Another story has emerged concerning system failures due to antivirus software.
In my opinion, the issue lies in the approach: there is a certain piece of software that updates aggressively and has full access to the system. This shouldn’t be the case.
Virus issues are an OS developer’s problem. It is they who should release patches that close vulnerabilities. These cases are when a virus gains access through the network on its own.
If we talk about viruses in documents (for example, popular with PDF files), then it’s already the responsibility of the software developer and the user, as a person who has chosen it. For instance, using Adobe Acrobat is not recommended; instead, something simpler and open-source should be used (this would significantly decrease the likelihood of virus activation).
Antivirus software is needed more so to control users: checking documents for known viruses, etc. Consequently, updates should occur infrequently (not more often than once a week). And it should be limited in its rights.
In general, a system should be built rather than relying on antivirus software.
The System:
- A firewall to the network (on the router for home use)
- Local firewall
- Working under a user with limited capabilities (and elevation as required)
- Backups
- Careful selection of software (for example, not using Microsoft Office / Adobe Acrobat at all or for files received from untrusted sources - an option: they can be installed but by default, the file extensions are handled by Open Source alternatives)
- If it’s a crucial machine, then everything suspicious should be in a sandbox (work with the internet in a virtual machine that does not contain internal files and has no internet access)
- etc.