Whilst the security professionals amongst you who’ve found this post via Twitter won’t be too shocked by such a headline I would guess that the majority of readers will probably be quite shocked to hear a security company suggest that AV software alone is insufficient, especially as selling such software is such an integral part of their business plan.
Symantec who are, I believe, the world’s biggest seller of such security software were prompted to make a statement, some of which can be seen below, following the revelation that The New York Times (one of their customers) had been repeatedly hacked over a period of 4 months:
“Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough.”
And of course they are totally spot on (after all, even Symantec themselves are seemingly vulnerable to attack).
Security software is not the only requirement if you want to ensure your home PC or business network is fully protected. Sure, it will block an awfully large amount of threats but no security solution is completely infallible. Even with humble viruses the security companies are always reacting to new iterations – they can never be ahead of the bad guys who are evolving their malware on daily basis.
Additionally, targeted attacks normally approach different vectors anyway and so an antivirus program should merely be one piece of your security jigsaw.
As ever, additional security measures and practices are always ideal as is a user or workforce that has been educated in best security practices.