Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Security Firefox Google Microsoft Software Windows

Google Chrome Engineer Says Windows Defender 'the Only Well Behaved Antivirus', Cites 'Tons of Empirical Data' (onmsft.com) 231

Days after former Firefox developer Robert O'Callahan said that antivirus security suites are not necessary, and AV vendors are of little help. A Google Chrome engineer has echoed the same message, reaffirming that Microsoft's built-in software is indeed the most well-behaved security suite. From a report: Apparently the disdain for 3rd party AV solutions runs deep amongst browser developers, as in response to the threads a Google engineer, Justin Schuh, had this to say: "Browser makers don't complain about Microsoft Defender because we have tons of empirical data showing that it's the only well behaved AV."
This discussion has been archived. No new comments can be posted.

Google Chrome Engineer Says Windows Defender 'the Only Well Behaved Antivirus', Cites 'Tons of Empirical Data'

Comments Filter:
  • I'd agree (Score:5, Insightful)

    by Anonymous Coward on Wednesday February 01, 2017 @10:07AM (#53780189)

    I tend to agree. I used to have third party anti-virus on the wife's machine and the kids' machine, but really the most effective malware prevention is to take away root/admin privileges altogether. Anti-virus doesn't protect against the stupidity of users. If they install malware, no anti-virus will stop them. Almost everything that the anti-virus software caught was benign and were false alarms. And despite being useless, the crap software was a resource hog.

    I have since uninstalled anti-virus. I will do an occasional malware bytes scan, but have done so less and less frequently as I find little but tracking cookies.

    So, yes, I agree with this report.

    • Re:I'd agree (Score:5, Informative)

      by RogueyWon ( 735973 ) on Wednesday February 01, 2017 @10:48AM (#53780441) Journal

      Same here, to be honest. AVG became unusable due to bloat a couple of years ago. Avast can have some serious issues when presented with a combination of Windows 10 with Anniversary Update and a Skylake CPU. The remainder all seem to be as bad as much of the malware they ostensibly protect you from.

      I confess I spent a while feeling paranoid after I finally gave in and uninstalled Avast, but a few months on, I've had no problems with a combination of Windows Defender and a weekly Malwarebytes scan.

      • Same here, to be honest. AVG became unusable due to bloat a couple of years ago. Avast can have some serious issues when presented with a combination of Windows 10 with Anniversary Update and a Skylake CPU. The remainder all seem to be as bad as much of the malware they ostensibly protect you from.

        I confess I spent a while feeling paranoid after I finally gave in and uninstalled Avast, but a few months on, I've had no problems with a combination of Windows Defender and a weekly Malwarebytes scan.

        I've had no problem with Avast, Win 10, and the i5 Skylake on my Surface Pro 4. Not saying that there isn't one, just that I haven't experienced it.

        My current security setup for all of my computers is Avast, Spybot S&D, and Spybot Anti-Beacon. The primary reason why I run Avast vs Defender is because Avast scans email on arrival and when sending and seems to have a bit more advanced protection. Defender only scans email when you open an attachment. One of these days, maybe my next computer, I'll dro

      • Now if only Windows Defender would stop flagging useful tools like KMSpico and Daz's loader as malware.

    • by MrL0G1C ( 867445 )

      If they install malware, no anti-virus will stop them.

      'Start-up's should be ring-fenced tightly, if this is done the all it would take is a re-boot to de-fang a virus.

      A program that doesn't start is harmless.

  • by Anonymous Coward on Wednesday February 01, 2017 @10:11AM (#53780211)

    I have a friend who's a Windows Defender and he just goes on and on about how great Microsoft's products are. Pretty intrusive if you ask me.

  • I clicked on the link, get a popup asking me to disable my ad-blocker...fine. Done. Turns out the article is about a paragraph and just regurgitates some twitter garbage. Utterly useless site.

    • These engineers forgot the most effective, powerful anti-virus product that is an absolutely essential install; the ad blocker.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Regardless of anyone's particular sentiments on aPK (he doesn't bother me), black-holing garbage domain names (something something hosts file) and IP addresses (if possible) is an excellent source of additional protection.

