Before proceeding, let me clear one interesting issue of "blog bias." First, does my blog have a bias? The answer is 'yes,' but it is more useful to think of it not as of bias,' but as of 'message.' One of my messages, for example, is that people should log more and that they should analyze their logs. I also carry an inherent
bias since I work for a log management vendor
So, my entry
on abandoning the "classic" signature-based anti-virus have generated mainly two types of responses
- "What? You've been using AV all this time? Come on, everybody knows it is useless crap"
- "What? You abandon AV? How about defense in depth?"
Why did I start this from a "blog bias" discussion? Among the comments to my entry, there was this one
which seems to imply that I abandoned AV "JUST BECAUSE
" my friend had to rebuild a system? Come on, I am not stupid!!! Did I ever
say that? I said that this event became my "last drop" rather than the "reason" to stop using signature-based AV. Now, pray tell me, is there somebody else
who read my entry as "Anton switched from AV only because
his friend rebuilt the system"? That is bias in action!
And, BTW, Savant Protection does
bundle a small signature-based AV engine (I think it is ClamAV), but it is not really essential for most of the protections and is probably only used to catch the truly stupid, obvious stuff.