January 08, 2008Best Tech Leaves You "Only" 14% Exposed
Spam Wars readers know about my belief in the triumvirate of defenses against spammers, scammers, and hackers:
- The Law
- User Education
Only the first two have gained any traction in the last 10 years, and of those two, Technology is the sexiest. It gets more consistent headlines and has become an industry unto itself, capable of supporting dozens of companies around the world (which generate more press releases for more headlines...the circle of PR life). But readers of my book and this blog know that I fear for users who rely entirely on technology to save their butts. Some more evidence surfaced to reinforce my fears.
As reported at the Sophos blog, an independent group called AV-Test periodically performs comparison tests of anti-virus software. Although the report referenced by Sophos is not yet at the AV-Test site, Sophos must have early access to it. The blog entry proudly shows the company's product's top-rated performance in detecting new viruses appearing in the wild (July-September 2007) without the need for a whack-a-mole-like virus definition update.
While it's true that, according to the chart apparently taken from the AV-Test report, Sophos was, on aggregate, way ahead of other name brands, the average success rate over the three-month period was 86%. Or, to flip it on its head, 14% of the time, your system was vulnerable if you hadn't fetched the latest update.
I'm sorry, but when it comes to relying on technology to protect our computers, grading on a curve just doesn't cut it. Getting the best score of 86 on a Calculus test when all of your classmates are armadillos is not something to be that proud of.
The test results reveal almost a contempt for potential customers when you consider the marketing hype accompanying every commercial antivirus product on the shelves (I'm not singling out Sophos on this point). Based on product "promises," users' expectations of automatic protection are very high, especially when typical users most likely don't fully understand the technological problems caused by malware or the cures offered by AV products.
Lest you think for a moment that I am anti-anti-virus, you'd be mistaken. I wouldn't let a Windows PC connect to anything by any medium without having both antivirus and firewall software running.
Messaging (email, IM, in-site message systems) is still the primary vector for infection, whether by attachment, embedded HTML retrievals, or lures to malware-infecting web sites. Informed handling of electronic messages that get through other front-line defenses needs to be improved everywhere. Once an Evil Message makes it into the inbox, an educated user is the best defense against attack. Let the anti-virus software be there to handle the accidents—to act as a kind of Depend undergarment for those times when you can't control your mouse button finger.Posted on January 08, 2008 at 02:19 PM