My other favorite thing is all the people who say they've never run antivirus/antimalware, but then also claim to never have been infected. How would they even know? Modern malware tries to go undetected, it doesn't want to get detected and removed so it tried to remain as unobtrusive as possible.

Those of you running linux or osx are exempt from this minirant ;-)

1. There's plenty of malware out there for Linux. The only difference is the delivery method - i.e., attacks against service endpoints (web apps, mail transfer agents, DNS servers, and so on) instead of user agents (web browsers, mail user agents, file managers, and so on).

2. Detecting novel malware isn't some dark magic only practiced by antivirus vendors such as yourself. People are capable of detecting when their computers behave oddly. These detections do not require antivirus or even particularly clueful users.

3. Antivirus can't see into the future. Novel malware can sneak past Malwarebytes, VirusScan, etc. because detections get created only _after_ someone notices something hinky (point #2 above). Put another way, it always amazes me how many smart people, who know a lot about computers, think that antivirus will make you immune to malicious code injection attacks delivered through user agents such as a web browser. Novel malware gets written /constantly/.

4. As with antivirus, "safe habits" (privilege separation, data execution prevention, content filtering, etc.) greatly reduce the risk of a successful attack. In fact, I'd argue that safe habits alone will have a lower risk of successful attack than antivirus alone, given some set of threats and vulnerabilities. I'd go a step further and aver that solely making it difficult to be socially engineered will approach the effectiveness of antivirus alone (but here my own biases are showing: I admit to lacking the data and analysis to back up that claim).

Those of you running Linux or Mac OS X are most certainly _not_ exempt from this minirant.

The market share situation is changing now, and there's no reason to think that if Windows went away tomorrow the world would be malware-free.

Market share is only one part of the equation, the other is effort. Even if linux jumped in desktop adoption that wouldn't make it easier to write malware for, not just because of the security but because of the segmentation. Different distros will have different kernels, patches, libraries and settings that make writing malware that affects the entire ecosystem far more difficult.

With OSX the introduction of malware has never followed market share, although the reasons are more varied for why. One of the biggest reasons, funny enough, is Preview. By not shipping Adobe PDF engines, but writing their own, they've managed to avoid a number of exploits that took advantage of PDF exploits.

This isn't meant to be a conclusive list of differences, but just a couple of examples to show that although market share is a factor it's not even close to the only one there.

The malware might not exploit X application, and sure, Windows has been plagued by Adobe, but there's nothing that makes OS X fundamentally more secure. Especially considering that a lot of malware today actually relies on social engineering rather than 0days.

> You see more social engineering and less exploitation on OSX because there is far less to exploit on OSX.

That statement might be true for applications that users typically install on these systems, but it's not true for the operating systems themselves.

You made the claim that there was a level playing field with regards to security between Windows and OSX, "especially considering that a lot of malware today actually relies on social engineering rather than 0days". My response was simply that this isn't 100%, that many malware variants still use exploits to get onto systems, and that your statements based around that are also incorrect.

That doesn't mean "most".

> My response was simply that this isn't 100%, that many malware variants still use exploits to get onto systems, and that your statements based around that are also incorrect.

I'm saying that if Windows disappeared tomorrow, malware--the pieces that exploit software or social-engineer users--wouldn't go away by any stretch of the imagination. Malware distribution would immediately and significantly increase on the now most attractive platforms.

There is nothing about the architecture of the other operating systems that make them any more resistant to malware than Windows--in fact, Windows' UAC is superior to the equivalents on both OS X and Linux.

Take something like the Chromebook or iPhone, and we'll talk.

For example: https://lock.cmpxchg8b.com/sophailv2.pdf

The problem of malware is systemic, and can't be solved by adding complex, poorly-constructed add-on software.

Whitelisting is clearly superior to blacklisting if you have the patience and knowledge to whitelist the right applications.

I have a Windows 7 desktop and occasionally I might run a scan from an antimalware software. That's as far as I'm willing to go, I don't install special av software because they consume a lot of resources especially with real time analysis.

EDIT: Furthermore, if you’re a tad paranoid you can enable AppLocker in Windows to eliminate any chance of an unwanted program wreaking havoc on your machine. Anything that’s not signed by a company you approve doesn’t run.

Its like saying people only care about NSA spying because they have something to hide -- its faulty logic.

That works most of the time, but it's not the only attack vector around: browser exploits (e.g. via ads), malevolous attachments sent by known contacts, direct attacks over networks and so on.

In any case, it only takes once if you lower your guard; I'd run at least a lightweight one if I were you.

this is just plain false with all the other attacks out there today.

There are many methods of malware delivery which are easily accidentally triggered, even if you're following the basic rules

Drive-by downloads, clickjacking, having java installed, etc can get you infected even if you're a savvy user

At home I use Linux and do not use antivirus software.

I also always log in as root. I like to live dangerously. :)

Man... I cannot even begin to express how bad this is.

Especially if there are drive-by attacks.

You don't need to compromise root/a privileged user in order to get the keys to the kingdom. Once I've compromised whatever user your browser environment runs as, mission accomplished.

Also if you have any hope of dealing with servers in the wider world, you want to shake that habit pronto (and learn ssh keys).

Also your ironically complaining you can't disable your anti-virus software, but the fact is you have a sloppy approach to security that your IT department is protecting everyone in the company from.

(I wonder what about my post makes you think you should talk down to me and make (incorrect) assumptions about my approach to security?)

http://www.cso.com.au/article/441070/google_security_researc...

Noob mistake. Never log in as root. Isn't sudo enough for you?

