Antivirus Doesn’t Work


Yesterday at the EICAR conference in Berlin <> Dr. Fred Cohen was the keynote speaker. For any of you who do not know of Dr. Cohen, he is credited with coining the term virus to describe a self-replication program. Dr. Cohen also is credited with writing the first computer virus. The virus was written as a proof of concept and was then destroyed.

During the presentation Dr. Cohen, who also proved that 100% detection is impossible, stated that computer antivirus doesn’t work. This is a very simplistic statement however because it is dependent on a very narrow definition of “work”. By Dr. Cohen’s definition, which was vague at best, traffic lights don’t work, seat belts don’t work, and pretty much nothing else in the world works. Traffic lights don’t always make cars stop when they should. People wearing seat belts sometimes still get injured or die in car accidents. Viruses sometimes still go undetected.

To illustrate his point Dr. Cohen indicated that there are 10,000 infected computers that have been infected for a long time. Dr. Cohen failed to mention whether or not those computers are running a current antivirus solution, or what the computers were infected with.

If you use a definition that says antivirus is supposed to decrease your risk then it is clear that antivirus software does work. If you mean does anti-virus make you secure, then the answer is no, nothing makes you secure, but if you ask does the use of anti-virus decrease risk, then the obvious conclusion is that antivirus does decrease risk and that is its job. So yes, antivirus does work, as long as you don’t expect that antivirus alone will make you secure.

Dr. Cohen is well known for making controversial comments designed to stimulate discussion!

Randy Abrams
Director of Technical Education

Author , ESET

  • from the sound of it, cohen was employing an argumentum ad numerum approach which i think can be countered by revealing the relative scale of the computer population he referenced…

    the peak population of conficker was reported to be in the 10 million range, and the total number of computers is somewhere in the 100 million to billion range… that makes the 10,000 computers he’s talking about less than 0.1% (and maybe less than 0.01%) of the total population of computers…

    that’s 3 or more standard deviations away from the norm – he tried to prove his point using statistical outliers…

    “Dr. Cohen is well known for making controversial comments designed to stimulate discussion!”

    that’s a very diplomatic way of putting it…

Follow us

Copyright © 2017 ESET, All Rights Reserved.