Why is Antivirus Software Still a Thing? (vice.com) 189
Antivirus has been around for more than 20 years. But do you still need it to protect yourself today? From a report: In general, you probably do. But there are caveats. If you are worried about your iPhone, there's actually no real antivirus software for it, and iOS is engineered to make it extremely difficult for hackers to attack users, especially at scale. In the case of Apple's computers, which run MacOS, there are fewer antiviruses, but given that the threat of malware on Mac is increasing ever so slightly, it can't hurt to run an AV on it. If you have an Android phone, on the other hand, an antivirus does not hurt -- especially because there have been several cases of malicious apps available on the Google Play Store. So, on Android, an antivirus will help you, according to Martijn Grooten, the editor of trade magazine Virus Bulletin.
When it comes to computers running Windows, Grooten still thinks you should use an AV. "What antivirus is especially good at is making decisions for you," Grooten told Motherboard, arguing that if you open attachments, click on links, and perhaps you're not too technically savvy, it's good to have an antivirus that can prevent the mistakes you may make in those situations. For Grooten and Simon Edwards, the founder of SE Labs, a company that tests and ranks antivirus software, despite the fact that Windows' own antivirus -- called Defender -- is a good alternative, it's still worth getting a third-party one. "Even if [Defender] wasn't the best and it isn't the best, it's is still a lot better than having nothing," Edwards told Motherboard. Yet, "we do see a benefit in having paid for AV product."
When it comes to computers running Windows, Grooten still thinks you should use an AV. "What antivirus is especially good at is making decisions for you," Grooten told Motherboard, arguing that if you open attachments, click on links, and perhaps you're not too technically savvy, it's good to have an antivirus that can prevent the mistakes you may make in those situations. For Grooten and Simon Edwards, the founder of SE Labs, a company that tests and ranks antivirus software, despite the fact that Windows' own antivirus -- called Defender -- is a good alternative, it's still worth getting a third-party one. "Even if [Defender] wasn't the best and it isn't the best, it's is still a lot better than having nothing," Edwards told Motherboard. Yet, "we do see a benefit in having paid for AV product."
No. (Score:3, Interesting)
That's an asinine view. Defender is the only av solution needed, and all other products create more problems than the occasional viruses. Third party av apps are security theater.
Re:No. (Score:5, Insightful)
I agree up to a point. For most personal users doing normal things, it's worth having one very lightweight AV that will catch obvious and egregious malware, and Defender fits the bill for that. I don't recommend a lot of the 3rd party stuff. Some of it's fine, but a lot of it is more trouble than it's worth, especially if you don't understand it.
However, for businesses, you should get something in addition to Defender, if only to get a centralized console that the IT people can use to monitor and configure the AV. Further, some of the "next gen" antivirus products are good for monitoring behavior and flagging things that may be of concern. Unfortunately, those new technologies tend to require some babysitting, so it's not necessarily great for individual use.
Comment removed (Score:4, Informative)
Re: (Score:2)
I have never seen Windows Defender do diddly squat against those FB malware links
As a matter of personal interest I've clicked on those malware links. I've not been able to get past them on Chrome or Edge (Firefox not tested). Why rely on AV for this? It's like saying "There's a bear trap don't step in it", and getting the reply "It's okay, I have bandages with me. I highly recommend using these instead of just those crappy bandaid found in cheap first aid kits."
Re: (Score:2)
Re: (Score:2)
Which part of "CLUESS USER" was hard for you to grasp?
The part that says I haven't seen this get past Chrome or Edge, the clueless user's webrowser of choice.
By the the way if it's a zero day then how will your anti-virus detection help you?
With Comodo AV it goes "no bad stuff!"
The clueless user is typically greeted with: https://www.ghacks.net/wp-cont... [ghacks.net]
Re: (Score:2, Insightful)
You are an idiot. AV software like ESET NOD32 and Kaspersky are objectively proven, time and time again, to be better than Windows Defender.
