
Antivirus software could make your company more vulnerable - r721
http://www.csoonline.com/article/3020459/security/antivirus-software-could-make-your-company-more-vulnerable.html
======
hiram112
I avoided AV software for most of my life. Though, when I worked as a student
admin, I would always install AV for the majority of my users. Most users
(especially older) simply could never learn not to download that cool new
'freeware' app or game or not double click a downloaded exe (the fact that
hidden extensions are still the default on Windows OS is absurd).

As a more savvy user, I did not desire the typical AV bloatware (Norton,
McAfee, etc) stealing up half my cycles and spinning the hard drive without
pause. I knew enough not to try and 'open' resume.doc.exe.

However, AV's have trimmed down, SSDs are becoming more common place, and it
seems the biggest attack vector is browser based. For the last few years, I've
run a few different AVs (Kaspersky, ESET, Bitdefender are decent).

I run adblockers, don't install Flash games or Applets, but it is nearly
impossible to stop all browser based attacks. I'm not sure the AVs have helped
much, but they give some sort of psychological benefit, at least.

There really is no good solution anymore unless you're willing to give up 90%
of the web (via NoScript or using a primitive console based browser). I
believe the future for tech-aware users will be browsers in some sort of
container / VM that reset themselves upon each session, with absolutely no
control to the file system or data from other sites.

~~~
NetStrikeForce
>> I'm not sure the AVs have helped much, but they give some sort of
psychological benefit, at least.

I find this a very dangerous way of thinking. You use the placebo (well, not
even a placebo, just useless) and then you stop worrying _that much_ about
opening downloaded files, checking their hash if you trust the source,
visiting dodgy websites...

An analogy taken to the extreme, would be to smoke and binge drinking without
worries because you're taking homeopathic "solutions" (sic).

~~~
bonoboTP
Not necessarily! It depends! It could be that the constant popups about
updating the AV, about allowing access to trusted programs etc. constantly
reminds him of the aspect of security and has this aspect in the back of his
mind while browsing, so it may actually enhance security awareness. As in "I'm
the sort of person who cares a lot about viruses, so much that I have an AV
and adblocker etc., so I'm also the kind of person who doesn't just install
any crap."

Installing an AV doesn't automatically reduce your defenses. Only if you over-
trust it.

~~~
NetStrikeForce
>> Installing an AV doesn't automatically reduce your defenses. Only if you
over-trust it.

Recent news might point otherwise and there's a debate about it. Does an
antivirus really protect you from a real threat? On the other hand, as you're
running extra software you're increasing your attack surface, which makes you
more vulnerable.

I've seen very clever people pointing to the latter and marketing efforts to
make me believe the former. Still, haven't made up my own opinion. In any
case, I stick to just Windows Defender and EMET
([https://support.microsoft.com/en-
us/kb/2458544](https://support.microsoft.com/en-us/kb/2458544)) to mitigate.

------
tptacek
Not "could". Does.

~~~
AnimalMuppet
Do you think that AV, on net, makes you less secure? If so, can you provide
any data?

~~~
drummer32
This[1] is on the very top of the fronpage right now. TrendMicro has a daemon
listening on localhost that can execute arbitary commands.

[1][https://news.ycombinator.com/item?id=10882563](https://news.ycombinator.com/item?id=10882563)

~~~
AnimalMuppet
Right. (But that's one AV vendor. Others have the same possibility, of
course.) But is it still better (more secure) to run without any AV at all?
Something like this leaves you vulnerable to that flaw, but no AV leaves you
vulnerable to _everything_ (unless a firewall saves you).

~~~
tptacek
It is better to run with no AV at all.

------
nikbackm
Well, if Microsoft applies their secure programming guidelines also to Windows
Defender that might be the best (and default) choice if you're worrying about
attacks like these.

------
mikecb
Application whitelisting much more productive.

------
caf

      ...and it also recently introduced HVMI (Hypervisor-based Memory Introspection)
      technology that completely isolates the antimalware solution by deploying it in
      a Type 1 hypervisor outside of the operating system.
    
      "This kind of isolation separates the antimalware engines from rootkits or
      exploits running in the user environment," the company said.
    

This completely misses the point. Yes, it protects the AV from exploits in
other user software, but it makes exploits in the AV software itself _even
worse_.

------
bitwize
Whitelisting is one of the only proven security technologies in a world where
you can download and run arbitrary executables. Bit9 should be a requirement
on office PCs.

------
scottyates11
Personally, I won't trust those AV software which are free but claims
themselves have FULL function. There is no free lunch in the world. Sometimes,
we make jokes on Qihoo 360, we say itself is already a virus. A lot of pop-
ups, consuming computing resources. It is very annoying!

------
basicplus2
Any views on Sofos? I use it to whitelist stuff as requested.. application by
application.. seems pretty solid to me.

------
johhnnnhyrocko
If you guys are looking for a list of some decent AV heres one from this year
[http://no-adware.com/blog/best-malware-removal-tools-of-2016...](http://no-
adware.com/blog/best-malware-removal-tools-of-2016/) I am a huge MB fan
myself.

~~~
mox1
Mackeeper is listed as #2 on the list you linked to...[1] They aren't exactly
a high quality AV product.

1\. [http://appleinsider.com/articles/15/08/10/mackeeper-to-
pay-o...](http://appleinsider.com/articles/15/08/10/mackeeper-to-pay-
out-2m-in-proposed-class-action-settlement)

