Slashdot Mirror
Cisco CSO Says Antivirus Money "Completely Wasted"
mernil writes with an excerpt that kicks off a story at ZDNet Australia: "Companies are wasting money on security processes — such as applying patches and using antivirus software — which just don't work, according to Cisco's chief security officer John Stewart. Speaking at the AusCERT 2008 conference in the Gold Coast yesterday, Stewart said the malware industry is moving faster than the security industry, making it impossible for users to remain secure."
Why pay for it, when there are plenty of free alternatives?
Companies are wasting money on Windows ;)
Patching software does work though, I don't see the alternative if you have an exploitable bug in your code? You want that code fixed. It doesn't matter if no damage can be done to your system, you still want all your applications running as expected.
which is totally what she said
I read this story yesterday, and the quote is a little misleading. Here's the context: "If patching and antivirus is where I spend my money, and I'm still getting infected and I still have to clean up computers and I still need to reload them and still have to recover the user's data and I still have to reinstall it, the entire cost equation of that is a waste."
"It's completely wasted money," Stewart told delegates. Exactly. If it does not work, the money spent on it is wasted. Not exactly controversial.
Floating face-down in a river of regret...and thoughts of you...
But all the money spent on Cisco's obscenely overpriced security appliances is well spent, right?
There are a lot of people profiteering in the computer security market, and Cisco is up there.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
The A/V industry is having difficulty keeping up with the ever evolving and growing malware industry, but "completely wasted"? I don't think so.
For Geeks who delete suspicious emails, use Thunderbird (so emails are not rendered in the IE engine), etc., sure, an AV may be a useless waste of CPU cycles. But for the nontechnical user, it's important. While it's difficult to keep up with outbreaks, it's important for older viruses in the wild- something Grandma may not catch.
Now, as for a whitelist. Dumb idea. It puts too much power in the hands of AV companies (who can say "$$$ to get on the list!" or if users can change it, they'll get "IMPORTANT WINDOWS UPDATE- REMEMBER TO ADD TO YOUR WHITELIST!". What about unsigned programs? Updated versions?
A whitelist might work for children, for work PCs, for other non-administrators. But people ultimately want to install their own programs without the blessing of company XYZ.
And, as a geek, I strongly disagree that it's impossible to remain secure, it just takes a little training. I know nontechnical users, I teach them for 10 minutes, and they have good habits. Don't open emails saying "A greeting card from a classmate", don't run unsolicited programs, if you get an email saying it's from chase.com "Important Account Update" visit their directly, etc.). Those habits go a long way, along with some layered protection (ZoneAlarm Free, Router w/ a firewall, Avast Home, Immunize in SpywareBlaster, and Immunize in Spybot S&D). That user still has some trouble with some tasks, but with a little common sense and some good protection, they've stayed infection free for 4 years.
(And, of course, I fix the computer as a friend, and I occasionally run rootkit detection and AV from a LiveCD just to make sure).
"And the risks and losses would be much greater."
.exe file someone emailed me" (AV software is no help at all)
Based on what? The cause of infection is pretty much the same with or without AV software:
- Application exploits (AV software only stops known ones, all the new ones constantly coming out get through just fine)
- Stupid users saying "sure I want to run this random
I'm not seeing any real world evidence that AV software is reducing the damage being done by all these viruses.
I mean really, when was the last time you had AV software catch a virus that would have otherwise infected your system?
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
Even if you made every OS somehow 99.999% malproof somehow. Someone would still be selling a Norton like utility that you need. Security is big business, since fear is the best motivation for buying you can have.
If they couldn't justify the fear, they would themselves research the holes JUST so they have something to patch or utility to sell us. While in a perfect world we could just patch our OSes for bugs and no need for anything running in the background to protect us from boogie men. Companies like Norton, McAfee, and *yes* Microsoft are going to make sure WE NEED THEM, since they see us more as $'s then end users.
