new | ask | show | jobs
Ask HN: Has anyone reconsidered Antivirus software after recent security news?
4 points by pants2 14 hours ago | 3 comments

Like most of you, I don't use antivirus software and haven't for years. Modern Macs (and PCs) are pretty secure by default.

However, with the rise of AI-assisted exploits/phishing and supply chain attacks, I've been reconsidering. We recently had an incident at work where CrowdStrike caught a RAT that a developer was inadvertently installing on their work computer.

1. Would consumer antivirus / EDR software even be good enough to block things like the Axios compromise?

2. What do you recommend?

stop50 12 hours ago  [ - ]

Our devs can't install software without an reason or check. External packages/modules/... have an 24 hour delay, except for retractions and are scanned for malware. Selinux does the rest and we encourage devs to write policies for their applications.

evs91 12 hours ago  [ - ]

consumer EDR "could" detect it if everyone knew what to look for and the pricing was good. Unfortunately (or not) EDR for consumers is limited to really just the MS365 addon for Microsoft Defender for Endpoint (P2) which is $3 a month on top of your MS365 license (so looking at a good value if you already have an enterprise tenant even if solo). Downside: it's a firehose of information and is a full-time job managing for SMB. But to the other comment here: sandboxing / runtime isolation helps. It's more an onion than a strict wall. One failure shouldn't cause the city to collapse.

Imustaskforhelp 13 hours ago  [ - ]

I feel like as someone who recently worked within helping in the aftermath of supply-chain attack. I personally recommend to instill good practices to sandbox things properly, both as a developer publishing libraries yourself and as someone who uses libraries . There are some good projects out there which can do the sandboxing for you and I am seeing a ton of explosion in this space recently something which is good to have as I had the idea of sandboxes an year or so ago and we have gotten far more options now to chose from.

I have been a bit more involved in the LiteLLM incident but I have read about the axios incident and in my research, I found this to be interesting[0] which could have helped. I feel like there are definitely ways to safeguard things which we should try out.

I don't know too much about Antivirus software so I can't speak about that but I feel like there are multiple interesting projects within this space.

My (personal opinion) is to keep the surface of exposure as low as possible. Relying solely on antivirus doesn't feel the best of scenarios and one of the things that I learnt from all of this is to keep a more active eye on security if-possible and to keep your attack surface low basically.

[0]: https://github.com/DataDog/supply-chain-firewall