imo_incolae
Bluelighter
- Joined
- Apr 3, 2022
- Messages
- 192
Antivirus software has its uses. Its largely useless against the latest threats because signature based detection only works on what is known to be added to the databases. As soon as you make minor modifications to malware the signature changes. You have newer technology like heuristics which predicts the behaviour of potential malware based on learned behaviours which is better at detecting malware but still isn't a panacea and tied to that, AI driven learning.
Antivirus is really good at detecting what is already known and known threats still exist in the wild and are often still used by the bad guys. When you consider all the latest advanced threats using zeroday exploits, the sheer amount of resources going into developing and deploying them make their use extremely fine tuned to particular targets; government infrastructure, corporations and industry systems etc so you aren't going to waste a good hack on casting a broad net and then have your hard work reverse engineered and the exploit patched. The average person is likely to encounter what already lingers on the threat landscape, which itself is a good thing - IF - you have a decent level of protection.
It depends on your threat model.
You can't protect against social engineering. The biggest companies fall victim to it, as do the hardest time spent pros in the business. You can't protect against physical penetration. All it takes is for someone to stick a rogue USB into a workstation hooked to the network at work and the rest is history, or recon the network and report back any possible exposed or potentially exploitable access points; open ports, running outdated software with known critical vulnerabilities. That renders airgapped networks obsolete when someone can walk in with a device and bypass the millions spent on security. You can't protect against undisclosed vulnerabilities, no matter what any antivirus company says. And there are many. You are using a browser now which will likely have several undisclosed vulnerabilities that are being hoarded by threat actors.
You also can't protect against opportunist attackers. Someone who is going round testing out home networks from a car won't find it difficult to break in to pretty much all consumer home networks. All he has to do is wait for reconnection of a device to a network using a N-mode wireless dongle and then steal the authentication token and then use that to login. Then there's bruteforce attacks which most routers won't detect or prevent, even with a basic timeout on multiple attempts. And especially if you use WPS - game over. It takes less than a few minutes to guess those numbers.
If you are going to be wreckless, antivirus works. Lots of people are wreckless and assume the internet is a benevolent place. And they assume computers know what they are doing and don't rely on the monkey sat in front of them. The weakest link in the chain is the monkey.
Also, Linux isn't a panacea. Its file system has basic security models built in that just work and permissions make it harder because executables for example need to be assigned permissions manually and also because of its philosophy you get a completely transparent project (usually anyway if you opt for the right distro). Open source means open solutions. Closed source means security through obfuscation. You can still be hacked on Linux and it has vast amounts of vulnerabilities but you could argue that's because its open source and so a dialogue about them existing exists in the first place. Its simplicity also benefits its protection.
That being said, Windows has made a lot of improvements over recent years. Its security suite is now up there with leading contenders for its basic protection. In some cases it serves as a better solution than paid antivirus but in other cases it fails miserably so its a double edged sword. Windows has put a lot of emphasis on security and pushing the envelope for better built-in features and protection but this after several decades of acting like its someone else's business to sort out leaves massive holes in its abilities that likely won't ever be fully patched. Microsoft have never been the loving kind and I think its own shadow haunts itself.
At the end of the day, its market share that is the enemy of Windows. You grow so big yet there is a huge deficit in matching that growth in terms of development. Windows is essentially one milestone version piled on top of another. XP was 2000 with a facelift (and NT included). Vista was XP with a facelift. 7 was Vista. 10 was 7. 11 is 10. Pretty much most computers run Windows and so they run decades of Frankenstein patchwork code masquerading as revolutionary software. So if you imagine you have a zero day exploit ready, its ready to slip through pretty much every OS on the planet and that includes not just at home but government, industry, corporations, critical infrastructure etc. Windows is a backdoor in and of itself basically. It screws itself and then screws you but we depend on it and our world would crumble fairly quickly without an alternative that came close to what Windows does.
If you look at most vulnerabilities for Windows, it proves my point. None are recent in that recent development bugs caused the issue. Most are relics of bygone milestone releases. WannaCry for example exploited a vulnerability in SMB. SMB goes back well before the release of Windows at the time of WannaCry. If I'm not mistaken it was SMB 1 that was exploited which is why SMB 1 is disabled by default today. SMB 1 is old. The fact Windows was using SMB 1 so late into its production shows how negligent Microsoft had been.