Re: (Score:1)
Windows Defender sucks big balls
It keeps removing KMSpico after putting it on the exception list.
Re: (Score:2)
I don't have that much problems with Cylance and Microsoft Defender does not detect a variety of issues in the real world. Obviously you don't need an AV if you're somewhat careful, but AV is to protect us from the dumbass clicking on every forward regardless of what you say. We've had "malware education" for about a decade at every turn and it just doesn't work.
Re: (Score:2)
Defender is also irrevocably tied into the OS.
Meaning it's a relatively stationary target.
A third party AV is going to introduce an element malware writers can't necessarily account for.
Sure, you might be able to specifically attack Norton AV, or McAfee, or AVG or ESet.
But you kinda have to KNOW your target's going to be running one of these.
Otherwise, the shenanigans to subborn one of these specific providers might just get caught by another AV provider.
Is it security theater? Yep.
Is it a shell-game varia
Re: (Score:2)
https://youtu.be/3xf45nHi4xQ [youtu.be]
Ditto (Score:3)
Re: (Score:2)
Any half decent browser won't benefit from AV software anyway. They are all heavily sandboxed and protected now. If the malware can get past that then the AV software probably isn't going to help anyway.
Re: (Score:2)
Re: (Score:2)
So, did Microsoft tinker with Windows 10 build 1809?
Re: (Score:2)
It is mine.
Now selling/stealing your most glorious code is not.
Re: (Score:3)
You want a firewall on Android, ideally something running as root. This is arguably the best way to deal with rogue apps. If they can't phone home, even though their manifest allows them to, they can't do damage... well, until they subvert another utility to go out.
Re: (Score:2)
Only if the os is stuppid enough to allow executables to be downloaded that way - AND - run it in administrator mode too.
Jesus Christ, get it right. Microsoft does a lot of things wrong, but this hasn't been the case for over a decade.
The user decides whether files and scripts have administrator privileges. If a browser isn't running as an elevated process, then the files and scripts its handling aren't elevated either.
Of course, there are privilege escalation attacks against Windows, but that's true of every OS.
It is a lot harder now. Malware has to escape the browser sandbox and escalate privileges, which is a step in the r
Re: (Score:2)
I'd really like to see browser-based remote code and scripting die in a fire
Would you prefer the overhead of running a native application in a Linux VM over the overhead of running a web application in a web browser? Or would you prefer not to be able to use a certain application at all because it is not yet ported to your device's combination of instruction set and operating system? Because those are the situations you'd end up seeing in a no-script world.
A PC app can still read and write all your files (Score:2)
Only if the os is stuppid enough to allow executables to be downloaded that way - AND - run it in administrator mode too.
Most operating systems are "stupid enough to allow executables to be downloaded", except Apple iOS and those on game consoles. On any PC operating system, an application that you choose to download and execute will have read/write access to your entire home directory or user profile, without even elevating. This is how ransomware encrypts your files.
But wait, there's more! (Score:4, Interesting)
Re: (Score:1)
And the majority of them aren't worth shit once infected, so there's that. Defender is anti-malware, that's it. There's no dark web data search, that's true. It's also free, and not designed to hold your dick when you pee.
Re: But wait, there's more! (Score:5, Insightful)
Re:But wait, there's more! (Score:5, Informative)
You are correct. But those are the things that break applications. When I did consulting for small businesses in 1990's and 2000's, the most common "hard" problem I found was antivirus software interfering with the system. I saw them silently block file shares, DHCP requests, email attachments, and CD burner applications, break SSL connections and backup software, even screw-up the system time. The system cleaners constantly broke Microsoft office. I would often uninstall the Symantec SuperDuper Network Security Pro that they paid a monthly subscription for, and install a cheap or even free antivirus package that had a simple daily scan.
Windows Defender is exactly what we need. Block applications from injecting themselves into the startup and adding shell extensions, and scan files for viruses. If you want web protection, 90% of that can be gained with an ad blocker. Even if it breaks a few sites it can be easily disabled.
