[ho_schi]

I warn about using any kind of snake oil.

Often sold under the marking terms "antivirus" or "personal firewall" or "cloud cyber security". Known side effects of this treatment are high CPU load, high RAM consumption, drain of battery power. Sometimes they also consume your money or looking at your data. So far I would consider other counter measures, like applying user rights, proper package management and re-consider your decision using this random stuff from the internet? If you're forced to use Windows the one with the least known side effects is Microsoft Security Essentials but even this has several drawbacks. If you're already using Linux or some kind of BSD you probably applied already these measures accordingly.

PS: This doesn't mean you shouldn't make sane use of software looking expectantly for malware. If your are a server admin and hosting a mail server which faces random stuff from the internet it makes sense to filter out bad stuff. And it won't spin up the fan of your laptop or drain its battery.

[hutzlibu]

"If you're forced to use Windows the one with the least known side effects is Microsoft Security Essentials but even this has several drawbacks."

But permanently disabling it is very, very hard.

[midasuni]

> But permanently disabling it is very, very hard.

I installed linux in a new machine just last week

[hutzlibu]

Congratulations, me too.

But that didn't help me with the linux driver issues for my laptop. Nor does linux run adobe animate, or a bunch of other software.

[ho_schi]

Good work!

The only "correct" approach is telling Adobe that they need to provide native ports of their software or switching to other software. Regarding laptops, buy business laptops (Lenovo ThinkPad, Dell Developer Edition) or laptops made from vendors with a focus on Linux (Purism, System 76, Tuxedo) and stick with internals from AMD or Intel. So it boils down to knowing things before and giving the right companies your money. It worked somehow, Intel provided first good support, than AMD, Atheros and others followed. On the ugly side we have still ARM, Qualcomm (yep - now Atheros) and of course Nvidia.

Actually the "stickers" with the Windows logo from Microsoft are the proof that the hardware runs good enough with the pre-installed version of Windows. And that the manufacturer has spend 80 $/€ or more for this. Some person also name this stickers "tax labels", nasty persons "protection money". Not that I want to encourage the Linux Foundation...

[autoexec]

Lenovo gets a lot of love from linux users for their laptops, but they've repeatedly shipped malware infested systems. Sometimes they did it in exchange for money, sometimes they wrote the malware themselves. I wouldn't recommend anyone go near them. I mean, hardware that'll play nice with linux is nice, but we're not lacking for alternatives these days.

If a company who acts as horribly as Lenovo does can still be recommended even in tech circles it makes me wonder what a company would have to do before their reputation suffers for the general public.

[ekianjo]

They never shipped a malware that would resist a fresh install. Nobody should ever use an OEM provided OS.

[nisa]

Actually it's not. Just add an exclusiun for C:/ - it still hogs some memory but the i/o drawbacks are gone. There is probably also a way to let it scan Downloads only but I didn't found it yet. In this configuration it still scans USB drives.

[vbezhenar]

Intellij Idea recommends to exclude directories related to project and IDE from MSE. I think that's a reasonable compromise between performance and security.

[tored]

At the same those folders are probably the biggest backdoor into your system if you are a software developer, software developers are smart enough to not download crap from the internet, but they will gladly run npm install with full user privileges.

[ho_schi]

They once setup here the scanners to prevent modification of executable files. The linker called by GNU's GCC was...well...surprised. Not a problem if you build the Windows stuff also on Linux.

[jeroenhd]

Anti virus can be very helpful in corporate environments if set up right and managed by knowledgeable people. Those people are expensive, but they're life savers when John from marketing clicks the "enable editing" button in a spreadsheet he just received from a spoofed email address.

The problem with corporate security is that security vendors often try to shovel as much crap onto your network as possible, rather than set you up with the security system you need. It's not hard to set up a company wide system that shows all green checkmarks and has tons of tray icons running to assure upper management that everyone's computer is now secure, especially with duplicate features and multiple daemons that a talkative sales rep might try to slip in for that sweet commission money. You also need someone competent to look through logs, keep checks on what's going on, and not get fired or demoted if they don't report anything new (because if you're lucky, there's nothing new to report).

For smaller businesses, the best you can do is hope for the best, really. Keep your consumer AV running and try to stick to common security advice, because there's no way you'll be able to get much use out of common business AV products if you don't have someone in your company who knows how to use those tools.

For consumers, Windows defender is often a decent balance. It's pretty good at detecting viruses, doesn't get in your face all the time, and although there's definitely a performance impact, it's low enough that office work shouldn't be affected by it too much. As a dev, I hate how much it gets in the way of many applications (especially those accessing many small files, like compilers), but I realise that this isn't exactly the most common workload for AV.

[ho_schi]

Will be difficult. Most people are trained in a way that . "Antivirus" means "Ass covering successfully applied. I'm no longer responsible!".

The "antivirus" was sold as solution to the MBA people for thirty years and computer magazines told the consumers the same wrong story. I've seen arguments like "ISO27001 requires us to install an antivirus on that application servers". Suddenly you see "undefined behavior" on the same application server. Guess how get's blamed? Not the responsible people.

When we see weird issues on customers systems "Please turn off antivirus" is in a high number of times the solution, suddenly defined behavior. The problem with antivirus software is that it is the actual implementation of undefined behavior.

I'm not a network admin! John from marketing should be in an isolated VLAN or something like that? Only access to an departed internal file server? Because it will fail. Maybe there is JavaScript in the next spreadsheet and Microsoft Security Essentials is happy "JavaScript? Let me see. I want put my nose inside!": https://docs.microsoft.com/en-us/security-updates/SecurityAd...

Failure will happen in general computing and the systems need to be resilient about that. The other approach is what we see in mission critical systems? Multiple parallel instances if possible, no unchecked updates, no random software, only input through defined interfaces.

[boopmaster]

Working on a large corporation, I liken our AV deployments and endpoint security as the invisible hand of productivity destruction. I’m not saying these products don’t block malware, I’m not disagreeing with you at all.

It should be stated that, with a high degree of confidence, deploying these measures against your internal employees personal systems and cloud deployments WILL invariably lead to the destruction of employee output and system performance, when things inevitably do go wrong and whole operating systems are hosed if not obliterated.

Back up your data folks +Your environments +Your passwords.

It can take weeks to get back up to full speed when your system dies to AV or anything else.

[ho_schi]

When the AV killed here the first laptop I was surprised about how. It turned out that this "special" product sneaks into the hardware disk encryption (which is actually reliable) and rendered it useless. IT department shrugged and bought the next laptop...

[progx]

No problem in a company, where spreadsheet not have root access to everything.

[viraptor]

Spreadsheets don't have to have access to admin to cause serious issues. Company financials, shared drives, contact lists with hierarchy, email history, password managers, etc. live on restricted user accounts. As usual there's an XKCD for it: https://xkcd.com/1200/

[gandalfian]

Though actually I installed kapersky free edition on an older comouter because it was fairly light and well behaved. Has a good reputation for catching things too. But yes I should really think about removing it now and I'm sure we all have sympathy for the trusting victims who paid to upgrade their bundled mccafee/Norton/sympatec and were worse off for paying extra....

[elesiuta]

I agree with the snake oil sentiment, and wanting a tool to monitor connections on a per application basis but being dissatisfied with everything I found, I wrote my own (https://elesiuta.github.io/picosnitch/).

Only then did I discover that creating any sort of tool that is running on the same machine it is supposed to protect, if malware is also on said machine, is basically a fool's errand.

I tried to overcome as many of the pitfalls as I reasonably could, but reached a point now where the best approach is to just document any remaining limitations and some of the other counter measures you can use.