UEFI Secure Boot, mandatory signed binaries, and Windows Defender (XProtect on macOS), have contributed more to protecting from malware than 3rd party anti-virus. Although I think the existence, cost, and PITAness of 3rd party anti-virus might very well have contributed to motivating the OS vendors into securing their products better.
It should be noted, I believe the parent comments included Windows Defender as an anti-virus. 3rd party was never specified, and disabling Windows Defender can indeed improve file access performance.
Can confirm. I usually have to turn off windows defender whenever I'm doing anything with docker, or node modules, or something similar. If I don't, my computer slows to a crawl.
Source? I thought UEFI was just a way to make Linux a pain in the ass to dual boot with Windows? What's your evidence that it's effective against malware? I am biased here, and hate uefi.
UEFI is not the same thing as UEFI Secure Boot. UEFI booting in general makes dual-booting far easier than BIOS-based booting where operating systems have to fight over who owns the MBR. Secure Boot makes it harder to set up a multi-boot system because you need a signed bootloader for your Linux system.
I do remember, but correlation != causation. The major improvements that have made software so much more secure are not AV, they are things like ASLR, non-executable stack, stack canaries, a shift to less-privileged code and having more functions in user space, memory-safe(r) languages being more common place, and an increase in general security awareness. If anything anti-virus is much less useful now that polymorphic shell code is commonplace, as well as the fact that user error (such as falling for a phishing attack) is by far the largest cause of security failings.
> If anything anti-virus is much less useful now that polymorphic shell code is commonplace
Source? I disagree with this statement. Polymorphic viruses have been in commonplace since decades. I don't think that diminishes from the importance of AV. AV software isn't restricted to comparing file hashes with known threats, there's so much more that can be done for security.
Are you asking for a source for only that statement or for my post in general? Source is myself. I have a masters in Cyber Security and have worked in the field for 15 years. I've written numerous exploits and have actively evaded antivirus in the past. I can tell you from experience that ASLR is 10 times the pain in the ass that AV is, and NX bits/DEP are maybe 100 times more. Not trying to have a dick measuring contest, just justifying why I don't mind citing myself :-D
Regarding:
> Polymorphic viruses have been in commonplace since decades
I disagree. I wouldn't describe them as "commonplace" until maybe the last decade or so. Regardless, this is probably the weakest of the arguments that I made.
> AV software isn't restricted to comparing file hashes with known threats, there's so much more that can be done for security.
With this I agree, tho I would contend that even the most advanced heuristics and things like hook interceptions such as those Comodo experimented with in the late 2000s are still not what has made us so much more secure. At best AV is a small layer of a Defense in Depth strategy. At worst it's a bloated unnecessary layer that eats cycles and robs system resources that could be devoted to useful activities.
That said, if I had any Windows machines in my home (been on Linux exclusively for a bit over 10 years now), I would likely run Defender on them. I'm not suggesting that AV is worthless, just that it isn't the reason things are much more secure these days.
