@tommi
@tommi
AV machen Computer unsicherer: https://www.
computerwoche.de/article/2688372/virenscanner-oeffnen-hackern-die-tueren.html
Und nochmal unsicherer: https://
web.archive.org/web/20080709040624/http://www.nruns.com/parsing-engines-advisories.php
Und mehr: https://
web.archive.org/web/20140802030839/http://t3n.de/news/sicherheitsstudie-virenscanner-antivirensoftware-560067/

@tommi Think of them as a security monitoring software. They come in different names: EDR , AV, XDR, etc. They observe events via OS hooks/drivers. Look for signatures/patterns of malicious behavior, assign scores/probability/confidence of detection. And then, based on configuration, either act locally and/or alert remotely.

Yes. They are useful and very much necessary on consumer OSes (winblows, macos, pre-installed linux, ...). They tell you when something goes wrong.

Good ones are paid

@tommi antivirus needs to add kernel code and that makes the attack surface larger.
This fact is difficult to explain. It is easier to buy antivirus to demonstrate to managers that you are doing something. For this reason antivirus is alive.

@tommi It depends on how you use the web. For simple users, the main attack vector that antivirus programs protect against downloading files and running them.

In the past, people would download untrusted executables, usually pirated software, and just run them. In the cloud era this doesn't happen anymore. Also, PDFs used to be more dangerous but now PDF viewers do sandboxing. If you have network sharing or other open protocols/ports on your computer more attack vectors open up, but "home" users who used to be the target audience of antivirus software don't do such things.

I wouldn't say antivirus business is exactly bullshit, people used to google "download ms office" and get some links and get infected, that was a valid problem. Today, we use websites for everything so whatever dangerous thing a website can do to your computer is sandboxed by the browser.