I though about reading this post from Slashdot today. Then I didn't.

You see, the real reason anti-virus software doesn't work is because it's trying to close a burning barn door on a non-existant barn. Once a machine has been compromised, it's history. Even if the virus checker finds and removes a virus, the damage may already have been done.

The first concept to struggle with is the fact that virus checker's only know about the virus after it's been released. Sure, for most of us this isn't a problem as we get the update a few days later and we're protected before it's had a chance to hit us. Or do we?

The only way to guarantee your machine never gets a virus is to never plug it into the internet, and never install software on it. Not particularly usefull. Under any other circumstances, you will never be able to guarantee at any point in time that your machine is virus free. It's only virus free as far as you know, and that's usually only as far as the anti-virus software knows. The virus writers don't contact the AV firms to tell them they're releasing new stuff.

Secondly, I bet you're running with local administration privileges. If you don't understand what I'm saying, then you definitely are. Or you're on a Mac or one of the other obscure platforms. Sure there's a groundswell movement at the moment for LUA, or limited user access, and with the next release of Windows it's going to be a whole lot more obvious.

When you run with local administration privileges, anything you do, directly or indirectly, also has local administration privileges. Any email attachments you view/execute, any ActiveX controls you download in web pages, any exploits in any software you run. They all run escalated. This lets naughty people do anything to your box. And one thing my mother taught me was to never let anyone do anything naughty to my box.

The flipside to this argument is, if you're not running as a local administrator, you quite likely don't need antivirus software. Everyone needs a firewall, but antivirus should be optional. This is because you can't actually install anything, or run any programs that try to write to the important folders on your machine. You'll be a whole lot safer than someone running with antivirus, but as a lcoal administrator.

In reailty, this isn't any particular fault of the antivirus software. It's only doing the job the best way it can, but really, it's reactive and not enough to keep you safe. A bit of common sense, some hardening of your OS and you'll be right as rain.