Thought for the day:Limits of antivirus software

Research wizard Peet Morris gives his personal take on the hot issue of the day.Antivirus programs cannot truly protect you and,...

Research wizard Peet Morris gives his personal take on the hot issue of the day.Antivirus programs cannot truly protect you and, at worst, lure you into a false sense of security. Here's why - to catch a virus, your antivirus program has to know that it exists.

It's like the way the flu jab works - you get inoculated against the strain that is predicted to hit the country. However, if a different strain hits us, you get the flu anyway. Viruses - real or cyber - have signatures, and you can only immunise against known types.

It's the same with the Internet. You'll be protected against one virus, but another will hit your machine or network before the antidote has even been thought of.

Here is how viruses use e-mail programs to move themselves about - it goes like this:

  • Someone gets a virus (somehow)

  • It does its damage and then e-mails a copy of itself to everyone in his or her address book/in-box

  • When the recipients get it, it does the same all over again.

So, in no time at all, the virus spreads like wildfire - remember, we're pretty much all connected at the speed of light now - and your antivirus software has no idea that this strain exists!

Anyway, some poor soul ultimately discovers that it's a self-replicating virus - and, if they can be bothered, as it's too late for them - they notify the antivirus software suppliers.

After a time, all the antivirus software suppliers confirm that it's indeed a virus, and work out a fix. The clock ticks on. They then issue a software patch on their Web sites.

Hopefully, you've got an "Active Update" type of program running at your end (or you check for updates yourself periodically), and quite soon you'll get the fix, but will it all be too late? You betcha! The likelihood of this is almost certainly proportional to the value of your data, of course.

And now the really bad news. Modern viruses are getting more sophisticated at spreading themselves. They're getting smarter in other ways - they might detect that you're running an antivirus program and, before infecting your machine good and proper (and spread), they'll terminate that program, so that you won't get the fix - ever.

So, are antivirus programs really worth having? Well, broadly speaking, I say no. What's needed is better technology - viruses could be caught by the operating system - and they should be!

For a virus to work, it needs to be executed, either directly, or by some other process already in operation. Now, the operating system is the thing that creates processes. So, if the operating system were a more picky about what processes it'll start automatically - well, these things could be caught very effectively.

What's your view?
Does antivirus software work? Tell us in an e-mail >> reserves the right to edit and publish answers on the Web site. Please state if your answer is not for publication.

Peet Morris
has been a software developer since the 1970s. He is a D.Phil (PhD) student at Oxford University, where he's researching Software Engineering, Computational Linguistics and Computer Science.

Read more on Antivirus, firewall and IDS products