I use anti-virus….but probably not for the reasons you think

Like many people with a technical background I am deeply sceptical about the effectiveness of anti-virus software. Instead I’ve preferred to rely on an understanding of the risks involved with opening emails purporting to display dancing bunnies and the like, and relied on security principles like least privilege, regular patching etc.  In light of the problems McAffee users around the globe had a month or so ago, who wouldn’t question the costs and benefits of anti-virus? Too many times I’ve been told by a non-technical friend or relative about the problems they’re having with their recently purchased computer, cracked open task manager and seen a plethora of anti-virus processes strangling their CPU or flogging their hard-drive to death.

In spite of all this I recently installed anti-virus software on all my PCs. Why? Had I been infected with a virus? No, but I’d come up agains t a nasty bug that was caused by anti-virus software locking a file I’d just written (and which I’d naively assumed I could re-open and write to with impunity). I’m not the only one who’s been bitten by this bug either. This comes back to the age-old principle of computer programming – you want to develop and test your software on environments that are as close as possible to what you’ll eventually run on. When you’re writing desktop software that’s a lot of terrain. The belt-and-braces way to do this would have been to create an huge test-bed of virtual machines, with a good breakdown of anti-virus vendors added as an extra dimension to the matrix, however since I’m just a lone developer working on something cool in my spare time I decided to install anti-virus on my local machine. 

The anti-virus software I chose was Microsoft Security Essentials – it was the anti-virus software that had originally triggered the bug for me on a test machine (a fairly low-powered netbook - I hadn’t even noticed it from a performance point-of-view so I knew I didn’t have much to worry about there). Also it was well received by a number of reviewers so it seemed like a no-brainer. If Microsoft makes a free anti-virus product that is well regarded and has low performance requirements why isn’t something like this built into windows? Two words..Consent Decree. If you’re writing rich-client applications I think you need to take this kind of thing into account, and if you’re looking for something to recommend to that relative whose machine is getting pounded by Norton/McAffee check out Microsoft Security Essentials.