[hules]

I wonder if anybody has estimations of the contribution of anti-virus software to global warming. They run on almost all desktop computers, are generally large and bloated applications that consume tons of cpu for their continuous scans, I would not be too surprised if was far from negligible.

[slg]

To be fair, they also are responsible for some reduction in carbon output. I have seen people just get a new machine if their computer gets too compromised with viruses so any level of virus protection will end up keeping computers out of landfills.

[smorgusofborg]

I think this is an example of the 3rd party crapware that is more frequent a reason for a user to needlessly replace hardware that would have functioned correctly, quickly and more securely with a vanilla install, but a vendor accepted payment to market some security theatre or other feature that is hard to remove. Of course the vendor is all to happy if you think you need a new computer.

[vegetablepotpie]

A computer that is compromised with viruses is easily remedied. Anyone can just reinstall the operating system from the OEMs supplied OS installation media or the user can provide their own operating system. I don’t buy this argument that anti-virus leads to fewer people throwing their assets out. Furthermore, viruses do not affect the underlying hardware, which is what people would be throwing away. The economics don’t make sense, why would an individual dispose of an asset they bought with their personal money when there’s nothing fundamentally wrong with the part of the asset that was purchased?

[jerf]

"Anyone can just reinstall the operating system from the OEMs supplied OS installation media or the user can provide their own operating system."

A careful examination of who that "anyone" is will reveal that as "anyone"s go, it's not very "anyone". It's certainly less than 50% comfortable doing that, and even less willing (e.g., I know how but that doesn't mean I want to).

[tata71]

Our society is so disenfranchised from tech that we can't type "reinstall" or "reset" into the search + follow prompts anymore.

[djur]

Because they don't understand any of what you just said, and they think that malware can harm their computer.

[teakettle42]

> … and they think that malware can harm their computer.

To be fair, it actually can — there’s plenty of writable flash on motherboards and in peripherals where malware could persist across OS reinstallation.

[TheSpiceIsLife]

To add to this, isn’t a computer in this context some combination of hardware and software.

And malware is a contraction oh malicious-software.

And then is it not true that malware does, by definition, harm the users experience in someway, whether that’s detectable by the user or not.

Splitting technical hairs is entertaining though.

[FastEatSlow]

I think that in the days before good windows security, it's true that more people threw out their assets due to malware. I've seen plenty of family members do it, reinstalling an operating system is sadly not something "anyone" can do. It doesn't make sense to throw hardware out because of some software, but most don't have such a distinction.

[riskable]

> I think that in the days before good windows security,

"Before"‽ Windows still sets every file as executable by default (just an example). If it had good security you wouldn't need anti-malware tools always running in the background looking for stuff that has already broken through (to some extent). Basically, Windows security has been and probably always will be absolute garbage.

A big reason why Microsoft won't (and can't, really) fix the security of Windows is backwards compatibility... If they fixed the "everything is executable by default" problem it would 100% for sure break a ton of stuff.

The code base for Windows is both old and enormous. They don't employ enough developers to constantly review and re-write all that code all of the time. Most of it--even today's Windows 10 core code--was written at a time when Microsoft didn't really give a rat's ass about security.

Just look at the past few years of Windows 10 vulnerabilities:

https://www.cvedetails.com/product/32238/Microsoft-Windows-1...

...and compare that to say, Canonical/Ubuntu's list:

https://www.cvedetails.com/vendor/4781/Canonical.html

Looking at last year, in 2021 Ubuntu had 29 CVE-listed vulnerabilities, four of which were "code execution" (the worst).

In that same period Windows 10 had 485 CVE-listed vulnerabilities, 112 of which were "code execution"!

Now consider for a moment that the scope of Canonical/Ubuntu CVE list includes vastly more software than what comes with Windows. I just looked (Ubuntu 21.04) and there's 6,080 packages in Ubuntu's "main" software repository which is what's in scope for those CVEs (I'm pretty sure anyway).

Whereas the scope of Windows 10 is just what comes with the OS which isn't much! If you drill down into the Windows 10 code execution vulnerabilities you'll see that it's all in the core stuff that comes with Windows like the print spooler, media services libraries, remote desktop, file system, etc. It's not obscure extras like bundled games or the snip tool or whatever.

[giantrobot]

> OEMs supplied OS installation media or the user can provide their own operating system

I haven't received install media of any kind from an OEM in over a decade. Commonly they're using a hidden disk partition to reinstall the OS. This can just as easily be compromised as the boot partition. So "just reinstall" skips a number of laborious or impractical steps.

