Antivirus? Who Needs It?

I came across an interesting article today on "Breaking the conventional scheme of infection" at the evil fingers blog site. Actually, it’s by my colleague in Argentinia, ESET Latin America Security Analyst, Jorge Mieres, but I didn’t realize that at first. (The original blog is in Spanish, and if your command of that language is better than mine, you can find it here.)

The article derives from a question asked recently by a journalist about "moderately advanced users who claim not to need antivirus software."

I must admit that there was a time back in the 90s when not all my machines ran antivirus all the time. That wasn’t completely out of arrogance: it was at a time when 99.99% of all viral threats were in some sense user-launched, Trojans were a tiny proportion of the total threat spectrum, and I figured I was smart enough to spot a social engineering ploy from 100 yards in a thick fog. (I’m not sure why I’d be operating a PC in a thick fog: let’s just call it poetic license and leave it at that.)

In my own defence, while I wasn’t in the anti-malware business then, I was working as an IT support professional specialising in security, and fairly well-known in the AV research community. So I was probably almost as safe as I thought I was, though not necessarily as smart.

I guess two things changed for me. One was a gradual but eventually rather dramatic upsurge in "self-launching" threats that can infect or deliver a payload without any action on the part of the victim. The other was a realization that targeted malware and spear phishing were going to become a more than theoretical problem . It dawned on me that it would be perfectly possible for a bad guy to craft a message that would push my own particular buttons and persuade me to open a link or attachment incautiously, if they knew enough about me. (And in these days of social networking, it’s all too easy to find out quite a lot about practically anyone.)

Today there’s too much in the way of self-launching exploits and targeted malware to take that risk unless you’re prepared to spend a lot of time maintaining alternative defences. Even then, I’d consider the extra layer of protection well worth the investment for most people (and almost all Windows users). The days when the everyday user could simply rely on antivirus software to protect himself from all threats are long gone, but it’s still worth putting something in place that’s capable of stopping very high volumes of malware variants. Defence in depth still works for me!

David Harley BA CISSP FBCS CITP
Director of Malware Intelligence

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Securing Our eCity community initiative: http://www.securingourecity.org/

Author David Harley, ESET

  • I’ve been thinking about this for a while. I’m a software developer and think I’m clever enough to avoid user-launched malware. I’ve had my Vista PC at home since Vista came out and kept it up to date but never run anything other than Windows Defender.

    I installed Eset Smart Security yesterday and ran a full scan and found zero infections. So I must have been doing something right.

    On the other hand, that doesn’t mean it will stay that way, and the point about self-launching threats resonates. I’m behind a NAT firewall, but can I trust every website I visit?

    I now think my PC is powerful enough and Eset software lightweight enough for me to not notice it running. In the past, my main experience of AV software has been at work, where it’s been poorly configured on low-power PCs and I’ve often complained that the AV software is worse than the malware.

Follow us

Copyright © 2016 ESET, All Rights Reserved.