Do you lock your front door? Your car? Why?

>It’s a question of math. That you have an AV that has on occasion discovered and stopped a virus is not a useful metric. It’s the malware that is not detected that is the correct metric. It’s exactly the same with any kind of security; it’s the false negatives that get you. Assume an anti-virus product is 90% effective (a very, very generous assumption). Given that there are at the very minimum 10,000 new virus variants released per day. Assume that 90% of those are close enough to existing signatures that they don’t count as different (another huge assumption). That leaves you still with 1000 “new” variants which are different enough. The AV is 90% effective which, therefore, leaves you exposed to 100 new virus’ per day. The estimate of new virus variants per day is well above the 10,000 mark with some reports I have read stating as high as 50,000.
>
>The attack model of malware is also changing. It used to just trash the user’s machine. Now it’s much more subtle. Steal a little info. Send a little spam. Attack a few servers. Spread to a few new machines. Stop. Possibly even remove itself as if it had never been there at all. That kind of malware is really the danger. It doesn’t do any serious damage or, in the case of information theft, does the damage later. And it doesn’t hang around waiting to be caught and analysed. AV has no chance in that.
>
>Personal firewall software is a better option since it allows you to monitor what wants to connect in/out of your computer. This provides some degree of control although, obviously, also not perfect and can be circumvented. Plus the ignorance of users which is ultimately the weakest link. In the personal firewall space Comodo has been consistently ranked as the #1 personal firewall for years now, successfully stopping all tests thrown at it.
>
>Then there are the other measures mentioned in another thread. Perimeter defence, end-user training, browser lock-down, etc. But real-time AV scanning for infected files is a false sense of security and essentially worthless. Much like taking your shoes off at airport security.
>
>iro - "It stops lots of things and the AI in it is getting better" - so is the malware.