Each to their own I suppose. Used to use Linux firewall (iptables) when I was using Windows as a main OS simply because the world said I needed an AV which in turn meant protection all round. IT was a way to make money when peeps knew as much as the IT bloke so setting up firewalls/AV on networks was money for jam. Stopped using an AV beta testing Vista 64, never had an issue (that I'm aware of) since, so never concerned with linux anything after that - call it using the top 2 inches. Used an old duel core over the past 8 years using ubuntu server as a ... server, for all incoming and mail but have retired that as my emails all come through my webserver and again to my knowledge, no problems. Do I want to run an AV or the likes of a UFW (Uncomplicated Firewall) to check, look, scan, intrude, block, ? .. No thanks. I'm a simple linux user that keeps nothing personal on my systems for anyone to look at. If I did, I need to question myself as to why. Yeah, I look online (just browsing), download, upload, try anything that has appeal or need. I go outside (eeek), drive a car or 5 (boy racer), hit the shops (spends money), bottle store (piss head), check out da luvly ladies (is that porn he watches?). Looks like I need a AV and firewall around my everyday life off the computer.
In my opinion I wouldn't say AV's are entirely useless, in same situations and depending how good the guy behind the Screen seems, it makes more or less sense to use an real-time protection product or not. I think in most cases it's not anymore to infect you and try to bring the machine down it's more These days cloud or crowd based attacks like DOS or data theft attacks to steal your private data. So the AV must (to protect) also Interface in your entire System configuration e.g. to Monitor the SSL/TLS certificates, hosts changes and other Things. That's the reason I think the first line of defense should be the protocols and a mechanism to Control over that, like iptables and proper encrypted protocols e.g. if possible I avoid to use online Banking pages and such not only because I don't use online Banking, more because I know there is an hacker interest on such pages to get Logins and that means (often) that the site will be compromised by XSS attacks and other methods. So my security Setup is: * harden the kernel to 'secure' the protocols and the kernel itself from several attacks * Use alternatives as much as possible and (if I can understand the Code) open source (makes no sense to recommed open source oll over again and again if no one understand the Code or looked into it) * dnscrypt + unbound as Cache (4 hrs Cache) * Use a hardened distro like Ubuntu (with latest beta kernels) and/or Quobes OS for critical Actions like if somone wants physically Access to my Laptop (e.g. on work). * Use instead of Passwords crypted ssh key's or simply choose an Password and encrypt it into base64 * Hardened Firefox config e.g. to fix dns leakage or telemetry (but recently FF got for most stuff already toggles via gui) * I only real-time scan stuff via VirusTotal or similar Services if I'm really unsure * Not use or if possible not use any Services without Zero knowleage + proper encryptions so that not even they can see my data * Trust is the real Problem, since no matter if you use an AV or alternative DNS Server like OpenDNS (Cisco btw) or such, you simply must trust them ... Saying we not log is no proof. * I use a whitelist by only unlocking stuff I really Need, this mostly breaks stuff but you can be sure nothing pass the wall until you allowed it. * Use an non stock Firmware for the Hardware (e.g. router) which will get more often and faster updates * Since I trust Mozilla I use Services from them, like the Browser, several certificates and other fixes * .. other stuff I forgot Imho such Tests are all suboptimal, because the Scenarios are very unrealistic and are depending on the AV Settings (mostly they use Default Settings). In fact no one or only less People use Defaults in any Software/products just because hardening or Play with them to Show how good or bad it works under real machines and daily usages.
About 5+ years ago I went on a lockdown trip with my home network. I wanted to know everything that was happening, who, why and when and be in total control. Nothing comes in or out without my express knowledge and permission. It was fun to do for something to try, and I learned a few things along the way - all good. These days, I couldn't care much about it. Just personal preference I guess. Instead of going the whole security thing, I just use software that incrementally backs up any changes to my system to a 16TB RAID external enclosure should anything happen, a few clicks of the mouse and its back to how it was before the problems. I guess its all personal choices how we go about it.