[dbsmith83]

> I don’t buy this argument that anti-virus leads to fewer people throwing their assets out

Just because you think people shouldn't behave a certain way doesn't necessarily mean they don't behave that way, though. There are definitely people out there who toss their laptops when they get cluttered with malware

[abrowne]

> Anyone can just

An extended family member of mine had been planning on replacing their computer because they were having problems logging in to Office 365.

[rileymat2]

Quibble, A/Vs can hook file accesses and executions so most of the time it is not continuously scanning.

[rdiddly]

My CPU fan is screaming next to me right now because of my employer's overly paranoid, inefficient scanning shitware (yep I checked the list of processes). Not only is it warming the globe, it's warming this room. If I put my hands near the exhaust ports it'll warm those as well.

[jedberg]

Since it is winter it probably doesn't matter but if it were summer you'd probably then spend even more energy attempting to move that heat from inside to outside. (Unless you're in the Southern Hemisphere, but statistically you're probably not :) )

[garbagecoder]

So, we’re doing whataboutism for this now? You don’t have some answer like “using as much electricity as Argentina to mine bitcoins is the price of freedom”?

[_8j50]

Ugh.. do you think AVs are useless or something? Why do people think this. Shit AVs are shit, end of story. Reading memory and is not cpu intensive the disk i/o intensity if windows vs linux alone is very drastic if you want to evaluate that as a baseline instead.

It's like asking the carbon footprint of freeway guardrails. I mean, norton sucks, sure but at least turn on defender (which is really good btw). The amount if lives not ruined and money not lost due to cybercrime thanks to AVs alone is staggering imo

[jjoonathan]

Freeway guardrails have never deleted my car's engine while I was minding my own business staying on the road.

[_8j50]

They would be shitty guardrails if they did just like shit AV is shit. I am not asking you to buy norton but to at least leave defender turned on windows. It stops very real and serious threats. Like i have seen attackers move laterally and they only suceed on hosts where people turned off defender or it isn't updated.

I have a challenge for any of you who disagree: write basic malware that you can use to monitor keystrokes and browser creds/traffic. Easy right? Ok, now use it in windows with defender turned on for a day and keep defender from stopping it for a week! Even better if you turn on all defender features.

I mean come on! I heard this misninformation many times before. Not once from a person whose day job is incident response. Not even once!

[sockaddr]

No, what's staggering is the number of my family members that simply cannot use their computer because it's bogged down by an AV. Also, your analogy is completely wack.

[_8j50]

Your av sucks then...

[HelloNurse]

Even a protection racket reduces crime. The trick is that it is someone else's crime.

[_8j50]

For it to be a racket the av vendors need to collaborate with malwaee authors

[HelloNurse]

Actually, I meant a "honest" protection racket that protects against actual rival gangs. The point is that replacing something bad (malware) with something bad (AV software) isn't always a gain.

[Victerius]

Yes, I think AVs are useless now, although that didn't used to be the case.

[_8j50]

This is one of thise silly things I see only among those with just enough knowledge to shoot their own feet.

The amount malware I see stopped by defender alone is very significant. Just write mediocre malware and send email , 10-15% infection rate. Checkout the loot the emoter gang had accumulated when they got raided or any if the ransomware gangs.

A little learning does much harm!

Most people don't run Linux (Aand most Linux desktop users don't harden). I mean, I could be very lazy and make bank without AVs on windows or Mac.

Speaking to you as someone who only discovered several serious intrusions after every layer of security was defeated except defender complained!

[melling]

My 2 year old blog post has the answer to that.

http://h4labs.org/ive-got-another-stupid-idea-to-deal-with-c...

People come up with all sorts of silly ideas rather than actually addressing the real issue.

Addressing virus software will save the world exactly 0 days.

UPDATE

Coal usage is at record usage for power generation. It emits over twice as much CO2 as natural gas

while these silly little ideas about optimizing your website to use less electricity or using a different computer language are a fun way to waste the day, all the coal we keep burning is costing us significant time.

Anything else is better. Waiting for the windmills isnt working.

Anyway, just the occasional reminder that we keep squandering valuable time and now we need a bigger miracle.

Good luck with the shaming to address the problem.

UPDATE 2

"Stop all economic growth"

No one said that. That is a right wing sound bite simply meant to add noise to the discussion.

[domano]

The blogpost only states that we should use gas instead of coal, so if anyone hopes for an answer to the original question you dont need to click.

[hayd]

"Stop all economic growth"

I disagree with doing that even in the most developed countries, I've no idea how you imagine selling that to the least developed countries. Or by force?

However, I agree we aren't really able to do enough - that there's a lot of virtue signalling so we feel a little better about ourselves - and a technological solution is what's required.