Thursday, 27 October 2011

Anti-virus myths busted

Last week I gave the début presentation of my anti-virus myths talk at the London International Technology Show.

A few people have asked for access to the basic information that I used, so here it is. The talk lasted for around 40 minutes so this really is a bare-bones summary.

Myth #1: Anti-virus protects 100%
Real-world protection tests by Dennis Technology Labs (DTL) and other testers show that even well-known brands of security software can be compromised by malware.

Myth #2: Anti-virus slows PCs
In performance tests conducted by DTL, most popular anti-virus software makes virtually no impact on general system performance.
However, system startup (boot) times can be affected, as can shutdown times. These are important because they are very noticeable by users.
Myth #3: I don’t need it (I’ve never been infected)
Current threats tend not to make themselves known to the casual observer. Rootkits make it hard, even for experts. 
Myth #4: Viruses stay in the bad bits of the internet
While some areas of the internet are riskier than others, legitimate sites can be infected. We demonstrated a real, legitimate site infecting our test PC.
Myth #5: Protection costs a lot
Free products are OK, while commercial products often come with multiple licenses.
Myth #6: Avoid Internet Explorer
All popular browsers have security holes. Internet Explorer has fewer known issues than Opera and Firefox. Chrome and Safari are not immune*.
Myth #7: My ISP will save me
There is no business reason why it would, without raising subscription costs. We covered various options to reduce exposure to threats, including ISP-like techniques such as using special DNS services.
Myth #8: Salvation is a Mac, Linux or Android
Attackers go for popular systems. As Mac and Android users become more prevalent so will the threats to those systems. There are more known sets of vulnerabilities for OS X and Linux than there are for Windows*.

The following video clip was taken by one of the audience. Special thanks to PDTalkinTech for providing the photos and this video footage from part of the presentation:



* Data on software vulnerabilities was provided by Secunia.