You can’t stop a virus

Did you see the October issue of Information Security Magazine? (requires free subscription, or try
In it, they have an article ‘Best Advice’ which is a collection of advice from 24 security “luminaries” such as Mike Nash, Mikko Hypponen, Congressman Tom Davis (!), and Eugene Spafford. Eva Chen, CEO of Trend Micro,’s “best advice” is “you can’t stop a virus.” Well, pack it up, game over. Shut down the billion dollar antivirus industry. If it cant stop a virus, what is it good for?
Eva’s explanation of that quote, makes even less sense. She says that most enterprise customers have boundary-less, interconnected supply chains running on one global TCP-IP network. That somehow those interconnections are more important than stopping the virus. It sounds like her only defense against the virus is to shut down the network.
I marvel at the antivirus industry. First you sell yourself on the ability to solve everything. So that computers (at least those running windows) cannot be considered “secure” without antivirus software. Next when the myth of antivirus software is broken, that is it cannot possibly push out virus definitions fast enough to get all viruses, they attempt to sell add-on functionality. What you really need isn’t antivirus. Its antivirus and a personal firewall, and a host based IDS. Fix your broken antivirus software rather than selling me additional pieces. McAfee for example has added in some buffer overflow protection into their antivirus product. Why is no one else innovating?
I can’t wait for the correction. E.g. “eva didn’t really say you can’t stop a virus. Her best advice was really risk management needs to be multifaceted.”