Interesting presentation, particularly the claim that "A[nti]V[irus] engines make your computer more vulnerable"

One of those vulnerabilities being, of course, the possibility of the AV software shooting itself in the foot, as demonstrated by the CrowdStrike fiasco.

Which also reminds me of the time back in 2012 when AV provider Sophos classified its own update kit as malware:

https://www.theregister.com/2012/09/20/sophos_auto_immune_up...

Antiviruses are technically unsound as they fundamentally introduce great risks. As the slides mention, they inject themselves into every corner of the system, intercepts and plays around with every data within reach. Since antiviruses are complex pieces of software, there's so many risk at play here.

First, there's the risk of sensitive data being leaked. There's also the risk of the antivirus itself coming under attack by the data it's fed. If there's malicious data in say, an HTTP request sent to a web server with antivirus installed, the antivirus will happily scan that data and get pwned. Despite that, numerous antivirus implementations open themselves up to privilege escalation attacks by running everything as root and using unsandboxed processes to scan potentially malicious data. To make things worse, they disable OS security mechanisms to make things easier for itself. The indifference and recklessness on display is egregious.

The effectiveness of antiviruses are also suspect to begin with. Defining what malicious programs are in a way that's clear enough for a computer to understand is an impossible feat. But even if we did manage that, computability theory tells us that it's impossible to write a computer program that can tell us whether there are any malicious code in any given program. Antiviruses defy math.