frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Ask HN: Do you trust AI agents with API keys / private keys?

5•devendra116•2h ago•5 comments

Ask HN: Anyone using Nostr as a lightweight back end/DB for rapid prototyping?

2•wasimsk•4h ago•0 comments

Ask HN: What should I do with my app? 130 downloads 3 real subscribers

2•oyaa52•4h ago•2 comments

Ask HN: Former grok-code-fast-1 users, what coding model are you using now?

2•whycombinetor•7h ago•2 comments

Ask HN: Any interesting niche hobbies?

478•e-topy•6d ago•726 comments

Is the pitch deck culture making founders worse at building businesses?

11•chinhqtran•22h ago•5 comments

Ask HN: Best books on building a programming language

15•ezzato•1d ago•7 comments

Ask HN: Hiring in the age of AI-assisted coding: what works?

26•nitramm•1d ago•15 comments

Ask HN: Agentic Permutation of Testing Paths In A System

4•davidajackson•13h ago•0 comments

Ask HN: What are you building that's not AI related?

142•meander_water•3d ago•191 comments

Tor Browser on Android leaks IP in desktop mode

13•shchess•18h ago•2 comments

Ask HN: Why Databases Instead of Filesystem?

12•uticus•1d ago•19 comments

Do founders' political views affect how you see a product?

4•rishikeshs•23h ago•3 comments

Ask HN: How do you handle marketing as a solo technical founder?

144•lazarkap•5d ago•106 comments

Any Open Source projects in need of documentation writer?

21•tree666•2d ago•13 comments

My AI workflow evolved from prompts to a near-autonomous workflow

4•hoangnnguyen•1d ago•8 comments

Ask HN: Has anyone reconsidered Antivirus software after recent security news?

4•pants2•12h ago•3 comments

I collected startup ideas. It changed how I think about ideas completely

9•vibecoder21•1d ago•11 comments

Is VC the new PMF strategy?

3•networkOne•1d ago•5 comments

Ask HN: Should AI credits be refunded on mistakes?

19•ed_elliott_asc•3d ago•19 comments

Zooming UIs in 2026: Prezi, impress.js, and why I built something different

101•tinchox6•5d ago•44 comments

Open Source card game cuttle.cards has its world championship Saturday at 1pm ET

4•aleph_one•1d ago•0 comments

Hybrid Attention

40•JohannaAlmeida•4d ago•9 comments

Ask HN: How do you manage your digital legacy for after you die?

15•orbanlevi•3d ago•15 comments

Ask HN: Are you encountering AI-related questions in the hiring market?

7•somthingwrong•2d ago•2 comments

Ask HN: Local-first meetings recorder and transcriber?

6•dandaka•2d ago•1 comments

Yuku – A fast, spec-compliant JavaScript parser written in Zig

6•arshadyaseen•2d ago•0 comments

You've reached the end!

Open in hackernews

Ask HN: Has anyone reconsidered Antivirus software after recent security news?

4•pants2•12h ago
Like most of you, I don't use antivirus software and haven't for years. Modern Macs (and PCs) are pretty secure by default.

However, with the rise of AI-assisted exploits/phishing and supply chain attacks, I've been reconsidering. We recently had an incident at work where CrowdStrike caught a RAT that a developer was inadvertently installing on their work computer.

1. Would consumer antivirus / EDR software even be good enough to block things like the Axios compromise?

2. What do you recommend?

Comments

Imustaskforhelp•11h ago
I feel like as someone who recently worked within helping in the aftermath of supply-chain attack. I personally recommend to instill good practices to sandbox things properly, both as a developer publishing libraries yourself and as someone who uses libraries . There are some good projects out there which can do the sandboxing for you and I am seeing a ton of explosion in this space recently something which is good to have as I had the idea of sandboxes an year or so ago and we have gotten far more options now to chose from.

I have been a bit more involved in the LiteLLM incident but I have read about the axios incident and in my research, I found this to be interesting[0] which could have helped. I feel like there are definitely ways to safeguard things which we should try out.

I don't know too much about Antivirus software so I can't speak about that but I feel like there are multiple interesting projects within this space.

My (personal opinion) is to keep the surface of exposure as low as possible. Relying solely on antivirus doesn't feel the best of scenarios and one of the things that I learnt from all of this is to keep a more active eye on security if-possible and to keep your attack surface low basically.

[0]: https://github.com/DataDog/supply-chain-firewall

evs91•11h ago
consumer EDR "could" detect it if everyone knew what to look for and the pricing was good. Unfortunately (or not) EDR for consumers is limited to really just the MS365 addon for Microsoft Defender for Endpoint (P2) which is $3 a month on top of your MS365 license (so looking at a good value if you already have an enterprise tenant even if solo). Downside: it's a firehose of information and is a full-time job managing for SMB. But to the other comment here: sandboxing / runtime isolation helps. It's more an onion than a strict wall. One failure shouldn't cause the city to collapse.
stop50•10h ago
Our devs can't install software without an reason or check. External packages/modules/... have an 24 hour delay, except for retractions and are scanned for malware. Selinux does the rest and we encourage devs to write policies for their applications.