While reading a post on how current anti-virus solutions are starting to become complete inefficient and even reporting false positives, a few thoughts came to my mind.
The first one is that I’ve been running with no anti-virus on my computers for more than 8 years now. The use of low-risk platforms, like UNIX-based systems, and systems with a low market share like Mac OS X, combined with common sense, education and caution has kept me safe from viruses, trojans and other malware for this long.
The second thought is that current anti-virus software is outdated, and does not meet expectations, nor does it meet currently system designs. I think anti-virus analysis should be done in a distributed fashion. For corporations, samples can be distributed and analyzed across workstations and those that are suspect of being evil can be sent to the anti-virus manufacturer for further analysis. For end-users and consumers, samples can be distributed and analyzed by clusters of machines, provided typically by the anti-virus manufacturer, that are properly secured and trusted, all in a peer-to-peer fashion.
The third idea is that no matter how analysis is done, the long-term solution consists of fixing current applications, operating systems and hardware architectures to make exploits and malware more and more difficult, and also to educate end-users. In my opinion, education is the most efficient way of preventing this attacks because it’s cheap and usually has impact on the short- and long-term. Common sense and education can deter most attacks and security problems.
What are your thoughts on this?