[HN Gopher] Do you need antivirus software in 2024?
___________________________________________________________________
Do you need antivirus software in 2024?
Author : mcc1ane
Score : 57 points
Date : 2024-04-21 08:22 UTC (14 hours ago)
(HTM) web link (blog.thenewoil.org)
(TXT) w3m dump (blog.thenewoil.org)
| saagarjha wrote:
| https://news.ycombinator.com/item?id=40100430
| abraae wrote:
| > Readers considering antivirus software should also be aware
| that such software - ironically - presents a risk just by its
| very nature.
|
| My stepfather went to a grey power meeting (a kind of seniors
| meetup) and the speaker of the day terrified everyone there with
| talk of viruses.
|
| When I next saw him he proudly told me no longer had any fear of
| viruses - in fact he had installed 7 different anti-virus
| products just to be safe. When I asked him where he had found
| them, he told me he simply googled for them (or maybe yahoo-ed
| back then) and downloaded them straight off the interweb. I
| simply could not persuade him that that was not a wise strategy.
| Rinzler89 wrote:
| There is a 62 year old man in Germany who went and got 217
| Covid vaccines in the span of 29 months.[1] Covid was probably
| afraid to catch him.
|
| Funny how with Germany's extensive paperwork bureaucracy where
| every little detail must be recorded and tracked, the
| healthcare workers couldn't catch this guy earlier.
|
| [1] https://www.bbc.com/news/health-68477735
| jv95 wrote:
| Germany made a lot of mistakes over COVID. There were several
| cases of testing center scams where people reported more
| tests than they actually administered. No proof required.
| There is not a lot of bureaucracy surrounding vaccinations at
| least not from a patients point of view. So if you forgot or
| lost your vaccination pass you could probably just get
| another shot especially if you're older/at risk.
| moritzwarhier wrote:
| Not sure why you arw being downvoted, the testing center
| scams are estimated to have cost more than a billion euros
| [^1]
|
| and from the experiences I had, the people that ran them,
| and their sheer abundance, this number is probably a very
| conservative number, and it doesn't include yet all the
| ones that operated on the brink of scamminess. There wasn't
| a need to completely and obviously fake the numbers to
| funnel a lot of public money into your pockets, often
| without providing any tangible benefit (no qualified
| personnel, unreliable tests, inadequate execution).
|
| Way into 2021 many streets in the city I live in had one
| improvised testing center next to the other, mostly ran by
| people without any medical qualification, using tutorials
| from the internet and a process almost designed for
| corruption, where setting up a test center was a state-
| funded get-rich-quick scheme for quite a while.
|
| [1] https://www1.wdr.de/nachrichten/landespolitik/betrug-
| corona-...
| bakuninsbart wrote:
| Very rarely do I defend the last government of Germany,
| but the strategy was to give centers a good margin and
| low bureaucratic hurdle to maximize the number of testing
| centers and ensure that everyone can get tested
| everywhere. Given the seriousness and uncertainty of the
| situation at the time, I think that was a good call.
|
| And there was required documentation, it was just not
| checked at the time. Once the situation settled down, the
| state started clawing back fraudulent claims.
| fransje26 wrote:
| > There is not a lot of bureaucracy surrounding
| vaccinations at least not from a patients point of view. So
| if you forgot or lost your vaccination pass you could
| probably just get another shot especially if you're
| older/at risk.
|
| That was by design, to facilitate and speed-up the
| vaccination process, and in the context, there was nothing
| wrong with that approach to keep the population safe and
| the country running.
| StrauXX wrote:
| Privacy and lack of digitization is big in Germany. There no
| central vaccination database or similar. You can have an
| "Impfpass" (vaccination pass) which is a piece of paper with
| stamps and signatures for your vaccinations. But no one would
| bat an eye if you "lost" it.
| BjoernKW wrote:
| > Funny how with Germany's extensive paperwork bureaucracy
| where every little detail must be recorded and tracked, the
| healthcare workers couldn't catch this guy earlier.
