C’mon. You knew I’d get around to writing a response to Rick Broida’s claim that he doesn’t use antivirus software.
Actually, he’s not nuts. But he’s also mistaken if he thinks he doesn’t use antivirus software. His editorial is kind of like saying, “I don’t use a web browser. I use Internet Explorer.”
Although he’s mistaken that he doesn’t use antivirus software, and not all of his advice is spot-on, you can do a lot worse than follow his advice.
The difference between using MS Security Essentials in Win7 or Windows Defender in Win8 and using commercial antivirus software is small–perhaps 10% more malware gets through it than gets through the best. Microsoft’s offerings are least common denominator, but the other measures Broida takes more than make up the difference. His setup is more secure than someone who buys a Symantec or McAfee product and installs it without giving any thought to it.
Yes, malware gets through Symantec and McAfee products too. The incident response team where I work can confirm that. That’s why I take issue with his assertion that he never has any problems. Anyone who claims to be invincible probably isn’t. Your antivirus software will block everything it knows about, but nothing catches everything–not with 220 million known strains of malware with 52 million new ones being born every month. It’s probably more accurate to say, “My computer problems are under control.”
I also take issue with Broida’s assertion that his router is secure, because unless he’s running Pfsense, it’s a lot less secure than his Windows PC it’s supposed to protect. Routers are a necessity in this day and age, but they aren’t a security device. They’re a networking device. From a security standpoint, router malware tends to attack other routers more than it attacks the computers connected to them, but don’t expect that to last forever.
His approach generally is pretty good, certainly way above average, but I’m confident he overestimates how secure he is.