Re: (Score:2)
I still run an anti-virus (AVG free) just to alert me if it finds something suspicious (just because I dont run random exe files doesn't mean something I get that seems legitimate enough can't be something malicious instead) but I have some of the more advanced crap turned off so it doesn't get in the way.
Once upon a time I used to run Norton but then I tried Norton Internet Security. Worked so good that it stopped my internet and web browsing from working completely. After that I blacklisted Norton and Sym
Re: (Score:2)
My own work computer gets this lovely notification every so often:
"Outlook has crashed due to a problem with the following plugins: "Mcafee emailscan" Do you wish to load Outlook with this plugin disabled?"
Comment removed (Score:3)
Re: (Score:2)
Nope missing the point:
We still need antivirus because computers still allow the user to do what they want despite it not being in their best interest, and criminals continue to exploit this problem.
We will continue to need anti-virus until computers no longer allow users to do what they want, but rather only what is permitted.
Or, just don't be stupid. (Score:1)
Don't download from porn sites or from untrusted sources or anything from email that you weren't expecting from the sender. .
You'll be fine.
Re: (Score:2)
Don't download from porn sites or from untrusted sources or anything from email that you weren't expecting from the sender. .
You'll be fine.
And that virus that comes from a rogue ad on a news site? I know it's rare, bu tit still happens.
Re: (Score:1)
Any modern browser should easily protect you from that kind of attack. That said, any code that is clever enough to skip through your browser's protections is probably also going to be missed by your Anti-Virus software.
Re: (Score:2)
Any modern browser should easily protect you from that kind of attack. That said, any code that is clever enough to skip through your browser's protections is probably also going to be missed by your Anti-Virus software.
I really don't understand this mindset... "Don't run AV software, it's a scam! Just make sure you're on Google Chrome Nightly and ex-filtrate all your browsing data to Alphabet for every HTTP connection" is not a viable strategy.
If you're being spear-phished or hit by a 0-day attack, there's little that a heuristic AV approach will be able to do and you'll need to hope some other part of your defense catches it. But for any other type of threat, AV is a critical part of that security layering for *any* user
Re:Or, just don't be stupid. (Score:4, Insightful)
Don't download from porn sites
pffft. you'll have better luck telling folks to not have actual sex with dirty people. Viri are going to spread via sexual desires - always.
Re: (Score:2)
Re: (Score:2)
Don't download from porn sites or from untrusted sources
How can the median user tell which sources are trustworthy?
Re: (Score:2)
A median user should have their driver's license revoked.
Next Up: Do We Still Need the Wheel? (Score:2, Funny)
Re: (Score:1)
Authors conclusion: yes, we still need wheels
I'm a mouse, and I still know how to walk.
And my linux boxen still don't need AV unless I'm serving up windoze downloads.
These days it even comes with a desktop.
Still needed, I think (Score:1)
I work in a pretty small shop with no IT staff, I inherited someone else's workstation with instructions to not reinstall or delete anything.
Of course there are all kinds of weird things happening to the computer and I have no idea what to do. Random browser redirects to Chinese websites like 2345.com, strange rootkit-like things loading at boot (driver files with names like 5sfquib.sys that show no hits in Google), MS Defender randomly panicking about threats and forcing me to reboot...
I have no idea what
Re: (Score:1)
I work in a pretty small shop with no IT staff, I inherited someone else's workstation with instructions to not reinstall or delete anything.
Of course there are all kinds of weird things happening to the computer and I have no idea what to do. Random browser redirects to Chinese websites like 2345.com, strange rootkit-like things loading at boot (driver files with names like 5sfquib.sys that show no hits in Google), MS Defender randomly panicking about threats and forcing me to reboot...
I have no idea what is going on and I could certainly never do anything about without some sort of anti-virus or anti-malware tools.
Just use a live [Free - Linux] distro. Problem solved.
