IBM Application Security Insider

• 20 years of Anti-Virus software and I still have to patch my machine at least once a month
• 20 years of Anti-Virus software and I still have to update my Anti-Virus with yesterday's signatures
• 20 years of Anti-Virus software and I still need a personal firewall
• 20 years of Anti-Virus software and you still expect Mom & Pop to know if SVCHOST.EXE should be allowed to access the Internet or not
• 20 years of Anti-Virus software and when my Outlook decides suddenly to send my entire address book to some bloke in China, you can't figure out that I'm not doing this on purpose?!
• 20 years of Anti-Virus software and when my sister is tempted to double click on the cute "Dancing Pigs" file she got in her mail, her Registry gets corrupted, and files are installed in her C:\Windows\System32 directory
• 20 years of Anti-Virus software, and virus writers can still override operating system files without sweating
• 20 years of Anti-Virus software, and the first program to get infected is my Anti-Virus itself
• 20 years of Anti-Virus software and I still need to install the following: Anti-Virus, Personal Firewall, Adaware, Spybot, HijackThis, Windows Defender, etc. and at the end of the day, I'm still infected
• 20 years of Anti-Virus software and you still see new vendors entering this market, and even they can't figure out how to do it right
• 20 years of Anti-Virus software, and some snot-nosed kid who write a VBS file can outsmart the entire virus research teams combined
• 20 years of Anti-Virus software, and when I'm infected, I have to restart windows in "Safe-Mode", download some special infection removal tool from my Anti-Virus vendor, disable Windows System Restore, edit my registry manually, reboot and pray to the "Force" that this trick nailed it. Usually it doesn't
• Wait Wait Wait, I have to repeat the last one - "Infection Removal Tool"???? from the same Anti-Virus vendor???? if you know how to remove it, why didn't you handle it in the first place?!@#!
• 20 years of Anti-Virus software, and every time I visit my parents' house, their computer is a part of a new botnet, and my dad is asking me: "How come I got infected, if I updated my Anti-Virus yesterday, and I didn't click on any malicious file?!"

Folks, if after 20 years of Anti-Virus software, all of the above is correct, I think it's safe to say that this industry has failed us (it didn't fail the vendors, since they are making a lot of money every year). The one thing I seriously don't understand is why we keep paying for Anti-Virus software, for our gateways and for our endpoints, if eventually we have to sit and decide if it is safe to click on some file that someone sent us.

Could it be that Anti-virus software became just a bullet on the CISO's checklist of must-haves? could it be that through FUD, we are forced to buy Anti-Virus software, that doesn't solve the problem for us?

What has the Anti-Virus industry been doing for the past 20 years except for updating signatures and counting the subscription money we pay them?

Let's hope that other security market segments will do better after 20 years...

See you at the 40th. anniversary.

-Ory