> Every company has vulnerabilities. How they respond when told about these vulnerabilities is much more important, and, at least by this account, Symantec is pretty responsible when it comes to responding to the discovery of these vulnerabilities
How about eliminate the attack vector in the first place? No third-party AV, no problems.
The more they extend their offerings, the more features they add, the more they extend the attack surface. And the attack surface of an average AV product is HUGE.
Considering the raw amount of incompetence displayed, not having a third-party AV in the first place seems like a reasonable choice.
Want something scanned? Run it through Virus Total or something. Done.
I used to be fairly neutral regarding AV's.
Then I saw all the really stupid and really serious vulnerabilities Tavis Ormandy dug up in pretty much all the AV products, including the Symantec Endpoint Protection (https://googleprojectzero.blogspot.com/2016/06/how-to-compro...).
The sheer amount of incompetence and neglect displayed by AV vendors has made me strongly question third-party AV's being a net positive.
How about eliminate the attack vector in the first place? No third-party AV, no problems.
The more they extend their offerings, the more features they add, the more they extend the attack surface. And the attack surface of an average AV product is HUGE.
Considering the raw amount of incompetence displayed, not having a third-party AV in the first place seems like a reasonable choice. Want something scanned? Run it through Virus Total or something. Done.