The case for antivirus
Antivirus vendors defend their efforts. We asked several major players for a response, and the strongest came from PandaLabs. “We know that Project Zero researcher Tavis Ormandy likes analogies so we would like to put one forwards,” said Luis
Corrons, technical director of PandaLabs. “It is a fact that medical vaccines work and have saved millions of lives, virtually eradicating some of the nastiest diseases ever known. However, you will always find some ‘bright spark’ who says it is much better not to inoculate the population, just use knowledge to avoid the infections, and we always have antibiotics if we feel sick.”
Corrons added: “Antimalware solutions are one of the most efficacious methods of detecting and protecting against hundreds of millions of known security threats. Not using antimalware exposes you to unnecessary risks.”
For a more independent defence, we turned to Dr Vesselin Bontchev. He previously worked at antivirus firm Frisk in Iceland, but now works at the National Laboratory of Computer Virology at the Bulgarian Academy of Sciences, and he’s stepped into the fray on Twitter to counter the case made by Ormandy and his colleagues.
There’s no denying the bugs, of course, and Bontchev admits that all major antivirus firms have reported flaws, although they’ve since been fixed. He also concedes that the decision made by antivirus firms to sit at kernel level makes those flaws all the more dangerous. He even agrees with Ormandy et al that antivirus opens up new attack surfaces. “In this claim, they are correct,” he said. “It’s the conclusions they make from this that are totally wrong, misleading, and even harmful for the users.”
He says we must perform a risk assessment. Antivirus may be flawed, but so too will any other piece of software you run. Which is most likely to make you a target – a rare, hard-to-hack bug in antivirus, or the many basic flaws in every other piece of software? “What [antivirus] does is replace one risk, an attacker invading your machine by using an unknown and unpatched bug in your antivirus, with another: your machine getting infected because you opened a malicious file and you had no antivirus to stop you from doing so,” Bontchev argues.
The chances of an attacker exploiting a bug in antivirus software, Bontchev adds, are slim. “It takes an extremely competent attacker to find one and to exploit it,” he said. “There are very few such attackers around.”
Not using antimalware exposes you to risks