|
| It's precisely because of this extensive paper-based
| bureaucracy such things happen, not despite of it.
|
| German bureaucracy is a complete and utter mess. By and
| large, it's a self-perpetuating end in itself that doesn't
| serve any purpose other than keeping itself (and the people
| and organisations involved in it) alive.
|
| Which is more, due to the Germany aversion towards
| digitization and digital processes (with a misconceived
| notion of privacy commonly known as "data protection" in
| Germany often used as an excuse) the data recorded by those
| bureaucratic processes basically is stored in a gargantuan
| pile of paper nobody is able to make sense of.
| fransje26 wrote:
| My favourite example of the self-perpetuating nature of
| German bureaucracy is the story of the chinese tourist who,
| asking for directions in some administrative building, got
| mistaken for a refugee.
|
| It took more than a month, including placement in a refugee
| centre, before the administrative wheel stopped turning and
| it was realised that he was, in fact, only a tourist
| visiting Germany.
| OKRainbowKid wrote:
| Do you have a source for that story? Asian refugees are
| pretty rare here, so it's interesting how they would
| confuse them for one.
| methuselah_in wrote:
| Depends on mood. With windows now stock antivirus engine is
| enough! On Linux never required. If you are not surfing porn and
| visiting few old sites and just keep an eye as well not required!
| j4hdufd8 wrote:
| > On Linux never required
|
| Oh okay! Would you mind running a really cool program I have
| here for you?
| abhinavk wrote:
| If you stick to your distribution repositories,
| flathub/snapstore and never run `curl | bash` from untrusted
| sources, you would be fine.
|
| And if I have to run your bespoke program, I will use a
| sandbox or VM whether an antivirus is running or not.
| chgs wrote:
| And if you do your AV program wouldn't catch it anyway.
| m000 wrote:
| I rember many years ago trying to run netcat [1] on
| Windows for some tests. AV: Blocked as "hacking tool".
|
| I asked a friend who happened to have Visual Studio
| installed to build it for me from source. AV: No
| problemo!
|
| [1] https://nmap.org/ncat/
| chgs wrote:
| Did you try renaming it to "notnetcathonest.exe"?
| RetroTechie wrote:
| Perhaps a better question to ask: why, in 2024, is it still
| possible that running a random app infects an _operating
| system_?
|
| Don't we have cpu's with a whole set of hardware features to
| limit what <insert executable here> can or can't do? Don't we
| have OSes with fine grained permissions, VM's, capabilities,
| etc, etc? Weren't these things figured out like, in the late
| 70's?
| paulryanrogers wrote:
| Because security isn't perfect and attackers need only one
| mistake. There were some early computers built with
| security in mind, yet their cost and performance were
| impractical for most uses.
|
| There is also the problem of everyone having different
| needs, so permission profiles must vary widely. OS builders
| cannot assume anything about the limits of their use.
|
| Finally users can be the weak link. They may not understand
| the risks of what the screen is asking them when prompted.
| chuckadams wrote:
| > Don't we have OSes with fine grained permissions
|
| No, we really don't. We have OS's with the tools to give us
| fine grained permissions, but at the end of the day on a
| desktop OS, any program you run can do any damn thing to
| any other damn thing owned by the same user. Look to phones
| for security boundaries that make sense in a post-1970s
| world, but not any shipping desktop OS.
| vlod wrote:
| Doesn't Qubes OS solve this problem? It is linux only
| though.
| preommr wrote:
| > If you are not surfing porn
|
| Then what do I need a computer for? /s
|
| But seriously, when I had my work laptop and therefore didn't
| have adblock enabled, I was very surprised at what kind of
| sites had very... let's say questional ads. There are a lot of
| tech sites like Baeldung that have very shady looking ads.
| badgersnake wrote:
| You probably need it because your corporate IT department wrote a
| policy that says you must have it. As far as I can tell that's
| the only reason.
|
| The AV scammers must have paid the SOC2 racket at lot of cash.
