The company anti virus is taking up 80% of my CPU on the company laptop

Pain

securiteee

How come the least knowledgable person makes hardware/software decisions for everyone?

Why the fuck does an IT guy decide that a DevOps person like me must use Windows?

DevOps > IT > exec

Put the av inside a VM, and limit it....

@Nihil75 say it slows down your work. Take 30 min to migrate to Linux and say Duck you to all windows programs

Oh u could also say u don't need windows av, because u don't have windows. Problem is solved. No windows = no problems

If someone thinks that a antivirus increase security, then he has no idea about it security.

A antivirus opens up many security vulnerabilities and will have at least as many vulnerabilities as the software it protects except when you put a lot more effort in it then in all software it tries to protect*. But then, you better put that effort in the security of your main software.

*A antivirus needs to open / execute the same stuff as the software it tries to protect and needs to be able to parse and understand the same files. But that means, a security vulnerabilities that is possible in any normal software is more likely to be found in a antivirus.

@darkwind I wish... in large corps or stupid companies it's usually not an option.

"oh, we need you on windows with this AV for compliance"

"oh, our VPN only works from windows"

"we limit acess rights using group policy (again for compliance"

fucking joke. suits making rules for suits making rules for devs.

@happygimp0 It's all compliance. tick the box that says "AV on all laptops", then you can have cyber-insurance/cert.

It's the same crap as "must have data encrypted at rest".

Really? do hackers get the data at rest? are they going to break into datacenter and steal HDD ?

Or are they going to find breach in app and download everything when it's already decrypted?

@Nihil75 have windows at their PC for compliance, and work as normal person on linux at laptop xD

@darkwind You can't!

"Only whitelabeled PCs allowed on the LAN"

Or VPN certs not available.

What most people do is work in a Linux VM on the windows laptop, or use WSL or Cygwin

@Nihil75 urgh. Anyway, I would not agree to work at any cost on Windows because...

...Windows is a subject to installed spyware/invasive time trackers on purpose by company.

I trust my company to have only my computer, when it is having filesystem encrypted Kubuntu xD

if they insist on windows, then something is fishy. Having comfortable work environment is important enough to get through usually.

Ah yes, the good old antivirus shitfuckery... security by slowing down your PC so viruses don't get as much CPU time lol
Our corporate "Antivirus" injects its own MITM TLS Certificates into all TLS traffic... they'll read all your encrypted packets and prolly send the content to Google or some other company in the "mining" business... fuck those corrupt ass-births!

@darkwind well ironically the windows laptops we have from the company are glorified browsers, aside from one or two company tools I need to use.

Vscode connects to a linux virtual machine via ssh and I develop 100% remote.

I dont even have a compiler installed on the windows system.

@fzammetti If the data is arbitrary code that will be executed / interpreted, you have to execute in order to know what it does. Of course there are simple programs where this isn't needed but it is for most programs. Most antivirus test code in a sandbox.

For the data, a antivirus often has to interpret the data. One example are compressed data that the antivirus needs to extract.

There are countless examples of (exploited) antivirus vulnerabilities.

If you don't use your brain, no software can help you. Even when your antivirus wouldn't have any vulnerabilities.

@magicMirror move to Linux and use Windows vm for workloads, if broken Recreate VM from snapshot.

Corp Laptop are mostly crap

@LotsOfCaffeine ask for a raspberry Pi as Desktop PC instead.

So, stop building viruses ? 🤷‍♂️

If you have admin access, disable it

We can worry about compliance later

@darkwind "No windows = no problems"

tell that to our corporate which was installing mcafee on linux servers