Way forward to on-access antivirus in Linux

Posted Nov 11, 2019 8:41 UTC (Mon) by Cyberax (✭ supporter ✭, #52523)
In reply to: Way forward to on-access antivirus in Linux by zlynx
Parent article: Filesystem sandboxing with eBPF

I'm using Windows with an AV for work and so far I haven't seen it crashing. Not once.

> And then Windows has to create little simulated environments for the AV so it can "watch" a pretend operating system.
Windows doesn't do anything like this. It provides official hooks for AV software in the kernel mode, but doesn't do any emulation.

Way forward to on-access antivirus in Linux

Posted Nov 11, 2019 15:46 UTC (Mon) by zlynx (guest, #2285) [Link] (2 responses)

Microsoft has to build hacks for nearly every release of Windows 10 because some company's idiot AV thinks it knows Windows better than Microsoft does.

Way forward to on-access antivirus in Linux

Posted Nov 11, 2019 15:52 UTC (Mon) by pizza (subscriber, #46) [Link] (1 responses)

Similarly, "enterprise" AV is responsible for reducing brand-new ultrabooks with nvme storage and making them perform about as well as a much older system with spinning rust.

(seriously; I just saw a thread on my employer's intermal messaging boards about how our current enterprise AV suite makes compiles take nearly 3x longer than without it..)

Way forward to on-access antivirus in Linux

Posted Nov 11, 2019 16:17 UTC (Mon) by dezgeg (subscriber, #92243) [Link]

Not to mention all the extra security holes introduced by AVs doing complex parsing of file formats in processes running with SYSTEM permissions, e.g. https://googleprojectzero.blogspot.com/2015/09/kaspersky-...