You Don't Need an Antivirus (Except Microsoft's Built-in on Windows), Says Former Firefox Developer

Former Firefox developer Robert O'Callahan believes that antivirus software is not necessary, AV vendors are of little help, and that you should uninstall your antivirus software immediately. From a blog post: Users have been fooled into associating AV vendors with security and you don't want AV vendors bad-mouthing your product. AV software is broadly installed and when it breaks your product, you need the cooperation of AV vendors to fix it. (You can't tell users to turn off AV software because if anything bad were to happen that the AV software might have prevented, you'll catch the blame.) When your product crashes on startup due to AV interference, users blame your product, not AV. Worse still, if they make your product incredibly slow and bloated, users just think that's how your product is.

hyper-v and don't install chrome extensions

[known_coward_69]

i do all my porn and risky surfing on a VM on my main computer that i keep shut off unless i'm using it. and i avoid virtually all chrome extensions unless they are from someone i trust with a real corporate email in the contacts.

Re:hyper-v and don't install chrome extensions

[Anonymous Coward]

Another benefit of using a virtual machine is just powering it off when you are finished and having it reset to the last snapshot. Every month or so apply patches and move your snapshot forward.

Re:

[JackieBrown]

Just curious, does MS allow now for you to make a copy of your windows for a virtual machine as long as it's on the same machine or do you need to purchase to licensees for it?

Re:

[ls671]

It has been a while for you, hasn't it? They usually don't give you a Windows CD anymore when you buy a PC/Laptop so I couldn't tell you how to install the Windows version you paid for when buying the computer on anything...

Re:

[dwywit]

Laptops generally come with a "media creator" tool to burn a set of installation discs. Some desktops, too.

Bonus - the toshiba tool creates an activated version of Win 7. That *could* be used to install many VMs, but I wouldn't know about that.

Re:

[Cacadril]

VM's have a different hardware signatures from the host, and the Windows media most likely (or in my case: certainly) won't run. And, if it runs, it won't be "genuine". Maybe the pro edition has a virtualization extension that allows you to run VMs, Those who know, please tell.

Burn your own install CD ...

[perpenso]

They usually don't give you a Windows CD anymore when you buy a PC/Laptop so I couldn't tell you how to install the Windows version you paid for when buying the computer on anything...

Microsoft makes iso images available. The vendor probably provided a key some where.

Re:

[Pubstar]

Hyper-V is free on Win8/10 pro.

Re:hyper-v and don't install chrome extensions

[CaptnCrud]

I do the same thing, except I have the song ~smooth operator by sade playing in the background when im in "secure" mode.

Re:

[antdude]

Don't some malwares infect hosts from VMs too these days? :(

IN SOVIET RUSSIA

[Anonymous Coward]

...VIRUS CLEAN ANTIVIRUS

This is obvious even to AV vendors

[The-Ixian]

The writing has been on the wall for a while now. You rarely get "just AV" when you install an AV product these days. You end up with a whole suite of value added applications like password managers, system optimizers, registry cleaners, web site scanners, IPS and content filters, etc.

The reactionary system we have been living in was never very good. Relying on signatures to detect malware is a fundamentally flawed system. As the operating systems and, more importantly, the applications that run on them become increasingly secure, the need for the signature-based AV systems declines.

Any AV software company has seen this coming for a long time. At least I would hope they have.

Re:

[Anonymous Coward]

Part of it had to do with running most users with administrative privileges, and Microsoft created this mess by making the systems hard to use if you didn't have administrative privileges.

I know people even today who turn off UAC the first chance they get because they are so annoyed by the prompts.

Re:

[CaptainDork]

I ran a large shop when UAC first hit, and I immediately disabled it.

As you know, all it does is ask the nagging question, "Are you sure?"

My people were lawyers, paralegals, secretaries and staff.

They were never sure because the goddam thing gave them NOTHING to consider.

They would stop all work and get my permission to proceed, which was a smart move on their part. If things went sideways, ...

Re:

[Actually, I do RTFA]

Microsoft created this mess by making the systems hard to use if you didn't have administrative privileges.

