Not that it matters in this instance, but AV companies forcing you to turn off other security mechanisms(ie. SELinux) should really raise more red flags.

I don't see a better solution. Antiviruses are required to be invasive for behavioral based detection. The alternative would be to have a modified/patched kernel or forgo behavioral analysis completely.

I'm a little nervous about the disclosure timeframes here. This post with exploit code was released only ~24 hours after the patch. Would it have been impossible to allow a slightly longer window for long-tail users to update?

> On MacOS ... ESET opt-out of DEP by not setting the MH_NO_HEAP_EXECUTION flag in their Mach header

Doesn't Xcode by default mark heap as non-executable?

Yes, by setting the MN_NO_HEAP_EXECUTION flag in the Mach header..

ESET is still the best antivirus in my opinion. Doesn't drag down the machine's performance. Few negatives. The most real positives. - just a customer.

Few negatives. The most real positives. Is, in a meaningful sense, itself a kind of dangerous malware. Verdict: best A/v product.

"This Satan guy is still the best babysitter in my opinion. Doesn't cost a fortune, always has the kids in bed when we get home, and they love him. Only requires us to sacrifice one of them on an altar to him when they reach middle school."

ESET execute malicious code even if I don't click on things. It doesn't take a lot of resources on my machine though, and I like the UI. Pretty good product.