It was a good question; one that needed to be asked and definitely one that needed to be answered:
"Gizmo, each day my anti-virus scanner updates its signatures, my anti-spyware program updates its signatures as does my anti-trojan program. It seems to me they are all doing the same thing so why don't we have just one program that does the lot?"
Indeed, why not? Why do we have separate anti-virus, anti-spyware and anti-trojan programs anyway?
The answer to that question lies in the history of computer security, and it's a very interesting history indeed.
In 2003 I tested Norton, McAfee and a few other AV scanners against a large batch of trojans, and their detection performance was very poor. Only Kaspersky AV performed creditably.
Yes, in those days you needed a specialist anti-trojan scanner to catch a trojan.
That's because these new-generation trojans used some sneaky tricks like process injection and polymorphism to avoid detection. Simple signature-based AV file scanners had little chance of catching them. You needed smarter, more powerful detection techniques. The then-emerging class of anti-trojan programs employed these techniques and that's why they were so much more effective against the trojan threat.
So we all needed anti-trojan programs on our computers.
The historical situation with anti-spyware programs was a little different. It may surprise some readers to learn that anti-spyware programs originally emerged not so much to combat spyware, but rather to remove advertising from software. This history is reflected in the names of these early products, such as Ad-Aware.
The AV programs at that time couldn't remove adware. Not because they weren't able to do so, but rather because the AV vendors didn't see adware as a security threat. Additionally, there was a view at that time that removing ads from advertising-supported products was somewhere between unethical and illegal. A view which was, I might say, more widely held among software developers than consumers :>)
But times changed. Adware moved from being annoying but benign to being actively intrusive. Products like Gator emerged that gathered information from consumers and reported it back to the vendors, often without any agreement or knowledge of the user. All of a sudden spying became the problem, not advertising. And while adware may not have been considered a threat, spyware certainly was.
The AV developers were not prepared for this, but the anti-adware vendors were. They changed and upgraded their products and re-positioned them as an essential defense against the new emerging spyware threat.
So now we all needed an anti-spyware scanner in addition to an anti-trojan scanner and an AV scanner. Computer security had suddenly become a boom industry.
But recently the smiles have been disappearing from the faces of security software vendors. The emergence of new hostile products such as blended threats that variously combined viruses, worms, trojans and spyware into a single product has blurred the neat boundary between different types of computer security threat. We have entered into the age of malware.
To survive, security vendors have had to respond by expanding their product's capabilities. Take the case of Ewido. It started life as an anti-trojan program. As spyware became more prominent Ewido started targeting spyware in addition to trojans. Finally, it was bought by the security developer AVG to bolster their anti-virus products.
And you can see the same trend across the whole security industry. Every computer security developer wants their product to address all security threats, not just individual categories of threat.Indeed, just today as I was writing this editorial I received a press release saying the Avast! AV program has been expanded to include anti-spyware and anti-rootkit features.
So today, what's the difference between a modern anti-spyware program like WebRoot SpySweeper with its newly-acquired anti-virus capabilities and a modern anti-virus program such as Norton 360 which has anti-spyware capabilities?
The answer is "not a lot." In essence, they are both now anti-malware scanners.
So do you still need an AV program plus an anti-spyware program and an anti-trojan scanner?
For the majority of average users the answer is no. A single competent broad spectrum anti-malware product is enough. My recommendations here include AntiVir, NOD32, Kaspersky, BitDefender, Norton and a few others.
Of course, not everyone is an average user. Users who engage in high risk activities, like sourcing their software from P2P services, should load up their PC with all the protection they can get. Similarly, there are users for whom the best possible protection is paramount, regardless of cost or performance implications. Finally, users of freeware scanners who cannot afford a premium product may be well advised to use more than one signature-based scanner.
However, for average users who are prepared to invest in a top anti-malware scanner, one signature-based product is enough. The small increment in protection offered by having multiple signature based scanners is simply not worth the financial cost, operational hassle and the reduction in computer performance.
If you want to increase your security, you are much better off putting the effort into other initiatives, such as safer computing practices, a good firewall with a built-in HIPS or using a sandbox for surfing. And you can do this without spending a cent.
What I have said in this editorial is the opposite of what I advised you a few years back. That's because times have changed; the security threats are different, as are the security products available. When circumstances change, I change my opinion; so should you.
It's in the interests of computer security product vendors to create a climate of fear, because it helps them sell their products. That fear is not without some justification, but fear should not be allowed to turn into paranoia.
These days, when I receive letters from subscribers telling me how they have loaded up their PCs with six or eight different signature based scanners, I can only wince. This is a victory for the fear mongers and a defeat for the forces of reason.
0 comments:
Post a Comment