That's just not true. On their 95/98/ME line, yes. On their NT-based line, that is their more secure/multiuser/real variant of the OS, they've always enabled non-admins to have the features you would expect. Including, for example, installing apps only for their use, or installing apps that wrote to config files in the user accounts. When they released XP, merging the NT/95 lines, they released doc

Re:

[ausekilis]

That explains McAffee AV's behavior.

"You can pry this OS from my cold, dead hands!"

Re:

[chispito]

Relying on signatures to detect malware is a fundamentally flawed system. As the operating systems and, more importantly, the applications that run on them become increasingly secure, the need for the signature-based AV systems declines.

I 100% agree with you. Unfortunately it is regulated industries that are keeping this crap afloat.

Security != Compliance

Re:

[Nephandus]

>As the operating systems and, more importantly, the applications that run on them become increasingly secure...

What decade and century do you think we're in?

Re:

[unixisc]

Fully agree w/ this. In fact, for all the bellyaching over Windows 10, one thing they did right - put in the ultimate antivirus in Windows Defender, which comes w/ it. No more paying annual subscriptions to Norton, Kaspersky, ES-ET, Malwarebytes, et al

One of the rare good things to come out of this mess

AV Free for years

[Anonymous Coward]

Further, any software you install likely creates new security holes in your system. By installing an AV you are likely opening up more holes then you are closing.

There are three main sources of security holes:
1) Holes in the OS that the OS manufacturer needs to close
2) Holes in installed software that the software manufacturer needs to close
3) Holes in the user's general security intelligence.

None of those are solved by adding ANOTHER software suite.

Re:AV Free for years

[tepples]

Holes in the user's general security intelligence.

None of those are solved by adding ANOTHER software suite.

Not even whitelist-based security tools that allow only vetted applications to run? I thought that was the point behind Apple's App Store, game consoles' app stores, and the PC Matic tool for Windows.

Re:AV Free for years

[Dr_Barnowl]

Problem with whitelisting is that it destroys your computer.

It's not a computer any more. It's an appliance.

Which is fine for people you can only trust to run an appliance, but it prevents anyone from programming aka becoming more productive.

It's a nice little racket - it guarantees the IT dept. a job (they were charging £2,000 to vet programs for distribution at my last place), it gives the "real" programmers more work, but it stops users reaching enlightenment and getting the computer to do what it's for - lots of repetitive tasks in an automated manner.

---

Aside from that, whitelisting software has been responsible for some of the more spectacular performance drops I've seen - like taking a process that writes around 30,000 files and increasing it's runtime from 2 minutes to 15 minutes, taking an operation that subject matter authors were doing when they felt like it and making it a tea-break thing, totally wrecking productivity.

iPad, PlayStation, and Jiffy Lube

[tepples]

an appliance [...] prevents anyone from programming aka becoming more productive [and] stops users reaching enlightenment and getting the computer to do what it's for - lots of repetitive tasks in an automated manner.

Which elicits a big "So?" from appliance fans.

The majority of the population do not read Slashdot. I imagine that most either A. use computing devices for entertainment rather than "becoming more productive" or B. prefer to outsource the programming to a specialist rather than "reaching enlightenment" themselves. For evidence of these, look at the popularity of iPod touch, iPhone, iPad, PlayStation 3, Xbox 360, PlayStation 4, and Xbox One. For evidence of preference of delegation to a specialist, look at th

Re:

[Sigma 7]

Problem with whitelisting is that it destroys your computer.

It's not a computer any more. It's an appliance.

Which is fine for people you can only trust to run an appliance, but it prevents anyone from programming aka becoming more productive.

With modern computers, I see no reason why this is an issue.

It is trivial to have a whitelist system that can be disabled for developers that want to program. Google Android does this, and I see no reason why future computers can't be setup this way either.

Re:

[tepples]

It is trivial to have a whitelist system that can be disabled for developers that want to program.

But it's not trivial to keep malware developers from social engineering naive end users into turning on developer mode.

Re:

[thegarbz]

I thought that was the point behind Apple's App Store

Just another trust model. You're giving up control over your system to some curator and trusting them keep you safe.
Of course nothing is perfectly safe [sophos.com]

Real Purpose of App Stores

[HannethCom]

The app stores are about control and money. None of it to benefit you!
First and foremost almost all app stores are about the company making money off of other people's products. Apple really showed this when they stopped applications from being able to buy things like ebooks. Apple wasn't happy because they were not getting their cut for doing nothing.
Then you have control. Again Apple shows this best with not allowing anyone to compete with their products and not allowing other app stores to function.

