Do We Need An Anti-Virus?

[Hydrogen]

What are you thoughts about this? I have heard many keep it simple with Windows Defender (or XProtect for MacOS), but others would run an extra layer of security using an AV/AS. If you use one, what would you use?

* This goes for both - a normal end user and corporate environment.

[RewildingEd]

I run Windows Defender for Endpoint (P2) on all endpoints, and Crowdstrike Falcon on our servers.  I am happy with this setup, no complaints.

[Florian]

Windows Defender at home and at work -> i implement defender for endpoint for our customers 😉

 

But i use it and like it and recommend it (E5 license sponsored by my company)

[doctor_tran]

What has been said above. Microsoft tools have gotten really good these days and paired with other off-endpoint tools, one can gain quite a lot of insights. 

[bear]

I really like Defender at home but it's very troublesome for debugging stuff. Not to mention the dozen times it deleted my own damn softwares. Leaves me malding everytime!

[cd80]

I dunno really, if you have read anti-virus hacker's handbook, you will prob realize these virus scanner take up a lot cpu and memory for not just scanning but for checking if an exe file you clicked on is a virus or not by opening up the exe file in a sandbox and then running it before it actually execute it on your machine. Virus scanners also do a lot of hooking on special windows API which can cause some problems esp if you are running a game and the anti cheat decides to hook a windows API but the virus scanner won't let it. It's very interesting but at the same time crazy. So yeah I dunno...

[shan]

4 hours ago, cd80 said:

I dunno really, if you have read anti-virus hacker's handbook, you will prob realize these virus scanner take up a lot cpu and memory for not just scanning but for checking if an exe file you clicked on is a virus or not by opening up the exe file in a sandbox and then running it before it actually execute it on your machine. Virus scanners also do a lot of hooking on special windows API which can cause some problems esp if you are running a game and the anti cheat decides to hook a windows API but the virus scanner won't let it. It's very interesting but at the same time crazy. So yeah I dunno...

Yeah, I think the resource consumption argument was valid 10+ years ago, but even cheap laptops are fast enough now for most people not to notice, unless you've got scans doing some crazy stuff.

And your comment about AV hooking in to Windows internals is basically the best argument to just use Defender, in my opinion. If you're going to give something unfettered kernel access, why not just make it the thing that is already built in?