34

The company anti virus is taking up 80% of my CPU on the company laptop

Pain

Comments
  • 4
    securiteee
  • 4
    How come the least knowledgable person makes hardware/software decisions for everyone?

    Why the fuck does an IT guy decide that a DevOps person like me must use Windows?

    DevOps > IT > exec
  • 5
    Put the av inside a VM, and limit it....
  • 5
    @Nihil75 say it slows down your work. Take 30 min to migrate to Linux and say Duck you to all windows programs

    Oh u could also say u don't need windows av, because u don't have windows. Problem is solved. No windows = no problems
  • 5
    If someone thinks that a antivirus increase security, then he has no idea about it security.

    A antivirus opens up many security vulnerabilities and will have at least as many vulnerabilities as the software it protects except when you put a lot more effort in it then in all software it tries to protect*. But then, you better put that effort in the security of your main software.

    *A antivirus needs to open / execute the same stuff as the software it tries to protect and needs to be able to parse and understand the same files. But that means, a security vulnerabilities that is possible in any normal software is more likely to be found in a antivirus.
  • 1
    @darkwind I wish... in large corps or stupid companies it's usually not an option.

    "oh, we need you on windows with this AV for compliance"

    "oh, our VPN only works from windows"

    "we limit acess rights using group policy (again for compliance"

    fucking joke. suits making rules for suits making rules for devs.
  • 3
    @happygimp0 It's all compliance. tick the box that says "AV on all laptops", then you can have cyber-insurance/cert.

    It's the same crap as "must have data encrypted at rest".

    Really? do hackers get the data at rest? are they going to break into datacenter and steal HDD ?

    Or are they going to find breach in app and download everything when it's already decrypted?
  • 3
    @Nihil75 have windows at their PC for compliance, and work as normal person on linux at laptop xD
  • 2
    @darkwind You can't!

    "Only whitelabeled PCs allowed on the LAN"

    Or VPN certs not available.

    What most people do is work in a Linux VM on the windows laptop, or use WSL or Cygwin
  • 4
    @Nihil75 urgh. Anyway, I would not agree to work at any cost on Windows because...

    ...Windows is a subject to installed spyware/invasive time trackers on purpose by company.

    I trust my company to have only my computer, when it is having filesystem encrypted Kubuntu xD

    if they insist on windows, then something is fishy. Having comfortable work environment is important enough to get through usually.
  • 1
    Ah yes, the good old antivirus shitfuckery... security by slowing down your PC so viruses don't get as much CPU time lol
    Our corporate "Antivirus" injects its own MITM TLS Certificates into all TLS traffic... they'll read all your encrypted packets and prolly send the content to Google or some other company in the "mining" business... fuck those corrupt ass-births!
  • 1
    @darkwind well ironically the windows laptops we have from the company are glorified browsers, aside from one or two company tools I need to use.

    Vscode connects to a linux virtual machine via ssh and I develop 100% remote.

    I dont even have a compiler installed on the windows system.
  • 2
    @happygimp0 That's just not true. AV isn't executing anything. It's looking at byte patterns and performing heuristic analysis on the executable, it's not literally executing programs to see what they do. That would be nuts.

    It's true that AV can open up some new holes potentially, but those are actually very rarely exploited and not worth getting worked up about (as long as you're using a reputable vendor this shouldn't be a major concern).

    And, AV is useful for average users who just don't use their brains much, which is most of them in corporate environments. They're not going to be smart about what they open, and AV can protect against that carelessness to at least some degree.

    I loathe the AV on my corporate machine making my Friday's pretty much useless because it chews up so many resources, but generally-speaking, in a corporate environment, AV is still valuable just because of how dumb business users (outside of IT I'm tallking) tend to be.
  • 1
    @fzammetti If the data is arbitrary code that will be executed / interpreted, you have to execute in order to know what it does. Of course there are simple programs where this isn't needed but it is for most programs. Most antivirus test code in a sandbox.

    For the data, a antivirus often has to interpret the data. One example are compressed data that the antivirus needs to extract.

    There are countless examples of (exploited) antivirus vulnerabilities.

    If you don't use your brain, no software can help you. Even when your antivirus wouldn't have any vulnerabilities.
  • 0
    @magicMirror move to Linux and use Windows vm for workloads, if broken Recreate VM from snapshot.
  • 1
    Corp Laptop are mostly crap
  • 0
    @LotsOfCaffeine ask for a raspberry Pi as Desktop PC instead.
  • 1
    So, stop building viruses ? 🤷‍♂️
  • 1
    If you have admin access, disable it

    We can worry about compliance later
  • 0
    @happygimp0 I'm not going to say there's no AV that runs programs in a sandbox as you're describing because I don't know every AV in the world and maybe there's one that does, but most simply don't work that way. Think about what you're saying: creating a sandbox for each program, running it, and looking for bad behavior would be incredibly resource-intensive and wouldn't even be a valid test because that sandbox can't reflect the true full current state of the system. It's not what happens because it's not feasible at scale while maintaining reasonable system responsiveness. AV scans for known signatures, and for recognized byte patterns indicating possibly nefarious activity potential even if it's not a known malware signature, and most scan in real-time using heuristic analysis looking for untrustworthy behavior on-the-fly. There's no sandboxed execution because AV would crush an average business PC more than it already does (plus the possibility of a test run escaping the sandbox).
  • 1
    @darkwind "No windows = no problems"

    tell that to our corporate which was installing mcafee on linux servers
Add Comment