Along with those who believe NASA faked sending men to the moon and Holocaust deniers, is a group of people who argue that traditional anti-malware (or anti-virus) software is useless and unnecessary. These AV-deniers believe that simply by avoiding things like playing web-based games, downloading software, visiting porn sites, etc. they can avoid being infected by malware. Further they believe that anti-malware doesn’t work because it does poorly against zero day attacks, that is new and unknown malware. They ignore that something like 98% of the malware running around on the Internet consists of old, well-known, attacks.
This morning I needed to look up the opening time for a Seattle-area furniture store called Dania. So I got on my trusted computer and went to “wwwDOTdaniaDOTcom”. This was a big mistake, because that website contained a drive-by malware download. Fortunately Windows 8’s Windows Defender caught and blocked the attempted download. If not for having anti-malware software on my system it might have been infected with a Trojan that enabled remote control of my computer. Was Dania Furniture responsible for having a compromised web site? No, their actual website is www.daniafurniture.com. What percentage of people would try the harmful URL rather than the safe and correct URL? I’m guessing the vast majority.
Good, “old-fashioned”, anti-malware is a very necessary if not sufficient tool for protecting computers from being infected with malware.
One interesting point is that URL filtering was not effective in blocking my attempt to access the bogus site. In this instance I had both Norton DNS and WOT, as well as SmartScreen of course, in the path of my attempt to access the site. None of the three blocked the attempt. I subsequently checked OpenDNS and it too had no inkling that this site was harmful. Google Safe Browsing also wouldn’t have blocked access to this site. Of course, I’ve reported it to all of the above and hopefully they will have investigated and blocked access in a timely manner.
You need to use all the tools at your disposal to avoid malware, including your brain, and even then you won’t be 100% protected.