AV is a joke

[n0w0rries]

I started removing AV from clients computers years ago. All it does is slow your PC down. Every time I had to deal with an infection, the PC involved had AV, that was sometimes very hard to remove.

malware removal services should just be a tax on the easily confused.

Re:AV is a joke

[FyRE666]

Exactly. I do the same, if we get a new PC with commercial AV installed (usually some trial) it's the first thing I uninstall to installing improve disk performance by 50-100%. The Windows 10 built-in AV works fine and doesn't make a PC perform like it has a 5400rpm drive from 2001, instead of a modern SSD.

Re:

[thegarbz]

I don't mind the performance loss. It's the not losing files that I care about.

Kind of like how AV tools lock new files for scanning after creation, except that MS Office apps write to temporary files before renaming at the end, and a lovely little timing based issue then results in the locked files being synchronised causing you to end up with a corrupted set of .TMP files where your documents should be.

AV can go to hell.
Mind you so can Offline Files in Windows, it's equally buggy.

Re:

[Moheeheeko]

an experienced McAfee user I see.

Re:

[Bob the Super Hamste]

Windows builtin AV will NOT perform SSL/HTTPS inspection

That is one of the jobs of my firewall. Along with running a NIPS, doing regular firewall activities, DNS black holing for ads and trackers and being a VPN server. So why run it on my main machine when instead I can run it on a much more secure platform with a much smaller attack surface that then protects all devices I own.

The average user still needs AV

[entropy01]

I don't use AV, but the average person still needs it. The average person either doesn't know or doesn't care what they are clicking on. As part of a layered defense strategy for the average user, it is still needed. Personally, I don't like AV stealing my CPU cycles. I use other methods, common sense chief amongst them, to prevent infection.

Re:The average user still needs AV

[DarkOx]

The average person does need A/V but the built in stuff that come with Windows is more than adequate. Signatures are really only good if they are nearly to the moment up to date and with the present rate of churn on the internet that model just does not really work. To the degree it does still work Microsoft does as good a job as anyone. Its the heuristic side where there is still some effectiveness but even the high dollar stuff like Cylance falls down more than it succeeds. They claim 99% and maybe that is true if you just grab random malware off the internet and throw it at their stuff. We did some internal testing with more recent exploit code from metasploit and what have become downright common powershell and rundll payloads; if all we did is make the most trivial modifications to them we saw more like a %2 detection rate, other endpoint packages did about the same as well.

Long story short A/V won't protect you from even a broadly targeted (hey I know these guys are using windows 8 because I Trojaned my "stat button" replacement app for windows 8/8.1, now I'll just wait and here and see how my hosts join my botnet) attack using updated tools. It certainly won't help you against an actual targeted attack.

Should everyone leave Windows Defender on, yes its free and MS has done a pretty good job making sure their own AV package does not foul up their own OS. I would NOT recommend any third party A/V solution at this point for individuals or SMBs. There might be some residual value in endpoint packages for larger businesses but there is an equal strong cases for going without and focusing on a systems management solution instead where you simply make sure everything is patched and you have tight control over what gets run. Unfortunately Applocker bypasses are fairly trival now so you do need a third party solution800,000 to take a true white list approach.

Ad Block

[EvilSS]

These days one of the best AV products is a good ad blocker. I can protect myself from sketchy downloads: don't download sketchy software or from sketchy sites. I can't prevent some asshat from exploiting a zero day in a browser through an ad on a mainstream site, except by blocking all ads on all sites.

*Yes, trusted sites can be comprised and it's happened in the past where downloads were infected but the odds that I'll download that software during that window where the infected files are being handed out are about the same as me getting stuck by lightning.

Re:Ad Block

[interkin3tic]

I use addblock, ghostery, and noscript to protect myself from viruses

"YOU'RE KILLING THE INTERNET!"

Yeah, well the internet infected and killed one of my computers, so I'm going to be wearing an internet condom from now on. Besides, you can't tell me no one is viewing ads anymore when my aunt still is using windows XP.

"What websites were you LOOKING at that killed your comptuer?"

Oh the usual ones, porn, porn, yahoo, [washingtonpost.com] and more porn.

