The other day this blog entry came through my RSS reader and got me thinking. Security technologist and author Bruce Schneier wrote a post called Is Antivirus Dead? He summarized his post with
“Bottom line: antivirus software is neither necessary nor sufficient for security, but it’s still a good idea. It’s not a panacea that magically makes you safe, nor is it is obsolete in the face of current threats. As countermeasures go, it’s cheap, it’s easy, and it’s effective. I haven’t dumped my antivirus program, and I have no intention of doing so anytime soon.”
Reading the rest of the article, as well as some of his other articles you see that he believes in the security onion.
Well more often referred to as a layered approach to security it is your best bet when looking at how to protect your organization, your home, really anything you want to secure. That is why we implement password policies, firewalls, access control lists, as well as other layers of security, including anti-virus. No single tool, policy or resource will protect you, but combined they offer a solution.
That is why you see most leading anti-virus applications, like Microsoft Forefront use multiple scanning engines. While vendor X might be first out the door with signatures for today’s virus, vendor Y might be first tomorrow and vendor Z the day after. By utilizing the scanning engines from all three vendors you’d always be up to date and protected. If you are using Microsoft Forefront there is some important news you need to know!
Microsoft is revising its engine mix on Dec. 1, 2009 for the Forefront and Antigen products. This change will allow customers to utilize a set of engines that help optimize detection, while also allowing us to invest in new areas for increasing overall protection for customers. The AhnLab, CA, and Sophos engines will be retired on Dec. 1, 2009. After December 1st, customers will not receive any updates for these retired engines. In order to make sure your Antigen and Forefront products continue to scan efficiently and effectively for malware, any customers running the AhnLab, CA, or Sophos engines must DISABLE these engines before Dec. 1, 2009 and select from the new set of five engines – Authentium, Kaspersky, Microsoft, Norman, and VirusBuster.