Is antivirus software really necessary?

[catch]

If people will pay for it, why not sell it? Remember, it has very little to do with need. Go to a grocery store sometime and see how many things that they sell which you not only don't need but are outright bad for you.

cheers,

catch

[karmine]

i personally don't use any AV at all. i have been using comps for many years and i know when i have a virus or spyware. also i don't download a lot of executables except from trusted sources. the only things i use to worry about were spyware/malware but ever since firefox came out theres really no need ATM for spybot/ad-aware even. they will find a way around that of course if they already haven't. but of course i share my computer and others who use it cry about certain pictures not being able to be viewed so they use IE which totally defeats the whole FF security i wanted to begin with. ;\

[ss2chef]

Originally posted here by catch
If people will pay for it, why not sell it? Remember, it has very little to do with need. Go to a grocery store sometime and see how many things that they sell which you not only don't need but are outright bad for you.

cheers,

catch

To make a ridiculous analogy even more so.....

You are right, I don't need to purchase bug spray but with West Nile Virus going on around here, I am VERY glad I have it when I need it...!!

[catch]

So it is your argument that everything for sale is good to have?

Seriously, how obtuse can you possible be ss2chef?

cheers,

catch

[!mitationRust]

Regarding Mario tinto and his credentials. I did a search for that alias in the military police archives.

Mario Tinto is an Engineering Specialist in the Trusted Computer Systems Department at the
Aerospace Corporation. Prior to this position, he had an outstanding career at the NSA, a leader in the Common Criteria development, a lead evaluator and standards developer and a technical resource that was used to solve hard problems.

His name is plastered all over a slew of PDF's in the acknowledgements.

He's with the NCSC and NSA over a decade with one... etc

the only things I use to worry about were spyware/malware but ever since firefox came out theres really no need ATM for spybot/ad-aware even. they will find a way around that of course if they already haven't. but of course i share my computer and others who use it cry about certain pictures not being able to be viewed so they use IE which totally defeats the whole FF security i wanted to begin with.

Reduced assurances are not what I had in mind, more like high assurance. "How do we get “warm fuzzies” about the security of a system?" ~ Mario Tinto “warm fuzzies” that's great.... a favorite movie.

Add, add, add (that's all I see on the TV/"pop security""Yes men""Dullards") from what I've been taught it typically takes, takes, takes more from security than adding to it (the TV lies).

GOD has spoken on current hour flawed assumptions.
"Current security efforts suffer from the flawed assumption that adequate security can be provided in applications with the existing security mechanisms of mainstream operating systems." ~ http://www.nsa.gov/selinux/papers/inevit-abs.cfm (these are the commercials I'd rather being viewing)

A simpler system is more secure then a complicated one, and every TOS design PDF I've read has barked this basic security principal, so I take it to be logically correct, and since I have no desire to reinvent a "wheel" made in the 70's-80's, I accept that principle as being tried and true, logically and mathematically sound advice.


But I have Megadethblaring in my ears and I've had a few shots and some Killian's.

[ss2chef]

Originally posted here by catch
So it is your argument that everything for sale is good to have?

Seriously, how obtuse can you possible be ss2chef?

cheers,

catch

hehe um no.... I do however like to use bug spray when I am operating around bugs.
Please re-read, maybe this time with your glasses on...

Bottom line here is I have never had a problem with your thoughts on AV and need.

Your blanket statement about DoD not having AV policy in place is wrong and bordering on
naive. You presented a DoD affiliated persons opinion on the value of AV which does nothing to support your claim.

If you are going to puff out your chest and list YOUR affiliations, okay you did so.
Now, I'm calling your claim BS as I live with the DoD AV policy EVERY DAY!!!!!

[catch]

Perhaps you need to reread my posts again... the use of AV on DoD systems is based on the level of assurance. High assurance systems have no AV, lower assurance systems do... I've stated this repeatedly... apparently you work in a low assrance environment.

And um... what affiliations did I puff my chest out about?

cheers,

catch

[SawPer]

Originally posted here by catch
I am arguably the biggst advocate of NT security on this site. I freely and frequently state that that NT security is superior to UN*X security.

Sorry... yeah, that is kinda funny.. hehe!

The number of viruses makes no difference, and I never said that it will prevent every single virus ever from causing harm. I said it will outright stop most and dramatically limit the damage possible by others. To the point where the costs saved by an AV are less than the cost of using one plus the new vulnerabilities introduced by the AV itself.
Security isn't about being 100% safe, it is about cost avoidance.

And would you consider your environment to be a low or high assurance one?

Okay, I guess we have reached the point were we both understand each other, and how it all depends on the different environments.
It all depends on how you define "High Assurance" I guess...
I may not have as "High Assurance" as you, but we are still required to have it as secure as we can, with all the student information and stuff, HR and Payroll etc...
But like in my wife's case for example, working for the military, they have a very high security policy. Workstations are tightly locked down, but they still have an A/V solution in place.
So in my case, I wouldn't agree to your last statement. There are cases when security IS about being "100%" safe and cost comes secondary.

Also if you can't prevent every single virus, how then do you know for sure you don't have a virus? Maybe you have a virus that might not be very destructive and detectable by general network monitoring tools and stuff, but would easily be detected by an A/V solution?

Just my last thoughts. I'm guessing netiher of us will change, we both have different environments and both work well. However it was nice to dive in to some deeper thoughts and share different views on something so "basic" at first thought.. heh!

Thanks Catch for staying in here through this whole discussion!

[catch]

There are cases when security IS about being "100%" safe and cost comes secondary.

Even at the most secure military installations cost still is king... you never want to spend more money in protection than the likely losses incurred by disclosure, alteration or destruction. Otherwise the protection is more damaging than compromise would be.

Also if you can't prevent every single virus, how then do you know for sure you don't have a virus? Maybe you have a virus that might not be very destructive and detectable by general network monitoring tools and stuff, but would easily be detected by an A/V solution?

If the virus is incurring a loss via unauthorized propagation, data destruction, or otherwise... it should be detectable by the security systems in place. These security systems however are overkill for most systems, hence they use AV instead. If the virus is causing no damage at all, why worry about it? This system I am on now has a few hundred viruses on it, all of them inactive... should I lose sleep over this? Should I spend money "fixing" it?

(To close, the Windows NT line (NT4, 2k, XP, 2003) has security capabilities not only equal to many of the following systems, but in many cases actually exceeding them.)

A partial list of systems that rarely, if ever (many have no AV available) run AV software:

Linux
OpenBSD
FreeBSD
Solaris
HP-UX
AIX
QNX
Pitbull
STOP
AS/400

The question was: "Is antivirus software really necessary?"

cheers,

catch

[Ratmonkey]

Doesn't it all really just come down to "Need"? If I have a system with no connection out side the box, and no way for media to be inserted, then I do not "need" AV.

If I have some sort of connection to the outside world, where viruses/worms/trojans are a possiblity, it would make sense to have protective measures. This could be in the form of IDSs, firewalls, malware removers, security team and antivirus. Another item to think about is, what is the system used for? what is it connected to? Is the machine reloaded after each use (image)?

So, I think it all comes down to:

A) Is it possible for the machine to be infected?
B) If infected, will it compromise - Production, Information Security or System Performance
c) If a virus can cause a problem, take the proper measures to protect and remove it
D) Whatever the proper measure is, use it.

This seems to make sense to me. It's kind of like the idea of 'least need'. Don't over kill the system with protective software if it isn't needed. But at the sametime, don't neglect the possibility of system/data damage. It's a balance that is deffinantly worth thinking about.

-The Rat.