"You pervert! Use google instead!"

Re:

[EvilSS]

Yea I get the need to make revenue but if they won't work to make sure that all of their ads are vetted and clean, I won't stop using adblock. For some reason instead of doing this, they seem to think it's a better idea to just make the ads that people without adblock see more and more intrusive. Or do like Wired and try to get me to pay more for their website without ads than I do for their freaking paper magazine! Logic.

Re:

[interkin3tic]

Forbes too seems to be going full on RIAA. "A fraction of people are getting our product for free. SPEND ALL THE MONEY TRYING FRUITLESSLY TO FIGHT THESE RARE PEOPLE!"

I'm sure they have more information than I do, but I suspect they're spending more money and losing more readers doing it than they would theoretically be gaining in the first place.

Re:

[EvilSS]

Yea that was the last straw for me with Forbes. I actually added them to my personal blocklist addon so they don't show up in google searches anymore, and I try to avoid them where i can elsewhere. They are basically a blogging platform for out of work "journalists"... sorry... freelancers these day with virtually no editorial oversight. The writers just pump out as much crap as they can to maximize their meager revenue. Then they pull that crap with their adblock blocking, and the very day they turn it on

Re:

[interkin3tic]

Hey now! They have some very insightful articles on... pokemon go...

Re:

[ortholattice]

I would be willing to add an AdBlock exception for Forbes if they guaranteed malware-free ads. By guarantee I mean they would compensate me monetarily for my lost time restoring my system, at say $100 per hour. Short of that, no Forbes for me!

Re:

[johannesg]

"YOU'RE KILLING THE INTERNET!"

The internet was built to withstand a nuclear attack. I'm sure it can survive the loss of ad revenue.

Re:

[Fire_Wraith]

Given the nature of Ad Networks, it doesn't really matter what sites you're looking at. You could surf only perfectly reputable sites, and you'd still get pwned if you weren't blocking the ads. It's because they're using third-party distribution networks, and while certainly there are some networks that are shadier than others, I've yet to see anything that convinces me that the crooks can't get malware up on them long enough to do damage.

Re:

[EvilSS]

Hostfiles are a horseshit way to manage this. If you don't want to use addons then do it at the firewall where you can more easily manage lists you use and you don't have to do it on a machine by machine basis. This is more than possible with consumer gear and third party open firmware.

Re:

[EvilSS]

See my post: If you don't want to use addons then do it at the firewall where you can more easily manage lists you use and you don't have to do it on a machine by machine basis.

There are firewall firmware available that can use the same blocklists APK uses, but they cover your entire network. Stop shilling for APK.

Re:

[EvilSS]

This is terrible. If you want to it this way use a firewall that supports block lists. Doing host files is idiotic. It's machine by machine and a PITA to manage.

Re:

[EvilSS]

Bullshit. I can block hosts using any list you can use in APK at my firewall. And when I do it covers my entire network, not just the machines I put them on.

Re:

[EvilSS]

Not sure what you don't understand, but do these look like IP addresses to you? https://imgur.com/a/44AnF [imgur.com]

You can block hosts at the firewall, you are not limited to just IP's. I think it's you that needs to take a refresher in compsci and networking. Your understanding seems to be a few decades out of date.

Re:

[Bob the Super Hamste]

APK doesn't understand that it is possible to black hole DNS lookups with a non garbage router/firewall. He probably also doesn't understand that on a non garbage firewall you can do a lot more than just have it look at packet headers and do block/allow actions based off of the data in there. I mean who would want to have an NIDS/NIPS running on the edge of their network doing DPI to block malicious content? Why would anyone want to have something inspecting all web traffic to block virus laden content? Wh

Re:

[EvilSS]

You have no idea what you are talking about. None. It literally works like what your program does, but at the firewall on the edge of my network. The firewall downloads the lists and any DNS request goes against that cache first before forwarding the lookup. There is NOTHING running on the PC, the DNS lookup is just as fast (faster actually since it doesn't have to use the forward DNS servers). Your solution uses MORE system resources since I have to run your app on the PC. Also big hosts files are not res

Re:

[EvilSS]