| chgs wrote:
| The problem is more that nobody wants to be changing policy as
| they won't see a benefit and they will get blamed. Get hit by
| ransomware (which your AV wouldn't detect), you get blamed for
| removing AV and you're after a new job.
|
| Our password policy still demands periodic changes despite
| ncsc/microsoft/etc advice saying not to do that, because who
| wants to take the risk of changing policy.
| donatj wrote:
| Someone in a SOC2 meeting started making a fuss about us
| needing virus scanners on our Amazon Linux EC2 instances. I
| don't think that got very far but... Just... Stop.
| kstrauser wrote:
| That's absolutely a thing. It's usually under the broader
| category of anti-malware. Why is the web server suddenly
| mining bitcoin?
|
| Edit: Source: have been through a few SOC 2 audits, enough to
| understand why they ask for most of the things in there. My
| personal thoughts on the matter aside, modern audits spend a
| lot more time on other malware than viruses.
| doubled112 wrote:
| AWS will send you an alert because your machine is behaving
| unusually. No need for local protection!
|
| /s sort of
| kstrauser wrote:
| Seriously, that's a legit plan. If you use GuardDuty, you
| can have it trigger EBS volume scans to look for malware
| if it sees strange behavior. I spun up an EC2 instance
| and ran an nmap port scan on another server and a bitcoin
| daemon. It caught both of those, triggered scans, and
| reported its findings.
|
| I'm heading down that road instead of running a
| traditional on-OS process.
| doubled112 wrote:
| Yes, exactly, and you skip an agent.
|
| The agents take more resources than the services on some
| of my machines, which is lunacy if you ask me, but we
| have to check those audit boxes and the security team
| isn't very capable...err...creative.
| kstrauser wrote:
| I was a platform engineer before I was officially a
| security engineer. I'm very protective of our happy
| little servers and try to find ways to avoid installing
| awfulness on them.
| ckdarby wrote:
| Thought the way you presented your source is a bit odd.
|
| For SOC2 you write the controls & policies. The audit is
| backwards looking to confirm you're adhering to what your
| company has said is policy.
| kstrauser wrote:
| Sure, but they also want to see that those policies you
| wrote and conform to meet a whole lot of bullet points.
| gonzo41 wrote:
| I have seen this done. It was funny to watch from afar.
| m000 wrote:
| > You probably need it because your corporate IT department
| wrote a policy that says you must have it.
|
| I think the causes are deeper. At the end of the thread you
| will probably find some horribly outdated "best practices" and
| some big consulting firm that is paid $$$ to security-audit
| your company. The IT department are just the poor buggers that
| need to do whatever is needed to get that audit, although they
| may well know that much of it is theater.
| sam_goody wrote:
| I installed Malwarebytes (somewhat recommended by this article)
| to do a one time scan on my Mac. It required me to install a
| service that would run always as a superuser, and would not
| uninstall completely.
|
| I wrote to them, and got no response. Why is that needed for a
| on-demand scanner? Why should I trust malwarebytes?
| _wire_ wrote:
| Choosing the Uninstall option found under Malwarebytes for Mac
| Help menu effectively removed the service for me.
| chasd00 wrote:
| By "effectively removed" do you mean literally and completely
| removed? I work in consulting and "effectively" gets used as
| a weasel word for "not really but you'll never know the
| difference".
| _wire_ wrote:
| I recall looking into the details and feeling satisfied
| that the launch agent / daemon / helper was completely
| removed. But I did not perform a systematic examination of
| all file system state associated with the install.
|
| My point was to advise readers that there is an Uninstall
| option; just dragging the app to the trash is not enough.
|
| If OP has comments about specific droppings being left
| around, maybe in /private/var or wherever, would like to
| learn about it.
|
| For those unfamiliar with the recesses of macOS, there's a
| venerable tool called Etrecheck that is helpful for sussing
| out Mac config affecting security and performance.
