Sign up to our newsletter
Modern cars are designed with crumple zones. These crumple zones help to decrease the risk of death in a severe car accident. Modern cars also have airbags. The airbags reduce your risk of death or injury in the case of an accident. If you don’t use a seatbelt your airbag and crumple zone are unlikely to offer you much protection at all.
There was a day that antivirus software could protect you against almost all of the viruses in the world, but that day was significantly more than a decade ago. In today’s environment the bad guys will not release some of their malware until they have tested it and are certain that it will not be detected when it is released.
Various reports rate the effectiveness of antivirus software as low as about 25% detection. I don’t know how accurate the numbers are, but I can tell you this. If you approach security from the mindset of defense-in-depth and then say “antivirus” is a part of my defense and that part is reducing my risk by 25%, then you can see that even with far less than 100% detection, antivirus is still making a significant contribution to your security.
Education and wisdom are the most significant parts of defense in depth. If you know that Hotmail will never ask you for your password, then you are protected from phishing attacks that claim you will lose your Hotmail account if you don’t provide your password. If you know that pirated software is far more likely to have a virus or trojan in it, it won’t help if you are not wise enough to not download pirated software. The combination of knowledge and wisdom afford a lot of protection though.
Personal firewalls help with security, add-ons, like NoScript for Firefox can help with security. Each layer of defense in depth makes you incrementally more secure. None of the technologies alone can do the whole job, or even most of the job though.
So, when you see reports that antivirus software misses X% of the malware out there, remember, it is not possible for antivirus to detect 100%. The purpose of antivirus is to contribute to security and it does make a significant contribution to defense in depth.
The more educated you are, the less likely you will need your antivirus software. The less educated you are, the more you need the protection, but you still have far greater risk. Like a goalie, if your AV takes enough shots on goal then something will get by.
Director of Technical Education
Author ESET Research, ESET