I think AV software, despite all the benefits that it provides, also has a very dangerous dark side - it encourages more-or-less blind trust by its users, and thus can be used as a very powerful means of control to further an agenda. The most common example of this is the detection of keygens/cracks/patches as being malicious, many of which are clearly not (at least back when I was still into that stuff around a decade ago - not sure about now); I'm a reverse-engineer so I can inspect the files manually and see the truth, but the average user will be far more likely to believe their AV and assume it's malicious --- helping to spread the FUD. Seeing how things as simple as completely innocent "Hello World" programs can get detected as false positives[1][2][3][4][5][6][7] while state-sponsored spyware gets let through is very deeply disturbing.
IMHO signature/heuristic-based detection techniques are always prone to error, and should be replaced with behaviour-based detection (and blocking). At the moment, I think a good firewall (on another known-clean machine - ideally running 100% open-source software) should be enough to detect any suspicious network traffic.
It depends on the AV. I have recent experience with 3 of them : Sophos and Avira tends to classify every keygen as a malware (Sophos is the worst) but Kaspersky is OK with them (or don't detect any malware at all for what I know ;-)
And yes I do use cracks : I wish I was able to reward my fellow devs but I don't have a start-up salary (even for my country my salary is pretty low) and open source softwares are usually (and I insist on usually, not always) not up to par.
And yes I do use cracks : I wish I was able to reward my fellow devs but I don't have a start-up salary (even for my country my salary is pretty low) and open source softwares are usually (and I insist on usually, not always) not up to par.
So sue me.