Stop calling AV imperfect, this is like saying CRC16 is an imperfect cryptographic hash. AV does not provide a net benefit, we've already explained to you the serious problems we face shipping secure software because of Antivirus.
-
-
Replying to @taviso @stacksmasher and
I said almost all users. We need tell high value targets (journalists, activists etc.) to lock down their devices to the point that AV doesn't provide any benefits (and should be removed). I've been saying that for years.
1 reply 0 retweets 0 likes -
Replying to @martijn_grooten @stacksmasher and
In exchange for a trivially bypassable blacklist, it introduces serious vulnerabilities that the industry refuses to take responsibility for. "Well nobody's perfect!", "Those problems are out of our threat model!", I've heard it before and explained why that doesn't cut it.
1 reply 1 retweet 0 likes -
Replying to @taviso @stacksmasher and
OK, I just told my parents to remove AV from their PC, because of all the reasons you cited (which, again, are very valid concerns that we're not taking seriously enough). What should they do instead?
3 replies 0 retweets 1 like -
Replying to @martijn_grooten @stacksmasher and
How about your buy your parents a Chromebook Martjin, or Windows 10 S? That's an easy solution, probably cheaper than your Kaspersky subscription and actually good security.
1 reply 0 retweets 1 like -
Replying to @taviso @stacksmasher and
They're teachers. They sometimes need to download software for school projects that doesn't work on every OS. Also, let's assume they a) use free AV and b) can't afford a new computer.
2 replies 0 retweets 1 like -
Replying to @martijn_grooten @taviso and
Create a backup/reset medium for them. No interaction. Hard code a script that dumps the 2018-02-20 drive image onto the laptop's HDD/SSD. (dd(1), xz(1), secureboot, etc.)
1 reply 0 retweets 0 likes -
Replying to @TW_Berger @martijn_grooten and
A Chromebook would be fine, it's <$200 and actually secure, and is perfect for most users. Martjin is being difficult, it's the standard AV industry schtick of "Any replacement has to be perfect, but we don't have to be".
2 replies 0 retweets 0 likes -
Replying to @taviso @TW_Berger and
Yes, the whitelisting market is immature and currently enterprise focussed, but he is actually in a position to fix that. Imagine how slick and easy it would be if all the people employed to populate blacklists were populating whitelists? Most people would never notice it.
1 reply 0 retweets 0 likes -
Replying to @taviso @TW_Berger and
Seamless hourly updates of new safe software, enterprise social whitelisting like AppNot, Martjin's favorite "most users" would never notice. If you forgot to pay your subscription, you would actually remain secure.
2 replies 0 retweets 0 likes
The AV industries favourite problem "a user runs an email attachment", the one that's in your threat model that you can't actually solve, the one you have to ask marketing to hint at but not promise because it's still dangerous...it *would* actually work, it *would* be safe. 
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.