1 files changed, 0 insertions, 197 deletions

diff --git a/posts/2020-12-29-antivirus-software-is-a-hack.html b/posts/2020-12-29-antivirus-software-is-a-hack.html
deleted file mode 100644
index 5c602a2..0000000
--- a/posts/2020-12-29-antivirus-software-is-a-hack.html
+++ /dev/null
@@ -1,197 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-  <head>
-    <link rel="stylesheet" href="/includes/stylesheet.css" />
-    <meta charset="utf-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1" />
-    <meta
-      property="og:description"
-      content="The World Wide Web pages of Adam Carpenter"
-    />
-    <meta
-      property="og:image"
-      content="https://nextcloud.53hor.net/index.php/s/Nx9e7iHbw4t99wo/preview"
-    />
-    <meta property="og:site_name" content="53hor.net" />
-    <meta property="og:title" content="Antivirus Software is a Hack" />
-    <meta property="og:type" content="website" />
-    <meta property="og:url" content="https://www.53hor.net" />
-    <title>53hornet ➙ Antivirus Software is a Hack</title>
-  </head>
-
-  <body>
-    <nav>
-      <ul>
-        <li>
-          <a href="/">
-            <img alt="home" src="/includes/icons/home-roof.svg" />
-            Home
-          </a>
-        </li>
-        <li>
-          <a href="/info.html">
-            <img alt="information" src="/includes/icons/information-variant.svg" />
-            Info
-          </a>
-        </li>
-        <li>
-          <a href="https://git.53hor.net">
-            <img alt="git" src="/includes/icons/git.svg" />
-            Repos
-          </a>
-        </li>
-        <li>
-          <a href="/software.html">
-            <img alt="software" src="/includes/icons/floppy-variant.svg" />
-            Software
-          </a>
-        </li>
-        <li>
-          <a type="application/rss+xml" href="/rss.xml">
-            <img alt="rss" src="/includes/icons/rss.svg" />
-            RSS
-          </a>
-        </li>
-      </ul>
-    </nav>
-
-    <article>
-      <h1>Antivirus Software is a Hack</h1>
-
-      <p>
-        <img
-          src="https://nextcloud.53hor.net/index.php/s/jJoFoA7Ppjb7rey/preview"
-        />
-      </p>
-
-      <p class="description">
-        I read a really terrific article today about computer security and
-        really dumb ideas or trends that have developed in this field. It's
-        <a
-          href="https://www.ranum.com/security/computer_security/editorials/dumb/"
-          >M. Ranum's <em>The Six Dumbest Ideas in Computer Security</em></a
-        >, and I highly recommend reading through the whole thing. It's got
-        great anecdotes and really simple language for what I consider to be
-        some of the obvious issues with the way programmers and sysadmins think
-        about security (myself included). One portion of it (idea #2), however,
-        finally put something into words that I've felt for a really long time.
-        It enables me to explain why I think all antivirus software is a total
-        hack and is virtually useless.
-      </p>
-
-      <blockquote>
-        hack<br />
-        1. n. Originally, a quick job that produces what is needed, but not
-        well.
-        <br />
-        <cite>-- The Jargon File (version 4.4.7, 29 Dec 2003) [jargon]</cite>
-      </blockquote>
-
-      <p>
-        This is the Jargon File's definition of a hack. And to me, this is what
-        antivirus software is. Antivirus software, as I understand it, emerged
-        in the mid to late 1980s and became prolific in the 1990s. In the 2000s
-        it was considered an essential piece of software and people were paying
-        for yearly subscriptions for antivirus suites from Norton, Avast, and
-        McAfee.
-      </p>
-
-      <p>
-        The most basic functionality of an antivirus program is to determine
-        whether malware exists on a host operating system. The typical method of
-        doing this is to use a collection of virus definitions and compare each
-        and every potentially-infected file with each and every definition to
-        determine whether the file is malware or has been infected by some. An
-        over-simplified way of implementing this is to store a collection of
-        hashes, each taken from a known potentially unwanted program or
-        infectious executable. You can then hash entire files or portions of
-        files and compare the checksums to see whether a file contains or is
-        equivalent to the definition, and is therefore infected and shouldn't be
-        executed. Some security suites go beyond this with heuristic matching,
-        but if you run an antivirus that has to "update definitions" on a
-        routine basis, it probably works something like this*. With any luck, it
-        does it without being a total detriment to system performance. Ideally
-        it also doesn't act like a piece of malware itself by making itself near
-        impossible to remove (looking at you, McAfee).