| animal531 wrote:
| I'm still using Avast, but mostly just out of habit. Probably one
| day they'll annoy me enough with their popups that I'll just go
| ahead and delete it.
| latexr wrote:
| Avast collected and sold user data.
|
| https://consumer.ftc.gov/consumer-alerts/2024/02/software-pr...
| ajdude wrote:
| I'd be careful with them, they're not the same same company
| they used to be.
| fsflover wrote:
| See also: https://www.qubes-os.org/faq/#arent-antivirus-programs-
| and-f...
| carlosjobim wrote:
| Every time I've had to help a person remove viruses and malware
| from their computer, they've also had antivirus installed.
| paulryanrogers wrote:
| No vendor is perfect. In fact picking the top search result or
| ad is just as likely to provide fake anti-virus.
| abhinavk wrote:
| You just need the built-in Defender if you don't tread uncharted
| waters. On the other hand, even if you just stick to OS App
| Stores and popular github repos, you can still get infected
| without an antivirus. There are malware in Windows Store.
|
| https://www.reddit.com/r/antivirus/comments/1c690so/learned_...
| IshKebab wrote:
| Depends what you mean by "tread uncharted waters". In my
| experience just browsing the web in Chrome is totally fine even
| on torrent sites (at least mainstream ones).
|
| Chrome vulnerabilities at this point are far too valuable to
| use indiscriminately. They'll be sold on the grey market to be
| used against journalists in the middle east or whatever.
|
| Even downloading films from bittorrent and playing them in VLC
| seems to be safe too, even though I would have thought that was
| an obvious attack vector. Maybe the social aspect if bittorrent
| helps a bit there.
|
| I think the most likely ways to get infected these days are by
| falling for fake download sites, and _maybe_ cracked games,
| though I don 't play those so I'm not sure.
| unnah wrote:
| How do you know? I sure couldn't tell if my computer was part
| of some botnet or whatever.
| batch12 wrote:
| There is much more value in using tools that detect anomalous
| behavior and living-off-the-land techniques than classic malware-
| by-hash.
| paulryanrogers wrote:
| Aren't such tools also AV? Or at least anti-malware?
| batch12 wrote:
| Sort of, they're typically classified as xdr or similar.
| jonstewart wrote:
| This guy is just some YouTuber, right?
|
| I appreciate a website devoted to documenting the privacy
| nightmare and helping people with settings, but this is just bad
| advice. I work in the incident response field; yes, you need A/V.
| magicalhippo wrote:
| Hopefully things have improved, but back in 2014 Joxean Koret
| held a quite interesting presentation[1][2] on how a large
| number of AV engines had serious flaws, including privilege
| escalations and remote exploits.
|
| I consider uBlock Origin to be my primary "antivirus" software,
| though having had some infections back in the DOS days and some
| scares later, it feels wrong running without anything else.
|
| [1]:
| https://ia804703.us.archive.org/14/items/CIAVAULT7PDFFILES/2...
| (slides)
|
| [2]: https://www.youtube.com/watch?v=wVxtcQmZnK0
| jonstewart wrote:
| Oh, not all AV is created equal and even with the good ones,
| sure, they're fallible. But there are still many, many
| incidents where people get exploited by basic malware that
| most AV would stop. I would not actively recommend _against_
| AV.
| sccxy wrote:
| 2 weeks ago new junior developer joined our company.
|
| He was really pissed that our company does not give out admin
| access to developers. And raised this problem in big company wide
| meeting and called our IT team ridiculous and told developers
| know how to handle computers.
|
| Week later IT team did company wide phishing test. Same new
| junior failed this test.
|
| Yes, even if rules are ridiculous. These rules help.
| spacecadet wrote:
| dont be this kid
| IshKebab wrote:
| Yeah but only because you shouldn't call it dumb in a company
| wide meeting just after you join. It _is_ dumb, and
| thankfully I 've never worked anywhere that denied admin
| access to engineers.
|
| Fine for HR or whatever.
| sccxy wrote:
| Actually there is special admin account, but you have to
| enter credentials manually.
