This week AVID stands for AntiVirus Is Defunct. I’ll provide yet more evidence of this sorry truth and hopefully you’ll get the point.

A few weeks ago I came across an article on the Internet which was advocating installing two separate anti-virus products in order to have a better chance of stopping malware. The logical argument was; AV products don’t stop all viruses and any ad-hoc test will reveal that a virus that one product lets in will sometimes be stopped by another.

I looked for other occurrences of this helpful-to-AV-vendors-but-misguided advice and discovered this on FCW.com, pre-sented as “5 tenets of effective threat management”.

“To effectively block viruses, use two gateway [AV] products rather than one, especially at your main e-mail gateway… If you are particularly sensitive to viruses because your internal network is wide open, three antivirus gateways are even better.”

Why not four or five, one wonders? Why not the full set? This piece of nonsense brings to mind tests done on 16 AV products by av-comparatives.org (see http://www.av-comparatives.org/ for full details) which tested 16 AV products against 474,759 KNOWN instances of malware, including DOS viruses, Windows Viruses, Macro Viruses, Script viruses, worms, backdoors, Trojans and other bad stuff.

This research roundly disproves one of the kind assumptions that I have been disseminating in these AVID postings of mine. I’ve always suggested that AV products stop KNOWN malware. My apologies, but this research proves quite the opposite. In this test none of AV products tested stopped all of these 474,759 KNOWN instances of malware. The best of them let in about 500 of this KNOWN population and the worst let in 90,000.

One commentator concluded that in order to stop all of these KNOWN threats, you would need to install all 16 AV products!!

So there’s the answer; don’t install just a handful of AV products, hang the expense and install them all. Sadly, this remedy falls foul of the fact that while you might be able to install 16 gateway products and have them scan incoming email in series (I’m not sure, but you might), you would paralyze a PC if you loaded 16 different AV products onto it. The products would also interfere with each other. And to cap it all, none of them would stop the UNKNOWN viruses (the zero day threats) that AV products regularly let through and which are a much greater problem.

The idea isn’t just stupid. It is also impractical. Of course, it’s also unnecessary because there are products from four vendors, AppSense, Bit9, SecureWave and Savant Protection which do the job properly and will stop the KNOWN and UNKNOWN viruses with equal effectiveness.

Enough for this week… Although, perhaps I should warn you that I’m now accumulating so much material for AVID that I may be forced into making it a weekly rather than fortnightly Blog item.