The Need for Antivirus

Over at Rod Trent’s blog today he posted regarding a comment by someone he knows at a Fortune 500 company who felt they didn’t need antivirus. Antivirus just slows the machine down. And this guy had never gotten a virus before so why worry about it in the future.
We live in a community. Our actions effect other people. Sometimes we must place restrictions on ourselves in order to make things better for other people. We don’t always get to do exactly what we want. Antivirus is part of that. Antivirus isn’t for the advanced user. I’ve never seen a virus detection either (other than those I intentionally had for testing or so-called hacking tools). But I still have AV because to do otherwise is simply not prudent.
Its kind of ironic to hear this thesis offered. It would seem that over the past few years we’ve learned hard lessons about the hard and crunch firewall and the soft center of a corporate network. The worms don’t come through the steel re-enforced front door. Rather they come in the window or the side door that wasn’t even installed. People have a new sneakernet today. They take the laptop home, get it infected and walk it into work. They use a “secure” encrypted tunnel to logon from home and upload viruses. They use the universal firewall traversal port (Port 80) to download viruses while at work. Most companies are looking to add more and more scanning (eg. anti spyware, http layer antivirus, etc). They wouldn’t even consider less. Being behind a corporate firewall doesn’t offer the level of protection that allows the removal of antivirus software.
There are legal ramifications too. Remember the TJ Hooper Tugboat case? You can be sued for not following computer security best practices and that negligence damages someone else. Antivirus software is universally accepted at the top of the list of best practices right after patching. Your company likely requires that all files be scanned with antivirus before being delivered to a customer. Most companies require antivirus be installed on systems connected to their network. Are you going to lose your job for the sake of your petulant stance against antivirus?
The question has been asked, if properly secured is antivirus necessary? Are you able to keep up with patching AIM, Real Player, Adobe, Winamp, on top of all the windows patches. Even without Internet Explorer. And even if you install a personal firewall there are still ways in via exploits.
You could really follow best practice, and not use an administrator account to do anything. You could restrict access to the run key to prevent installation. You could lock it down tight and be safe. But is that a trade off you’re willing to accept? The desire to avoid the tyranny of antivirus would seem to not accept any security shackles.
Is it possible for an individual to get by without antivirus? Sure. Is it a good idea for a company? Don’t think so. Perhaps if the Cisco Security Agent (a HIPS product) were installed.