Let's Rethink PC SecurityLet's Rethink PC Security

This past Sunday, there was a wee bit of a problem with AVG Antivirus. It deleted one of the core Windows XP files, rendering the system unbootable. AVG issued an update within hours, but by then the damage already had been done.Although this latest AVG incident was dramatic and catastrophic, problems with security software are all too common. It's not just false positives, though. Security software is often the cause of performance and stability problems. Users know it, too; it got so bad recently that Symantec's pitch for the latest version of Norton Antivirus 2009 prominently featured the claim that it was much faster and used less disk space.

But of course, everyone knows it's suicide to run a PC nowadays without real-time virus, spyware, and firewall protection. There are just too many threats and exploits out there that can make their way into an unprotected system on a moment's notice. You've got to have that security software running if you want to keep Windows safe. Or do you?

It is possible to use Windows without the ball and chain of all that security software running in background. You do have to follow safe computing practices, of course, such as keeping software security patches up to date and not opening files from untrusted sites or e-mail senders. I've been following those rules for more than a decade, and have never been infected.

Let's face it, though, the weakest link in the computer security chain is the user in front of the screen, with their hands on the keyboard. Many security threats are worm-like and may infiltrate an entire network once a single employee makes that one regrettable decision. So, security software most likely is mandatory for the average user, but perhaps there are other approaches that software might take.

I've always wondered if corporate PCs would be better off by switching from a blacklist to a whitelist. That is, rather than trying to define and recognize all the viruses and malware that exist in the world, simply list all the legitimate software that the IT department allows to run on the system. That can be extended somewhat by also allowing software to run that is crypto-signed by any whitelisted company. With a whitelist approach, it's nearly impossible for user mistakes to turn into company-wide infections.

Does that kind of incredibly restrictive PC environment sound crazy? I think it's getting more likely every day. People like their iPhones, for example, and the only way to add software without Jailbreak is to grab one of the approved (e.g., whitelisted) applications from the Apple Store. Plus, as more software is delivered through cloud services, it's becoming easier to offer new features to users without even adding software to the PC.