My Avast doesn't say anything when visiting those instances, although it blocks connections to derp.foo even when it's just pictures browsing from lemmy.world. It says it's being infected by "URL:Botnet".
Eh, it's kinda annoying but it does its job. Plus I hate subscriptions and the best free option I've found (I don't think they do one-time payment AVs anymore?) is Avast + Malwarebytes. What do you suggest?
That's the thing, I'm really paranoid and I don't trust my brain alone to judge what is an "obviously suspicious file". I might be exaggerating, but better safe than sorry.
Sure, but Windows Defender is built in and doesn't suck. I have even heard security professionals make the argument that anti viruses may increase attack surface as much or more than they defend you (not necessarily asserting that is the case).
Windows Defender is great, and MS has been adding really advanced protection including machine learning heuristics, etc. that make it really competitive. It is not 100% foolproof though, there's a lot of old and new viruses it will not detect.
Check out some of the virus gauntlets this channel runs Windows Defender (and other AVs) through: https://youtu.be/1DG3y3q8_9M. Even the latest Defender will often fail to detect a lot of threats. Of course, this channel is running known bad infected executables, and the best line of defense is just not to run executables from unknown sources. It's possible to just visit a malicious URL and get infected through JS though, so it gets a bit trickier.
I'm not familiar with the argument that antivirus software will increase your attack surface. That sounds interesting, do you have any links I could read up on?
I wish I could give you links! I think I heard it on a security focused podcast? It has been quite some time since I tried to stay current on this sort of thing in more than a casual way.