Ask HN: Has anyone reconsidered Antivirus software after recent security news?
7 comments
It's my long standing position that all currently popular operating systems are insecure by design. It's going to require rip and replacement of the whole thing before we can even begin to approach secure general purpose computation.
Ironically this was sorted out in the 1970s and 80s, with Gnosis[1], and KeyKOS, but the PC revolution swamped it away in the noise as Windows and Linux took off. The best you can do without jumping to a capabilities based system in the meanwhile is to use hypervisors and the principle of least privilege to segregate tasks using VMs as very course grained capabilities systems[3].
This is the root cause that has been driving the adoption of hypervisors, virtualization, etc. for decades.
[1] https://en.wikipedia.org/wiki/GNOSIS
[2] https://en.wikipedia.org/wiki/KeyKOS
[3] https://en.wikipedia.org/wiki/Capability-based_security
Ironically this was sorted out in the 1970s and 80s, with Gnosis[1], and KeyKOS, but the PC revolution swamped it away in the noise as Windows and Linux took off. The best you can do without jumping to a capabilities based system in the meanwhile is to use hypervisors and the principle of least privilege to segregate tasks using VMs as very course grained capabilities systems[3].
This is the root cause that has been driving the adoption of hypervisors, virtualization, etc. for decades.
[1] https://en.wikipedia.org/wiki/GNOSIS
[2] https://en.wikipedia.org/wiki/KeyKOS
[3] https://en.wikipedia.org/wiki/Capability-based_security
I feel like as someone who recently worked within helping in the aftermath of supply-chain attack. I personally recommend to instill good practices to sandbox things properly, both as a developer publishing libraries yourself and as someone who uses libraries . There are some good projects out there which can do the sandboxing for you and I am seeing a ton of explosion in this space recently something which is good to have as I had the idea of sandboxes an year or so ago and we have gotten far more options now to chose from.
I have been a bit more involved in the LiteLLM incident but I have read about the axios incident and in my research, I found this to be interesting[0] which could have helped. I feel like there are definitely ways to safeguard things which we should try out.
I don't know too much about Antivirus software so I can't speak about that but I feel like there are multiple interesting projects within this space.
My (personal opinion) is to keep the surface of exposure as low as possible. Relying solely on antivirus doesn't feel the best of scenarios and one of the things that I learnt from all of this is to keep a more active eye on security if-possible and to keep your attack surface low basically.
[0]: https://github.com/DataDog/supply-chain-firewall
I have been a bit more involved in the LiteLLM incident but I have read about the axios incident and in my research, I found this to be interesting[0] which could have helped. I feel like there are definitely ways to safeguard things which we should try out.
I don't know too much about Antivirus software so I can't speak about that but I feel like there are multiple interesting projects within this space.
My (personal opinion) is to keep the surface of exposure as low as possible. Relying solely on antivirus doesn't feel the best of scenarios and one of the things that I learnt from all of this is to keep a more active eye on security if-possible and to keep your attack surface low basically.
[0]: https://github.com/DataDog/supply-chain-firewall
I do consulting work with AWS + backend development and since agentic coding became a thing, I have started doing more internal admin websites - completely vibe coded. I never build/install/run websites or npm packages directly on my computer. I do everything inside Docker containers and have Claude debug websites using Docker + playwright + headless chrome and just give Claude temporary JWT tokens.
I feel like its a good approach, personally I am just using a 7$/yr vps or exe.dev (I had signed up on it since day one)
If someone wishes to do something like this, I recommend quickget for linux and orbstack for macos although quickget can work on mac.
I really like this project too https://github.com/losfair/bake
If someone wishes to do something like this, I recommend quickget for linux and orbstack for macos although quickget can work on mac.
I really like this project too https://github.com/losfair/bake
Our devs can't install software without an reason or check. External packages/modules/... have an 24 hour delay, except for retractions and are scanned for malware. Selinux does the rest and we encourage devs to write policies for their applications.
consumer EDR "could" detect it if everyone knew what to look for and the pricing was good. Unfortunately (or not) EDR for consumers is limited to really just the MS365 addon for Microsoft Defender for Endpoint (P2) which is $3 a month on top of your MS365 license (so looking at a good value if you already have an enterprise tenant even if solo). Downside: it's a firehose of information and is a full-time job managing for SMB. But to the other comment here: sandboxing / runtime isolation helps. It's more an onion than a strict wall. One failure shouldn't cause the city to collapse.
Anti virus software would be useless
However, with the rise of AI-assisted exploits/phishing and supply chain attacks, I've been reconsidering. We recently had an incident at work where CrowdStrike caught a RAT that a developer was inadvertently installing on their work computer.
1. Would consumer antivirus / EDR software even be good enough to block things like the Axios compromise?
2. What do you recommend?