Don't Let Application Vendors Let You Down

Filed Under: SophosLabs

I received a query from an IT department earlier this week asking me why they are being asked to temporarily disable On-Access scanning on a server. It turned out that they were trying to troubleshoot a problem with an unrelated third-party application, and the support department of that vendor was recommending "Anti Virus should be disabled".

This is a pet hate of mine. I've lost count of the number of times I've read in installation instructions, support knowledgebase articles and forums recommending that AV should be disabled. This is (to me at least) an easy way for a support department to try and close the case and move on - it is, quite simply, completely unacceptable.

During my years in this industry as a developer, I've had many escalations from customers saying that they have been told that the reason application "X" has stopped working is because of the AV product, the message being that in order to fix the problem, the AV product needs to be fixed.

In the bad old days, developing an on-access scanner was a real technical challenge. Operating systems didn't provide the tools, processes or APIs. As a result, vendors of products that required low level access had to jump through hoops to protect users. This didn't just apply to AV - graphics cards, printer drivers and many different utilities were all in the same boat. The interaction between all of these different components trying to get access at the same time could lead to instability.

However, things have moved on, APIs and testing tools are available and the quality of both the implementation and testing has improved immensely. Unfortunately, what hasn't changed it the reputation that AV products still cause "issues". Some application vendors still recommend that for their product to work properly, virus scanning must be disabled. This is simply no longer true, and should not be tolerated by any company. Think about it, if you get infected because you have disabled your AV, do you think the third-party software company is going to take the rap? A quality security product can and will work well with quality applications.

If you a evaluating a product or have an existing product and you are recommended to disable your antivirus, do not blindly follow instructions, but look for an alternative product that doesn't require that you turn off your security.

You might like