Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cisco CSO Says Antivirus Money "Completely Wasted"

Posted by timothy on from the what-about-the-rape-industry-and-the-pillage-industry dept.

mernil writes with an excerpt that kicks off a story at ZDNet Australia: "Companies are wasting money on security processes — such as applying patches and using antivirus software — which just don't work, according to Cisco's chief security officer John Stewart. Speaking at the AusCERT 2008 conference in the Gold Coast yesterday, Stewart said the malware industry is moving faster than the security industry, making it impossible for users to remain secure."

15 of 503 comments (clear)

  1. Agreed by pak9rabid · · Score: 5, Insightful

    Why pay for it, when there are plenty of free alternatives?

    1. Re:Agreed by morgan_greywolf · · Score: 5, Insightful

      Why pay for it, when there are plenty of free alternatives?
      No, he's saying the free alternatives are wasted effort as well.
      --
      My blog
    2. Re:Agreed by Fast+Thick+Pants · · Score: 5, Informative
      AFAIK, the only free AV products whose license permits business use are:
      • Comodo - Still in beta, lots of false positives. Configuration is all in local text files, so some level of remote management is possible, but they certainly don't provide the tools for it.
      • PC Tools - Requires interaction from the user to do updates, so not a contender.
      • ClamAV is free of course, but does not provide a scan-on-access monitor. More suitable for mail servers than workstations.
      • Winpooch - uses the ClamAV engine for on-access scanning, project seems dead, never tried it.
      • Spyware Terminator - Also does AV using the ClamAV engine. I'd never heard of this one before today, and unfortunately their site design looks a little on the fly-by-night side. They offer a corporate edition with central administration for the wacky price of $2 per seat per year.
      Please add to/subtract from/comment on these if you know something!
    3. Re:Agreed by ichigo+2.0 · · Score: 5, Funny

      Again with the imperial measurements! Just switch to metric already!

    4. Re:Agreed by Beardo+the+Bearded · · Score: 5, Insightful

      Don't you get it?

      The bad guys have access to all the same tools you have. They can get their hands on ClamWin, Avast, AVG, etc. They have full access to Windows in any flavour, every variety of Mac OS, and the rainbow of Linux. These aren't script kiddies farting around in their parents' basement. The "bad guys" are groups of organized professionals that know more about your computer than you do.

      THE MALWARE DOES NOT GET DETECTED BY ANTIVIRUS SOFTWARE BECAUSE THE WRITERS TEST IT USING THE SAME TOOLS WE USE!

      To completely harden your system against an intrusion, you have to patch every single hole and then guarantee that there are no more holes. Further, every program that you install on your computer has to be guaranteed to have no holes. Finally, all your hardware (AND its firmware, I'm looking at YOU, 2-wire!) has to pass the same test - NO HOLES! Ask MS how happy they were with the folks who made GoldenEye.

      To hack into a system, you merely have to find ONE hole. That's it. You're banking the health of your computer on the hopes that not one single person has put in an exploitable bug. Nobody on sourceforge made an error. None of the "featured articles" on TDWTF are in your code. None of the lowest bidders from Elbonia pasted together snippets from codesamples.com. All your pointers are bound, all the copying templates are limited (K&R, I'm calling YOU out on this!), and your multi-threaded application is coded properly. Did someone stay up until midnight to meet an arbitrary deadline? Is your program "good enough for who it's for"?

      And you, just now, said, "I want to spend as little as possible on my security systems". Now, I fully agree that the free alternatives are significantly better than the ones that come bundled with your HP-branded Staples Windows Vista Ultimate Ice-Cream PC (Printer Included with Bundle). But the attitude is, "I'll slap on a few quick and easily downloadable programs and call my system secure." The bad guys get these programs too, and they probably know them as well, or better than, the authours.

      One error, anywhere, and your security becomes "by obscurity". That's really what I use at work and at home. I don't have anything valuable on my computer, and I am not a worthwhile target for phishing, exploiting, hacking, etc.

