John Chamberlain
Developer Diary
 Developer Diary · You Heard It Here First · Sunday 1 February 2004
The Anti-Virus Scam
On Friday I alluded to voice recognition software being sort of non-ware, software that does not really do anything but people buy it because they like the idea. They buy the fantasy of voice recognition. To me voice recognition software is a scam because it does not work. I don't really see the psychological value. Then again I think insurance is a scam in the same way. It's amazing to what lengths people will go to justify insurance to themselves. The insurance companies themselves have no illusions. They call their product "peace of mind". They know very well they are selling something that has no intrinsic value. Personally I don't have the fears and doubts that drive people into wasting their hard-earned cash on insurance so I don't buy it (except when it has been forced on me by law) and in the same vein I don't appreciate software that has only psychological value.

In this category voice recognition software is a biggie, but the mother of all FUD software is anti-virus software. I distinctly remember when this scam first appeared right around the time computers started to be purchased by average people (as opposed to knowledgable geeks and power users). Then a few years later in a perverse twist companies (that supposedly hire professionals who know better) started buying it. It is so bizarre. Originally anti-virus software was perceived as dumb-dumb ware that only an ignorant homeowner would buy, but within a few years companies were buying it. The anti-virus delusion spread from the dummies right into the corporate environment. Now it's so embedded they use an acronym, "AV", for it.

All these people are convinced somehow that this often-pricey software is performing some valuable service. The reality is that when a new virus appears, it is just that, new. So the software cannot detect it. The millions of MyDoom victims currently using their machines to DOS SCO have loads of anti-virus software. Lot of good it did them. In fact the real culprit was their own stupidity in running an unsolicited binary that they received in a spoofed email. I am convinced that the billions of dollars spent on retail "AV" software has not had even a 1% difference in the amount of virus infections over time. It sure has had an effect on computer performance and reliability, however. AV software slows down the host it runs on and frequently is the source of low-level corruptions to the operating system environment. Windows users wonder their machine acts erratic and glitchy. Often it is the AV they installed that is the source of the problem.

Even server-level mail scanners are a questionable solution in my eyes though they do not cripple PCs the way client AV does. I say this because nearly all viruses forge the return address on their emails so bouncing it rarely does any good and just increases traffic needlessly and the number of desktops you save by intercepting (the portion of) viruses sent I doubt justify the time and expense maintaining the software. I think companies would be better off training their employees to recognize viruses. That way instead of catching 50% of them in a scanner, they would catch 100% where they landed and moreover the recipient might be able to figure out whose address book they came out of and inform the victim. Overall I strongly suspect AV server scanners are just as ineffective in the long run as client AV.

Of course what will change? Nothing. The ignorant masses will mindlessly continue to buy insurance, voice recognition and AV no matter what. It's kind of depressing really.

return to John Chamberlain's home · diary index
Developer Diary · about · info@johnchamberlain.com · bio · Revised 1 February 2004 · Pure Content