I was reading a recent advisory on ComputerWorld, and had a question: why is a scanning engine vulnerable to malformed HTTP requests? Maybe I am being a bit naive, but is this implying that some security packages are web servers?
While I realize that anti-virus, firewall, anti-spyware, etc. software are all quite complex, it seems again and again I am finding these packages to be overbearing, cumbersome, quirky and sometimes unusable. I recently helped someone install Norton Anti-Virus, a process that took upward of 5 minutes and involved what appeared to be thousands of files. What are all those files? What do they do? Or, I recently reformatted an old computer for testing and installed ZoneAlarm. The system immediately screeched to a crawl, and I had to uninstall ZoneAlarm. A recent version of McAfee Anti-Virus that I was using caused the entire computer to freeze up for seconds at a time while performing disk-intensive tasks.
It seems that security software is making our computers sometimes unusable, unstable, or vulnerable. It's almost unconscionable. What really baffles me is that I have gone for years without anti-virus or anti-spyware applications, and I haven't had any problems at all. I don't need a firewall, save for outgoing connection alerts (behind my router, I don't have any incoming connections save the few ports I let through). Sure, I'm probably more savvy than most users, but in some ways, I'm not sure what all the fuss is about. Where is everyone getting viruses and spyware?
I prefer to keep my computer safe from security software. Isn't it ironic, don't you think?
While I might agree with your lack of need for a firewall and maybe even anti-spyware tools, I should think everyone needs a frequently updated AV application. To not run an AV scan on inbound files from an untrusted (or even trusted) source is an attempt at electronic suicide, I think. I definitely wouldn't engage in transfers of any kind (Web, FTP, P2P) without AV software.
As anti-spyware applications, I suppose it depends on the number of tools you use. What do you use your PC for? Mine allows me to work, to watch TV and movies, listen to music from the radio or elsewhere, allows me to play games for nearly any platform, talk with people both through typing and through voice, create art and music, and many other things too numerous to mention. As such, I download a lot of applications. Currently, I probably have about 250 applications installed. Some of those want to phone home without my honest permission. That is unacceptable to me. I have an inalienable right to privacy and I want to make sure that right is not violated. Spyware isn't as much of an issue today as it was three years ago. Still, after feeling victimized for so long (I remember a media player called Radlight that--upon install--intentionally sought out and uninstalled anti-spyware applications) it's a hard habit to break.
I'm with Kevin on this one. I don't have firewall, anti-spyware or AV. I've gotten 2 viruses that I can remember in the last 10 years of using computers. Seriously. How do I know? Ok, I admit, I run an online virus scan every few months..usually when I download something that I really don't trust. Of course, if you're a person who recieves attachements from anyone on a regular basis, I would strongly suggest that you do run AV. I have no friends, therefore no deadly attachments that come as the price of friends. :D