Malware, Network Security, Vulnerability Management

Debate: Anti-virus is essential



David Harley, ESET senior research fellow

Malware is no imaginary problem, especially on Windows PCs: Anti-virus labs see tens and even hundreds of thousands of new samples daily, and infections are all too common. It's better to ask, are there instances where anti-virus is not necessary? Perhaps. For instance, if your system can't trade data or applications with other systems; if it runs an operating system for which there is no known malware and no possibility of a zero-day attack against the OS or applications; if there is no way of installing any application that hasn't been screened proactively and with 100 percent effectiveness by system and connectivity providers; if you're a techie with the time, knowledge and skills to avoid any situation that poses any risk whatsoever; and, if you can, properly administer alternative and multi-layered security approaches, such as whitelisting and log analysis.

But those are scenarios that fit a small proportion of computer users, and even in some of those cases, anti-virus remains a helpful supplementary precaution.


Jeremiah Grossman, founder and CTO of WhiteHat Security

Let's make one thing clear: It's not a question of using anti-virus software or not, it's a question of how much should be spent on it.

As Gartner reports, consumers will spend nearly $5 billion this year on AV software. This is far too much money for something with such a poor track record, and one the bad guys evade almost at will. It is far too much, especially when free alternatives, like Microsoft Security Essentials, give consumers the bulk of what they need and allows them to spend money on things that actually protect their data.

Computers crash, people get hacked, bad guys steal personal data – victims suffer the consequences with or without AV software. Consumers, and businesses too, must not view AV as a primary defense. A better way for consumers to protect themselves is to take three steps that will save them money and protect their digital assets:

First, install “free” AV software. Next, invest in a good backup solution. And finally, upgrade the web browser.

Jeremiah Grossman

Jeremiah Grossman is a world-renowned expert in information security, a highly acclaimed security researcher, and an industry innovator. Over the last 20 years, Jeremiah pioneered application security as the founder of WhiteHat Security and served as Chief of Security Strategy for SentinelOne, focusing on ransomware and EDR. Today, as CEO of Bit Discovery, he’s taking on arguably the hardest and most important unsolved problem in the entire industry — attack surface management.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.