alt Hacker NewsIf an OS needs antivirus for this, that OS has been designed wrong (excluding Linux, FreeBSD etc as the target audience isn't regular end users) in the first place.
An OS should NOT need antivirus, it needs proper sandbox and containerization.
Replies
There is no OS sandboxing and containerization which would prevent an internet facing software, like browsers, to be part of bot networks.
These are good to have, just like how it's good to have an antivirus. In some cases.
Most of the people download things which were checked before with an antivirus (like Play Store, App Store, GMail), or they don't really download anything outside of browsers (e.g. on desktop), so most of the people (almost everybody in case of percentage) don't need that much protection than 20 years ago. I also don't need neither OS level sandboxing, containerization, nor antivirus by default, because I know how to prevent compromise even without those. I, of course, use those when they are needed, when for example I install or browse something risky. But then I use a full blown VM, or an ultra sandboxed browser, and I know the risk, that there is nothing I can really do, if they use a vulnerability of my hardware for example.
- defense in depth means adding such an extra layer is a good idea
- an app can 100% stay within its sandbox and still be nefarious. For example, a password manager could secretly send all your passwords to Mr(s) Evil.