> Readers considering antivirus software should also be aware that such software – ironically – presents a risk just by its very nature.

My stepfather went to a grey power meeting (a kind of seniors meetup) and the speaker of the day terrified everyone there with talk of viruses.

When I next saw him he proudly told me no longer had any fear of viruses - in fact he had installed 7 different anti-virus products just to be safe. When I asked him where he had found them, he told me he simply googled for them (or maybe yahoo-ed back then) and downloaded them straight off the interweb. I simply could not persuade him that that was not a wise strategy.

You probably need it because your corporate IT department wrote a policy that says you must have it. As far as I can tell that’s the only reason.

The AV scammers must have paid the SOC2 racket at lot of cash.

2 weeks ago new junior developer joined our company.

He was really pissed that our company does not give out admin access to developers. And raised this problem in big company wide meeting and called our IT team ridiculous and told developers know how to handle computers.

Week later IT team did company wide phishing test. Same new junior failed this test.

Yes, even if rules are ridiculous. These rules help.

The problem is that most people cannot tell the difference between a scam and a legitimate app.

For example, my father wanted to watch some YouTube videos offline. He naively Googled " YouTube video download." The result was obvious: most of the links were scams. When you work on dev every day, your first option will be to search for open-source or a well-trusted source and distrust a scammy-looking website that promises you many things.

After that experience, I started to see the value of Apple's App Store. Sadly, the chain of trust provided by the App Store is ruled by one company.

I wonder why the industry couldn't agree on a single standard or method to do different chain of trust checks. For example, if all email clients adopt a sender identity check (like GPG), then spam and phishing will be extremely easy to eliminate.

Suppose applications have a sort of group approval. In that case, the OS can warn you before trying to install or run a scammy app. (something like Apple's notarization + user vote, but without the control of a single entity). Is that a bad idea? What will be the flaws?

You just need the built-in Defender if you don't tread uncharted waters. On the other hand, even if you just stick to OS App Stores and popular github repos, you can still get infected without an antivirus. There are malware in Windows Store.

https://www.reddit.com/r/antivirus/comments/1c690so/learned_...

I installed Malwarebytes (somewhat recommended by this article) to do a one time scan on my Mac. It required me to install a service that would run always as a superuser, and would not uninstall completely.

I wrote to them, and got no response. Why is that needed for a on-demand scanner? Why should I trust malwarebytes?

Even past the pedantic that widows defender is antivirus software, the link justifying not using an alternative rates it as 54th out of 74

So the same experts the author relies on to defend the Defender have a much higher opinion of the alternatives

(and Defender is very slow, why do you not care about the "average user" using average hardware enough to suggest he avoids the pains of slow computers)

And recommendations in the end without real time protection is just ridiculous, so with all that I'd not rely on the author's opinion re anything security

Microsoft make a no-install malware scanner (The Microsoft Safety Scanner) [0]. It's very slow if you do a full HD scan, and will often report finding an issue with a file while scanning that isn't actually an issue if you let the scan complete.

[0] https://learn.microsoft.com/en-us/microsoft-365/security/def...

Every time I've had to help a person remove viruses and malware from their computer, they've also had antivirus installed.

https://news.ycombinator.com/item?id=40100430

Depends on mood. With windows now stock antivirus engine is enough! On Linux never required. If you are not surfing porn and visiting few old sites and just keep an eye as well not required!

The article seems mostly focused on Windows (which is probably appropriate), but the Mac also has built-in anti-virus called Xprotect.

https://support.apple.com/guide/security/protecting-against-...

I'm still using Avast, but mostly just out of habit. Probably one day they'll annoy me enough with their popups that I'll just go ahead and delete it.

In the final report on the Irish health services ransomware incident, AV did pick up early signs of the attack but they were not further acted upon - there is value to enterprise AV, provided you back it up with enterprise incident response...

For home use, sure, just use defender and be careful, like the article says and you'll mostly be fine.

There is much more value in using tools that detect anomalous behavior and living-off-the-land techniques than classic malware-by-hash.

I haven't used/installed antivirus (or firewall) software since 2010.

See also: https://www.qubes-os.org/faq/#arent-antivirus-programs-and-f...

This guy is just some YouTuber, right?

I appreciate a website devoted to documenting the privacy nightmare and helping people with settings, but this is just bad advice. I work in the incident response field; yes, you need A/V.