Friday, September 28, 2012

a post about not using Antivirus

This slashdot post seems to validate my stand about not using antivirus.

Best AV is almost as good as nothing at all
  The only thing AV provides is a false sense of security. With AV, you're waiting until AFTER an infection occurs and then HOPING the AV company you've chosen has A) seen the malware before, B) bothered to add a signature to their definitions list, and C) is actually capable of removing the virus.

Better ideas: Turning on AppLocker & running most of the time as an unprivileged user. Check out OSSEC for use as a File Integrity Monitor and Host-based Intrusion Detection System. Disable unnecessary services, remove unnecessary programs, use an ad-blocker, a "default deny all" firewall policy and get a 3rd party patch manager to keep all your non-MS bits up to date. Secunia PSI is a free patch manager/vuln scanner for home use - there are others.

For a detailed description of just how bad AV is at protecting systems, check out the blog post at computer-forensics.sans.org

No comments:

Post a Comment