Re: (Score:1)
nuke it from orbit. you are past the need for anti virus tools, that machine is beyond all hope.
To make expensive shits! (Score:1)
Could be entertaining (Score:2)
Install several antivirus products and MS OneDrive on a Windows box, watch them battle for who gets to access the file first.
Conflict of interest? (Score:5, Insightful)
Guys from Virus Bulletin and SE Labs that make lots of money from companies that make commercial third-party anti-virus products recommend you buy commercial third-party anti-virus products? Of course.
Ad Blocker, The Modern AV (Score:3)
The last time my folks' machine got a virus was shortly after I installed Eset's NOD32 for them. I then installed ad blockers everywhere, and the problem hasn't recurred in several years.
Re: (Score:2)
Re: (Score:1)
Watch other people take your advice to block ads and thereby drive the majority of websites on which you rely out of business.
Re: (Score:2)
If [cessation of service of ad-supported websites in response to widespread ad blocking] really bothers you, please help find ways to cultivate non-commercial, unbiased places on the Internet. If you disagree, please get off my lawn. And why are you even on /.? ;)
Slashdot is in theory ad-supported.
Re: (Score:2)
if the information available is that important then there is a business model that doesn't require ads to support it, because if someone really needs it then there is a market to be selling it.
Enjoy your paywalls.
The other side of it is that if a company requires their product to be advertised to stay afloat then they have a shitty product
How else should the public learn that a product exists in the first place?
Architecture and Design (Score:4, Interesting)
The answer is: because we continue to operate operating systems and software which are acutely vulnerable to malware - and because we refuse to learn from the lessons of past mistakes.
A big part of the problem is that we've now had malware present in our lives for such a long period of time that there are professional developers and system designers working today who have never known a technology community without malware. Given this context, it is not entirely surprising that we have come to collectively accept this situation as a "given".
The important thing that we need to remember is that it is entirely possible to design and produce a technology stack that is not vulnerable to malware. It's certainly not going to be easy, but it's also not impossible. So now the question becomes: how badly do we want it? The problem is, nobody is asking that question, there is not public discussion or debate.
So the most widespread software in use today (the Microsoft Windows platform, Android, iOS, etc) are not being design in a way where the designers have been given a (design) brief or have been set design objectives with respect to the ability of that software to withstand malware.
So we have logical partitioning and "containerisation" as third-party add-ons (which have to be paid for). We have come to accept this as "the norm". But just think for a moment about that situation in, say, motor vehicles. Imagine that cars and trucks were sold without brakes. Or without locks on the doors. Imagine that you had to buy your car and then somehow get it to a brake system specialist and pick and choose a reasonable set of brakes for your vehicle. Oh, and if you chose wrong and your car didn't stop and you rolled into someone - well, that's just your fault... Would that be acceptable to motorists today?
Somehow I don't think so.
So why should we be willing to accept and pay for incomplete, vulnerable and defective software - and then, having made a purchase (and if you want a copy of, say Windows 10 Pro for a new-build PC, then you are looking at hundreds of dollars), you need to go and spend a bunch more cash making that product secure.
It's really easy to discuss this and fall in to the trap of bashing Microsoft, Apple or Google for shipping vulnerable or incomplete software. But the truth is that we're responsible for this, not them. We're responsible, because enough of us are willing to just roll over and accept this situation. If we collectively pushed back hard enough, maybe used the law, maybe worked to overturn those horrible EULA "this software comes without any warranty, expressed or implied" schtick and had lawmakers push for tighter and more stringent controls, then maybe we'd get better software.
Sadly, I can't see the market fixing this. If it were possible, it would have happened by now.
Re: (Score:2)
The important thing that we need to remember is that it is entirely possible to design and produce a technology stack that is not vulnerable to malware
[Citation Required]
Re: (Score:2)
please try to learn about computers, before you decide to educate others.
Might I suggest replying to the correct post before attacking the education of others?
