I've had an IT consultancy for 7 years. There was a time when I would recommend a certain antivirus because I observed that it was consistently able to cleanly intercept in-the-wild badware attacks or even clean out something that already had a foothold. Eset, Prevx and even Norton had solid, effective, best-in-class products at one time or another. However, based on what I've seen over the last year or so, there's been a sea change; the badware that gets on a machine typically does what it wants, antivirus or no, the majority of the time. Detection has become much more the exception and much less the rule.
Sure, antivirus has never been 'complete' protection but, speaking from a lot of firsthand experience, some of it used to be pretty darn good compared to lately. Now even 10-15% protection from AV sounds like a stretch. Hence, in terms of the soho PC segment I've dealt with day to day, I'd say The Antivirus Era Is Over And It Has Been For Awhile.
I'm going to guess that a lot of these were the fake AV and similar rogueware. Most of these were pretty good at changing regularly to avoid naïve signature detection, and most vendors acted really slowly because it wasn't "malware." They're not really special in any way that requires a fundamental change to allow detection, though.
I'm not going to dispute that AV vendors have become complacent recently, but 10-15% is on the low side. Most families of widespread malware are detected by most solutions within a few months (yes, that slowly.) It's probably around 80-85%, but, at the same time, 90%+ of the really dangerous (and especially targeted) malware is more often than not in the remaining 15-20%.
Ultimately, what this article and your comment insinuate is that you can uninstall antivirus and be "just as safe." That is not true (except in rare cases where the AV software itself is vulnerable and provides a way to escalate privileges.) I'm all for getting rid of shoddy blacklisting, but we need a replacement, such as innovations in OS security models (a la Chromium OS.)
Clarification: by my saying "10-15% protection" I mean I'm guessing that 85-90% of the time my clients' machines come across badware in the wild, their AV misses it and they are compromised. Not a hard number, but my impression over the last year.
> "Ultimately, what this article and your comment insinuate is that you can uninstall antivirus and be "just as safe." That is not true..."
Agreed, but at the same time it's hard to recommend paid AV solutions that don't really work for what people perceive as 'a virus'. What I've come to do is:
* de-emphasize the importance of AV to my clients; tell them it may help but don't count on it
Sure, antivirus has never been 'complete' protection but, speaking from a lot of firsthand experience, some of it used to be pretty darn good compared to lately. Now even 10-15% protection from AV sounds like a stretch. Hence, in terms of the soho PC segment I've dealt with day to day, I'd say The Antivirus Era Is Over And It Has Been For Awhile.