I’m not defending CrowdStrike here. This is a clearly egregious lack of test coverage, but CrowdStrike isn’t “just” antivirus. The Falcon Sensor does very useful things beyond that, like USB device control, firewall configuration, reporting, etc.

If your use case has a lesser need for antimalware you might still deploy CrowdStrike to achieve those ends. Which help to lessen reliance on antimalware as a singular defense (which of course it shouldn’t be).

I know it isn't just antivirus. I was merely drawing a simpler analogy.

It's not just those darn windows admins. Alot of the certifications customers care about- SOC II, ISO whatever, FedRamp, have line items that require it.

I've had to install server antivirus onto my Linux laptop at 4 different companies. Every time it's been a pain in the ass because the the only antivirus solutions I've found for Linux assume that "this must be a file server used by Windows clients". None of them are actually useful, so I've installed them and disabled them. There, box-checking exercise done.

> For the same reasons there's antivirus software for Mac and Linux.

Because they can also get malware or could use the extra control CS provides, and the "I'm not a significant target so I'm safe" is not really a solid defense? Bad quality protection (as exemplified by the present CS issues) isn't a justification for no protection at all.

Would you ignore the principle of least privilege (least user access) and walk around with all the keys to the kingdom just because you're savvier than most at detecting an attack and anyway you're only one person, what are the chances you're targeted? You're the Linux/MacOS of the user world, and "everyone knows those principles are only for the Windows equivalent of users".

I'm not arguing that Linux or Mac need no protection.

There are serious threats to any Linux machine. And if you include Android, there are probably far more Linux machines out there. Hell, including their navigation, router, NAS, TV, and car, my 70+ yo mom runs at least 5 Linux machines at her home. It's a significant target. And Mac is quite obviously a neat target, if only because the demographic usually has higher income (hardly any Bangladeshi sweatshop worker will put down the cash to buy a MacBook or iphone. But might just own an Android or windows laptop)

I'm arguing that viruses aren't a threat, generally. Partly due to the architecture, partly due to their useage.

Neither Linux nor OSX are immune to viruses, though malware is more commonly written to target Windows given its position in the market. Both iOS and Android are frequent malware targets despite neither being related to Windows, and consequently, both have antivirus capabilities integrated deeply into both the OS and the app delivery ecosystem.

Any OS deployed on a user device needs some form of malware protection unless the device is blocked from doing anything interesting. You can generally forgo anti-malware on servers that are doing one thing that requires a smaller set of permissions (e.g., serving a website), but that's not because of the OS they are running.

Wut?

You can’t run ClamAV on iPhone, can you?

No, ClamAV doesn't have an iOS version. There are plenty of iOS-specific AV programs available if you need one, though.

I just looked, and your claim is very misleading.

Sure, “AVG Mobile Security” is available, but nobody needs it, and it isn’t anything like antivirus software on a computer. It provides... a photo vault, a VPN, and “identity protection.”

To tell people that they are vulnerable without something like this on their iPhone is ludicrous.

Nobody meeds antivirus software or malware protection like this on their iPhone, unless they like just giving money away.

If you'll scroll up to the comment you originally replied to, you'll see that I said Android and iOS have AV capabilities built into the OS and app delivery ecosystem. That's more than enough for most users: mobile OSes have something much closer to a capability-based security paradigm than desktop OSes, and both Apple and Google are pretty quick to nerf app behavior that subverts user expectations via system updates (unless it was done by the platform to support ad sales).

Your mobile device is a Turing machine, and as such it is vulnerable to malware. However, the built-in protections are probably sufficient unless you have a specific reason to believe they are not.

The only AV software for mobile devices that I have seen used is bundled with corporate "endpoint management" features like a VPN, patch and policy management, and remote wipe support. It's for enterprise customers that provision phones for their employees.

You said…

> You can generally forgo anti-malware on servers that are doing one thing that requires a smaller set of permissions (e.g., serving a website), but that's not because of the OS they are running.

It seems to me like you’re trying to have it both ways.

It really is because of the OS that one doesn’t need to run anti-malware software on those servers and also on the iPhone, which you seem to have admitted.

It seems like we're both trying to make a distinction that the other person thinks is unimportant. But if the crucial marker for you is whether anti-malware protection is built into the OS, then I've got great news for you: Windows has built-in AV, too, and it's more than enough for most users.

The distinction I was trying to make is that the anti-malware strategy used by servers (restrict what the user can do, use formal change control processes, monitor performance trends and compare resource utilization against a baseline and expectations inferred from incoming work metrics) is different from the anti malware strategy used by "endpoints" (scanning binaries and running processes for suspicious patterns).

I'd say very special people need malware protection like this on their iPhone.

Remember NSO Group? Or the campaign Kaspersky exposed last year? Apple successfully made malware on iOS very rare unless you are targeted. But right now, it is impossible for these targeted people to get any kind of protection. Even forensics after being compromised is extremely difficult thanks to Apple's walled garden approach.

It depends on what you mean by “like this.”

The usefulness of a theoretical app that might be able to stop high-power exploits isn’t being debated. The claim I’m objecting to is that everybody should be running (available) antivirus software on their phone.

But if you mean that these highly targeted people would have been helped by running “AVG Mobile Security” or one of the other available so-called “antivirus” apps, then I’ve got an enterprise security contract to sell you. :)

> The claim I’m objecting to is that everybody should be running (available) antivirus software on their phone.

You're objecting to the (much more specific) claim that everybody should be running 3P antivirus software on their phone. Nobody made this claim. You are already running AV software on your phone, and whatever is built into the platform is more than sufficient for most users.

It's not just fake demand, it's required in most instances (example- STIG requirements)

fake requirements?

I spent some time on STIG website out of curiosity. There seem to be down-to-earth practical requirements but only for Windows, cf. https://public.cyber.mil/stigs/gpo/

Why does it justify running antiviri on Linux is beyond my understanding.

Weak, impotent, speechless IT personnel that can not face off incompetence?

Except at least on the Mac, your AV software is unlikely to be part of the boot process, and doesn't run in the kernel.

Shit like today is precisely why Apple kicked Mac developers out of kernel-space for the most part.