19 votes

Antivirus is dead: Long live antivirus!

24 comments

  1. [8]
    Comment deleted by author
    Link
    1. tvfj
      Link Parent
      I'm the same... ... but my six nephews, and my parents, are not. The kids try to mod Minecraft, and I don't even know what my parents do, but somehow all of their computers end up PUP-laden. I can...

      I'm the same...

      ... but my six nephews, and my parents, are not. The kids try to mod Minecraft, and I don't even know what my parents do, but somehow all of their computers end up PUP-laden. I can only imagine what would happen if they didn't have Windows Defender.

      My siblings and friends either manage fine, or don't even own a traditional computer.

      7 votes
    2. [4]
      nothis
      Link Parent
      Curious, what time frame are you talking about, here? Because I definitely remember a time in the 90s/early 00s where using Windows without an anti-virus program was kinda reckless. Windows didn't...

      Personally I've never found antivirus helpful.

      Curious, what time frame are you talking about, here? Because I definitely remember a time in the 90s/early 00s where using Windows without an anti-virus program was kinda reckless. Windows didn't have proper internal security tools and every damn floppy your uncle gave you to print his Birthday invitations had a virus. Anti-virus didn't catch 100% of those but they caught enough for me to consider it valuable.

      I haven't used one but Defender in years, though. Maybe 2010? Things have gotten better, I guess that was a necessity as the internet grew up.

      4 votes
      1. [4]
        Comment deleted by author
        Link Parent
        1. [3]
          nothis
          Link Parent
          I think whenever you hear someone tell you you "absolutely need an anti-virus", that's coming from the Windows 95/98/XP days. If you were using computers back then, you probably saw a virus...

          I think whenever you hear someone tell you you "absolutely need an anti-virus", that's coming from the Windows 95/98/XP days. If you were using computers back then, you probably saw a virus wrecking it and remember the panic and mess that came with it. Nowadays, it's more of a manageable risk (especially if you follow the basic "don't install weird exes from random websites"-rule). Though I understand people who still insist on using anti-virus to not have to worry about that 0.5% chance of it happening today. I just came to the conclusion that the hassle of having anti-virus software crash in the background and cause weird alarms cancels out the benefit of potentially catching a virus.

          2 votes
          1. [2]
            JamesTeaKirk
            Link Parent
            ESET's alarms have always been extremely helpful and actionable for me. And I've never had any issues with random crashes. I guess you could consider ESET a security suite rather than simply an...

            ESET's alarms have always been extremely helpful and actionable for me. And I've never had any issues with random crashes. I guess you could consider ESET a security suite rather than simply an AV, but this thread is definitely making some sweeping and incorrect generalizations about AVs and the need/benefits of having one.

            3 votes
            1. NOD
              Link Parent
              It's really crazy to me how ESET doesn't ever fall in under the top 5 discussion for anti-virus tools or security suites. It's so underrated it's criminal. Doesn't crash, isn't bloated, negligible...

              It's really crazy to me how ESET doesn't ever fall in under the top 5 discussion for anti-virus tools or security suites. It's so underrated it's criminal.

              Doesn't crash, isn't bloated, negligible resource usage, and most importantly, it's been useful for me whether it's showing me expired certs for sites or catching malicious url hijacking attempts on sketchier sites.

              2 votes
    3. Luna
      Link Parent
      I use Windows and Malwarebytes. Interestingly, if Defender comes up clean, then I run a scan with MBAM (and MBAM finds something), Defender will suddenly realize there is a threat. Even when it's...

      I use Windows and Malwarebytes. Interestingly, if Defender comes up clean, then I run a scan with MBAM (and MBAM finds something), Defender will suddenly realize there is a threat. Even when it's just a SimCity 4 mod that was falsely flagged by MBAM. Funny how that works...

      I could probably live with just Defender at this point, but it's peace of mind.

      3 votes
    4. merick
      Link Parent
      I don't even know why I have one. It's been a few years since I've had a virus on my computer. Peace of mind, I guess? Or maybe just out of habit. This is my experience a well. If you know what...

      I don't even know why I have one. It's been a few years since I've had a virus on my computer. Peace of mind, I guess? Or maybe just out of habit.

      And I find that question is hard to answer because if you know what to look for, you don't need antivirus. And if you don't know, you do need it...

      This is my experience a well. If you know what you're doing, you don't need an antivirus and probably wouldn't be asking this question to begin with. If you're asking this, you are probably better off using one.

