Does a Self-Respecting IT Pro Need Antivirus?
Microsoft’s latest Security Intelligence Report confirms a feeling I have had for a long time: I do not need antivirus. Let me explain why.
I am a Version Junkie
Like most IT pros I love new software. I always use the latest versions and install updates diligently. I even try beta software occasionally. You might call me a version junkie (a term coined by my former colleague Nicholas Dille).
I Run a Secure OS
Contrary to popular belief Windows is an extremely secure operating system if not tampered with too much. It is much more secure than OS X, for example, an OS that has never been attacked much for lack of relevance. Only real threats make an OS secure because they force its vendor to take security very, very seriously and to spend real developer time (aka money) on improving it. This has happened to Microsoft, but not to Apple (yet).
Of course, the level of security depends on the configuration. I am willing to accept a little discomfort for increased protection. Back in the days I used XP with a limited user account (yes, I am the one), today on Windows 7 I have cranked the UAC setting up to the max, and I love the fact that autoruns have finally been disabled in Windows 7.
I am Not Stupid
As an IT pro knowing my way around my system and the web, I recognize and avoid suspicious sites, pop-ups and downloads. I do not believe scareware ads telling me my computer is in serious trouble. And I do not download freeware from sites asking money for it.
Statistics
So, tell me, do I need antivirus?
Before answering consider this graphic from Microsoft’s 11th Security Intelligence Report, showing malware detected by the MSRT in the first half of 2011 by means of propagation ability:
- 44.8% of all malware requires user interaction for propagation
- 26% use USB autorun for propagation (which is disabled in Windows 7)
- 17.2% use network autorun for propagation (which is disabled in Windows 7)
- 4.4% use infected files for propagation
- 3.2% use exploits for which updates have been available for more than a year
- 2.4% use exploits for which updates have been available for less than a year
- 1.7% use brute force password attacks
- 0.3% use Office macros
If you follow best practices and do what any self-respecting IT should do, you are immune against 95.3% of all malware (by not opening attachments from unsolicited e-mail, using Windows 7, updating your software regularly and using a strong password).
The remaining attack vectors are downloading and opening an infected file or Office macro. As an IT pro, that is what you pay your antivirus vendor for and why you put up with performance degradation and the occasional false alarm.
Is it worth it?
You have to decide for yourself, I am just the guy telling you about it.
For reference sake: I have Microsoft Security Essentials on my computer.
1 Comment
95.3%, ? 100 – 0% for 0-day, -1.7 for brute passwd (never can tell, unlikely), and recent released patches 2.4%, = 4.1.. 95.9%…
You’re using a different set…?
I open windows extensions with impunity! I may not RUN executables… but that’s a different matter! ;-)
I’m not perfect though…
I did finally break down and start running windows home security — it’s cost was worth the amount of fear reduction it gave. — (note it is free, but cost does include installation and debugging when it doesn’t work)… I don’t use the ‘real time’ scanning — but have it scan once a week…
The real time scanning had a notable performance impact (which has always been one of my chief complaints)…
Good article!
Cheers,
Astara