It's not a controversial statement. It's security 101. Hell, even Windows Vista implemented the same strategy once Microsoft realized logging in with admin rights was a bad idea.

I think it's okay if I log in as root if I want.

I love ESET and have found it finds and stops viruses missed by others. However I found that the built in AV with Win8 was finding things that ESET missed.

This leads me to believe that the stock AV is sufficient, and running an additional malware scanner periodically will give me the best results.

Then I ditched Windows for Linux, and never saw an AV again :)

Anyway, Windows has got considerably more secure than the past. I feel that I used to run an antivirus "just because", and not because I felt the need for it.

The "trick" is to always keep your system update (which mean, always install the latest patches as soon as they come out), always use an up-to-date browser, remove/disable (with click2play) any browser plugins, block ads (unblock them on sites that you feel secure/trustable, but ads are one of the main vector of diffusion for viruses), and obviously don't run any "sketchy" software you might find on the net (VirusTotal and similiar help with that, but for one-time/few uses, it's better to run a virtual machine and then restore it).

I was using Avast for years before that but then they started showing ads and other BS so I decided to let it go.

But that don't take out following the by default security practices in distributions (install only from the distribution, be root only for the essentials, don't have by default enabled remote services, firewalls with everything denied by default, updating, etc).

Trojans, vulnerabilities in enabled services, or even in browsers/plugins/etc are still a concern, but those kinds of attack are not the ones that antivirus usually spot. Checking for rootkits (i.e. with rkhunter), browsers with improved security, and portknocking to make visible private services only to the people/computers that will use them are examples of measure that you can take.

And, of course, you can always install clamav in your linux mail/file server if your users use windows.

I don't run any antivirus software on my PC, but I do keep a very close eye on my running processes and network traffic.

The same goes for applications/code downloaded from the internet or email attachments.

My internet connection is also very slow, especially the upload speed, so you do notice right away if a program is uploading data.

Also, at least on my Windows PC, I do clean reinstalls every now and then, so my OS install is usually less than a year old.

I know this isn't foolproof and there are always ways to get around this, but the same goes when you're running antivirus software.

There is no 100% safe option, the tricky part is finding a solution that works for you in both performance and convenience.

Once I was happily searching the web for a solution to programming problem and a windows-like very good looking dialog popped up asking me something I could not answer no. All of a sudden my computer became unusable and, as fast as I could, I turned my router off. Then started a two hours fight to find what happened and solve the problem. Some Java code installed some things when I clicked yes in the dialog. I was using a vulnerable Java runtime, which had been recently exploited.

I still don't use anti-virus in Windows. But I turned the Java plugin off. And now I use more Linux to do web development.

After I started earning, I started buying Antivirus software. I started with Norton, which crashed my hard disk one day because of a virus, I tried McAfee, which wasn't very good taking large amounts of memory, and finally I had to settle to E-Set NOD 32. I'm not trying to promote the product, But that is one top notch Software. But the Customer Care at E-set is uh-oh, shit.

On Linux, I never had the reason to use any Antivirus, because those who write viruses target Windows(mostly) because of its market share.

In most cases if there is an issue with a Linux machine, you can wipe out a user and their files to remedy the problem -- the core system is very rarely impacted.

Also, when you have non-tech-savvy families you generally want to just get a cover-multiple-pc-at-a-license deals, just because it saves you a lot of hassles.

I think you can be assured that the Windows Defender team does antivirus stuff for a living, just as much as AV vendors do.

  inotifywait -mre modify /home/$USER |
  while read DIR EVT FILE; do
  do
      clamscan $FILE --move=/tmp/noexec_prison/$USER/
  done

The scanner for detecting windows-virus while using Linux were said to be ok (ClamAV, I think).

Something more like an IDS that detects known-insecure software and configurations is probably more useful than a pattern-matching evil bytes detector though.

There's no reason for antivirus software of this kind of exist on desktop Linux, because the whole operating system is free software, so if we want to fix some vulnerability that malware exploits, we can just do it (for example, by sandboxing applications), rather than implementing kludgy workarounds that turn users' machines into battlegrounds.

From what I hear, Wayland should help a lot with this, since it's much simpler and provides better isolation than X11.

When I'm in Windows I'm only playing games or casually browsing the web so attacks aren't a concern and if I do get infected I'll just wipe it and let Steam re-sync things. On my Mac I've got Time Machine just in case things get weird but, while I know OS X isn't virus-proof, I'm really not worried about catching something.

Overall, I feel that a truly secure system shouldn't need an anti-virus at all. Maybe some detection software like Tripwire, but not a scanning antivirus.

Although OS X does actually have a file scanner built in, it's not a full anti-virus suite though.

Then again, there's fairly few viruses targeted at Linux systems and I'm sure even fewer I'd be likely to get on my Gentoo system.

I think you've just pointed out exactly why even though Linux viruses exist, they don't get a foothold (go "epidemic"). There's huge software diversity. I run Arch, you run Gentoo, others run Debian... The same goes for any given piece of software that's regularly infected in the Windows culture: email clients, web servers, web browsers.

So, why was the Dan Geer "against monoculture" thing suppressed so enthusiastically a few years ago?

I turn it on and scan about once a month or so. At most, I have some spywares.

From experience, all the viruses that managed to infect me couldn't be fixed by the antivirus software and I had to do it manually, which is a pain.

As far as I understand, most of AV detection is still based around hash matching. Someone should correct me if I am wrong, though.

It's a surprizingly hard to answer that. The set of virus change every day, and is always unknown.

> most of AV detection is still based around hash matching.

Things are not that clear cut here either. The most usefull matching is hash based. Anti-virus also use other algos, they are just less reliable.