If my firewall fails, then I'm 100% safe because NOTHING is getting out. With your "solution" I have to make sure every machine is running the host files, and has the latest updates. That's massively inefficient. Any one of those can stop updating or fail outright and I have no way to know. My firewall I can just check the logs. Plus now you are using up system RAM on every machine, yet you complained earlier about the RAM that plugins take up? It's fewer moving parts, not more. I have one place to manage

Re:

[EvilSS]

Your program uses more resources than my firewall, and that multiplies with the number of machines that need to be protected. Again, if my firewall fails there is no point because NOTHING is getting out. Although if I wanted I could always load balance the firewalls to provide redundancy. Seems overkill for my house but I could do it without much effort. My solution protects EVERYTHING behind the firewall, yours only works on devices where the host file can be modified and, it only "protects" windows machi

Re:

[jeff4747]

I always trust people this uninformed about the basics of networking when deciding on how to protect my network.

I agree with the summary

[DatbeDank]

Let's be real with ourselves. Nowadays the vectors for attack are easily protected so long as you use a modern browser that sandboxes itself and use an ad blocker you really don't need anything more than the built in AV and firewall tools for windows. I don't even think OSX provides an AV tool.

I haven't paid for antivirus software since 2005 which was coincidentally when I discovered Firefox and Adblocking extension.

I'll stick with the free tools.

Re:

[iTrawl]

There's one more requirement: Don't download MyFavouritePokemonDesktopPal from many-pokemon.software-site.no-really.latest-software.trust-us.com

Re:

[srmalloy]

It's amusing that the article has an update:

Perhaps it should go without saying --- but you also need to your OS to be up-to-date. If you're on Windows 7 or, God forbid, Windows XP, third party AV software might make you slightly less doomed.

And how much is the check you're getting from Microsoft to shill for them encouraging "upgrades" to Windows 10? Or are you suggesting that Microsoft is deliberately failing to fully update Windows 7 in order to make it look less secure?

Re:

[roca]

Windows 10 has some systematic security improvements that weren't backported to Windows 7. That sort of thing is often hard to retrofit without breaking stuff.

I spent fifteen years of my life working on Firefox, fighting Microsoft tooth and nail to stop them from taking over the Internet. Nowadays I' work on debugging software that only works on Linux. So no, I've never been Microsoft's shill or anyone else's. But people running up-to-date OSes is in everyone's interests.

Duh

[Khyber]

AV products actually make you less secure. They act as a MITM, replacing certificates with their own and totally defeating the purpose of TLS/HTTPS.

Re:

[tepples]

Without using a MITM proxy, how else is the operator of a home or organizational network supposed to cache public images, scripts, style sheets, and other resources, so that multiple devices on the network don't have to redundantly download the same resources over a slow and/or capped connection to the Internet?

I have had no issues

[KozmoStevnNaut]

With Malwarebytes and BitDefender. I don't go for the big all-in-one "security quites", so the simpler approach works great for me.

Re:

[KozmoStevnNaut]

I only use my Windows installation for games, nothing that actually matters.

APK

[aicrules]

This story needs some APK posts.

Re:

[aicrules]

Haha he must have started posting as I noticed the lack of it. Glad I wasn't disappointed. I would love to one day know if this is really a person taking that much time to post or if "He" is now just a bot or a combination of bots.

Re:

[phantomfive]

To some extent I agree.......the -1 posts should be shown in collapsed form, so at least you know they are there.

Re:

[aicrules]

It is odd that his first post was at the same time I posted mine. His replies are all later but directly above this post is the first...creepy

Re:

[Bob the Super Hamste]

It can't be that hard to impersonate APK I believe he may have actually been turned into a very small shell script.

Not used an AV in the past decade

[GeekWithAKnife]

I find that SPI firewalls, execution prevention, careful permissions for limited users, NoScript and other tools are far superior to an AV.

Liberal OS policies and platforms are not ideal for anything you;d hate to lose. Often you would not know that something malicious is running.

With multiple layers of security on a system that does not change often you can have fine grain control of anything. An odd internet connection attempt, a never heard of before program attempting to run etc -that reasonable easy to catch.

AV vendors have been packaging (shoving) everything included as soon as they realised AVs are done. Unfortunately the desktop class products are often more trouble than they are worth.

That being said, I still advocate the complete security packages from AV vendors for users that know little being logging into facebook. They are clueless and could not manage a complex system a "security suite" type program is their best bet.

