
Disable Your Antivirus Software (Except Microsoft's) - kumaranvpl
http://robert.ocallahan.org/2017/01/disable-your-antivirus-software-except.html?m=1
======
taspeotis
[https://news.ycombinator.com/item?id=13489100](https://news.ycombinator.com/item?id=13489100)

    
    
        Avoid Non-Microsoft Antivirus Software (ocallahan.org)
        859 points by bzbarsky 118 days ago

------
ubikretail
I paid for Kaspersky during three or four years. What I noticed was that,
prior to the license expiration, this last edition pushed pop ups on my screen
constantly. Along, it seemed like it was slowing the computer on purpose.

I read an article saying what you comment, and I decided to try without. Feels
a bit odd and I'm slightly paranoid, but this argument pushed me to follow
you: it's not a good idea to give critical access to a 3rd party software that
might be adding more bugs to you "backdoor policy".

------
zamalek
Composition/division. This is true for many 3rd party AVs, but not all of
them.

> More likely, they hurt security significantly; for example, see bugs in AV
> products listed in Google's Project Zero.

This is _not_ an indicator of insecure software. Not dealing with these
disclosures are. Just a few weeks ago a major vulnerability was found in
Defender.

Let's use my favorite AV as an example, NOD32:

\- It performs HTTPS MITM which should obviously be disabled immediately.
_Score 1 Microsoft._

\- Javascript runtime running as SYSTEM, which can't be disabled. _Score 1
NOD32._

\- There are two issues in Project Zero, making it exactly as secure as
Defender according to that ignorant "vulnerabilities in Project Zero" metric.

\- 4 days and 1 day for NOD32. 8 days and 3 days for Microsoft. _Score 1
NOD32._

> At best, there is negligible evidence that major non-MS AV products give a
> net improvement in security.

\- The NOD32 intrusion detection supposedly thwarted EternalBlue (Wanacry).[1]
Defender did nothing. _Score 1 NOD32._

[1]: [http://support.eset.com/alert6442/](http://support.eset.com/alert6442/)

~~~
gear54rus
Not to mention that no one should trust something that is made by MS that has
that much control over your system after the windows 10 shitstorm with self-
enabling telemetry settings and forced updates/upgrades.

~~~
m_eiman
You know, if you're using Windows you're already trusting Microsoft
completely.

------
UnoriginalGuy
Kind of an ironic blog post now, this blog post was posted in January 2017.

In May 2017 we learned about this, from Project Zero no less:

[https://bugs.chromium.org/p/project-
zero/issues/detail?id=12...](https://bugs.chromium.org/p/project-
zero/issues/detail?id=1252&can=1&q=windows%20defender&desc=5)

> (Microsoft, on the other hand, is generally competent.)

I'd argue that the Project Zero issue, while fixed, shows that the design of
Windows Defender is anything but competent. They have a full power JavaScript
runtime engine running as SYSTEM. No sandboxing, no lowprivs, and the whole
point is to run untrusted code.

~~~
Aaargh20318
> They have a full power JavaScript runtime engine running as SYSTEM. No
> sandboxing, no lowprivs, and the whole point is to run untrusted code.

I would have understood that if it was a small company and a lone developer
made a mistake. However, this is Microsoft, a huge company. Lone developers
don't get to decide things like this at companies the size of Microsoft. Most
likely, meetings were held, architects were involved, code was reviewed. How
did such a horrible decision make it through that process ?

~~~
tomohawk
None of us is as dumb as all of us.

------
deckiedan
Anyone know what the state of AV on android is? $employer requires ESET on all
windows machines, and I'm trying out the android app now. It doesn't seem to
make my phone any slower...

~~~
veeti
Utterly worthless, because apps on Android are sandboxed. Third-party AV can't
do anything useful, and Play Services already provides built-in app scanning.

~~~
icebraining
Devil's advocate: there are APK extractors (which work without root), so it's
definitively possible for an AV to scan those files and report if there's
something weird.

------
btat1
Thanks for "what every developer knows but can't tell"!

------
partycoder
Antiviruses really cripple down your computer performance. I avoided using
antivirus just by using a firewall and avoiding opening any shared files.

If I need to open a document, I will upload it to some online office suite and
read it there.

If I receive some potentially malicious email I will read the message source
and verify it's legit.

I also don't use Windows anymore, but when I did, this strategy worked well
for me.

------
tekklloneer
Signature based anti-virus is a must have on any widely deployed platform that
doesn't have default code-sign requirements. So, basically, Windows and FOSS
Desktop.

But, it's become so drastically commoditized that there's no reason for the
average user to have anything but the built-in MSE (on windows, at least).

It doesn't stop new attacks, but it does help raise the bar against malware.

~~~
astrobe_
I believe "Widely deployed platform" is the issue here.

A yummy target for virus and ransomware authors is a widely used piece of
software: OS, browser, crypto library, Word processor, spreadsheet, PDF
reader,...

Part of the problem is that in each of these categories, a single vendor often
holds over 50% market share. As soon as a bug in one of those allow a RCE,
that means millions of users at risk.

It's also true even if you don't run the software directly but use a service:
memes that infect social media (see: Facebook and fake news) are basically
viruses too.

Species avoid extinction from viruses thanks to diversity. Software users that
want to stay safe should consider using the less popular alternatives.

~~~
jwfxpr
> Part of the problem is that in each of these categories, a single vendor
> often holds over 50% market share. As soon as a bug in one of those allow a
> RCE, that means millions of users at risk. ... > Species avoid extinction
> from viruses thanks to diversity. Software users that want to stay safe
> should consider using the less popular alternatives.

This point is badly under-discussed whenever this AV debate comes up.

Yeah, the variety of vendors, products, and methods in the third-party AV
arena make production less predictable for software developers. _That 's the
point._ It makes it exactly as unpredictable for attackers.

Should AV vendors work harder to make their software easier to develop around?
Arguably, yes. Security through obscurity is no security at all. But that
should be the target of the argument, not the homogenization of security
systems. I don't care how big or small the Defender attack surface is if every
single desktop computer in the world has the exact same attack surface.

------
wordpressdev
So what is the bottom line here? Shall we use an Antivirus software, or not?

