Yes, I do. AV is hairy systems code that hooks the OS in a bunch of places, and IT managers demand that it be very manageable, so it tends to have remote management and reporting UIs.
The long and nasty history of RCE flaws, not just horrible stuff like this but subtler stuff buried in the file format parsers, is all the data I feel like I need.
Right. (But that's one AV vendor. Others have the same possibility, of course.) But is it still better (more secure) to run without any AV at all? Something like this leaves you vulnerable to that flaw, but no AV leaves you vulnerable to everything (unless a firewall saves you).
Yes, unless you are clueless and execute any executable that manages to hop onto your machine.
AV is complex code that handles huge amounts of untrusted data, so it's a major increase in attack surface. Also, it cannot work, as it's an instance of blacklist security, which never works. So, no upside, huge potential downside.
