Once upon a time, most of us just used one computer. For most of us, that computer had just one operating system, and that machine held all our digital data. But those days are quickly disappearing. Fewer and fewer of us now have just one computer. Most of us have (at least) one computer that we use at home, plus one that we use at work, which might not use the same operating system as our home machine. Many of us have a computing device in our phone, which definitely has a different operating system from our desktop or laptop machines. And then there's tablets, media centers, and so on. Many of us interact with (and have our data on) 3 or 4 different machines, with several different operating systems, throughout our day. And our data may even be accessible between those devices with the help of cloud services.
There are millions of new malware discovered every year for Windows, so people clearly understand the need for security on that operating system. But it's not just malware that's a problem. The Internet is a dangerous place, not just because of malware. Criminals understand that valuable data does not just exist on Windows machines. And consequently, security is focused less and less on "computer security" and more on "information security." That means security products are not simply focused on finding and removing bad items, but on helping you protect your data, wherever it resides.
The other day we discussed the problems with people declaring that because security measures aren't 100% effective, you shouldn't bother with them. This week brings another example, with a report suggesting anti-virus software is "a waste of money." There are numerous problems with the test, and rather than debating this in great detail, let me sum it up in two points:
- 82 samples in a Windows environment is not statistically significant.
- VirusTotal states no less than 3 times on their About page that it is a bad idea to use VirusTotal for AV testing.
This post by Bill Brenner rebuts that test and its conclusions. It makes the point that most people have neither the expertise nor the inclination to set up security systems on their machines cobbled together from various tools and configuration changes, rather than simply using pre-packaged software. All of us, from home users to the biggest corporations, are weighing cost versus benefit versus time and expertise. We are coming out on the right side of the equation if we've protected our system just well enough not to be worth the effort for cyber-criminals, whether we do it all manually or purchase products to help us.
The way we achieve that balance is to focus on protecting our data, wherever it resides. Using anti-virus software can help, especially since modern AV software does not simply scan with signatures for known malware, it scans with more advanced techniques to detect malicious behavior. And AV is a type of security technology that is available for every operating system.
But it's important to also use other security techniques as well: using strong and unique passwords, having a hardware or software firewall, plus backing up and encrypting your data, for instance. This layering of protection helps close the gaps left by any one technique. Having AV software on just one machine misses the point of cybercrime. Your data has value, to you as well as to cyber-criminals, and it needs to be protected wherever it resides.