Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Modern antivirus software, to me, feels like a virus. Norton and McAffee are especially guilty of this. They install browsers toolbar, do search engine hijacking, constant nagging. They became the software they were supposed to protect us against. I finally convinced my dad not to renew his Norton subscription.


Take a look at the other articles from the same author where he investigated some popular anti-virus products. In particular Kaspersky is/was a mess:

- https://palant.de/2019/08/19/kaspersky-in-the-middle-what-co...

- https://palant.de/2019/11/25/kaspersky-the-art-of-keeping-yo...

- https://palant.de/2019/11/26/internal-kaspersky-api-exposed-...

- https://palant.de/2019/11/27/assorted-kaspersky-vulnerabilit...

McAfee:

- https://palant.de/2019/12/02/rendering-mcafee-web-protection...

And I expect that he will publish more articles in the future.

If you want to use anti-virus I would stick to their on-access scanning and stay away from their web protection...


More very entertaining evidence of how terrible most antivirus products are can be found be reading many of the Project Zero bug reports by taviso. https://bugs.chromium.org/p/project-zero/issues/list?q=owner... There are a lot of them!


I would like to have a low power ARM box just for scanning files, like PiHole but for AV but I think it would be limited only to Clam AV; does any other AV support linux on ARM(not android)?


Could you try qemu-i386 (or ExaGear with patching licensing... as it's dead) with https://github.com/taviso/loadlibrary (see the Windows Defender section)?

Yeah it's hacky, but might work well for your usecase.


Thank you, but both of those projects look dead; I'll check them out.


Windows Defender is a performant alternative to all the junk antivirus companies put out. At this point it's fairly well documented that having a third-party antivirus product running on your Windows device often exposes you to security issues, even if the antivirus doesn't spy on you.

https://www.zdnet.com/article/ex-top-mozilla-dev-to-windows-...


"Windows Defender is a performant alternative ..."

No it's not really [1]. You can check by yourself running `npm install` of any medium sized project or if you are a gamer, launch Steam with/out Defender.

Even IntelliJ warns you about Defender performance impact in the IDE.

[1] https://www.av-comparatives.org/tests/performance-test-octob...


I've got Symantec endpoint protection on my work laptop, using WSL and doing an npm install causes the laptop to Blue Screen everytime.

The bsod error indicates it's Symantec.

My solution is that it seems to be because it's creating so many files so quickly, so I made a power profile that sets the max cpu frequency as 5%, it takes longer but doesn't break the computer.

In comparison windows defender is slow but works. Haha.


I have the same problem. Makes WSL completely unusable for all practical purposes. Might try your mitigation, but it feels a bit like cutting off a leg to get out of a bear trap.


I can confirm that McAfee and Trend Micro do the same thing. McAfee even goes so far as to lock files in your AppData and Tmp folders until it's finished checking them. This causes havoc with a lot of apps and makes certain ones completely unusable.


Agreed, I have seen several workloads getting stalled by a single core being occupied by defender. They should make it async. If the file is not going to be executed, just written to disk, then there's no reason to stall the writing thread.


How does Defender compare against other antivirus options? Perhaps it's the least bad? Obviously running more software will have a performance hit over not running software. Especially when it almost requires constantly inspecting the system.


For me the main advantage of Windows Defender is the business model. It's in Microsoft's best interest to keep Windows virus-free as much as possible. It's in commercial anti-virus vendors interest to keep machines as virus ridden as possible.


From a performance impact standpoint, based on just one test suite, it is the worst on the market. https://www.av-comparatives.org/tests/performance-test-octob... (and I linked to the same article in your parents comment...)

Avira and Bitdefender manage to rank in the top tier of performance impact and protection every time I check. Both offer free products, and Bitdefender Free is considerably less annoying, in my past experiences. Free antivirus is actually one of the places where market competition forced a bunch of them to clean up their acts and offer a good non invasive product. Avira still has ads, but if you wanted one product on your pc and one on a home server, it might make sense to use two vendors products. https://www.bitdefender.com/solutions/free.html https://www.avira.com/en/free-antivirus-windows

For one off system scans, besides the two mentioned above; ESET, F-Secure, Kaspersky, Panda (and Emsisoft which has Avira and Bitdefender built in) all offer great spot check products. ADWCleaner is indispensable.

It's interesting that "anti-virus" has now become the free component in suites. You pay for things like VPN, password management, and home network security. Kaspersky goes a step further and offers VPN and password management in a free tier. https://usa.kaspersky.com/free-antivirus


Pretty hard to get people to pay for services Microsoft provides for free


The reason I no longer use Bitdefender is because they forced MITM httpS in the browser. It wasn't optional in free product and I don't know if it is in paid. Has that changed?


My understanding was that web attack prevention could be disabled, but then the program icon showed you as "unprotected." It wasnt so much forced MITM as misleading representation of your current state. If the user doesnt want web protection, dont keep scolding them for it.


AFAIK free version didn't allow any granularity to disable web protection.


