[kevingadd]

It's definitely reasonable at this point to just skip using AV. It won't protect users from bad security habits and it tends to make your system performance worse even if it doesn't have vulnerabilities.

I have Windows Defender enabled on my machines since it comes with the OS (and work policy requires it), but I definitely had to exclude most of my work folders to be able to get work done.

It would be nice to have software that specifically blocks ransomware by trying to detect it heuristically, but that would probably not be very effective and the right solution is just to have backups.

[dspillett]

> to have backups

With the usual additional notes: unless you include an off-site, an off-line (or at least soft-offline) backup, and your backups get tested regularly enough, you don't have a backup system, you have aspirations & hopes!

----

For your valuable information anyway. For most individuals the core “it would really inconvenience my life if I lost it” data is surprisingly small¹, and the next layer (“losing it would really annoy me”) is only a few tens of Gb². For personal use everything else in the grand scheme of things can be reacquired or won't be massively missed, things are a bit different for businesses of course.

[1] password store, financial details & other officialdom, code & docs for personal projects that might come to something else [2] meaningful digital photos & such

[jacquesm]

"With the usual additional notes: unless you include an off-site, an off-line (or at least soft-offline) backup, and your backups get tested regularly enough, you don't have a backup system, you have aspirations & hopes!"

This should be posted in every place where people are involved with IT operations.

[Ensorceled]

It gets posted on HN EVERY SINGLE TIME. Usually the words "have backups" triggers multiple lectures on offsite backups and testing and multiple factors and ...

[dspillett]

I'll stop repeating myself when the world gets the damned hint!

(or stops complaining when something is lost because they didn't)

[elesiuta]

Even if/when the world does get the hint, there will still be https://xkcd.com/1053/ (although most people probably won't find this as exciting)

[formerly_proven]

Don't forget to not roll your own crypto!!!

[Ygg2]

> your backups get tested regularly enough

And you test the tests and so forth.

[dspillett]

It is tests and verifications all the way down!

No matter how careful you are adding automated tests and test to verify those tests have run OK, and making them fail safe (fail with a warning in this case) where possible, it will always soon get to a point that there needs to be a manual “have we seen the everything is OK message recently?” or similar is by far more efficient than adding another tests to send a warning when the last layer of tests has failed.

[Helmut10001]

First I skipped using Antivirus altogether, but now I opted for intermediate solution using Microsoft's native Antivirus Defender. At least this is fairly guaranteed to be compatible with Windows itself. Regarding firewall: I don't trust Windows anymore - using an external HW firewall on my router (opnsense).

[vladvasiliu]

A new [0] feature in Windows is "protected folders", which denies access to specific folders (user-configurable) by default to applications, and the user needs to actively allow them access. The downside is that it's all or nothing, meaning that a given app either has access to none of those folders or to all of them.

You can do something similar with SELinux and AppArmor, and I think recent versions of macOS also have something similar.

---

[0] new to me, I'm only an occasional Windows user, for gaming, so it may have been there for a long time

[tored]

Protected folders has existed for a while, in practical terms is almost useless, because you can’t create groups of protected folders for different type of applications, thus protecting too many folders will have consequence of you need to allow almost every application you regularly use.

Therefore protected folders works best if either a) you only use a very limited set of approved applications, which of course is rarely the case if you are skilled enough to know what protected folders are, or b) you only protect one folder with text documents that you only read in notepad, but if you have that case it is better to put them in a encrypted storage.

[londons_explore]

> specifically blocks ransomware

If microsoft made the "shadow copy"/"previous versions"/"system restore" functionality a core part of the kernel that even someone with admin rights can't mess with (which it almost is already), then that could be used to roll the system back to 5 mins before ransomware infection easily.

[kevingadd]

Ransomware usually has delayed activation built in, so that it's possible for it to spread or activate simultaneously once it's encrypted a bunch of machines, afaik

[charcircuit]

Malware writers make sure their malware is undetected by most antivirus software. Antivirus will not save you.

[viraptor]

This is the case only for the first few hours. Sure, the new releases are checked against the current AV engines. But there's no magic that will prevent them from being detected in a week. And unless you're being actively targeted or extremely unlucky, that means AV will catch most things for you.

[tored]

Agree, but doesn’t that mean that heuristic based AV is useless, only creates annoyance by flagging legit software , when a list of known malware would be good enough if response time to add to that list is high enough.

[viraptor]

Heuristics are often good. The very basic one "has a significant number of users ever seen this file before" is both annoying for development and probably the best possible first line of defence for larger companies.