Sean Donelan wrote:
On Mon, 20 Dec 2004, Suresh Ramasubramanian wrote: <snip good stuff for space> The infection rate among all computers is abysmal. It just happens to be higher among computers with AV and/or firewalls. AV/Firewalls don't seem to be making people safer from trojans, spyware, adware, etc. So perhaps we need to look for other ways to improve things.
Why does it it happen? I don't have the answers. </lurk>
Hrmm.. So what your suggesting is that once these systems have their "protection" on, they just go about having "safe computing" whenever, and wherever, they want.. without caution, or trepidation. Over and over, -shamelessly-. And this leads, ultimately, to a higher infection rate. I guess we could proselytize "abstinence" from computing, altogether. After all, not computing at ALL, is the only 100% effective method of avoiding infection. But, history shows us that sooner or later, the urge to compute grows -so- strong.. ..we burn with the basic drive.. and, finally, over come with frustration, intrigue, and desire all at once, alas, we give in... we are, after all, only human. Humans do have these intrinsic fundamental needs that cannot safely be ignored. And, from what studies show us, -once we give in-, it is better to -have- protection, than no protection at all, even if that protection isn't 100% perfect, but only high 90's in effectiveness. So, perhaps the moral lesson is to teach -both-. Not abstinence, -apart- from protection... nor protection, without the "rev limiter" of proper prudence.... But, a balance between practicing proper prudence, -and- donning appropriate protective precautions. :P (I would say no pun intended, but.... ;) <lurk>
Are AV and firewalls too hard for the average user to install and maintain? Many of them are improperly configured, mis-installed, mis-managed, etc? Does a false sense of protection make things worse?
Do people with AV/firewalls engage in riskier behaivor because they think they are protected? Do people without AV/firewalls tend to install less software of all types (good, bad and the ugly)? Do people without AV/firewalls take other protective measures, e.g. disable unused services, patch more frequently, don't use the administrator account, don't use Windows (e.g. Mac, Unix, etc)?
Do AV/firewalls miss the infection vector used by trojans, spyware, adware? Commercial AV vendors have only recently started adding other forms of malware protection to their products.
Most trojans, spyware and adware is installed by the user. Through social engineering the user is encourage to click on every button. A user managed firewall's effectiveness is limited by the user managing it.
Do people buy AV/firewalls after they were already infected, but never properly cure the original infection? Essentially every brand-name computer with a copy of Microsoft Windows sold in the USA includes at least a 90-day AV product. Are there fewer infections during the first 90 days?
Is it darwin, and only the strong computers of any type survive. Do computers without AV/firewalls die faster when infected, and are either cured or disappear; while computers with AV/firewalls tend to linger when infected without being cured. It seems to be very difficult to convince people with AV/firewalls that their computer could be infected. They tend to try to deny it much longer.
I'd be interested in seeing the study you're quoting ..
I'd encourage researchers and grad students to look into it.
Security vendors are quick to sell new pills, but where are the studies that show their products' safety and effectiveness in the real world?
If you are proposing all OEM's or broadband vendors include AV and firewall with their products, show me the study that shows it makes a difference.