Re:

[zifn4b]

I find that SPI firewalls, execution prevention, careful permissions for limited users, NoScript and other tools are far superior to an AV.

You're confusing AV with other types of security software. They all have a purpose for computer security but they all do different things to help with that. They are dealing with different attack vectors.

My solution: Linux+AdBlock+hosts

[gosand]

I run Linux, a browser with ad blocking, and a hosts file with 94.5k entries (for shady sites) that redirect to a dummy IP.

Well

[kilodelta]

I run software and hardware firewalls, plus AV, Ad and script blocking. Makes my web experience much better.

You're credible why?

[zifn4b]

And we should trust the developer of a browser whose development team didn't see the problem with their memory model chewing up resources until Firefox ground to halt and took an ivory tower position of something along the lines of "you shouldn't have your browser open that long." I know quite a few people who switched to Chrome over that nonsense, myself included. Why should we trust your recommendations again?

Re:

[Parker Lewis]

What is the relation between a former developer opinion about anti viruses and one of the products of the organization he worked? You're saying that if you don't agree with the memory model of Firefox, the opinion of the former developer is wrong, which is totally unrelated. Attack the message, not the messenger.

Re:

[CrashNBrn]

Sure, lets switch to a browser whose idea of tab-management is to copy IE.

Re:

[roca]

> a browser whose development team ... took an ivory tower position of something along the lines of "you shouldn't have your browser open that long."

That never happened. You just made it up.

Depends who "You" is

[Afty0r]

I haven't used Antivirus Software in about 15 years, and I use a PC or similar device for 12+ hours a day. I haven't caused a single infection - the only time a computer of mine was infected was when someone snuck onto my computer to try a practical joke, loaded a porn website to set as my homepage *but did it in Internet Explorer* back in the days of IE6
Of course, I know what to click and what not to click. I know to examine dialogue boxes and have critical thinking skills to evaluate the website I am d

What's an antivirus?

[loufoque]

I've never needed one.
Then again, I run Linux.

Summary omits crucial exception: Microsoft's

[roca]

Original poster here.

My post says "Except Microsoft's", right in the title. I think that's important. I believe that Microsoft's Defender stuff is probably less bad than the other major players and worth having enabled for average users. Unfortunately that's been left out of the Slashdot summary.

Re:

[roca]

Oh, and I also mentioned in the post that you'd be better be using a fully up-to-date OS and browser.

Endpoint protection is more than AV...

[steppin_razor_LA]

AV is just part of the reason that we use SEP. It also allows us to do things like control access to USB devices, lock down which processes can be ran, etc.

I agree that the traditional AV portions of the product have questionable utility.

COMPUTAH

[JThundley]

Why do I need antivirus on the thing I use to start Steam? We mandate antivirus on our work computers, still hasn't stopped cryptolocker from encrypting stuff on network shares.

MSE is licensed only for up to ten PCs

[tepples]

That and organizations with more than ten PCs running Windows 7. The last time I checked, the built-in AV on Windows 7 (Microsoft Security Essentials) was licensed for use only on up to ten PCs in an organization, after which the organization is expected to either A. buy the appropriate Windows Server license and the appropriate Microsoft System Center 2012 Endpoint Protection license, or B. upgrade to Windows 8 or later where MSE was integrated into Windows Defender.

Re:

[dpidcoe]

I've been running AV free since the early 2000s up until MSE came out, and constantly took flak from self declared IT experts whenever I mentioned it (they'd insist that my computer must be an infected cesspool and I was just too dumb to notice). tbh I'm actually surprised the comments here aren't filled with people insisting that aftermarket AV is an absolute necessity and insinuating that the mozillia developer must be in league with some botnet owners.

Re:

[MightyMartian]

I think most of us have been bit too many times by the bloat that products like Norton AV and McAfee represent. Norton in particular is just a resource hungry monster, and as a good many of the machines in our organization are about seven or eight years old, the idea of putting that kind of CPU cycle ravisher on them fills me with horror. In the end, we upgraded to Windows 10 (a rather mixed experience), and just used the built-in Windows Defender plus a pretty locked down network and good backups so if, so

Re:

[Bob the Super Hamste]

I think long ago most of us realized that ALL AV products suck. I get asked frequently by others outside of IT world which AV they should run and they are shocked when I tell them just use MS security essentials, or windows defender as they are free, come built in to windows, and while they suck about as much as the other AV products at least it doesn't nag you and eat all available resources.

