|
Anti virus can be very helpful in corporate environments if set up right and managed by knowledgeable people. Those people are expensive, but they're life savers when John from marketing clicks the "enable editing" button in a spreadsheet he just received from a spoofed email address. The problem with corporate security is that security vendors often try to shovel as much crap onto your network as possible, rather than set you up with the security system you need. It's not hard to set up a company wide system that shows all green checkmarks and has tons of tray icons running to assure upper management that everyone's computer is now secure, especially with duplicate features and multiple daemons that a talkative sales rep might try to slip in for that sweet commission money. You also need someone competent to look through logs, keep checks on what's going on, and not get fired or demoted if they don't report anything new (because if you're lucky, there's nothing new to report). For smaller businesses, the best you can do is hope for the best, really. Keep your consumer AV running and try to stick to common security advice, because there's no way you'll be able to get much use out of common business AV products if you don't have someone in your company who knows how to use those tools. For consumers, Windows defender is often a decent balance. It's pretty good at detecting viruses, doesn't get in your face all the time, and although there's definitely a performance impact, it's low enough that office work shouldn't be affected by it too much. As a dev, I hate how much it gets in the way of many applications (especially those accessing many small files, like compilers), but I realise that this isn't exactly the most common workload for AV. |
The "antivirus" was sold as solution to the MBA people for thirty years and computer magazines told the consumers the same wrong story. I've seen arguments like "ISO27001 requires us to install an antivirus on that application servers". Suddenly you see "undefined behavior" on the same application server. Guess how get's blamed? Not the responsible people.
When we see weird issues on customers systems "Please turn off antivirus" is in a high number of times the solution, suddenly defined behavior. The problem with antivirus software is that it is the actual implementation of undefined behavior.
I'm not a network admin! John from marketing should be in an isolated VLAN or something like that? Only access to an departed internal file server? Because it will fail. Maybe there is JavaScript in the next spreadsheet and Microsoft Security Essentials is happy "JavaScript? Let me see. I want put my nose inside!": https://docs.microsoft.com/en-us/security-updates/SecurityAd...
Failure will happen in general computing and the systems need to be resilient about that. The other approach is what we see in mission critical systems? Multiple parallel instances if possible, no unchecked updates, no random software, only input through defined interfaces.