        • by Zocalo ( 252965 ) on Wednesday February 01, 2017 @11:24AM (#53780661) Homepage
          Black-holing garbage domains (ad sources and trackers especially) is definitely a good idea but the problem with a hosts file is that you can't do wildcards, so while you can easily block "foo.domain.com" and "bar.domain.com", you can't block "{random string}.domain.com" unless you know what "{random string}" is in advance - to do that requires either a DNS based blocklist or some other software tool. That's getting to be a problem given that marketing/tracking companies are slowly (and it's taken them long enough) waking up to the possibilty that you can use "{random string}" as a wildcarded DNS entry to track whether a link was looked at or not just as effectively as a custom URL or cookie.

          Also, to add to the GP's comment about the importance of an Ad-Blocker, let's not forget blocking auto-run of certain browser plugins and the ability to whitelist sites that can run JavaScript / save cookies.
          • You can do the wild cards with a router based DNS server. Though this is not as easy and turnkey as an adblocker.

    • Did they also give ya the subscribe to the newsletter popup for the ultimate trifecta?
    • Agreed. Twitter is an utterly useless site.
  • by sjbe ( 173966 ) on Wednesday February 01, 2017 @10:17AM (#53780241)

    The problem is that every company other than Microsoft has a built in conflict of interest. The AV software companies profit motives are not aligned with providing a good user experience. A good anti-virus system should be nearly invisible. Hard to convince customers to pony up a lot of money for security software unless you are always in their face and an anti-malware system that does this inherently results a bad product. Worse they have to keep tacking on extra "features" and products to convince customers their product is better than the next guys. Their business model is based on scaring customers so they buy their product based on perceptions rather than actually keeping them safe.

    • by AmiMoJo ( 196126 )

      Symantec tried this about a decade ago. I think it was around 2007 they released a version of Norton Anti-Virus and Internet Security that actually didn't suck too much. It didn't grind the computer to a halt, it didn't nag constantly, it just quietly got on with its job. In one version they went from joint last with McAfee to being one of the best.

      It must not have worked very well for them because the next year it started to pop up little messages again telling you that it has protected you from 9.8 billio

      • Avast (Premier) doesn't bug me, except to try and sell their VPN when I bring up porn sites.
        • You consider this acceptable? That the AV tracks into the "semantics" of your browser content in order to offer you a VPN? Would Chrome do the same and the privacytards would flip.

          I use NOD AV and the only times i get bugged is when it blocks some bad resource, like a favicon or bad ad. It does not yell when it updates, I does not nag you with new versions. Set and forget and it's been like this for more than 10 years.
          • I expect that it looks at everything coming in from outside the computer well enough to prevent anything malicious from getting in. Recognizing that incoming content originates from a popular porn provider seems pretty trivial by comparison. I only see the "Anyone can see where your're browsing" notices about once a week or so. It's not enough of an annoyance for me to feel strongly about it.
            • Yeah I get it, I have script blockers in all browsers but the AV catches everything before the browser gets a single bit. If I were to search "Nod AV keys" "Crack nod32" the AV will bitch. I'm aware of the AV having to know the content you're browsing, but from that to offer ads based on this data, and in a paid version nonetheless, nope.
    • That's pretty much why I've stopped using 3rd party anti-virus, and just rely on Windows Defender. Dealing with all the unwanted and intrusive "features" and bugs in 3rd party anti-virus got to be more of a chore than dealing with actual viruses. When it's less annoying to deal with a virus infection after the fact than it is to live with your anti-virus every day, that's a pretty good sign you're doing something wrong.

      Malwarebytes still gets my thumbs up though. Clean, simple, and effective.
    • Excellent comment and I only wish other Microsoft products weren't so well behaved.

      You know,
      - Being asked to upgrade for "free" to an OS that routinely monitors your actions.
      - Then being asked to upgrade to the "Pro" package.
      - Getting asked to buy the latest versions of Office.