      2 votes
  2. dblohm7
    Link
    Antivirus software is awful; half of the stuff that they do in the name of "security" is the exact same stuff that malware does, just on on the other side of the coin. We've had so many problems...

    Antivirus software is awful; half of the stuff that they do in the name of "security" is the exact same stuff that malware does, just on on the other side of the coin.

    We've had so many problems with AntiVirus crashing and/or interfering with the proper operation of Firefox that my current job at Mozilla is to kick AV out of our processes. The Chrome people are doing it too.

    11 votes
  3. [10]
    Arbybear
    Link
    How do you feel about antivirus these days? Whenever I visit a subreddit like r/buildapc, they always say "common sense is the best AV, or Windows Defender if you really want something." On Linux...

    How do you feel about antivirus these days? Whenever I visit a subreddit like r/buildapc, they always say "common sense is the best AV, or Windows Defender if you really want something." On Linux subreddits people can get hostile about the topic, declaring that AV software will harm more than it will help.

    Krebs says that even if antivirus software won't stop everything, it is still good to have to maintain security in depth.

    I agree with Krebs, and I personally use Avira antivirus on Windows 10.

    7 votes
    1. [7]
      apoctr
      Link Parent
      IMO they can do more harm than good. A bug in AV software can end up introducing a bigger attack vector than they're supposed to help protect against. E: missing word.

      IMO they can do more harm than good. A bug in AV software can end up introducing a bigger attack vector than they're supposed to help protect against.

      E: missing word.

      13 votes
      1. [6]
        smores
        Link Parent
        Huh, would you mind explaining how that introduces a new attack vector? I've been fairly happy with Sophos, but I definitely hadn't thought of it as a potential vulnerability.

        Huh, would you mind explaining how that introduces a new attack vector? I've been fairly happy with Sophos, but I definitely hadn't thought of it as a potential vulnerability.

        2 votes
        1. [3]
          apoctr
          Link Parent
          It's common for AV software to inject code into Browsers like Chrome. This isn't ideal for a few reasons: Undermines HTTPS connections to scan for viruses Bugs in AV software can now be targeted...

          It's common for AV software to inject code into Browsers like Chrome. This isn't ideal for a few reasons:

          1. Undermines HTTPS connections to scan for viruses
          2. Bugs in AV software can now be targeted by online viruses and potentially allow access to wider system and greater system control

          There's documented cases of AV software being targeted in order to introduce viruses, from within the AV.

          I believe there was/is also cases of injecting code into the NT Kernel, which you'd typically want to avoid.

          I'm on mobile and having a little difficulty finding sources, but either you can have a short Google yourself or I'll try to update this commet with sources later in the day.

          9 votes
          1. [2]
            smores
            Link Parent
            Ah, those sound not awesome. Thanks for explaining, I guess I'll do a bit more research on my own!

            Ah, those sound not awesome. Thanks for explaining, I guess I'll do a bit more research on my own!

            2 votes
            1. Crespyl
              Link Parent
              https://www.securityweek.com/critical-vulnerability-symantec-av-engine-can-be-exploited-sending-email This is just one from a few years back, and relates to executable analysis instead of browser...

              https://www.securityweek.com/critical-vulnerability-symantec-av-engine-can-be-exploited-sending-email

              This is just one from a few years back, and relates to executable analysis instead of browser shenanigans, but the principle is the same.

              Even Macs aren't safe:
              https://www.helpnetsecurity.com/2017/02/28/antivirus-macs-remote-code-execution/

              This one relates to a failure to validate a HTTPS certificate and allowed a man-in-the-middle attack to gain remote code execution; again the same pattern of "AV wants root, fails to follow good security practice, makes more problems than it solves".

              I couldn't find the browser examples I was thinking of, IIRC it was either Symantec or MacAfee that had a browser addon which gave any website pretty trivial RCE by way of even more terrible overdesign.

              The only AV worth trusting, IMO, is either written by the same authors as your OS (Defender) or else it should be open source. As they say, common sense is the best protection.

              7 votes
        2. [2]
          JamesTeaKirk
          Link Parent
          While I'm not sure I wholly agree with apoctr's statement , AV's have more permissions and access to your system than any other piece of software really.

          While I'm not sure I wholly agree with apoctr's statement , AV's have more permissions and access to your system than any other piece of software really.

