Not really. It’s the nature of how software like AV has to work. In order to protect against the baddies, it has to run at the kernel level, which is unfettered access to the system. If it didn’t run there, it would be borderline useless for security. Bad practices like poor code review like Crowdstrike is the real crime.
Kinda like the government… They say there are here for YOUR security but are they really?
I haven’t used AV beyond windows spyware most of my life and mint Linux doesn’t even have it. I don’t think. I guess enteprise might different situation… Not sure if there is real benefit to them.
I see no benefit for normal use case but I am open to hearing if I am wrong.
Every business that has connected devices should be running an AV solution, at least for Windows, which is the vast majority of users. In many sectors, it is a requirement to do business. I’ve never worked in a Linux based business environment, so I’m not sure what the AV solutions are. Many reputable businesses will have network wide monitoring via SIEM tools and other agents.
AV does exist for the end user’s security, generally even the likes of Kaspersky. The inherent nature of running at the kernel level means that if something malfunctions, malicious or not, the effects can be significant. Generally speaking, these products aren’t malicious because that’s bad for business. The problem with companies like Kaspersky is that they have to comply with government requests which could mean access to private information.
The most important part of IT security is the human element. Don’t click bad links, don’t give out secret information, etc. AV products help when people mess up but also help protect against drive-by threats that don’t require human interaction.
I don’t run anything in my person Linux machines and used free Windows Defender on Windows for years. For anything not needing corporate level security, the free Defender is going to be more than enough and in most cases the best option for performance, not just cost.
If you are a US based company, you already have to comply with US government legal requests. However, if you are a US company and using a Russian AV, now your AV will have to comply with Russian government requests. Russia is well known for asymmetric attacks, and giving that geopolitical adversary kernel level access to your entire corporate network is … unwise.
I get that corpos are US whores and that’s all good but from individual perspective your own feds are more dangerous then any Russian fed…
So people love saying this shot about Russian companies while skipping the part that this risk is even greater for the person with windows installed on their personal computer.
This isn’t about saving oneself from US access in exchange for Russian access. It is about already permitting US access, then ADDING Russian access on top. It doesn’t matter if the US feds are worse than Russian feds or vise versa, the worst possible choice is giving both entities access. Which is exactly what a US company does when they install a Russian AV across their network.
this risk is even greater for the person with windows installed on their personal computer
I’m fully onboard with Linux. And we can see from the usage charts others are taking notice of the benefits.
Not really. It’s the nature of how software like AV has to work. In order to protect against the baddies, it has to run at the kernel level, which is unfettered access to the system. If it didn’t run there, it would be borderline useless for security. Bad practices like poor code review like Crowdstrike is the real crime.
Kinda like the government… They say there are here for YOUR security but are they really?
I haven’t used AV beyond windows spyware most of my life and mint Linux doesn’t even have it. I don’t think. I guess enteprise might different situation… Not sure if there is real benefit to them.
I see no benefit for normal use case but I am open to hearing if I am wrong.
Every business that has connected devices should be running an AV solution, at least for Windows, which is the vast majority of users. In many sectors, it is a requirement to do business. I’ve never worked in a Linux based business environment, so I’m not sure what the AV solutions are. Many reputable businesses will have network wide monitoring via SIEM tools and other agents.
AV does exist for the end user’s security, generally even the likes of Kaspersky. The inherent nature of running at the kernel level means that if something malfunctions, malicious or not, the effects can be significant. Generally speaking, these products aren’t malicious because that’s bad for business. The problem with companies like Kaspersky is that they have to comply with government requests which could mean access to private information.
The most important part of IT security is the human element. Don’t click bad links, don’t give out secret information, etc. AV products help when people mess up but also help protect against drive-by threats that don’t require human interaction.
I don’t run anything in my person Linux machines and used free Windows Defender on Windows for years. For anything not needing corporate level security, the free Defender is going to be more than enough and in most cases the best option for performance, not just cost.
Thank you for providing additional context…
Seems reasonable so have to point this out tho
How is this different from any US based company or EU based company for that matter?
If you are a US based company, you already have to comply with US government legal requests. However, if you are a US company and using a Russian AV, now your AV will have to comply with Russian government requests. Russia is well known for asymmetric attacks, and giving that geopolitical adversary kernel level access to your entire corporate network is … unwise.
I get that corpos are US whores and that’s all good but from individual perspective your own feds are more dangerous then any Russian fed…
So people love saying this shot about Russian companies while skipping the part that this risk is even greater for the person with windows installed on their personal computer.
Indeed “unwise”
This isn’t about saving oneself from US access in exchange for Russian access. It is about already permitting US access, then ADDING Russian access on top. It doesn’t matter if the US feds are worse than Russian feds or vise versa, the worst possible choice is giving both entities access. Which is exactly what a US company does when they install a Russian AV across their network.
I’m fully onboard with Linux. And we can see from the usage charts others are taking notice of the benefits.
My point being pointing out risk of Russia without point out risk from US can be misleading to a regular reader.
But yes Linux baby, let’s go…
Custom Android ROMs,
Openwrt
Make ur fed work for that money you paying him!