Melissa Reese writes: > The one thing that's getting very little mention here is the concept > of "careful practices" above and beyond any particular choice of AV/AT > and other types of "protective" software.
I've mentioned it. Antivirus products, generally speaking, are inferior substitutes for safe computing practices. You can avoid virus infections without antivirus products through careful computing practices, but you cannot completely avoid virus infections through the use of A/V products if you don't practice safe computing as well. A/V products can give a false sense of security, and they can mess up your system as well. The only threats that truly justify automated protections are those involving bugs in the software of which you are not aware. This is the principle behind use of a firewall. If your system is properly configured, you theoretically don't need a firewall; but if your OS contains bugs, it's possible that an adversary might compromise your system through legitimate channels by taking advantage of the bug. Ideally, you can just shut all ports on your PC that are open to the world, and prevent this. But some operating systems leave certain ports open, and you have no choice in the matter (Windows does this for a handful of ports). Then you need a firewall. The firewall should preferably be separate hardware, since a firewall in your PC may be no more reliable than the OS on which it is running. > This involves a multi-layered approach involving the careful selection > of software (email/news clients, browsers, etc.), "safe" > configurations of said software, and enough sense to know what not to > click on, download, etc. regardless of what any AV/AT software might > or might not have to say about it. If you don't open attachments, and you configure your browser to disallow active content, and you block all incoming ports that are a potential security risk (you can essentially block _all_ ports on a PC that is used only as a client machine), you can be safe, with or without an A/V product. > What the situation really "demands" is a bit of end user education, > and there's just no way around it; regardless of how many bits of > AV/AT software someone might want to run concurrently (or even having > only one running on-access and the other just being available for > on-demand scanning). Yes. Conversely, with enough user education, you don't need the A/V software at all. > If someone is either very determined to infect their machine, or > simply clueless in the realm of prevention, even the "best" AV/AT > software can eventually let something slip by. Yes. And in the absence of OS bugs, and in the face of a prudent user, even the most determined virus cannot enter a system. -- Anthony __________________________________________________ Using The Bat! v3.0.1.33 on Windows XP 5.1 Build 2600 ________________________________________________ Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
