My two cents... I work for a global medical technology company, and Windows runs beneath the products. They used SAV going back to SAVECE7 up to ENDPOINT11.
No longer. The memory footprint of Symantec's anti-malware products continuously 'gimp' a perfectly working system, be it a dual-core desktop or a redundant xeon server system running a formulary database, whether stand-alone install or linked to a parent server (via GRC.DAT or .XML file).
I have worked on entirely too many service calls to 'repair' such systems and have earned fabulous quantities of overtime be Symantec's poorly designed software broke the computer (although it was kind enough to leave lots of event logs telling you that it doesn't work).
BSODs to extreme slowness. A virus did do this. Symantec's software did this.
Another well know vendor took their business. Could be the death of something coming up, although I wager 'antivirus software' isn't the answer.
Unfortunately this incident reflects a serious issue with some tech companies... It is totally one thing to get business savy individuals to run a company and totally something else to let them speak about that technology in a public forum... This is specially true in InfoSec... A/V is always a firefight... You cannot ever just settle on one type of technology and be complacent
Signatures may be outdated tech, but it is still a vital and valid tech as the processing overhead for signature based scanning is far less than heuristics which most of the time requires sand-boxing and code emulation...
I've seen AV software work successfully Far Far too many times (over the years) to consider not using any.
- and I am also one of those super careful people.
- - but sometimes have to work on files from other trusted people (who do not use AV software >_< )
and a decent number of files are Extremely destructive (a couple I have seen on friends PCs.
- sometimes in your face obvious destroying all your jpg and avi files for eg
- other times slowly progressively destroying you PC's core files over may months gradually corrupting all files on your PC so by the time you notice critical damage is done (and to a large proportion of your backups too :s )
Anyone working as an IT Admin in a largish company 200+ people will Know you don't want to run with no AV lol
(most viruses come from the semi PC savvy Directors and upper managers then infect everyone else PC's over the internal network if the AV does not stop it in time)
Not running AV and not seeing a problem does not mean you are not infected by a nasty virus either
- I have had viruses try to infect my PC from sites I trust like Tomshardware through their advertisers more than once before.
- trusted downloads from original website sources of programs have been infected before a few times in my personal experience, though this is very rare.
Basically you would be Crazy to run a PC with no AV, unless you are perm offline and never accept files from 3rd parties (not really possible unless you never install any software on your PC)
Granted, a good heuristic system is better for detecting newer threats, signature based detection is still the best way to detect known threats as it doesn't have to occur on running software, and is less expensive on system resources.
Avira has been free for years and has blown the pants off every anti virus solution on the market.... by more than twice. They make their money in the business sector and client manangement tools. Symantec slows down the kernel worse than most other platforms. Symantec handcufs itself to a Windows registry. Symantec support has been bad for decades. The reason Symantec says it's not a money maker is because they have literally knocked themselves out of the market by not adapting to what customers what and expect. I feel no remorse for Symantec, they did this to themselves.
@Paul Thanks for summing up the motives behind this announcement so clearly. Kaspersky Lab’s Costin Raiu came to the same conclusion…it’s a marketing tactic in the IT security industry since at least 2008.
Eugene Kaspersky’s statement is in agreement with the central point of this article:
“I’ve heard antiviruses being declared dead and buried quite a few times over the years, but they’re still here with us – alive and kicking. I fully agree that single-layer signature-based virus scanning is nowhere near a sufficient degree of protection – not for individuals, not for organizations large or small; however, that’s been the case for many years. Today, security is about a combination of various technologies – heuristics, sandboxing, cloud protection and many others – which form essential elements of any superior-quality IT security solution, in addition to good old time-tested signature-based virus detection.”