Stephen Cobb has been working in the field of computer security research, and raising awareness of security and privacy issues for over 20 years.
In this article, he explains how he feels there is a lie being told about anti-virus software, and that it’s time the public knew the truth.
Here is one of the privacy and security predictions I am making for 2014.
This is in addition to the ones I contributed to ESET’s We Live Security blog, where I had the honor of presenting predictions from my fellow researchers at ESET. Note that the following are my personal opinions, which may differ from those of my employer (although my employer has some pretty cool opinions).
The media will repeat a massive lie about anti-virus technology.
I predict that in 2014 every major newspaper and magazine will perpetuate, to the detriment of data security and human understanding, the grossly erroneous notion that “for an anti-virus firm to spot malware, it first needs to have seen the malware, recognized that it’s malicious code, and written a corresponding virus signature for its products.”
I predict that, although this assertion is simply not true, and has not been true for many years, that fact will not deter people from repeating it, over and over. This is a bit like Car and Driver or Consumer Reports saying that cars cannot be started without first engaging the crank handle.
True, there was a time, long ago, when crank handles were routinely used to start cars, just as some anti-virus programs were, in the distant past, based solely on signatures derived from known bad code.
I’ve got a free t-shirt and more for the first mainstream journalist who breaks rank from the ill-informed herd and points out that any anti-virus app worthy of the name today uses a lot more than signature matching to protect systems from malicious code.
By the way, a huge hat tip to the guys in Norway who posted that YouTube video of a hand-crank start: they are braver men than me; I’ve seen how much pain a crank handle can cause.