the attacks I see in my honeypot lab are almost 100% malware. The threatscape is changing, so questioning the system is legitimate, and I commend the author for bringing it up, because things are changing so rapidly, that constant day-to-day re-evaluation is a requirement.
The Windows x64 NT5 and NT6 kernel have almost achieved the hardness that was once exclusive to Unix based operating systems. However too many users still need java and adobe products to do their daily business, so let us get real here. I propose an SOP that goes something like this; but not necessarily in priority order:
1. Run only in restricted user environments, and DON"T disable the UAC.
2. Only select malware solutions that don't conflict with each other and overlap in coverage.
3. Select mitigation tools that work as near the kernel level as possible to avoid malware manipulation; and always password protect the GUI controls(of course)
4. Have a good automatic backup plan, and use more than one HDD drive whenever possible.
5. Keep the free AV - at least it does housecleaning.
6. I used to recommend two of the top software firewalls, but they've become so bloated now, that using the Vista/Win7 built in firewall with a template and/or manager is just about as good.
7. Switch to new generation UTM perimeter appliances with streaming services for SMBs or any larger organization, that have something to lose.
8. Keep in mind solutions that can actually run in the infected environment and still foil the malicious mission of any resident malware that may be on board. Encrypted password managers, and things like bit-locker are on this list.
9. Use Secunia PSI, File Hippo Update Checker, or any tool necessary to keep all applications, plugins/extensions, and drivers up to date. This can go a LONG way toward hardening the operating system environment.
10, A HIPS that correctly identifies the process in question, and relies more on updates to the heuristic engine, and less on white lists, [and definitely NOT signatures], is the logical direction.
AV might well be on the road to obsolescence; but the blended defense is not.
Keep Up with TechRepublic