Cisco is integrating ClamAV in to their "Cisco Security Agent" HIDS product. They clearly think AV is useful, just not other peoples' AV.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Whos says the alternatives have to be anti-virus applications? ;)
i don't think it can be called "hardware" prevention here. pulling out the cable, that would be hardware prevention, but in this case you have software solution, only you have pushed it to another device. this changes the layout, but the approach stays the same.
Rich
I'm sure it's a common experience to Slashdotters to have a friend/relative show them their PC that they think it has a virus because it runs so slowly, when of course the reason it is running so slowly is all the anti-virus crap installed on it.
Cisco says they have a great new hardware firewall that will stop *ALL* malware. You just need to sign a contract indemnifying them should you have a malware outbreak on your network...
I know people who bought antivirus products for a Mac. It speaks more to their gullibility than anything else. Probably if you're dumb enough to think you need it, you need it.
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
It's a question of proliferation of malware.
Why would a malware writer write software that will only affect technically elite users? The goal in his eyes, is to damage as many people as possible through the least path of resistance.
That means Linux simply isn't targetted.
This is a stupid question.
The price is always right if someone else is paying.
okay, genuine question... who's got statistics on malware infections on windows that can be used to separate 'by trickery' versus 'by automated exploit'.
And 'by trickery' I would take anything from "double-click this exe in this e-mail to see a naked chicks!" to "you must download this program to play this audio file"; i.e. anything that actually requires the user to okay the action taken in one way or another.
Automated I would assume anything that either requires no user interaction whatsoever (somebody hacks into the machine remotely) OR happens as part of a drive-by (old outlook exploits, old IE activeX exploits), and throw in the "print list of links" exploit from a week or so ago that is an exploit of a non-default feature, but certainly a feature when enabled wouldn't give the user the impression that it might do Bad Things (as opposed to a checkbox saying "automatically load and execute any programs referenced from a web page".. or something of the sort).
IF those statistics show the latter category to outnumber the former by a large factor - yay, Go Linux/BSD/whathaveyou.
If not - I'm sorry, but other operating systems would be affected just as well. Okay, perhaps the malware can't gain root; woop-dee-doo if the purpose of the malware is to simply connect to web servers / send e-mail / do anything the -user- might do, and is allowed to do, themselves.
The problem is the users. No matter how secure you make an operating system users will still click on every link and give people their passwords.
If you have that kind of knowledge and the ability to install all that stuff, there there IS nothing to catch. With the very rare exception of a media exploit or something (like the old jpeg exploit, which virtually none of the above would notice at the source), just "knowing what you're doing" will allow you to avoid damn near 99.999% of malware. I have a douzan Windows machines, used for just about everything, from gaming to work, and I download a lot of software, browse a lot of web sites...
None of my machines have anti-virus on them (I use one-shot scanning tools every couple of months to be sure all is good), and I have only ever caught ONE virus, which I noticed with my 2 eyes 5 minutes after I caught it, on a totally out of date lap-top that I hadn't used in over a year (so it wasn't updated), through the COM+ jpeg exploit. And I sure don't have anything beyond a 40$ NetGear router.
There simply isn't all that much to catch, unless you take needless risks.
My platform of choice is Ubuntu. And unlike the AC who started this sub-thread (or like you, evidently), I'm not enough of a moron to believe that I'm invulnerable.
The biggest security problem with any platform is not the platform itself, but the user. If the user does something stupid (like opening up an insecure attachment), then they've got a problem. Anti-virus and patch programs can only go so far in protecting users from their own stupidity.
If you haven't been down-modded lately, you aren't trying.
Sacred cows make the best hamburger.
Using your comparison of malware to the real life scenario of your house being broke into, it's impossible to make a house that can't be penetrated (or would be so difficult that it's not worth it). It would be the equivalent of building a fortress and running it with the various employees. Assuming people wanted to get into your house to bug it for information (i.e. spyware), it would be much more efficient to have a cheap house that you can demolish and rebuild.
Help fight spam