And instead of getting better, things are getting worse.
I remember a time when PCs didnt need any protection at all, and even when the first viruses hit the scene, protection came from practicing safe sectors and putting a little bit of tape over the write protect notch on 5.25 inch floppy disks. But then, at around the end of the 1980s things started to get more complicated.
In 1988 the excellent Dr. Solomon's Anti-Virus Toolkit was released (which was the first AV product I bought, and the only one that Ive used that I can honestly say that I liked and actually enjoyed using). By the end of 1990 there were nearly two dozen antivirus products on sale, including Norton AntiVirus and McAfee VirusScan, both of which have continued to this day (but alas, Dr. Solomon's Anti-Virus Toolkit is long gone, the company bought out by McAfee). In recent years antivirus applications have become out-of-control monsters, devouring free system resources. But if it stopped with just needing to have protection against viruses, things wouldnt be too bad. Problem is, viruses are only part of the problems.
But to top it all off, all these programs running can make a new PC feel old, really fast. In fact, I know several people who bought new PCs because their old one was slow only to discover that the new system became just as sluggish once all the protection was loaded onto it.
Now, dont get me wrong. I know that you cant get something for nothing, and scanning all the packets that flow to and from your PC, along with all the files and applications that are accessed, isnt a trivial workload. I dont expect all this work to be done with no overhead at all, but given the drag of performance that almost all the current suite of security products have on PCs, something is drastically wrong somewhere. Any software that runs in the background is going to have an effect on performance; I just dont think it should have as much of an effect as it has.
Security and the Politics of Fear
Norton Internet Security 2008: Faster, Stronger
Microsoft's New Patent: The Dark Side of SaaS
Google's Android vs. Apple's iPhone: Which is More Secure?|
But the problems go much deeper than performance issues. Over the past few years Ive noticed a disturbing trend where security software is constantly clamoring for your attention telling you that updates are needed, that updates have been installed, that your system is protected, that your system needs more protection, that your system has been scanned, that youve sent an email, that youve received an email.
In fact, Im amazed just how many prompts and messages a security suite can generate. The only message that Ive yet to see is that the program has done its job and caught some nasty bit of code trying to get a foothold into my system.
Im guessing that the reason for the vocal nature of security software is that it wants to keep reminding the user that its there so that come time to renew the subscription, the user actually pays up for another year. And now we have reputable security firms such as Lavasoft, now in talks with Ask to bundle toolbars with the application. Yeah, lets burden the users PCs further with unwanted junk.
Does it have to be like this?
Well, yes and no. While its possible to shift a fair amount of the security workload off individual PCs and onto routers and hardware firewall devices, this still leaves systems open to infections via CDs, DVDs and flash-based devices. While its true that the Internet represents the greatest threat (and when you have employees spending time in the darker, seedier corners of cyberspace that threat is much greater), you cant overlook the risks that USB keys and iPods represents.
My take on the situation is that security companies have done a good job of convincing people that their products are essential if you are to keep your system free of badware (thats not true, but Im not going to get into that argument right now), and as such the incentive to develop a good, solid product is lost. The fact is that there isnt a single product that stands out as being better than the others; instead, theyre more trying to maintain the status quo (or stagnation).
Ive gotten to the point where I think Id rather take my chances with the bad guys myself rather than bother with so-called security software.