[drummer32]

This[1] is on the very top of the fronpage right now. TrendMicro has a daemon listening on localhost that can execute arbitary commands.

[1]https://news.ycombinator.com/item?id=10882563

[AnimalMuppet]

Right. (But that's one AV vendor. Others have the same possibility, of course.) But is it still better (more secure) to run without any AV at all? Something like this leaves you vulnerable to that flaw, but no AV leaves you vulnerable to everything (unless a firewall saves you).

[tptacek]

It is better to run with no AV at all.