The Myth of Virus Protection

(Alternate title: "Zen and the Art of Virus Protection")

In my service business, I've seen computers with no antivirus software installed that had remained largely virus-free after many years of use. I've also seen computers seriously infected with all sorts of virus or malware, despite being festooned with nearly every anti-virus, -spyware, -malware, and -trojan software extant. Even worse, I've seen computers so occupied with fighting off imaginary foes that insufficient resources remained for the computer to smoothly perform even the most basic of functions.

So I'm going to stick my neck out and suggest that, like flying cars, dark matter, and airport security, there's no such thing as complete antivirus protection.

While nearly all antivirus systems do a competent enough job of eradicating problems that have already occurred — perhaps months ago — their very nature renders them largely 'blind' to those threats which have not yet occurred. Said another way, antivirus software can only detect threats it already knows about. The corollary, of course, is that it simply isn't usually possible for antivirus software to detect new viruses. Sometimes I liken this situation to driving while looking out of the rear-view mirror: You can see precisely where you've been, but you have no idea where you're going. And that's a problem.

To make matters worse, the vandals out there who spread this kind of destruction are smart, and getting smarter all the time. They know nearly all of us have antivirus software running on our computers. What's a well-organized criminal to do? Exploit the system, that's what.

How? It's easy: Obtain the latest copy of all the major antivirus systems, and test that new virus you're about to release against them. If the virus gets detected, go back to the drawing board and re-write and re-test the virus. Before that virus is released, make absolutely sure it is known to be undetectable by all major antivirus systems.

Is this scenario something you should worry about? Well, yes and no. Yes, in the obvious sense, but no, in the sense that it's pointless to spend time and money trying to solve a problem that can't be fully solved. What's even more foolish is to deny this truth, and instead layer your computer with multiple heavy-duty, resource-hogging, performance-sapping 'protection' schemes that accomplish little else but reduce your computer to an expensive paperweight.

Until, oh, around five minutes ago, you might have been resting comfortably, assuaged by the knowledge that your computer was protected against all threats. Now what should you do?

(1) accept that your computer may inevitably get infected with a virus of some sort despite your best efforts to prevent it
(2) install a lighter-weight ("weight", in the sense of the computer resources it consumes) antivirus product, perhaps an inexpensive or free one
(3) focus instead on being able to easily recover from any disaster that might occur.

Watch this blog for a future post on my least-favorite subject: disaster recovery.