People apparently disagree, but I'm with you. The idea that antivirus software is actually a worthwhile mitigation tool is a relic from the 90s. Malware defeats antivirus all the time, and sometimes even exploits it directly. Meanwhile, aggressive antivirus software is eating a percentage of every single task you do on your computer, actively impeding your work every second of your day.
The tradeoff is not worth it, in my professional opinion.
While I wholeheartedly agree with you, I think that putting the horrible piece of shit antivirus software on enterprise boxes is a cover-your-ass tactic. It's required from IT depts to be able to say they followed industry standard practices and did their due diligence to prevent threats, regardless of whether those have any useful, practical effects at all.
My wife has a brand new corp issued Carbon X1 and I can hear it routinely spin fans 100% because of Norton FuckYourCPUandIO (tm) software doing nothing of use besides inducing anger.
Of course it's not worth it, but in many orgs it's required for compliance. It may change in the future as most people realize it's not that useful, just like NIST changed the rule about password updates.
On the other hand, it might seem useless because malware creators know it's there. Basically all functional pieces of malware have to go through VirusTotal otherwise they won't be effective. But if all orgs dump antivirus software it would be a bit like giving up MMR vaccination in children.
My company recently signed a deal with a healthcare company to do some work on their systems. I got a laptop from this company, MBP 16" so not bad. But lord oh lord are there so many things on this laptop.
Two worst offenders are:
- Antivirus: Just hogs memory, the scan runs "throughout the day" and I've had to resort to using scripts to shut the thing down just so my code will compile.
- Other annoying features: Lets make you stare at a dayglow green wallpaper and give you no way to change it to something that doesn't offend your eyes, lets place a bunch of icons on your dock and desktop that you can't get rid of, just bookmarks to common apps. Lets also make a popup show up on your laptop every day to remind you that you need to upgrade to OneDrive but forget to give me the permission to actually upgrade so this message repeats itself and fails every time..
"There's something wrong with your iCloud ID, please log in to fix it" popup. But hey we disabled iCloud integration so they'll never be able to actually login! (cue evil laughter)
Unfortunately many big customers insist on it as part of security questionaires and depending on who audits your compliance with certain security standards, they may insist it's required too.
My work mac has both Carbon Black and FireEye. It takes 30% longer to do a large build of an open source project than my personal laptopk, despite having 2 more cores and twice the RAM.
Holy caracho!! I understand if you have it on a file-server (bad rep if you send a MS-Word-Macrovirus to a Customer) but on a linux build server?? That's just madness!
Then check the binary before installation/tests if you have to, but not on the linux build server itself...that's ridiculous. A HIDS would be the the answer, so you can be ~sure that your tools are not altered to inject code into your compiled product.
The tradeoff is not worth it, in my professional opinion.