Anti-virus evals waste precious resources

Like the paper they're printed on, for example

  • alert
  • submit to reddit

The Essential Guide to IT Transformation


In 1991, essayist Paul Fussell wrote, "The current United States can be defined as an immense accumulation of not terribly acute or attentive people obliged to operate a uniquely complex technology, which, all other things being equal, always wins."

This was BAD, Fussell said. And it was not just an ordinary "bad," like a dead skunk crushed on the highway or the flu, but BAD in capital letters because it is always portrayed as something worthwhile or grand, even when it is quite often not even close to such states.

For something to qualify as BAD requires that one swallow the sham (or at least keep silent about it) that a deplorable or annoying state of affairs, product, or thing is acceptable or, worse, even very good.

Everything that touches computer viruses becomes BAD.

Take, for example, the June issue of Consumer Reports magazine. Devoted to good unbiased product reviews of cars, daily sundries, home appliances and consumer electronics, it tackled anti-virus software. Right off, CR stumbled into computer virus BADness it did not completely understand.

Readers of CR are accustomed to product variety in its reviews. They accept legitimately that there is some level of competition among auto-makers, sellers of diet-programs, or vendors of DVD players and, therefore, that there is some opportunity for choice.

However, Consumer Reports insists there is not much choice in anti-virus software in the U.S. consumer market.

To achieve an acceptable reader comfort level requires brand names that are recognizable to the average homeowner -- perhaps something that can soothingly be observed taking up shelf space in a chain store. In the case of Consumer Reports, the magazine wrote that it tested four products which were "widely available" -- Norton, McAfee, PC-Cillin and Vexira. (Norton and McAfee predictably wound up the winners, their boxes on display.)

However, even within the narrowed confines of the anti-virus market, this was slim pickings. "Widely available," as a qualifier, simply has no meaning in this area, particularly when one is asking readers to subscribe to the idea of regularly "updating" a technology through the Internet. On the Web every product in anti-virus land is just one step away.

But with only a few very minor and obscure exceptions, it has nearly always been this way when anti-virus software is recommended in mainstream publications in America. A rather short list is produced with the only editorially sound product choice being "the Nortafee anti-virus." Realistically, no time need be wasted in making the decision.

Sermons and Factoids

Elaborate testing has always been a moot point because of this long-standing condition in the American marketplace. The results of rigorous comparative scanning of vast and carefully categorized virus libraries by every product no matter how obscure one personally thinks them to be has never held much currency at the American consumer and corporate levels.

For anti-virus software testing not to be BAD requires an honest admission to readers that this is the way things have always been and that there is little or no choice in product if purchasing decisions are based on what is read in mainstream publications.

This becomes even more painfully obvious when applied to corporate USA, given the current average level of savvy and thinking on the subject. Much better would be to realize, perhaps cynically, that product testing is simply a waste of time.

Equally BAD is the baggage that generally accompanies published consumer recommendations. You know them. There is the slogan that anti-virus software is essential to every good citizen connected to the Net. There's the statement to the effect that the tens of thousands of viruses stocked in anti-virus labs somehow demonstrates a grave problems everywhere. And last, always the admonition to remember to update like a good little boy or girl.

All are examples of mincing talk on the virus subject that numbingly repeats the same obvious and often stupid pieties over and over. The style and content presumes that all who use computers are one of two types: Those who must be gently or optimistically coddled with bits of "Holy Cow!" information and then scolded into protecting themselves from the virus menace, or those who suffer from a strange variation on Alzheimer's disease in which they can remember nothing about computing technology past the time it takes to read about it on the printed page.

For the published debate not to be BAD would require frequent and vexing blunt talk (not restricted to a few token specialty publications) about how anti-virus technology and the updating limitation, by definition, guarantees that there will always be computer virus surprises in the mail.

Escaping the BADness mandates, too, a recognition that the "immense accumulation" of Paul Fussell's inattentive Americans who choose to operate technology will continue to receive unexpected thrashings by way of virus from it.

It calls for the wisdom to realize that as an entrenched state of affairs, this cannot be remedied by testing, better product feature integration, updating, hectoring, advice columns, government fiat, study groups, newsletters, warning lists, consortia, more software, professors of computer science, or me or you. It's delusional to be in denial about it.

© 2002 SecurityFocus.com, all rights reserved.

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.