Chapter 12. Call It “Antivirus”

When the average user needs to get new security for her computer, she doesn’t ask for an “Internet security suite”—she asks for an “antivirus product.”

This causes people in the security industry so much indigestion that there aren’t enough Tums in the world to ease all the suffering.

But this will never change.

When typical consumers think about security protection for their computers, they might think about lots of different things, depending on their degree of technical sophistication. For example:

  • Protection from malicious software (including spyware and adware), whether they downloaded it or it attacked them.

  • Filtering out spam (though they also expect their email client to do this).

  • Protection against phishing (they may also expect this from their browsers).

  • Identity protection—they don’t have any particular technology in mind, they just think that their security product should be addressing this.

  • Parental controls, to help keep their kids from browsing sites with inappropriate content.

  • Website ratings, showing which sites might harm their computers as they browse.

  • Personal firewalls, inflicting havoc by blocking outbound traffic.

  • Host intrusion prevention, which tries to watch the behavior of programs as they run, hopefully blocking bad stuff just in the nick of time when AV fails.

This technology-driven approach is one way to look at things, but the average consumer doesn’t care about technologies. In fact, most of these technologies are a big “WTF” ...

Get The Myths of Security now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.