Anti-virus evals waste precious resources

Like the paper they're printed on, for example

  • alert
  • submit to reddit

Internet Security Threat Report 2014


In 1991, essayist Paul Fussell wrote, "The current United States can be defined as an immense accumulation of not terribly acute or attentive people obliged to operate a uniquely complex technology, which, all other things being equal, always wins."

This was BAD, Fussell said. And it was not just an ordinary "bad," like a dead skunk crushed on the highway or the flu, but BAD in capital letters because it is always portrayed as something worthwhile or grand, even when it is quite often not even close to such states.

For something to qualify as BAD requires that one swallow the sham (or at least keep silent about it) that a deplorable or annoying state of affairs, product, or thing is acceptable or, worse, even very good.

Everything that touches computer viruses becomes BAD.

Take, for example, the June issue of Consumer Reports magazine. Devoted to good unbiased product reviews of cars, daily sundries, home appliances and consumer electronics, it tackled anti-virus software. Right off, CR stumbled into computer virus BADness it did not completely understand.

Readers of CR are accustomed to product variety in its reviews. They accept legitimately that there is some level of competition among auto-makers, sellers of diet-programs, or vendors of DVD players and, therefore, that there is some opportunity for choice.

However, Consumer Reports insists there is not much choice in anti-virus software in the U.S. consumer market.

To achieve an acceptable reader comfort level requires brand names that are recognizable to the average homeowner -- perhaps something that can soothingly be observed taking up shelf space in a chain store. In the case of Consumer Reports, the magazine wrote that it tested four products which were "widely available" -- Norton, McAfee, PC-Cillin and Vexira. (Norton and McAfee predictably wound up the winners, their boxes on display.)

However, even within the narrowed confines of the anti-virus market, this was slim pickings. "Widely available," as a qualifier, simply has no meaning in this area, particularly when one is asking readers to subscribe to the idea of regularly "updating" a technology through the Internet. On the Web every product in anti-virus land is just one step away.

But with only a few very minor and obscure exceptions, it has nearly always been this way when anti-virus software is recommended in mainstream publications in America. A rather short list is produced with the only editorially sound product choice being "the Nortafee anti-virus." Realistically, no time need be wasted in making the decision.

Sermons and Factoids

Elaborate testing has always been a moot point because of this long-standing condition in the American marketplace. The results of rigorous comparative scanning of vast and carefully categorized virus libraries by every product no matter how obscure one personally thinks them to be has never held much currency at the American consumer and corporate levels.

For anti-virus software testing not to be BAD requires an honest admission to readers that this is the way things have always been and that there is little or no choice in product if purchasing decisions are based on what is read in mainstream publications.

This becomes even more painfully obvious when applied to corporate USA, given the current average level of savvy and thinking on the subject. Much better would be to realize, perhaps cynically, that product testing is simply a waste of time.

Equally BAD is the baggage that generally accompanies published consumer recommendations. You know them. There is the slogan that anti-virus software is essential to every good citizen connected to the Net. There's the statement to the effect that the tens of thousands of viruses stocked in anti-virus labs somehow demonstrates a grave problems everywhere. And last, always the admonition to remember to update like a good little boy or girl.

All are examples of mincing talk on the virus subject that numbingly repeats the same obvious and often stupid pieties over and over. The style and content presumes that all who use computers are one of two types: Those who must be gently or optimistically coddled with bits of "Holy Cow!" information and then scolded into protecting themselves from the virus menace, or those who suffer from a strange variation on Alzheimer's disease in which they can remember nothing about computing technology past the time it takes to read about it on the printed page.

For the published debate not to be BAD would require frequent and vexing blunt talk (not restricted to a few token specialty publications) about how anti-virus technology and the updating limitation, by definition, guarantees that there will always be computer virus surprises in the mail.

Escaping the BADness mandates, too, a recognition that the "immense accumulation" of Paul Fussell's inattentive Americans who choose to operate technology will continue to receive unexpected thrashings by way of virus from it.

It calls for the wisdom to realize that as an entrenched state of affairs, this cannot be remedied by testing, better product feature integration, updating, hectoring, advice columns, government fiat, study groups, newsletters, warning lists, consortia, more software, professors of computer science, or me or you. It's delusional to be in denial about it.

© 2002 SecurityFocus.com, all rights reserved.

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.