Yesterday at the EICAR conference in Berlin <http://www.eicar.com> Dr. Fred Cohen was the keynote speaker. For any of you who do not know of Dr. Cohen, he is credited with coining the term virus to describe a self-replication program. Dr. Cohen also is credited with writing the first computer virus. The virus was written as a proof of concept and was then destroyed.
During the presentation Dr. Cohen, who also proved that 100% detection is impossible, stated that computer antivirus doesn’t work. This is a very simplistic statement however because it is dependent on a very narrow definition of “work”. By Dr. Cohen’s definition, which was vague at best, traffic lights don’t work, seat belts don’t work, and pretty much nothing else in the world works. Traffic lights don’t always make cars stop when they should. People wearing seat belts sometimes still get injured or die in car accidents. Viruses sometimes still go undetected.
To illustrate his point Dr. Cohen indicated that there are 10,000 infected computers that have been infected for a long time. Dr. Cohen failed to mention whether or not those computers are running a current antivirus solution, or what the computers were infected with.
If you use a definition that says antivirus is supposed to decrease your risk then it is clear that antivirus software does work. If you mean does anti-virus make you secure, then the answer is no, nothing makes you secure, but if you ask does the use of anti-virus decrease risk, then the obvious conclusion is that antivirus does decrease risk and that is its job. So yes, antivirus does work, as long as you don’t expect that antivirus alone will make you secure.
Dr. Cohen is well known for making controversial comments designed to stimulate discussion!
Director of Technical Education
Author ESET Research, We Live Security