-      </p>
-
-      <p>
-        To me, a virus definition database is "enumerating badness" (Ranum's
-        Dumb Idea #2). The premise is that it is not only logical but even
-        possible to compile a list of <em>all</em> potentially unwanted
-        programs, viruses, ransomware, and worms. An environment of trust should
-        be built around the programs that you want to run (read:
-        <em>allow to run</em>), not the other way around. Picture an operating
-        system where no binary file can be executed unless it is specifically
-        flagged as being allowed to. Oh and picture also being able to restrict
-        this execution to just the file's owner, or other groups of users.
-        Wouldn't it be easier to store the list of 30 odd programs that you and
-        other system users trust to be run than the thousands (millions?) of
-        programs that are infectious, forbidden, or unwanted? What about when
-        those trusted applications become compromised? Would it not also be
-        easier to maintain a list of checksums for those binaries and compare
-        those checksums before they're executed to make sure they haven't been
-        infected or replaced?
-      </p>
-
-      <p>
-        The answer is yes, it would be easier. And yes, it is easier. Of course,
-        your system has to work that way. Antivirus software is a hack because
-        it's a hack-y solution to a problem that has a better, simpler solution.
-        It also has the potential for making a ton of money but I won't go into
-        that. It's easier to enumerate goodness, to specifically open up to a
-        select few trustworthy applications. Good lists are usually shorter than
-        bad lists. This builds on top of Ranum's Dumb Idea #1: Default Permit.
-        You wouldn't configure a firewall to just block some known bad ports and
-        traffic. You configure it to block all of it, and then whitelist the
-        ones you know you can trust. You wouldn't configure a browser ad-blocker
-        to permit all ads, and select the ones you don't want to see. You block
-        all of them! Then, if there are sites or ads you're okay with seeing,
-        you whitelist them. You shouldn't default permit all programs to be
-        given control over your computer, and then meticulously list the ones
-        that don't have that permission.
-      </p>
-
-      <p>
-        Oh and of course, as always, there's free software that lets you do
-        this. You don't have to pay for an antivirus suite, or even use an
-        unpaid one that slows down your computer or barrages you with ads. On
-        the BSDs and virtually all Linux distributions, there are built-in tools
-        to control access and execution of binaries. There are additional tools
-        that you can install that check whether binaries (in locations like
-        <code>/bin</code> or <code>/usr/local/bin</code> have been modified
-        since you last used them. On Windows, the story is a little different.
-        Most home Windows 10 users are automatically allowed to install and run
-        any software they want to by default. Windows Server does have Software
-        Restriction Policies that allow you to create a "default deny" policy
-        and whitelist only the software that's allowed to run. If you're using a
-        home edition you probably have to look for software that lets you do
-        this. I haven't tried any of them so I'm not going to endorse or even
-        name them here.
-      </p>
-
-      <p>
-        Preventing malware from running on your system is a problem. Solving
-        this problem is the right thing to do. But please, try to solve it the
-        right way. I stopped using an antivirus after I moved out and got to
-        control my own computer. I don't think it ever did me any good besides
-        flag false positives (a lot of the time with programs or applications
-        that I wrote, which weren't malicious in any way!) and grind my spinning
-        disk to a halt. Evaluate what software you use. Is most of it online?
-        Are there one or two applications that you know you need to use? How
-        often do you install and use unknown or untrusted software? Odds are you
-        can come up with a list of very few programs that you want or need to
-        use. If it's less than 100,000, you're probably better off with a
-        default deny policy than an antivirus suite.
-      </p>
-
-      <p>
-        * What I didn't mention here is that as soon as a new piece of malware
-        is constructed, if it's different enough from its predecessors, it's
-        impervious to all antivirus suites on the planet that don't have it in
-        their definitions. So until that malware is used, detected, and added to
-        the list, it has free reign.
-      </p>
-    </article>
-  </body>
-</html>