Not so much the Steam users, but I would hope that developers would have enough knowledge to add their project and build directories to the anti-virus on-scan exclusions.

As with any security, it's a balance against convenience/speed.


If you're on your company-provided system you probably don't have the ability to change any anti-virus settings. Corporate IT admin rarely trust us to not just turn it off because it's annoying.


Windows Defender doesn't seem to do very well in AV tests

https://www.youtube.com/watch?v=sE-xdb9hTqY

Avast! did much better

https://www.youtube.com/watch?v=km4aKjA2T_c


"Avast! did much better"

You mean the company discussed in the article?


Yes. Their AV suite outperforms Microsoft's.


haven't had to install an anti-virus or deal with a virus in like forever. windows 10 kept nagging me about scanning, and often doesn't find much. i may not know what new tricks malwares and viruses are using right now.


"often doesn't find much"!?


They also will often install their own trusted root certificate and then MITM all HTTP/HTTPS connections. Often, this MITM will significantly reduce the cryptographic security of the connection over the public internet [1].

[1] https://jhalderm.com/pub/papers/interception-ndss17.pdf


“Modern” ? Antiviruses have been doing all those things you listed for the past 15 years, these tactics are as old as the hill.

I can’t remember a point when antivirus software didn’t do all that and just did the one job you wanted it to do. Since my school years I’ve always had to switch all that crap off


I never understood why this was a problem MS never felt they needed to address in the OS itself (architecturally). At this point, AV software should be obsolete. But, here we are.


They do and have done it for many years. But it’s hard (impossible) to stop a user from (being tricked into) downloading some random crap and insisting on running it despite warnings about untrusted executables and warnings about the executable asking for administrator permissions.


The problem is a lot of legit programs cause the same terrifying popups in windows to the point where they become more of an annoyance than something you actually pay attention to.


The problem is that the same legit programs are doing things like using administrator permissions when they don’t need them and not signing their code, so the structural “protect users from themselves” features can’t kick in.

Fundamentally power users want freedom over guard rails and casual users need those guard rails present (though in my experience there are plenty of power users who think they’re security savvy), so there’s not a one size fits all solution. At the moment I think Windows 10 S mode is a promising approach to give both groups what they want, which is also the kind of architectural solution you asked about.


I have long said that Microsoft could make a big difference just be having office check on startup for administrator privileges, and refuse to start if found. Nobody with administrator rights needs to run Office. You should have a second non-administrator login for that type of thing.


Also, Microsoft has been bundling AV as an OS feature for a while now. A lot of damage was done by the US anti-trust judgment declaring AV to not be an OS feature, and for Microsoft needing to wait for that judgment to expire to bundle the feature (which is why it was a separate download for Windows XP, and why so many people still don't realize Windows 10 has AV built-in and 3rd Party options are unnecessary at best [and can be scams at worst]).


I think Microsoft's engineers would love to, and do wherever possible. But Windows' #1 selling point is backwards-compatibility. It's possible that there's types of security hardening that simply can't be done without breaking large swathes of legacy business software.


An apparent incompatibility between the mandated antivirus and Windows Subsystem for Linux means that I can't run WSL on my work machine. Something to do with the on-write virus scanning means running rsync in WSL will reliably BSOD the machine.


Windows 10 has pretty good anti-virus built in.


Yes, it is called Windows Defender, as above.


The above message was actually posted after. They were probably written at the same time. Please take into account that comments on Hacker News are ordered by votes, not published dates.


> Modern antivirus software, to me, feels like a virus.

Malware can be loosely defined as any software which tries to modify the system to inject capabilities not previously present. With that definition, antivirus is malware that tries to prevent other malware from doing what it did.


> any software which tries to modify the system to inject capabilities not previously present

Isn't that just software?


No; ordinary software doesn't modify the operating system. To see the distinction, narrow it down for a second to "modify the system to inject capabilities not previously present into system calls".


Malware is not defined by what it does, but whether or not its actions conform to user intent and approval.


That's true, but AV tends to use the same sketchy and unreliable techniques to hook itself in that malware uses. Having benevolent intent doesn't make the software less buggy or less harmful.

(I used to lead Mozilla's efforts to extricate buggy third-party AV code from Firefox's processes)


> Malware can be loosely defined as any software which tries to modify the system to inject capabilities not previously present.

Very loosely.


I would say that AV could be generously described as snake-oil pretty much since its inception. It has always caused more trouble than it ever prevented and was only capable of catching common low-effort malware, and even then only if said malware wasn't a "product" of some ad company that had a relationship with the AV vendor. Meanwhile it caused issues for legitimate software, slowed things down, and sometimes just acted as a new attack vector.


Norton is sad, because isn't their security team excellent at reporting vulnerabilities?


The modern products sold under the Norton brand are a slur on the name of Peter Norton, a real dude who made some excellent software products and wrote some important books back in the day.

https://www.technologizer.com/2014/06/05/where-have-you-gone...

I guess there's a lesson here: if you sell your name, eventually it will be used for something that will tarnish it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: