this post was submitted on 19 Jul 2024
2018 points (99.1% liked)
linuxmemes
21172 readers
1083 users here now
Hint: :q!
Sister communities:
- LemmyMemes: Memes
- LemmyShitpost: Anything and everything goes.
- RISA: Star Trek memes and shitposts
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack members of the community for any reason.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
- These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudo
in Windows. - No porn. Even if you watch it on a Linux machine.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
Please report posts and comments that break these rules!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That's... Not great. I didn't actually think about what all these wild AV systems could do, but that's incredibly broad access.
Maybe I'm just old, but it always strikes me as odd that you'd spend so much money on that much intrusive power that on a good day slows your machines down and on a bad day this happens.
I get that Users are stupid. But maybe you shouldn't let users install anything. And maybe your machines shouldn't have access to things that can give them malware. Some times, you don't need everything connected to a network.
Always has been. I've clean Symantec A/V off way too many systems in my time, post BSOD. That crap came pre-loaded on so many systems, and then borked them. The problem is, that in order to actually protect system from malware, the A/V has to have full, kernel level access. So, when it goes sideways, it usually takes the system down. I've seen BSODs caused by just about every vendor's A/V or EDR product. Shit happens. Everyone makes mistakes, but when that mistake is in A/V or EDR, it usually means a BSOD.
It's tough. The Internet and access to networks provides some pretty good advantages to users. But, it also means users making mistakes and executing malware. And much of the malware now is targeted at user level access; so, you can't even prevent malware by denying local admin/root. Ransomware and infostealers don't need it. A/V ends up being a bit of a backstop to some of that. Sure, it mostly is a waste of resources and can break stuff when things go bad. But, it can also catch ransomware or alert network defenders to infostealers. And either of those can result in a really, really bad day. A ransomed network is a nightmare. And credentials being stolen and not known about can lead to all kinds of bad stuff. If A/V catches or alerts you to just one or two of those events and lets you take action early, it may pay for itself (even with this sort of FUBAR situation) several times over.
Fair. Thanks for that counterpoint.