          6 votes
          1. smores
            Link Parent
            Ah, yeah, the edit explains it. That makes sense. It's a point worth considering, though I'm not sure I'm convinced that on the whole they do more harm than good. Thanks for explaining :)

            Ah, yeah, the edit explains it. That makes sense. It's a point worth considering, though I'm not sure I'm convinced that on the whole they do more harm than good. Thanks for explaining :)

            3 votes
    2. acr
      Link Parent
      For a company, you need it. AV can do web filtering and all that. Wee use Mimecast to scan emails and put links to things in a kind of quarantine state. So there are multiple kinds of ways to go...

      For a company, you need it. AV can do web filtering and all that. Wee use Mimecast to scan emails and put links to things in a kind of quarantine state. So there are multiple kinds of ways to go about AV. Company wide we need it because end users do dumb stuff and our AV quarantines certain things and we can delete them from a central console. At home I don't have it because I know enough what not to do.

      4 votes
    3. Neverland
      Link Parent
      I’ve installed ESET Personal Security on every Win machine I’ve been in charge of, or owned, for like a decade now. On my personal machines I can’t remember the last time it flagged a virus....

      I’ve installed ESET Personal Security on every Win machine I’ve been in charge of, or owned, for like a decade now. On my personal machines I can’t remember the last time it flagged a virus. However, the firewall part, which I have set to always ask, alerted me that my desktop Skype client was getting all kinds of direct incoming connections from Russia. Obviously never allowed those, and then I uninstalled the legacy win32 Skype client soon after. At home, I really like the firewall more than the AV tbh.

      I used to be responsible for around 10 win machines in a office. In that case it caught all kinds of emails and attachments. Out of all of those machines, not a single known infection in 10 years. So I like ESET.

      4 votes
  4. [3]
    Comment deleted by author
    Link
    1. Crespyl
      Link Parent
      Where "it" is some third-party AV like Symantec or MacAfee? Or Defender, the tool written by the same company that's responsible for the kernel it's supposed to protect? There was a point in time...

      Would you want you[r] Grandma running without it though?

      Where "it" is some third-party AV like Symantec or MacAfee? Or Defender, the tool written by the same company that's responsible for the kernel it's supposed to protect?

      There was a point in time where security/threat detection/virus database weren't things OS providers managed at all, and having a third party was the only way to get that security.

      Since then, MS at least has caught up and has a much safer implementation, while in the meantime third-party AV vendors have repeatedly proven to be aggressively incompetent and introduce an enormous attack surface.

      You're right, this article is from 2014, and since then there have been even more instances of remote code execution vulnerabilities introduced by AV products, two of which I've already linked in this thread. If anything, the situation is worse now than it was in 2014.

      So no, I wouldn't want my Grandmother to run third-party AV. These days she doesn't even run Defender, since I have her on Mint.

      As an aside, I think your post would've been better without that second paragraph, and I hope we can maintain a more constructive approach to dialogue in ~.

      7 votes
    2. Arbybear
      Link Parent
      Correct me if I'm wrong but I don't think much has changed in four years for antivirus. I would think that antivirus is still useful to power users. Even if someone has superb "common sense" and...

      Correct me if I'm wrong but I don't think much has changed in four years for antivirus.

      I would think that antivirus is still useful to power users. Even if someone has superb "common sense" and never clicks on anything even marginally risky, there is always the chance that some program or website that they routinely use gets compromised unknowingly.

      6 votes
  5. hhh
    Link
    this is a more recent and in-depth article than OP's on the topic

    this is a more recent and in-depth article than OP's on the topic

    2 votes
  6. annadane
    Link
    I think the main issue is that Windows is a pain in the fucking ass to use. Microsoft cares naught for user experience, particularly with Windows 10. Consequently, people never truly learn how to...

    I think the main issue is that Windows is a pain in the fucking ass to use. Microsoft cares naught for user experience, particularly with Windows 10. Consequently, people never truly learn how to use their computer because they're in an environment of learned helplessness. Linux just gets out of your way. Windows obscures everything. Windows itself feels like a virus, sometimes. It's not a wonder people aren't more careful with their systems.

    1 vote
  7. JamesTeaKirk
    Link
    I use ESET. I originally intended to just test it out for implementation at work, but it has a constantly updated virus database and dozens of features around network security, web security,...

    I use ESET. I originally intended to just test it out for implementation at work, but it has a constantly updated virus database and dozens of features around network security, web security, privacy, and recovering devices.

  8. reseph
    Link
    Pretty much. Security is all about layers. We use application whitelisting for endpoints.

    Pretty much. Security is all about layers.

    We use application whitelisting for endpoints.