Ask HN: Has anyone reconsidered Antivirus software after recent security news?
Like most of you, I don't use antivirus software and haven't for years. Modern Macs (and PCs) are pretty secure by default.
However, with the rise of AI-assisted exploits/phishing and supply chain attacks, I've been reconsidering. We recently had an incident at work where CrowdStrike caught a RAT that a developer was inadvertently installing on their work computer.
1. Would consumer antivirus / EDR software even be good enough to block things like the Axios compromise?
2. What do you recommend?
7 comments
[ 0.18 ms ] story [ 58.3 ms ] threadI have been a bit more involved in the LiteLLM incident but I have read about the axios incident and in my research, I found this to be interesting[0] which could have helped. I feel like there are definitely ways to safeguard things which we should try out.
I don't know too much about Antivirus software so I can't speak about that but I feel like there are multiple interesting projects within this space.
My (personal opinion) is to keep the surface of exposure as low as possible. Relying solely on antivirus doesn't feel the best of scenarios and one of the things that I learnt from all of this is to keep a more active eye on security if-possible and to keep your attack surface low basically.
[0]: https://github.com/DataDog/supply-chain-firewall
If someone wishes to do something like this, I recommend quickget for linux and orbstack for macos although quickget can work on mac.
I really like this project too https://github.com/losfair/bake
Ironically this was sorted out in the 1970s and 80s, with Gnosis[1], and KeyKOS, but the PC revolution swamped it away in the noise as Windows and Linux took off. The best you can do without jumping to a capabilities based system in the meanwhile is to use hypervisors and the principle of least privilege to segregate tasks using VMs as very course grained capabilities systems[3].
This is the root cause that has been driving the adoption of hypervisors, virtualization, etc. for decades.
[1] https://en.wikipedia.org/wiki/GNOSIS
[2] https://en.wikipedia.org/wiki/KeyKOS
[3] https://en.wikipedia.org/wiki/Capability-based_security