      Any system is exploitable. One error. That's all it takes.

      --

      ---
      ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
    5. Re:Agreed by Z00L00K · · Score: 5, Insightful
      It exists malware for both Apple and Linux too, but not in the same volume as for Microsoft's OS:es.

      And it's not completely useless to have anti-virus software on your machine, but the problem is that they are always a bit behind so there are always a few that takes a hit before the propagation is halted by updated AV software.

      Unfortunately there have been too many mistakes made throughout history with the intent of making it easy for users to work with a computer. This way of relaxed behavior is kicking back because it also makes it easy to create malware.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  2. Stating the obvious.. by somersault · · Score: 5, Insightful

    Companies are wasting money on Windows ;)

    Patching software does work though, I don't see the alternative if you have an exploitable bug in your code? You want that code fixed. It doesn't matter if no damage can be done to your system, you still want all your applications running as expected.

    --
    which is totally what she said
    1. Re:Stating the obvious.. by thermian · · Score: 5, Insightful

      The problem is Windows

      Don't be naive. The problem is simply worse for Windows because windows is the most heavily used OS.

      This idea that Linux is immune from viruses is just stupid. It's not the primary target of most malware, but it is a target. A poorly configured Linux server is pure gold to a spammer.

      Thinking that you are safe just because you use Linux is, well, dumb.

      And as for Apples various OS products? Well they have only a tiny market share. There isn't going to be the same return on investment of time and effort to attack that as much as windows is attacked.

      --
      A learning experience is one of those things that say, 'You know that thing you just did? Don't do that.' - D. Adams
  3. Quick linux question by thecheatah · · Score: 5, Interesting

    As a desktop linux user, has anyone EVER gotten a virus? Or better yet has any anti-virus program saved your ass?

  4. Problem of assessing success... by johndiii · · Score: 5, Insightful
    If your security works, nothing happens. So it's easy to say that money is "wasted". If the security doesn't work, the problem is a little more obvious.

    I read this story yesterday, and the quote is a little misleading. Here's the context:

    "If patching and antivirus is where I spend my money, and I'm still getting infected and I still have to clean up computers and I still need to reload them and still have to recover the user's data and I still have to reinstall it, the entire cost equation of that is a waste."

    "It's completely wasted money," Stewart told delegates. Exactly. If it does not work, the money spent on it is wasted. Not exactly controversial.
    --
    Floating face-down in a river of regret...and thoughts of you...
    1. Re:Problem of assessing success... by Tony+Hoyle · · Score: 5, Insightful

      AV is like putting more and more buckets in the attic to catch leaks, rather than fixing the holes.

      If your roof isn't leaking all those buckets are wasted money.

      If they're norton buckets they're also (a) glued to the floor so you can't use them anyway, and (b) full of holes themselves.

  5. Disagree by Dop · · Score: 5, Informative

    Correct, patching your systems isn't going to protect you against state-of-the-art malware. What patching does is protect you against script kiddies running exploits that are 6 months old. The majority of the successful attacks I've seen are against old vulnerabilities, not new ones.

    Additionally, patching isn't just about security. It's about fixing software bugs that could cost you time/money later.

  6. clam by Lord+Ender · · Score: 5, Insightful

    Cisco is integrating ClamAV in to their "Cisco Security Agent" HIDS product. They clearly think AV is useful, just not other peoples' AV.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
  7. Re:Agreed -Free For Personal Use by pak9rabid · · Score: 5, Insightful

    Whos says the alternatives have to be anti-virus applications? ;)

  8. That's correct, do not run Windows as admin. by Nick+Driver · · Score: 5, Funny

    I read somewhere that if I didn't run Windows as an admin, that would help a lot

    That's absolutely correct. If you avoid logging onto Windows as Administrator, you greatly lessen your exposure to security hazards. Especially since in the real world you can hardly run any useful software unless you're logged on as admin, therefore your using the Windows box less, and naturally, less use equals less exposure to danger. In fact if you just keep your Windows box powered off, then it will be the absolute most secure against malware.