[quotheth]

This is really just not accurate. You can say that AVs are crap, but please don't put all of your eggs in the 'proactive security' basket. At one point that was actually the prevailing attitude, and it just failed absolutely miserably.

Instead, today, we see more companies invest in what's called "incident response". Part of a healthy incidence response program is signature detection - AV plays a role in this.

If you don't have good detection capabilities you're missing a huge portion of what makes an organization secure.

Relying on proactive users is also a recipe for disaster and not a realistic goal at all, nor should it be.

[irundebian]

Of course you should be able to respond on security incidents. If you have a security incidents it's often too late and security boundaries are already borken. In the long term we want to have secure systems which are secure by design and by default. We have to invest heavily in incident response because we have have all of these shitty and broken systems. We should already have started heavily on building secure systems and secure languages and should call on everybody to invest time to build these instead of building reactive technologies like AV.