Re: (Score:2)
BOTH LINUX AND FREEBSD ARE EXACTLY WHAT YOU SAY THEY ARE NOT! THEY WERE DESIGNED WITH SECURITY AND STABILITY IN MIND FROM DAY ONE
Then why do Linux and FreeBSD let any random process read and write all files in your user account just because the program has the executable bit turned on?
Re: (Score:2)
Then why do Linux and FreeBSD let any random process read and write all files in your user account just because the program has the executable bit turned on?
It doesn't. That process must have read and/or write permission to access the files, and it only gets that if the user which owns the process has that permission.
If you are dumb enough to run everything as root, it has such permission. But the issue isn't Linux or FreeBSD (or Windows), it's you deciding to turn off security.
Can still mess up your home directory (Score:2)
That process must have read and/or write permission to access the files, and it only gets that if the user which owns the process has that permission.
If you run an executable under your user account, then you are "the user which owns the process", and therefore the process has "read and/or write permission" to all files in your home directory. Is there a standard way to contain such a process?
Re: (Score:2)
Is there a standard way to contain such a process?
Yes, chroot.
But keep in mind it's not the operating system's job to protect you from running rm -rf ~.
Re: (Score:2)
But keep in mind it's not the operating system's job to protect you from running rm -rf ~.
If not the operating system's job, then whose job is it to protect a non-technical user from himself?
Re: (Score:2)
So you're advocating an operating system where you can never delete any files, just in case the user is making a mistake?
Re: (Score:2)
No, I'm advocating some way to either A. help the user determine whether running a particular executable constitutes a mistake, B. mitigate mistakes by limiting what an executable can see or modify to less than an entire user account, or preferably C. both.
Re: (Score:2)
If a proper sysadmin has set up a system, a regular user cant break a Linux/Unix system.
If a particular Linux/Unix system has only one human user, such as a personal laptop or desktop workstation, how should the system be set up properly?
Re: (Score:2)
The answer is: because we continue to operate operating systems and software which are acutely vulnerable to malware - and because we refuse to learn from the lessons of past mistakes.
A big part of the problem is that we've now had malware present in our lives for such a long period of time ...
Whoever "we" are, they should be ashamed of themselves, and they should also start taking personal responsibility for the machines under their, erm, responsibility.
People for whom malware is a persistent part of their life should find a babysitter before sitting down at a keyboard.
Re: (Score:2)
It's not always the users. Software developers really still don't think about security until it is forced upon them. For example:
A user takes photos with their cell camera. They install an application that automatically uploads the picture to some photo-sharing web site that shares the pictures with their family. That's neat. The photo-sharing site has a username/password. So the user types their username & password into the application so that it has credentials to upload. How is that username
Re: (Score:2)
A fundamentally secure design might contact the server to request a unique key that merely has permissions to upload new photos to the account. It would store that key securely in the device's trusted keystore.
What trusted keystore API is available on all major Linux distributions? Or on Windows 7?
Re: (Score:2)
I blame the user for all that stuff.
The user has to choose a sucky or unknown developer for that stuff to happen.
If the user took responsibility for their electronic territory, they wouldn't be able to blame the developer; they wouldn't be using the sucky code, so they don't have any accusation against the developer!
Re:Architecture and Design (Score:5, Interesting)
The important thing that we need to remember is that it is entirely possible to design and produce a technology stack that is not vulnerable to malware.
Is it, is it really? The fact that it has never, ever been done on any system of significant size or complexity argues strongly that you're wrong. Formal verification seems like the only path with real potential, but so far it is impossibly hard to do at scale.
And then there's the issue that even if you had a system with zero vulnerabilities, that still doesn't make AV unnecessary. One of the hardest problems is how to handle software that does not exploit any vulnerabilities and uses only legitimate, reasonable APIs, but uses them in ways that may harm the user. The Android security team (of which I'm a member) doesn't use the term "malware", because it's too narrow. Instead we use "Potentially-Harmful Apps" (PHA) to include apps that don't qualify as malware in the traditional sense, but yet may do harmful things.