Re:

[tepples]

always use an ad blocker

How will this remain practical once more sites follow the lead of WIRED and The Atlantic and start showing paywalls to ad blocker users? If you view one document on each of 20 different sites in a month, would you find it affordable to buy a $4 per month subscription to each of these 20 sites?

Re:

[pr0fessor]

Sites that require an exception in ad-blocker or a subscription are also sites that are unable to afford to be reckless with the advertisers they allow on their site. It's really about placing the responsibility on the site to make sure they are not serving up malware in ads.

Re:

[johannesg]

Well, either you stop reading those sites, or you wait for adblocking to catch up. This is an arms race, and I am not about to give total control over my computer and my internet connection to an industry that has such a bad track record. A few articles are just not worth the annoyance and risk.

Re:

[tepples]

if you put up a paywall or block adblockers, you lose my trust and my readership.

If the majority of an online publication's readers run an ad blocker, how would you recommend that it keep its servers on and connected to the Internet and a roof over its writers' heads? After ads and subscriptions, what is the third funding model?

Begging?

[tepples]

Unobtrusive ads

I'm told that ads wouldn't be obtrusive if unobtrusive ads brought in enough revenue to continue operations. Advertisers are willing to pay far more for obtrusive ads, and switching from obtrusive ads to unobtrusive ads might cause your favorite site to bring in so little revenue that it has to stop responding to HTTP requests.

and asking nicely for people to turn off the blocker

This sort of "begging" is reported to have anemic results [blockadblock.com].

The ads shouldn't [...] track me.

The only ads that can be proven not to track viewers are ads hosted by a site itself. And those have a far lower revenue per

No JS, no article

[tepples]

Use a script blocker instead of an ad blocker, and only whitelist the main news page.

Their answer to NoScript is to make everything past the abstract JavaScript-dependent [blockadblock.com].

Re:

[tepples]

If you're commenting on a Slashdot story whose featured article is from one of those sites, other Slashdot users are likely to berate you for being uninformed on grounds of not having read the article.

Re:

[NatasRevol]

Also, don't go to any sites with ads as they're a significant virus vector.

But wait, you're here so use an ad blocker.

But wait, some have been paid by ad co's to allow their ads. Including infected ads.

Now keep a list of which ad blockers, AVs, websites, official emails, are good. This week.

Re:

[mrchaotica]

will get a super old house that is either a small ranch or split-entry

Instead of using an "ad blocker" that tries to be smart, I use uMatrix to block everything except what I specifically choose to whitelist.

Re:

[gnick]

Don't visit porn sites either. Its not hard...

Well there's your problem.

Re:

[tepples]

All you have to do is limit your browsing (stay away from porn/downloads)

Is there a reason that erotic videos can't be made safe? And if you have a gaming PC, how do you obtain games other than through downloads?

For the last 10 years I've had a laptop that I've used solely for web browsing/anything we based... and a gaming PC that only connects to the internet for games

Or just abandon the PC platform entirely: do non-gaming on a tablet running a smartphone-derived operating system, possibly with a Bluetooth keyboard, and use a PlayStation 4 for gaming.

Re:

[gnick]

By 'downloads' I was referring mostly to friends that still torrent a LOT of music/movies, and are always having problems with malware, etc.

Has there ever been a noticeable attack using corrupted music/movie files? I mean ".mp3," ".avi," etc. - Not ".mp3.exe," or ".avi.zip."

Re:

[tepples]

Off hand I can remember an attack on GStreamer's support for Super NES audio [arstechnica.com]. The interpreter for the Sony SPC700 had some serious bounds checking defects, allowing a program running on the emulated SPC700 to manipulate host memory.

Re:

[tepples]

What's better: a bunch of applications that you can run inside your web browser, or a bunch of applications that you can't run at all because their developer's computer uses a different operating system from your computer?

Re:

[Pubstar]

MalwareBytes and Webroot are the only two AV programs worth a damn the last time I checked.

Re:

[ChrisMaple]

Under Linux, cpulimit can often break this firefox misbehavior.