Why anti-virus?

imsodin · December 11, 2020, 5:12pm

What is the use-case for anti-virus? I mean the daemon kind, not tools to manually scan for viruses (ideally on a separate device with nothing but the scanner on it). Remembering the days I had to deal with viruses (family downloading emoji packages ), we always had up-to-date anti-virus and it didn’t help. The obvious downsides of AV are: AV blocks Syncthing, AV uses system resources, and AV is an attack surface of it’s own (and vulnerabilities keep popping up left and right). And the real measure against viruses is so simple: Don’t download stuff from untrusted sources. So is it just corporations that need certification that they are secure, and thus don’t care if they are less secure as long as the certificate is there, or is there an actual legitimate use-case for those buggers?

Yeah I know it’s basically quite off-topic, but AV keeps popping up in this forum so often that I really would like to know (or for people to uninstall them ).

odin · December 11, 2020, 5:35pm

I guess that device is going to proxy everything, and terminate every TLS connection?

Ah, yes, because there are no recorded instances of trusted sources being compromised.

tomasz86 · December 11, 2020, 10:44pm

Non-techy computer users are not able to distinguish between trusted and untrusted. They do not even know what the term means. Still, as long as they do not open unknown e-mail attachments, they should usually be fine.

However, I did personally get a virus ~10 years ago by using a USB stick that got infected on a library computer… so I would say that any portable USB devices are a major risk factor, and those are/were quite common in many offices, at least from my experience. AV does help catch those kind of viruses before there is even a chance of potential execution.

nekr0z · December 12, 2020, 9:04am

I wouldn’t say that portable devices are a risk factor at all. The systems/environments that allow auto-running software from these certainly are, though.

tomasz86 · December 12, 2020, 10:17am

Well, I would say that it really depends on the perspective . I am thinking about a typical computer user on a Windows machine. They really should not be allowed to plug in any external USB devices that have been used somewhere else, for their own safety.

Of course, you can make Windows secure by using limited user accounts, etc. but in reality, no-one does it. At least I have not seen a limited account being used even once, regardless whether it was an office in a large institution or just a personal computer.

calmh · December 12, 2020, 11:56am

Does any modern virus actually spread via removable storage? I thought it was pretty much all botnet and ransomware stuff, mostly spreading via compromised websites or ad networks exploiting browsers and such.

tomasz86 · December 12, 2020, 12:12pm

I would say that it still does. Just as an example, https://securityweek.com/try2cry-ransomware-spreads-usb-drives from this year.

I personally have seen several viruses on USB sticks in the recent years. They usually created fake LNK files that the users executed thinking that they were just opening their folders… which wrecked havoc especially in Windows 8 and older. Windows 10 with the built-in AV seems to do a pretty good job detecting most of the common stuff.

Spam e-mail attachments, e.g. fake parcel tracking and such, are also often riddled with viruses.