You have to weigh up the risks I guess.
What is your threat model? Antivirus plays a minimal role of threats in the wild. Antivirus is the cleanup crew after the car wreck. Is that enough for you?
Antivirus is really good at detecting what is already known and known threats still exist in the wild and are often still used by the bad guys. When you consider all the latest advanced threats using zeroday exploits, the sheer amount of resources going into developing and deploying them make their use extremely fine tuned to particular targets; government infrastructure, corporations and industry systems etc so you aren't going to waste a good hack on casting a broad net and then have your hard work reverse engineered and the exploit patched. The average person is likely to encounter what already lingers on the threat landscape, which itself is a good thing - IF - you have a decent level of protection.
It depends on your threat model.
You can't protect against social engineering. The biggest companies fall victim to it, as do the hardest time spent pros in the business. You can't protect against physical penetration. All it takes is for someone to stick a rogue USB into a workstation hooked to the network at work and the rest is history, or recon the network and report back any possible exposed or potentially exploitable access points; open ports, running outdated software with known critical vulnerabilities. That renders airgapped networks obsolete when someone can walk in with a device and bypass the millions spent on security. You can't protect against undisclosed vulnerabilities, no matter what any antivirus company says. And there are many. You are using a browser now which will likely have several undisclosed vulnerabilities that are being hoarded by threat actors.
You also can't protect against opportunist attackers. Someone who is going round testing out home networks from a car won't find it difficult to break in to pretty much all consumer home networks. All he has to do is wait for reconnection of a device to a network using a N-mode wireless dongle and then steal the authentication token and then use that to login. Then there's bruteforce attacks which most routers won't detect or prevent, even with a basic timeout on multiple attempts. And especially if you use WPS - game over. It takes less than a few minutes to guess those numbers.
If you are going to be wreckless, antivirus works. Lots of people are wreckless and assume the internet is a benevolent place. And they assume computers know what they are doing and don't rely on the monkey sat in front of them. The weakest link in the chain is the monkey.
Also, Linux isn't a panacea. Its file system has basic security models built in that just work and permissions make it harder because executables for example need to be assigned permissions manually and also because of its philosophy you get a completely transparent project (usually anyway if you opt for the right distro). Open source means open solutions. Closed source means security through obfuscation. You can still be hacked on Linux and it has vast amounts of vulnerabilities but you could argue that's because its open source and so a dialogue about them existing exists in the first place. Its simplicity also benefits its protection.
That being said, Windows has made a lot of improvements over recent years. Its security suite is now up there with leading contenders for its basic protection. In some cases it serves as a better solution than paid antivirus but in other cases it fails miserably so its a double edged sword. Windows has put a lot of emphasis on security and pushing the envelope for better built-in features and protection but this after several decades of acting like its someone else's business to sort out leaves massive holes in its abilities that likely won't ever be fully patched. Microsoft have never been the loving kind and I think its own shadow haunts itself.
At the end of the day, its market share that is the enemy of Windows. You grow so big yet there is a huge deficit in matching that growth in terms of development. Windows is essentially one milestone version piled on top of another. XP was 2000 with a facelift (and NT included). Vista was XP with a facelift. 7 was Vista. 10 was 7. 11 is 10. Pretty much most computers run Windows and so they run decades of Frankenstein patchwork code masquerading as revolutionary software. So if you imagine you have a zero day exploit ready, its ready to slip through pretty much every OS on the planet and that includes not just at home but government, industry, corporations, critical infrastructure etc. Windows is a backdoor in and of itself basically. It screws itself and then screws you but we depend on it and our world would crumble fairly quickly without an alternative that came close to what Windows does.
If you look at most vulnerabilities for Windows, it proves my point. None are recent in that recent development bugs caused the issue. Most are relics of bygone milestone releases. WannaCry for example exploited a vulnerability in SMB. SMB goes back well before the release of Windows at the time of WannaCry. If I'm not mistaken it was SMB 1 that was exploited which is why SMB 1 is disabled by default today. SMB 1 is old. The fact Windows was using SMB 1 so late into its production shows how negligent Microsoft had been.
You have to weigh up the risks I guess.
What is your threat model? Antivirus plays a minimal role of threats in the wild. Antivirus is the cleanup crew after the car wreck. Is that enough for you?
