Slashdot Mirror
Why is Antivirus Software Still a Thing? (vice.com)
Antivirus has been around for more than 20 years. But do you still need it to protect yourself today? From a report: In general, you probably do. But there are caveats. If you are worried about your iPhone, there's actually no real antivirus software for it, and iOS is engineered to make it extremely difficult for hackers to attack users, especially at scale. In the case of Apple's computers, which run MacOS, there are fewer antiviruses, but given that the threat of malware on Mac is increasing ever so slightly, it can't hurt to run an AV on it. If you have an Android phone, on the other hand, an antivirus does not hurt -- especially because there have been several cases of malicious apps available on the Google Play Store. So, on Android, an antivirus will help you, according to Martijn Grooten, the editor of trade magazine Virus Bulletin.
When it comes to computers running Windows, Grooten still thinks you should use an AV. "What antivirus is especially good at is making decisions for you," Grooten told Motherboard, arguing that if you open attachments, click on links, and perhaps you're not too technically savvy, it's good to have an antivirus that can prevent the mistakes you may make in those situations. For Grooten and Simon Edwards, the founder of SE Labs, a company that tests and ranks antivirus software, despite the fact that Windows' own antivirus -- called Defender -- is a good alternative, it's still worth getting a third-party one. "Even if [Defender] wasn't the best and it isn't the best, it's is still a lot better than having nothing," Edwards told Motherboard. Yet, "we do see a benefit in having paid for AV product."
When it comes to computers running Windows, Grooten still thinks you should use an AV. "What antivirus is especially good at is making decisions for you," Grooten told Motherboard, arguing that if you open attachments, click on links, and perhaps you're not too technically savvy, it's good to have an antivirus that can prevent the mistakes you may make in those situations. For Grooten and Simon Edwards, the founder of SE Labs, a company that tests and ranks antivirus software, despite the fact that Windows' own antivirus -- called Defender -- is a good alternative, it's still worth getting a third-party one. "Even if [Defender] wasn't the best and it isn't the best, it's is still a lot better than having nothing," Edwards told Motherboard. Yet, "we do see a benefit in having paid for AV product."
That's an asinine view. Defender is the only av solution needed, and all other products create more problems than the occasional viruses. Third party av apps are security theater.
Most of the paid antivirus packages come with more than the original file inspection. HTTP inspectors, system cleaners, identity theft insurance, etc. There are all sorts of value-added things in there which Defender doesn't do.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Comment removed based on user account deletion
Guys from Virus Bulletin and SE Labs that make lots of money from companies that make commercial third-party anti-virus products recommend you buy commercial third-party anti-virus products? Of course.
I just cleaned up a relative's machine. The attack was web browser plug-in related. He had up-to-date Norton Antivirus.
The last time my folks' machine got a virus was shortly after I installed Eset's NOD32 for them. I then installed ad blockers everywhere, and the problem hasn't recurred in several years.
This is a fabulously important question for us to look at.
The answer is: because we continue to operate operating systems and software which are acutely vulnerable to malware - and because we refuse to learn from the lessons of past mistakes.
A big part of the problem is that we've now had malware present in our lives for such a long period of time that there are professional developers and system designers working today who have never known a technology community without malware. Given this context, it is not entirely surprising that we have come to collectively accept this situation as a "given".
The important thing that we need to remember is that it is entirely possible to design and produce a technology stack that is not vulnerable to malware. It's certainly not going to be easy, but it's also not impossible. So now the question becomes: how badly do we want it? The problem is, nobody is asking that question, there is not public discussion or debate.
So the most widespread software in use today (the Microsoft Windows platform, Android, iOS, etc) are not being design in a way where the designers have been given a (design) brief or have been set design objectives with respect to the ability of that software to withstand malware.
So we have logical partitioning and "containerisation" as third-party add-ons (which have to be paid for). We have come to accept this as "the norm". But just think for a moment about that situation in, say, motor vehicles. Imagine that cars and trucks were sold without brakes. Or without locks on the doors. Imagine that you had to buy your car and then somehow get it to a brake system specialist and pick and choose a reasonable set of brakes for your vehicle. Oh, and if you chose wrong and your car didn't stop and you rolled into someone - well, that's just your fault... Would that be acceptable to motorists today?
Somehow I don't think so.
So why should we be willing to accept and pay for incomplete, vulnerable and defective software - and then, having made a purchase (and if you want a copy of, say Windows 10 Pro for a new-build PC, then you are looking at hundreds of dollars), you need to go and spend a bunch more cash making that product secure.
It's really easy to discuss this and fall in to the trap of bashing Microsoft, Apple or Google for shipping vulnerable or incomplete software. But the truth is that we're responsible for this, not them. We're responsible, because enough of us are willing to just roll over and accept this situation. If we collectively pushed back hard enough, maybe used the law, maybe worked to overturn those horrible EULA "this software comes without any warranty, expressed or implied" schtick and had lawmakers push for tighter and more stringent controls, then maybe we'd get better software.
Sadly, I can't see the market fixing this. If it were possible, it would have happened by now.
The latest version of Windows Defender has an option to run it in sandbox mode, so even if it gets infected it can't spread.
Other AV are becoming the targets of attacks and they do not have the deep links into the OS like Defender has, so their days are numbered.
no
..instead you need Behavior-Based Anti-Malware software.
Traditional Anti-Virus relies on virus definitions which are static and rely on virus hunters to find these malicious programs, create definitions from, and then disseminate them to AV endpoints. Behavior Malware Detection software instead uses the heuristic approach and determines what the file is trying to do on your system to determine whether to block, notify, and/or quarantine the files. Because of this, Behavior-based Anti-Malware can protect systems WITHOUT network access or centralized control like traditional AV.
While there are many more methods of protecting your operating system with regular system patching, as compute systems become more and more complex, exploits can be much more dangerous than before. And for systems running healthcare systems that cannot be easily updated due to their sensitive nature, Behavior based detection works very well here.
Antivirus companies are the leading cause of viruses and spam. I worked at a company which used Symantec Spam Protector for about 5 years. ~$3,000/yr for the server application with updates. It registered a grand total of 2-3 spams (across all email addresses in the company) per day - it "worked" in that it prevented them from going through, but was still set to log them. Decide it's not worth 3k/yr to prevent an approximate 2% (for the size of the company) chance of a person getting a single spam email per day. The week after the subscription was canceled suddenly every email address in the company was inundated with spam - about 1 every 2-5 minutes for every address. The culprit was obvious so people decided to try to wait them out, a year later they gave up and renewed the subscription, the new spam protection server shows the steady flow of spam (and only blocks ~90% of it.)
Antivirus and anti-spam are the most obvious rackets in modern computing.
Ublock origin
I cannot imagine the need for an antivirus on Linux. Either the code breaks into supervisor mode or it does not.
Or it does not but can access all the logged in user's data and attached devices and whatnot. Neither Windows, Mac nor Linux is built around a hostile software model, if it's installed it's trusted. So if there's any breach in any software, they can do install a cryptolocker and encrypt all your files or whatever. Sure in theory you could set up a custom chroot jail/SELinux/AppArmor/cgroups setup per application but it's very far from easy. I'd like to be able to install a relatively untrusted closed source game and have it play in a sandbox. Like you can wipe my save games, rickroll me or whatever but you can't access my webcam or delete my family photos. That's the kind of security users want and I think that's where we're going when Apple or Google wants to topple Microsoft on the desktop.
Live today, because you never know what tomorrow brings
In the enterprise, AV is there because FERPA, HIPAA, and other regulations mandate it. Does it actually stop viruses? At best, maybe an older Trojan horse. However, the best front-line thing is a good ad-blocker, second best is separating your stuff into VMs. QubesOS is definitely the best way of doing things, to ensure stuff cannot touch each other.
Don't download from porn sites
pffft. you'll have better luck telling folks to not have actual sex with dirty people. Viri are going to spread via sexual desires - always.
Politics; n. : A religion whereby man is god.
I can legally mess with anything on my system.
It is mine.
Now selling/stealing your most glorious code is not.
http://progressquest.com/spoltog.php?name=Son+Of+Son+Of+DarkRookie
I've been running with just Windows Defender for years. As part of my work, I visit several hundred unique new internet sites every week. I haven't gotten a virus since the 90s. On the other hand, I have seen many serious system performance problems solved by removing antivirus software. I'd say that removing AV software is the second biggest performance increase you can have on a modern PC after switching to an SSD. Upgrading to a lower latency internet connection might beat it, but often isn't available (though I have found that using a VPN multiplied my internet throughput in many applications).
you shouldn't run windows. Period.