    • Questions:

      Does Windows Defender try to do other things besides defending?

      Does Microsoft use Windows Defender as a way of gaining control over a computer?
  • It's probably the "best-behaved" because it is one of the least effective anti-virus. It has terrible detection rates compared to its competitors. The other anti-virus programs may be pushier and embed themselves deeper into the host system, but that's necessary in order for them to (try to) root out the infections.

    Arguably end-users do not need this sort of protection offered from better AV packages, that Microsoft's product is "good enough" for most users. Certainly, better Antivirus is no panacea; even t

    • by Anonymous Coward on Wednesday February 01, 2017 @10:37AM (#53780367)

      https://chart.av-comparatives.org/chart1.php
      Just to summarize with a few popular AVs
      Microsoft: 97% detection rate, 23 false positives
      McAfee: 97.9% detection rate, 57 false positives
      Kaspersky: 99.8% detection rate, 1 false positives
      Avast: 99.6% detection rate, 13 false positives
      F-Secure: 99.9% detection rate, 140 false positives
      Doesn't look like MS is particularly bad.

      • These charts have to be misleading. I'd stake my life that they take 10,000 old known malwares and test against them. Not surprisingly, every vendor detects them. Then they take a dozen or so new malwares, and 2 vendors catch them. Eventually you have the 99.1% vs. 98.9% type results and they all look about equal. They are certainly not equal.

        All it takes is one of those new malware threats to bring down your business for a day. If you want a chance at catching them, you go with vendors that do a good job a

      • A false positive is not a bad thing. The complaint in the article is not that the antivirus is not effective, but that it "interferes" with some applications. Which does not sound like a problem to me, just a bit more work for the developers.

      • Its all about how many viruses that are let through.

        Microsoft being 3000% worse then F-Secure is not bad ?

    • by AmiMoJo ( 196126 )

      Windows Defender isn't going to save you if you are the kind of idiot who downloads random crapware. What it will save you from is a variety of exploits and other attempts to screw with your system. File based detection is a losing battle, virus writers are constantly testing their software with the latest definitions and making sure it passes by, and AV software is getting multiple updates a day to try to keep up.

      Google and Mozilla have the right idea. Defence in depth. If you rely on just detecting bad fi

    • It's probably the "best-behaved" because it is one of the least effective anti-virus.

      It works well for the kinds of people that are not engaged in risky computing in the first place. The other kind are not going to be saved by any kind of AV, but are probably a great source of income for you as a support tech.

      It is "best behaved" (for whatever that means) because it simply /does less/.

      If by "does less," you mean it is not hyperactive and so does not train your users to ignore its alerts then, yes, you are correct. It does less.

    • You're covering just one side of the problem (virus detection). Let's ignore that Windows Defender is really effective (it's close to the paid alternatives). The other side is about not raise so many false positives. Most of paid AVs raise so many false alarms that average Joe will tend to ignore the alerts or just uninstall the AV at all. Windows Defender, at the end of day, works because it has a good compromise of detection and low false alarms.
    • It's probably the "best-behaved" because it is one of the least effective anti-virus. It has terrible detection rates compared to its competitors. The other anti-virus programs may be pushier and embed themselves deeper into the host system, but that's necessary in order for them to (try to) root out the infections.

      Half the time the level of embedding IS the infection. I've never had Windows Defender cause an issue with the Offline Files service by locking the temporary files that Office creates when you hit save, resulting in the temporary files staying on the disk and the correct files going missing. I have with Mcafee. You don't get remote code exploits on Windows Defender just by sending someone an email or an RAR file unlike with Norton.

      Nothing is quite as attractive than a program that runs with system privilege

  • by xxxJonBoyxxx ( 565205 ) on Wednesday February 01, 2017 @10:18AM (#53780255)
    All the AVs today pretty much catch the same low-hanging fruit, and there's no good reason to buy a third-party bolt-on anymore.