Now, some of the abusive apps are able to be abusive only because of badly-designed Android APIs. For example, I don't think there's any reason even to have an API that allows apps to retrieve a user's whole contacts database. If an app legitimately needs contact information (say, to make a phone call), they should request a contact from a system API which presents the user with a picker to select the contact whose phone number they wish to provide, and only that number should be provided to the requesting app.
But there are other cases in which the APIs are completely reasonable and needed, but still allow harmful things to be done when misused in certain ways. I'm not sure it is possible to prevent PHAs of that form by anything done in the operating system. There's lots of academic research on data tagging and tainting and other approaches, but it's really not clear that they can work without creating a painfully-unusable system.
So I don't think it's possible to produce an operating system that is not vulnerable to malware. I'd love to be proven wrong, though, so by all means figure it out and publish about it! If you figure it out you'll get all sorts of academic rewards, and if you play it right you can easily make yourself stinking rich as well. Please do!
BTW, regarding the claim in the summary that third-party AV tools on Android make sense, I disagree. Third-party tools simply can't have the visibility into the system needed to be really good without rooting, and rooting your device opens it to a raft of exploits. On a rooted device it's possible to disable SELinux, which instantly demolishes much of the compartmentalization of the system. No longer are 5-10 step exploit chains needed, one is enough in most cases.
What does make sense is to enable the built-in AV tool, Verify Apps.
Oh, while I'm posting about Android security, I'd like to take a moment to gloat that -- yet again -- Google's phone is undefeated in Moble Pwn2own, despite having (along with iPhone) the largest offered prizes.
Re: (Score:2)
Re: (Score:2)
Now, some of the abusive apps are able to be abusive only because of badly-designed Android APIs. For example, I don't think there's any reason even to have an API that allows apps to retrieve a user's whole contacts database. If an app legitimately needs contact information (say, to make a phone call), they should request a contact from a system API which presents the user with a picker to select the contact whose phone number they wish to provide, and only that number should be provided to the requesting app.
What if you want to use an app that lets you display/manipulate your contacts database in ways that aren't already supported by the default app included with the OS?
Tangentially, I'm disappointed that the Google Play Store doesn't let us filter our app searches by their permissions, e.g. "apps that don't demand access to our contacts" and/or "apps that don't demand access to our call history".
Re: (Score:2)
See here [nist.gov].
In fairness, the DoD Evaluation Criteria go back to 1983 - I am sure that there are more recent versions that could be referenced.
But rather than focus on the Orange Book specifically, consider instead as an example of a principle. That principle was a determined effort to design a set of operating criteria and behaviours that would result in a secure
Re: (Score:2)
It is my understanding that it is, indeed possible. For example, consider the DoD Orange Book security classifications for Operating Systems.
Indeed. Consider them carefully, and note the enormous constraints under which they had to be used to be considered secure. No network connections, and no unverified application software for starters.
If I can limit sufficiently exactly how a system can be used, I can make any system secure.
Re: (Score:2)
So what is that mythological design that is not vulnerable? It can't be a capability system as that is a type of "containerisation" and of course not bullet proof to the degree you are talking about. So what is it?
Re: (Score:2)
The answer is: because we continue to operate operating systems and software which are acutely vulnerable to malware - and because we refuse to learn from the lessons of past mistakes.
False. We continue to use operating systems that allow the user control even if it is not in their best interest and criminals exploit this behaviour. You can't make an OS that is not vulnerable to malware without also actively working against the requests of the user. This includes simple barriers including for example: "Sudo", a protection that is easily bypassed by an error message: "Warning to Install this software that you so desperately want you need to type sudo. You will be prompted for a password"
Re: (Score:2)
"Imagine that you had to buy your car and then somehow get it to a brake system specialist and pick and choose a reasonable set of brakes for your vehicle. Oh, and if you chose wrong and your car didn't stop and you rolled into someone - well, that's just your fault... Would that be acceptable to motorists today?"
not a good car anology. it would be more something like - we think there are too many pedals, so we only give you one, now everybody can drive! all the while there are other cars that still do have
Defender is poised to take over on Windows (Score:3, Interesting)
The latest version of Windows Defender has an option to run it in sandbox mode, so even if it gets infected it can't spread.
