Recently, Cisco's Chief Security Office, John Stewart, made an interesting statement regarding the nature of today's virus and malware threats. He has stated that spending money on Antivirus (along with other types of malware protection) is a complete waste
, with vendors fighting an uphill battle that they are losing. It's a statement that many could probably relate to, as often even a machine that is fully patched and fully updated can still fall prey to viruses or spyware.
Mr. Stewart asserts that the frequency of new malicious software being released into the wild has made it so commonplace as to be almost ignorable, with companies preferring to just “live with them” rather than struggle to fight them. That sounds like a complete loss of hope, but it wasn't all doom and gloom – he vouched for the idea of white-listing software, crafting systems that only let certain software execute at all. Provided that control is in the hands of the user (or at least whoever administers the machine), it's a nice ideal if not completely realistic.
A lot of people disagree with that point of view – the regional director of McAfee, for instance, who retorted to the Cisco Chief's comments, claiming that while AV suites are not perfect, it is certainly leagues better than having an unprotected machine.