- they exaggerate mild to non-existent threats (viruses on Mac, Linux)
- they sell false assurance (no, your “endpoint security suite” won’t protect you against targeted spear-fishing attacks using novel malware, zero-day vulnerabilities or misconfigured or unpatched network hardware and servers);
- their software is badly-written, bloated and generally makes using computers more painful.
Most of all, their raison d’etre is to exploit (1) the fear and lack of understanding of ordinary computer users, and (2) the IT manager’s desire to “do something” to mitigate threats.
Here’s what you should do instead of buying antivirus software:
- use a Linux distribution (or, if you must, a Mac) rather than Windows;
- keep your operating system (whichever one you choose) and application software updated (or fully “patched”);
- make sure your servers, clients and network infrastructure is properly configured and fully patched. If you’re a home user, buy a router from a company that releases regular firmware updates, activate the firewall on your router and be sure to use WPA2 wireless encryption with a strong passkey. Also be aware that your data is as vulnerable as the services you use – use strong passwords unique to every service and be aware that most companies can’t be trusted to protect your data. If you’re a company – hire competent people!
- be aware that leaving the security of your network, devices or data to others is risky – most people willing to set up your IT infrastructure are incompetent, liars, or both (and, unfortunately, that goes for your company’s IT department);
- most importantly – don’t ever believe that your network, devices or data are safe. The best you can do is minimise the risk – and that takes effort.
I am not an expert and I don’t usually share my views on these sorts of topics. But I was reading stuff on Mac security software and became so irritated that I had to get this out of my system.