| I'm also one of those people. When it runs code to detect if it is a virus, you have to trust the sandboxing and frankly I've yet to see a sandbox that at some point hasn't been taken control of and exploited (this goes for web browsers too). So it's better to just not execute code than to trust the AV's VM to execute the code without being compromised. I use programs on a whitelist basis and only update for security patches. This avoids issues like what happened with Transmission. AV also detect have pitiful detection rates - something like <50% of exploits daily. It's "something" but once you're compromised you're compromised and using an AV just gives a false sense of security. E: I imagine the downvotes are from my claims of pitiful detection rates or claims that AV is basically security fanfare. Don't take my word for it then. [0] https://www.theguardian.com/technology/2014/may/06/antivirus... [1] http://www.blackhat.com/presentations/bh-europe-08/Feng-Xue/... [2] http://www.blackhat.com/presentations/bh-usa-05/bh-us-05-whe... [3] https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1916708 |