Slashdot Mirror
Cisco CSO Says Antivirus Money "Completely Wasted"
mernil writes with an excerpt that kicks off a story at ZDNet Australia: "Companies are wasting money on security processes — such as applying patches and using antivirus software — which just don't work, according to Cisco's chief security officer John Stewart. Speaking at the AusCERT 2008 conference in the Gold Coast yesterday, Stewart said the malware industry is moving faster than the security industry, making it impossible for users to remain secure."
Correct, patching your systems isn't going to protect you against state-of-the-art malware. What patching does is protect you against script kiddies running exploits that are 6 months old. The majority of the successful attacks I've seen are against old vulnerabilities, not new ones.
Additionally, patching isn't just about security. It's about fixing software bugs that could cost you time/money later.
- Comodo - Still in beta, lots of false positives. Configuration is all in local text files, so some level of remote management is possible, but they certainly don't provide the tools for it.
- PC Tools - Requires interaction from the user to do updates, so not a contender.
- ClamAV is free of course, but does not provide a scan-on-access monitor. More suitable for mail servers than workstations.
- Winpooch - uses the ClamAV engine for on-access scanning, project seems dead, never tried it.
- Spyware Terminator - Also does AV using the ClamAV engine. I'd never heard of this one before today, and unfortunately their site design looks a little on the fly-by-night side. They offer a corporate edition with central administration for the wacky price of $2 per seat per year.
Please add to/subtract from/comment on these if you know something!