Monday, October 01, 2007

Feedback and Comments on AV Post

Before proceeding, let me clear one interesting issue of "blog bias." First, does my blog have a bias? The answer is 'yes,' but it is more useful to think of it not as of bias,' but as of 'message.' One of my messages, for example, is that people should log more and that they should analyze their logs. I also carry an inherent bias since I work for a log management vendor.

So, my entry on abandoning the "classic" signature-based anti-virus have generated mainly two types of responses:
  • "What? You've been using AV all this time? Come on, everybody knows it is useless crap"
  • "What? You abandon AV? How about defense in depth?"
Why did I start this from a "blog bias" discussion? Among the comments to my entry, there was this one which seems to imply that I abandoned AV "JUST BECAUSE" my friend had to rebuild a system? Come on, I am not stupid!!! Did I ever say that? I said that this event became my "last drop" rather than the "reason" to stop using signature-based AV. Now, pray tell me, is there somebody else who read my entry as "Anton switched from AV only because his friend rebuilt the system"? That is bias in action!

And, BTW, Savant Protection does bundle a small signature-based AV engine (I think it is ClamAV), but it is not really essential for most of the protections and is probably only used to catch the truly stupid, obvious stuff.

Dr Anton Chuvakin