|
| He wanted 100% admin account all the time.
| spacecadet wrote:
| In a really good org, Engineers THINK they have admin.
| lol.
| spacecadet wrote:
| OK before you black and white nerds lose your minds, in
| some settings, like a startup, engineers are admins... but
| in general:
|
| Engineers should definitely not have "admin" access. They
| should have least privs for the systems and services they
| need access to...
|
| Dont be this either. It will end badly when you, in a
| stressed late night stupor, blow up your "admin" access...
| be smart- you honestly want least privs for your own
| protection!
| spacecadet wrote:
| If you truly understand this concept, then you know. When
| configured correctly, its damn near "admin"... but not
| "god clearance"...
| IshKebab wrote:
| We're talking about admin access _to your own machine_.
| Local admin. Not root access to servers.
|
| I can't say I have ever "blown up my admin access",
| whatever that means. Especially not late at night because
| I am in bed. And even if I did, so what? I have backups.
| Just means I lose half a day restoring my laptop.
| halfmatthalfcat wrote:
| I can see how it's annoying to have to submit some kind of IT
| request every time you, as a developer, need sudo to install
| something. It may "help" but there is a non negligible cost to
| the company to source all those requests. The risk/reward in
| productivity vs falling for an actual, successful phishing
| attempt is probably a no brainer for most companies.
| rileymat2 wrote:
| Did they steal his credentials in the phishing test? Or was
| failure simply clicking the link?
|
| These are very different scenarios.
| sccxy wrote:
| Yes, he entered his password to phishing site.
|
| He demanded Spotify install at 100 ppl meeting...
|
| Just use web app and shut up next time :)
| gonzo41 wrote:
| Was it a serious phishing test trying to trick people into
| using a fake auth portal? Or just don't click on this link
| test?
|
| Because those second ones where an email tricks you into
| clicking a link are a bad because they do two things. Firstly,
| they propagate the idea that you can click a link and the world
| ends. which rarely happens these days. Your corporate IT dept
| should have some network level controls on malware attachments
| and embedded scripts in HTML emails. And secondly, it breeds
| distrust from anyone with critical thinking in the motivations
| of the IT department.
| sccxy wrote:
| Yes, he entered his password to phishing site.
|
| He demanded Spotify install at 100 ppl meeting...
| DaiPlusPlus wrote:
| > He was really pissed that our company does not give out admin
| access to developers
|
| I'd be annoyed too (I often work on Windows and services);
| fortunately it is possible to grant people local admin access
| scope to their own machines and treat their OS install as
| fungible cattle (e.g. Boot-from-VHD derived from a common image
| with preinstalled software, so if anything goes wrong they can
| be back-to-normal in under 60 seconds; and give people (non-
| admin) access to VDI for reliable access to
| Office/Email/SharePoint, especially if devs use Linux as a
| daily-driver but the rest of your org runs Windows).
|
| At the very least, people can just install a VM with admin
| rights in there - and what's the difference between that and a
| physical machine?
| sccxy wrote:
| Actually there is special admin account, but you have to
| enter credentials manually after you click "use admin access"
| or whatever it is called in windows.
|
| He wanted 100% admin account all the time.
|
| If you complain 100 ppl meeting that it is annoying to
| install Spotify and you fail most obvious phishing test then
| I would not give him that local admin access.
| neallindsay wrote:
| The article seems mostly focused on Windows (which is probably
| appropriate), but the Mac also has built-in anti-virus called
| Xprotect.
|
| https://support.apple.com/guide/security/protecting-against-...
| PlunderBunny wrote:
| Microsoft make a no-install malware scanner (The Microsoft Safety
| Scanner) [0]. It's very slow if you do a full HD scan, and will
| often report finding an issue with a file while scanning that
| isn't actually an issue if you let the scan complete.
|
| [0] https://learn.microsoft.com/en-
| us/microsoft-365/security/def...
___________________________________________________________________
(page generated 2024-04-21 23:01 UTC)