Wired released an article a few days ago regarding anti-virus and its usefulness. In it, a few infosec guys said they don't use it. Since then, there's been a lot of chatter in my Twitter feed about it and it seems to have shifted from the perspective of an infosec person using it or not, to the perspective of whether or not to use it in an enterprise. I've seen a lot of arguments...
- Pros: It does stop some malware
- Cons: It doesn't stop everything
Not using it:
- Cons: Machine is completely vulnerable, doesn't even have the benefits of the vendor definitions that will block some malware.
- Pros - ...?
Most of the arguments for not using it seem to be playing devils advocate and are looking for data to prove one way or the other. But one thing I've noticed is that I haven't seen is a "pro" argument for not using it, and the only thing I can think of is that you gain some CPU cycles back. I remember awhile back when AV really used to bog down a machine depending on the vendor, but it's gotten a lot better since then and can run quite idle in the background. Am I missing something else?