I remember when MingW or Cygwin users were complaining that AVs were detecting "Hello world" binaries as malware too.
IMHO AVs started becoming anti-user when they began detecting "hacking tools" and keygens/cracks/patches (there are certainly some which do have malware, but detecting software that does exactly what it claims to do is going beyond that.) That's acting in the interests of corporations, not users. It's rather authoritarian and I don't want that at all.
> they began detecting "hacking tools" and keygens/cracks/patches
I think the context here is that a lot of this software contains malware (even the ones that also do what they say on the tin), and its a lot harder to separate since the deliberate intent is "modify the workings of other programs". It becomes nearly impossible to algorithmically decide if it is modifying other programs"in the way the user wanted rather than any undesired way.
No, Malwarebytes etc brought non-virus malware into the public consciousness. Sadly many of the programs in the category inflated their findings by counting individual ad cookies etc as "malware".
Irrelevant. The purpose of an antivirus is not to make a user conform to an average user, its to detect unwanted software. If the user obtains a keygen for some software, what business does an antivirus have with it?
You may be misunderstanding. The "hacking tools" phrase likely refers to what others might call "penetration testing tools" and/or tools used for reverse engineering.
Last time I tried to use them, they immediately deleted without asking if I allowed it, 80% of my tools and binaries.
It is clear that anti-viruses on Windows are usually more dangerous than the viruses themselves. (in the end, the virus I wanted to track down, was in my router, not on Windows :/)
I've been using Microsoft's free anti-virus products on my Windows machines since Microsoft first started offering them. Third party anti-virus shares many of the features of malware: difficult to remove; runs at root level; user tracking; self-updating; and in subscription versions comes with the proposition of pay up or we will make your computer vulnerable.
On the other hand, Microsoft's interests are less misaligned with mine. They want to keep Windows secure as do I. Around the edges of tracking and telemetry, we may disagree. Anyway, my life became much simpler when I adopted Microsoft's solution for my Windows boxes.
In my experience it is not enough to disable third party Antivirus - it has to be completely uninstalled. At least one major AV (can't remember which) still leaves its TCP/IP hooks in the kernel even when disabled making network traffic several times slower. Customers are aghast at the suggestion that AV is the problem - surely you are the one with the bad code. They think AV couldn't possibly slow all disk and net accesses by an order of magnitude.
AVG is a threat. When you can't uninstall a piece of software completely with normal means and have to start ripping it out by the roots with special tools, there's something wrong.
Reminds me of those old times when Norton Anti Virus automatically quarantined the binaries of empty Borland Delphi GUI projects. Eventually I just got rid of my antivirus altogether because it kept having false positives.
At our university we had a virus scanner who would without information and warning, simply delete freshly compiled assembler executable.
It was fun, finding that out. The desk should still have marks where i gnawed on it.
Related: amount of questions on StackOverflow answered with 'disable your antivirus'. Especially Avast it seems from just scanning through http://stackoverflow.com/search?q=disable+avast (which anecdotally I've indeed seen cause all kinds of havoc including blue screens).
About a decade ago, I made a tiny little executable in Delphi so I could browse the hard drive contents on school computers, which otherwise hide it from Windows Explorer using group policy. Mischievous and definitely against school rules, but harmless.
The school antivirus had a false-positive and decided it was some particular virus. God knows how.
Ok, jokes aside, how many Windows users that buy things like AVG or have an IT pro running it for them with AVG are legitimately running compilers on any computer, Windows or macOS? We are a very small fraction of end users. I was in a training this week and shocked to discover even strings, STRINGS, you need to download XCode tools now for macOS 12. I did not even bother with something more exotic. I am afraid to see what our IDS/IPS thinks of Homebrew, because ...
I know, I know, I am going to get downvoted to hell ...
But seriously, I am aware of one major IDS/IPS flags WSUS Offline Update and blocked me from downloading the zip. So that means they throw signature up there without even inspecting it I bet... to block a tool that streamlines updates on Winboxen? Thanks for protecting me!
This tool is open source and merely organizes different patches with common GNU and FLOSS utilties through AutoIt or some other wrappers. Many of us, who work in systems management for airgapped or systems way behind where Windows 7 updates now fail because of their recent infra changes and might even finish scanning for days[0], need this to keep updated. I get it is not a blessed tool, but I am so unqiue in this regard? I think these vendors impose their own idea of systems management, which is really variable as everyone does it their own way. Addressing that requires complexity, which is why we are here in the first place.
I handle a lot of end-user computers, so let me be clear, such behavior is atrocious. But how many of you have known/used Software Restriction Policies or AppLocker on Windows? This burning the whole forest for the trees thing is not only common, it is critical to the gimmicky heuristics nature of old school anti-virus.
Then again, Windows ships PowerShell, in a vain attempt to not be VBScript again, with Bypass features to a neat concept of signed script code, and we have things like state of the art system manipulation with blessed Microsoft tools and .NET code generation on the fly with PowerSploit, which no AV/IDS/IPS will catch without being properly tuned, since that is close enough to admin behavior (really any PowerShell) to be much harder to stop.
I'm sorry, but the quality of comments on that question is really low, apart from one. A malicious compiler can easily insert malicious code into you executable, and if you are not able to trust your compiler or read the code it generates, then you would be better off relying on the antivirus.
Then again, with the prevailing mentality of most Windows users of installing packages from untrusted sources and running unknown binaries without understanding the risks, it is not surprising.
How many malicious compilers have you actually seen in the wild (in 2012, when that post was written)? And indeed if there were any, why would an AV not just detect the compiler itself?
First question I would ask: what compiler are you using, and have you audited the binary it spits out. Sometimes it pays to know a little assembly and be able to use a debugger.
This also could just be a test sample that's in the system. There are a few test codes for antiviruses and these companies may be using these as test binaries.
IMHO AVs started becoming anti-user when they began detecting "hacking tools" and keygens/cracks/patches (there are certainly some which do have malware, but detecting software that does exactly what it claims to do is going beyond that.) That's acting in the interests of corporations, not users. It's rather authoritarian and I don't want that at all.