to block this and that; but then again, I could simply download and use the free version of Comodo which blocks unusual in and out traffic and be done with it.

PC security advicee

NEXT PAGE: More views from Robert

  1. We get two expert views
  2. More reasons why you don't need security software
  3. Our other expert gives his opinion
  4. More views from Robert

IDG UK Sites

What is Google Photos? How to back up and share all of your photos for free

IDG UK Sites

Why I think the Apple Watch sucks and you'd be mad to buy it

IDG UK Sites

Swatch launches a colourful smartwatch

IDG UK Sites

New Apple TV 2015 release date rumours: TV streaming service delayed, hand gesture interface being...