informa
/
2 MIN READ
Commentary

Take Your Choice: "Secure" System Or Stable System

Last week, Microsoft put out an update that closed a DNS hole. Just one tiny problem with this update: it wipes out Internet access for users of ZoneAlarm. This is just one of the reasons why I don't run any third-party security software.
Last week, Microsoft put out an update that closed a DNS hole. Just one tiny problem with this update: it wipes out Internet access for users of ZoneAlarm. This is just one of the reasons why I don't run any third-party security software.That's right, my systems are "bareback" and run nothing except the standard software that comes with Windows, such as Windows Firewall and (on Vista) Windows Defender. My kids don't run third-party security software, either. (My wife doesn't use security software, but she uses a Mac so I suppose that doesn't count.) In all that time, none of us have been infected with any viruses. The worst that's ever happened is that my daughter downloaded Bonzi Buddy.

I wrote about this seven years ago and it's depressing how little has changed. All the same problems are in today's security software: sluggishness, instability, false alarms, missed detections, and updates that don't keep up with attacks. Is there any other class of PC software that fails so often, yet is so widely deployed?

As the recent ZoneAlarm incident shows, security software still offers defects as well as defense. Antivirus programs are just as bad. Just last week, a neighbor who volunteers as the IT guy for a nonprofit company in the area came to me trying to remove WinAntivirus 2008, a scam AV program installed via exploits and deception. The company's Symantec security software let it right through. It turns out that Symantec's auto-update function had broken and it was no longer getting signature updates. After manually updating signatures, he was able to remove WinAntivirus 2008.

Symantec knows its product is bloated and that its uninstaller leaves behind running components. The company supposedly plans to do something about it. I sure hope so, because a decade of this nonsense is plenty, thanks.

Although I feel like my own experiment without security software has been a success, I know that most IT departments would be committing suicide if they set nontechnical users loose without it. Has anyone out there had good luck with any of the major security software vendors in a medium-sized to large company?

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing