TECHLIFE’S EDITOR PONDERS THE DEBATE ABOUT WHETHER WINDOWS’ BUILT-IN SECURITY
IS GOOD ENOUGH TO PROTECT YOU.
[ DAN GARDINER ]
IN THE NERDIER parts of the internet of late, there’s been a bit of an emerging brouhaha about whether third-party Windows security software — as sold by big brands names like Norton, Trend Micro and Kaspersky — is actually something that’s worth having installed, something that’s particularly pertinent given this month’s cover story.
A post on ex-Firefox developer Robert O’Callahan’s blog (see tinyurl.com/tla63-avsoft) seems to have been the catalyst that kickstarted the wider conversation. In the post, O’Callahan explains that, after years of having to deal with problems caused by badly behaving security software, he’s reached the conclusion that it’s not worth installing.
He says it often interferes with other applications (like Firefox) and that these apps then unfairly cop the blame.
O’Callahan reckons that, instead of a third-party security suite, you should just stick with Microsoft’s built-in security back-end (aka Security Essentials or Windows Defender). Now, independent testing by the likes of AV-Test (from which 7Review sources its security scan results) seems to show that Microsoft’s security apps aren’t quite as effective at picking up malware as dedicated third-party programs — particularly when it comes to emerging ‘zero-day’ threats that require heuristic scanning to identify.
We guess the question then, really, becomes: ‘Is it good enough?’ Now, there’s certainly a lot of deliberately spread fear, uncertainty and doubt when it comes to digital security, and we all know that we should be wary when it comes to interacting with the online world — we need to practice ‘defensive computing’, says O’Callahan. That sounds fine in theory, although, as with driving a car, people’s instincts aren’t always the best when it comes to handling dangerous situations. This is why we have defensive-driving courses that teach people exactly what to do when things get sketchy.
Do we need a similar course for computing? That term covers things like: * Keep your programs and OS updated with the latest versions/patches — in particular, your web browser and email client (if you still use one of the latter); * Don’t click on dodgy links or open/download files that could be risky — either in emails or on the web in general; and * Don’t visit dangerous sites.
In practice, though, not everyone can be (or moreover, is interested in being) as tech-savvy as your average 7Review reader. For many people, it can, frankly, be a bit beyond their expertise — and for them, there’s therefore a good argument that running a third-party security suite is the lesser of two evils.
So what about me? Well, I won’t be ditching my security software just yet — but then, I’ve specifically chosen a suite that has minimal system impact… although that doesn’t, of course, guarantee that it won’t interfere in some weird way with the smooth running of other applications. For now, that’s something I’m prepared to live — but I’m happy to concede that others may disagree.