Anti-Minus Protection?

Computer security is a fairly new endeavor for me, so I find myself asking basic questions about basic protections. Like should I install virus protection software on my computer? The answer seems obvious, but I've learned some pretty disturbing facts about the effectiveness of this "protection."

According to Ed Skoudis, a co-founder and senior security consultant at InGuardians, antivirus protections rates are actually falling. Of the virus protection on the market typically 70 percent to 90 percent of attacks go undetected by antivirus software. Not exactly a glowing endorsement. Skoudis notes that some protection is better than no protection, which makes sense, but not necessarily for everyone.

I'm not trying to challenge Ed here. Any reasonable approach to layered security implementation should definitely include a functional antivirus program running on the system. My problems are with marketing and public perception of these programs. Most people don't understand that antivirus software isn't a silver bullet, let alone only one of thousands of approaches to better security. If you're a reckless user who clicks on links without thinking, or keeps the same password for 10 different accounts, running antivirus is probably not worth the time or money. Besides, these users are more likely to stop the program from running when that annoying pop up box interferes with their Web browser. Okay maybe that's just me.

But this leads me to my second big problem with antivirus; to the untrained eye all of the potential threats come off as convoluted and mixed together. Pretty soon my anti-virus is warning me about sites and e-mails that I trust. The uneducated construe this is as "broken" when in reality the antivirus is doing an important job. But without understanding how these programs actually work, what they're warning you about, why they can help you, or why they can let you down, it doesn't make much sense to encourage people to use them.

A trusted source once told me that it was pointless to try and help individual computer users with security questions because they couldn't be protected. Maybe this is the message it's time to start spreading. It might not make individuals safer online, but over time it might lead to more candid discussions about safe computing habits. When we stop thinking of antivirus software as a crutch, we might actually be able to use it to our advantage.