> From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] > > Aaron Margosis' WebLog : Anti-virus vs. Non-Admin: > http://blogs.msdn.com/aaron_margosis/archive/2006/06/02/614226.aspx > > Best practice to Aaron is running without Antivirus. Is it > to your firm? Probably not for most of us.. but interesting > thought nonetheless.
I'm not sure that you have quite represented Aaron accurately. To paraphrase what I think what he said: In today's threat climate, given a choice between running an antivirus software that *requires* a user to be a member of Administrators in order to work is a lower security option than having no antivirus at all but restricting the user of the Users group. * Contemporary Windows malware assumes admin privileges and won't work without them, therefore LUA is about proactive prevention. * Contemporary antivirus technology is fundamentally based on matching signature patterns. It is very poor at predicting new malware using heuristics without signatures. Therefore it is largely reactive and more about cleanup than prevention. * A lot of antivirus systems use kernel-mode drivers that themselves destabilize the system and expose the system to new attack vectors as well as consuming a lot of CPU time. He has a point: antivirus software that requires admin privileges is a security disaster. It seems to me that I read something similarly critical of antivirus technology in IEEE Security & Privacy a year or two ago. -Brian
smime.p7s
Description: S/MIME cryptographic signature
