So what are the bad sides? I think the only bad sides I can think of are either bloated operations and lower success rates at detections. As I mentioned all AV products have sucked. Most of the newer products coming out are doing a much better job at keeping their footprint small. Currently my SEP instance is running under 30 MB (all processes). ESET at home runs about 20MB (just the AV). What happens is that people freak out and install 2-3 different anti-malware products that run at the same time (Anti-Virus, Anti-spyware, Firewall etc...). Most retail anti-virus products come with the whole package and include the ability to detect other malware besides viruses. The devs are really making sure that their product doesn't muck up the system.
I think alot of products get a bad rep due to users not properly cleaning out temp files and allow for heavy fragmentation to occur which makes the AV products work much harder.
Just my thoughts...
0. A false positive that removes a critical file, which has happened before... even fairly recently
1. AV software could have its own vulnerabilities... some have been discovered before
2. People who don't know any better and have WAY too much confidence in AV software's detection rate
3. People who think AV software is all they need to protect themselves from malware
4. AV software can remove important evidence (e.g. remove malware, fix configuration, changes atime on files) and leave an investigator with nothing but a "generic trojan found" to go on.
But yeah, AV software may have problems, but it's usually the average person's only form of detection.
General Certification : CPT Practical Submission