    That said, I'm getting annoyed with AV packages still not being able to flag things like base-64-encoded Powershell scripts or Office doc VBS scripts that make direct references to system libraries. Almost all the malware that's made it through our defenses in the past six months has used one of these two techniques (plus a little code obfuscation, but still), and none of the AV packages I've tested (via sites that scan against dozens of packages) have ever flagged any of the most effective offenders.
  • by wierd_w ( 1375923 ) on Wednesday February 01, 2017 @10:21AM (#53780269)

    Far too often, antivirus products follow the "cable television" market strategy:

    "Yes, we know you already pay us for a subscription, but we can get so much more out of you by forcing you to see all kinds of shit you really don't want, including adverts for all our other services."

    And, in the case of free antivirus, this too:

    "We can see that you really dont want our full package, otherwise you would have bought it instead of opting for the free version-- but we feel compelled to try to upsell you each and every possible opportunity, and wont relent at all. We will even be really obnoxious with your notification area, and make your system play audio adverts, because that's how much we really want you to have a subscription (but see the prior market strategy-- we wont let up on the ads even if you do!)"

    They invest tons of resources (both computational and time-wise) into making needlessly flashy UIs with big colorful buttons, and scary "CSI: Miami"-esque dialogs, when really--- the part that really matters-- how well they can trap execution events without bogging the system down-- seems to get nearly no love, and appears to get shittier and shittier.

    Then you have Windows Defender. It's so plain, you instinctively ignore its presence. Excepting on older XP systems, (where there was a CPU utilization bug), it runs with a very modest system footprint. It does not constantly vomit spam into your system tray, and does not try to milk you for additional service agreements, or to switch to a paid version. It behaves itself very well.

    If Avast or AVG behaved like that, instead of trying to be garishly tawdry and whorishly self-promoting like prostitutes, and reduced their system resource consumption habbits accordingly, they would win hands down.

    But no, fleecing idiots is much more profitable.

    • I commented the same way about *four and a half years ago*.
      https://slashdot.org/comments.... [slashdot.org]

      AV spends too much time and resources on making things look pretty, yet scary, instead of actually doing an effective job.

    • by roca ( 43122 )

      Another poster points out above that inconspicuous third-part AV software would not "win hands down", because to the user it appears they've paid for software that doesn't do anything.

  • by Billly Gates ( 198444 ) on Wednesday February 01, 2017 @10:22AM (#53780277) Journal

    I started doing PC support in my Field with Grandmas and small business.

    AV software WAS USEFUL in the XP/98 era. I would argue with slashdoters calling them morons for not running it as you had 1 min max before infection on Windows 2000 or XP with no firewall!!L

    We all ran admin istrator aka root and Win32 even had account personation services. Gee a dialup with no firewall or shitty software one with IE 6 running Java and Adobe flash without a sandbox on a local admin account was the norm so what could possibly go wrong!!??

    Vista god bless it made UAC, privilege speration, scrambled ram addresses with aslr, buffer overflow protected buffers in c/c++, and psuedo local admin accountants which instead used a token to run something. Thanks Theo from OpenBSD for inspiration.

    Windows 10 goes further too by using x86 features to separate data from executable bits directly on the CPU and signed bootloaders.

    AdBlock and sandboxed Adobe products and AdBlock all make Windows OK now. Not perfect, but OK.

    I just reused an Asus sabertooth I threw out in storage 2 years ago . I thought it was broken! Why? Esset kept making my ssds loose data. I thought SATA ports were bad. Went thru 3 expensive ssds. It was my damn AV software glitching them.

    Keep updates current, run AdBlock, DNS service like the free Norton DNS servers on your router's, and heaven sakes don't click everything you download and you will be fine in 2017. AV software forges SSL certificates too which is dangerous

    • by Piata ( 927858 ) on Wednesday February 01, 2017 @10:34AM (#53780343)
      AV software forging SSL certificates is downright baffling. A client of mine kept having his website marked as insecure despite having an SSL certificate and all tests showing it was working properly. Turns out it was a false positive from his AV software and there's literally nothing you can do about it besides telling someone to uninstall their AV.
      • That's not true. You can disable the SSL inspection in all of them. Finding the setting may be tricky, but it can be disabled.

