I think all reasonable people, even in the AV industry, will agree with "doesn't make it safe to click on anything". The "not even safer" is more contentious, and that is where the debate is.
-
-
Replying to @taviso @lorenzofb
Yes, they would. They would even, if not always publicly, agree that AV isn't your biggest priority. Here's a funny thing: lots of AV vendor blogs are filled with advice for (home and corporate) users. A lot of this advice actually reduces the need for AV.
1 reply 0 retweets 5 likes -
It's funny: AV is doing a pretty good job reducing the threat on all those legacy networks where half the desktops still run XP. But rather than boasting about it, AV vendors keep telling people to patch their systems, upgrade OS's. That's also why I believe AV aren't bad people.
1 reply 0 retweets 5 likes -
Replying to @martijn_grooten @lorenzofb
Don't push it too far Martijn, a homeopath that tells you to exercise and eat right is still a homeopath
Installing antivirus on XP does not make it a secure system, if the antivirus ever makes a difference then you're in serious trouble.1 reply 0 retweets 11 likes -
Replying to @taviso @lorenzofb
I don't disagree with that statement. In theory, a company's CFO should never run in a situation where AV¹ makes a serious difference. In practice, a whole lot of of them do and I think AV still makes a decent difference. ¹endpoint protection and ignoring APT-style attacks.
2 replies 0 retweets 1 like -
Allow me: what _exactly_ does AV protect? And, follow on, at what collateral risk?
1 reply 0 retweets 1 like -
It protects the user from things like installing a "Flash Player update" because a website tells them to, when it's actually malware. At a risk that is quite small for this threat model.
1 reply 0 retweets 2 likes -
Replying to @taviso @martijn_grooten and
How about, "With some very significant security tradeoffs, there is a non-zero chance that if your vendor has seen this exact file before, even though there is no reason that they would have had to, we could stop it. You are still in very significant danger".
1 reply 0 retweets 1 like -
The 1990s just called and want your "exact file" argument back... AV hasn't relied on exact matches for decades. Most AV engines include a significant machine learning component.
1 reply 0 retweets 1 like
No, the antivirus industry is desperate to distance themselves from blacklisting. The reality is that I've reverse engineered more antivirus engines than you have, and think "blacklisting" is a very appropriate term. So 2018 called, and wants you to accept reality 
-
-
Oh, I'm sure there's _also_ a lot of blacklisting taking place. Because a lot of files are actually reused a lot and adding the hash to some blacklist is the most fail-safe way to add detection for that file.
2 replies 0 retweets 0 likes -
Here is the problem: A user is somehow clicking through warnings and running attachments, this is your wheelhouse. You say "you need antivirus!". Is the user now secure? The answer is no, antivirus doesn't make it safe to run attachments. So what exactly is it you solved?
1 reply 0 retweets 1 like - 4 more replies
New conversation -
-
This Tweet is unavailable.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.