Anti-virus evals waste precious resources

Like the paper they're printed on, for example

  • alert
  • submit to reddit

Protecting against web application threats using SSL


In 1991, essayist Paul Fussell wrote, "The current United States can be defined as an immense accumulation of not terribly acute or attentive people obliged to operate a uniquely complex technology, which, all other things being equal, always wins."

This was BAD, Fussell said. And it was not just an ordinary "bad," like a dead skunk crushed on the highway or the flu, but BAD in capital letters because it is always portrayed as something worthwhile or grand, even when it is quite often not even close to such states.

For something to qualify as BAD requires that one swallow the sham (or at least keep silent about it) that a deplorable or annoying state of affairs, product, or thing is acceptable or, worse, even very good.

Everything that touches computer viruses becomes BAD.

Take, for example, the June issue of Consumer Reports magazine. Devoted to good unbiased product reviews of cars, daily sundries, home appliances and consumer electronics, it tackled anti-virus software. Right off, CR stumbled into computer virus BADness it did not completely understand.

Readers of CR are accustomed to product variety in its reviews. They accept legitimately that there is some level of competition among auto-makers, sellers of diet-programs, or vendors of DVD players and, therefore, that there is some opportunity for choice.

However, Consumer Reports insists there is not much choice in anti-virus software in the U.S. consumer market.

To achieve an acceptable reader comfort level requires brand names that are recognizable to the average homeowner -- perhaps something that can soothingly be observed taking up shelf space in a chain store. In the case of Consumer Reports, the magazine wrote that it tested four products which were "widely available" -- Norton, McAfee, PC-Cillin and Vexira. (Norton and McAfee predictably wound up the winners, their boxes on display.)

However, even within the narrowed confines of the anti-virus market, this was slim pickings. "Widely available," as a qualifier, simply has no meaning in this area, particularly when one is asking readers to subscribe to the idea of regularly "updating" a technology through the Internet. On the Web every product in anti-virus land is just one step away.

But with only a few very minor and obscure exceptions, it has nearly always been this way when anti-virus software is recommended in mainstream publications in America. A rather short list is produced with the only editorially sound product choice being "the Nortafee anti-virus." Realistically, no time need be wasted in making the decision.

Sermons and Factoids

Elaborate testing has always been a moot point because of this long-standing condition in the American marketplace. The results of rigorous comparative scanning of vast and carefully categorized virus libraries by every product no matter how obscure one personally thinks them to be has never held much currency at the American consumer and corporate levels.

For anti-virus software testing not to be BAD requires an honest admission to readers that this is the way things have always been and that there is little or no choice in product if purchasing decisions are based on what is read in mainstream publications.

This becomes even more painfully obvious when applied to corporate USA, given the current average level of savvy and thinking on the subject. Much better would be to realize, perhaps cynically, that product testing is simply a waste of time.

Equally BAD is the baggage that generally accompanies published consumer recommendations. You know them. There is the slogan that anti-virus software is essential to every good citizen connected to the Net. There's the statement to the effect that the tens of thousands of viruses stocked in anti-virus labs somehow demonstrates a grave problems everywhere. And last, always the admonition to remember to update like a good little boy or girl.

All are examples of mincing talk on the virus subject that numbingly repeats the same obvious and often stupid pieties over and over. The style and content presumes that all who use computers are one of two types: Those who must be gently or optimistically coddled with bits of "Holy Cow!" information and then scolded into protecting themselves from the virus menace, or those who suffer from a strange variation on Alzheimer's disease in which they can remember nothing about computing technology past the time it takes to read about it on the printed page.

For the published debate not to be BAD would require frequent and vexing blunt talk (not restricted to a few token specialty publications) about how anti-virus technology and the updating limitation, by definition, guarantees that there will always be computer virus surprises in the mail.

Escaping the BADness mandates, too, a recognition that the "immense accumulation" of Paul Fussell's inattentive Americans who choose to operate technology will continue to receive unexpected thrashings by way of virus from it.

It calls for the wisdom to realize that as an entrenched state of affairs, this cannot be remedied by testing, better product feature integration, updating, hectoring, advice columns, government fiat, study groups, newsletters, warning lists, consortia, more software, professors of computer science, or me or you. It's delusional to be in denial about it.

© 2002 SecurityFocus.com, all rights reserved.

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story


Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.