Other AV are becoming the targets of attacks and they do not have the deep links into the OS like Defender has, so their days are numbered.
CYA is the biggest reason (Score:2)
I cannot imagine the need for an antivirus on Linux. Either the code breaks into supervisor mode or it does not. Adding more and more hooks into it can only possibly increase your surface area. And antivirus companies aren't exactly the most trustworthy of vendors (their motivation is for you to get infected... a little bit).
I hate fear-based architectures.
Re:CYA is the biggest reason (Score:4, Insightful)
I cannot imagine the need for an antivirus on Linux. Either the code breaks into supervisor mode or it does not.
Or it does not but can access all the logged in user's data and attached devices and whatnot. Neither Windows, Mac nor Linux is built around a hostile software model, if it's installed it's trusted. So if there's any breach in any software, they can do install a cryptolocker and encrypt all your files or whatever. Sure in theory you could set up a custom chroot jail/SELinux/AppArmor/cgroups setup per application but it's very far from easy. I'd like to be able to install a relatively untrusted closed source game and have it play in a sandbox. Like you can wipe my save games, rickroll me or whatever but you can't access my webcam or delete my family photos. That's the kind of security users want and I think that's where we're going when Apple or Google wants to topple Microsoft on the desktop.
Re: (Score:2)
I cannot imagine the need for an antivirus on Linux.
Linux's fundamental protection is that its users are for a large portion people who know what they are doing. An incredible amount (dare I say the vast majority) of malware is spread exclusively through the ignorance of users.
Get ignorant users on your system and you'll find the malware spreading just as fast as it does on windows. "sudo ./britneyspearsnudes.jpg"
If you have to ask... (Score:2)
...you wont understand.
Anti-virus is useless.. (Score:2, Interesting)
Traditional Anti-Virus relies on virus definitions which are static and rely on virus hunters to find these malicious programs, create definitions from, and then disseminate them to AV endpoints. Behavior Malware Detection software instead uses the heuristic approach and determines what the file is trying to do on your system to determine whether to block, notify, and/or quarantine the files. Because of this, Behavior-based Anti-Malware can
Because (Score:2)
Best antivirus software by far (Score:2)
Ublock origin
False positives (Score:2)
I find it annoying how many AV products identify key-generators, cracks and other actually useful non-malicious stuff as malicious and bad.
I also find it a complete waste of cpu time to run real-time protections. I'm particularly offended there is no way to remove Windows Defender from Windows 10. I should be allowed to make that choice, and I cannot.
As to the others, most AV products are snake-oil at best, their own type of malware at worst. Millions of dollars sucked out of clueless consumers for nothi
Re: (Score:2)
I should be allowed to make that choice, and I cannot.
If you actually thought you should be allowed to make that choice, you'd have chosen software that respects you freedom and lets you make whatever choices you want.
There are a wide variety of choices that respect your freedom.
Re: (Score:2)
I should be allowed to make that choice, and I cannot.
If you actually thought you should be allowed to make that choice, you'd have chosen software that respects you freedom and lets you make whatever choices you want.
There are a wide variety of choices that respect your freedom.
This is an empty argument. Historically, Windows has allowed users to do whatever they pretty much want, including disabling built-in "protection" measures, such as the built-in firewall, built-in virus protection, built-in warnings to make backups periodically. All that stuff, it was all tuneable in Windows 7 and every Windows prior to 7.
It's only with 8 and 10 are we seeing choices taken away. Which I get, I get that most people who use Windows computers have no flippin' clue what they're doing, and Wi
Re: (Score:2)
That's because most ARE bad.
