[topkai22]

Do professional drivers need to wear seatbelts?

The truth is that even really good technologists sometimes make mistakes. My insurance agent's email got hacked recently. I was in the process of renewing a policy, so opened the link to a phishing site and entered credentials. Oops. Thankfully I immediately noticed and changed the password (+ had two factor on.) Had that been an attached PDF instead I probably would have opened it.

At this point, consumer/end machine AV is a bit like vaccinations for diseases that are largely under control- attacks aren't spreading because the there are many protections in place, but if the unprotected population rises (especially in high value targets like developers) than the attacks will increase.

Configure AV? Sure. In fact just last week or so I had to validate that a server level product was really scanning user uploaded files correctly, so I had purposefully download known bad file (The sample file from EICAR) https://www.eicar.org/?page_id=3950). Getting defender setup so I could handle that file was annoying but manageable. I've also disabled real time scanning of certain applications and processes for performance reasons.

However, would I run without it on at all? Nope- I'm pretty good driver, but I still wear my seatbelt.