Monday, October 25, 2010

pity the anti-virus naysayer

pity the anti-virus naysayer, for when one decries the failure of anti-virus one reveals the failure in oneself
i don't think it's necessarily all that interesting to talk about the AV is dead movement anymore - saying anti-virus (or anything else security-wise) is dead is a pretty obvious cry for attention. instead in this post i want to look at the popular notion of "the failure of AV".

when one talks about the failure of anti-virus, what has anti-virus failed to do in the most general sense? failed to stop malware XYZ? failed to protect the endpoint from a specific attack? no, those are all reasonable failures not really worthy of being harped on if you accept that no preventative measure is perfect. in the most general sense, when one talks about the failure of anti-virus one is talking about the failure of anti-virus to live up to one's own expectations.

but are those expectations reasonable? in all likelihood they aren't. they are expectations born not out of an understanding of AV, but rather out of listening to marketing (stop listening to marketing!). if you truly understood AV then your expectations would be a pretty close match to reality, so incidental failures wouldn't surprise you or be a cause for concern. if you really understand AV then those incidental failures should be anticipated and planned for.

therefore, when one decries the failure of AV, it is because one doesn't actually understand it, one hasn't anticipated the incidental failures and made plans for them. it is a failure of understanding that happens all too often, where one tries to use marketing bullshit as a substitute for actual knowledge but only winds up with mismatched expectations. actual knowledge has no substitute and can often be hard to come by. "the failure of AV" may get you brownie points in populist crowds, but it's too facile a conclusion to be useful in the larger scheme of things.