If you get the ones released direct from a topsite, fine, great, they're clean. But if you're like everyone else who uses Bittorrent and such, well, those things are usually wrapped.
And by wrapped, I mean they are wrapped with a dropper program that will download malware and run the crack/keygen at the same time. So they do infect your machine
Re: (Score:2)
Maybe your keygens are clean, but most users are getting the infected variety.
The problem lies in, malware detection always identify keygens, cracks and similiar software as malicious, regardless if it's been 'wrapped' in malware or hasn't.
I find it pretty worthless that piece of security software can't (or chooses not to) tell the difference between a proper non-malicious crack/keygen, and the ones wrapped in evilness.
In semi-related news ... (Score:2)
Why are condoms still a thing?
And [ in Jerry Seinfeld voice ] "What is the deal with not wanting to get infected?"
TL;DR: Summary: Questions need for AV then lists many reasons why you should (probably) still use it.
TL;DR: Article: Dumb.
Re: (Score:2)
Stop trying to slut-shame Windows. Let it choose whatever lifestyle it wants; let it run around wearing just its Defender, what harm is it doing you? Whatever harm you can accuse, it was consensual; you're just as guilty. Why do you place the blame on Windows?! I blame you; everybody already knows what sort of a date Windows is. You knew!
Re: (Score:2)
That's a great idea! You would truly have very good AV protection if you covered the ends of your network cables with condoms.
Re: (Score:2)
Oh fiddlesticks! What about air-borne viruses?
I keep a VM for sites I don't trust (Score:2)
I should add (Score:2)
I'll do one better ... (Score:1)
Why is msmash still a thing?
(Besides posting stupid article like this)
hah (Score:2)
you shouldn't run windows. Period.
Antivirus (Score:2)
Because dickheads write security policies.
"Let's have a piece of software, written by a third party, which runs as an elevated user and is capable of intercepting every file access, replacing content, scanning and modifying all memory for every user, even root/SYSTEM-owned processes, which inserts itself into every file, I/O and process hook, which starts as one of the first things on boot, and tells us whether or not other processes should be blindly trusted, by checking against a list of hashes of 'known-
It can't hurt? yes it can! (Score:2)
it can't hurt to run an AV on it
Sure it can...
All AV software consumes resources and reduces performance to varying degrees, this could potentially be crippling in some circumstances.
AV software has to run with high privileges in order to intercept network traffic and file accesses etc... Because of this, exploitation of any bugs in the av software are likely to result in root access. AV software is also extremely complex, and designed to parse hostile data - there have been many vulnerabilities and more will be found for sure.
There are a
The AV I've used for 10+ years not even listed (Score:2)
"it can't hurt to run an AV on it" (Score:2)
Sure it can. AV churns your disk and slows down your system.
Regulations and checkboxes... (Score:3)
In the enterprise, AV is there because FERPA, HIPAA, and other regulations mandate it. Does it actually stop viruses? At best, maybe an older Trojan horse. However, the best front-line thing is a good ad-blocker, second best is separating your stuff into VMs. QubesOS is definitely the best way of doing things, to ensure stuff cannot touch each other.
Re: (Score:1)
AV got a bad rap in the 90s because it was resource intensive, however the scanning operations haven't increased drastically in terms of cpu time in the past 20 years.
Could it be an issue on the slowest systems and those who are unwilling to upgrade after using a system for more than 5 years? Probably. If you're using a middle of the way i5 with sufficient memory and reso
Re: (Score:2)
My postcard featured a photo of Drottningholm in Stockholm and bore the message: "Greetings from Stockholm! Behave yourself! Regards, Zontar." If you claim it said anything else at all, then you and I both know you're lying.
Any feeling of being threatened came from inside your own head, at about the time you realised that (a) unlike you, I don't make shit up, and when I say I know where you live, I mean exactly that; (b) a less ethical person than I could have sent you something much less pleasant, or even