    • Win32 even had account personation services

      Account impersonation is still there, even in 64-bit Windows. It's required for how Windows works. If you want to see it, set up a VM, run Metasploit against it (use smb_login) and get a meterpreter shell, load incognito, and list and impersonate tokens to your heart's content.

      Vista god bless it made UAC, privilege speration, scrambled ram addresses with aslr, buffer overflow protected buffers in c/c++, and psuedo local admin accountants which instead used a token

      • Windows10 has SEH handling and it requires work to get around ASLR. It's not impossible but compared to XP it's a big improvement

  • by TodPunk ( 843271 ) on Wednesday February 01, 2017 @10:23AM (#53780283) Homepage

    I used to work for an AV vendor in their IT department. Others in my family have continued working in the software security industry for decades. They really are just bloated resource suckers with little value. As such, I haven't run anti-virus beyond windows defender for a little over 10 years, not even on my kids computers. They're kept up to date, ads are blocked on my network, and I have taught my kids how to recognize an executable from other kinds of files (thank god for re-enabling file extensions being shown, the stupidest Windows default of them all).

    We had one virus when my daughter opened an email that gave her some nasty popups constantly. She learned a valuable lesson that day, but I was able to reverse it in less than an hour booting into safe mode and removing the files. Been fine otherwise.

  • After years of pain from the likes of Norton, McCafee, Sophos, Nod32 all of which can make you want to have a virus instead of the antivirus, Windows defender is the only one that hasn't compelled me to rip it out.

  • I think Windows Defender is better than any of the AV out there - and that this signifies that MS has finally found its core competency. It needs to get out of the OS business and stick to AV.

  • by wbr1 ( 2538558 ) on Wednesday February 01, 2017 @10:36AM (#53780357)
    Defender may be well behaved in terms of system utilization and other programmatic things like not install browser hooks, etc, but it has a history of being poor at actually catching viruses. Just a year or so ago it had an 85-89% catch rate. That may have improved as it has been a while since I read the literature.

    That said, no AV is a poor prospect too, especially for business. I work for a local break-fix shop that also is branching into MSP work for out small to mid biz clients. Out system uses a modified Bitdefender + site blacklisting. It works well but does have a foot print. I say it is useful though because some of our clients are 30-50 seat law firms, insurance companies, and financial institutions - you would not believe how heavily targed they are with social engineer attacks designed to install malware. Mostly through email attachments, but there have been DOS attacks, password attacks against open ports, and DNS redirect attacks.

    User training is #1, but AV and good backups have saved the bacon more than once. We see constant removals of crypto virus installers, only 2x in the past 3 years has one actually gotten through by being too new for detection. How many would that be without an AV with a 95%+ catch rate?

    • Just a year or so ago it had an 85-89% catch rate

      That actually seems really good for AV.

      No AV is a panacea. It's just one tool in the toolbox. 85-89% is a really good starting place if you ask me. Add to that DNS blacklisting, ad blocking, content filtering, application whitelisting and sandboxing, you could have near 100%.

      • by wbr1 ( 2538558 )
        85-89% is not good when competitors have above 90 and 95%. Read up on av-test and av-comparatives. I have not read for about a year, so things could have changed, but my clients are specifically targeted, plus the normal random probing and targeting that goes on. That 10% difference can be the difference between normal operations and a 1-2 day shutdown to recover a cryptolocked server from online backups. Our bill is big for that but not nearly as big as not having your entire firm run for 1-2 days.
        • If your clients are specifically targeted, no AV is likely to catch the attacks. AV is there to catch the low-hanging fruit, not the ones coming after you specifically.

    • From what I could see in a few different tests windows defender is about 97% and there are a few scanners that go to 99.9% but the higher the detection rate the more likely it also is to suffer from false positives and impact the system negatively while running.

      • by wbr1 ( 2538558 )
        A question... would you rather have a false positive that stops one or two users from using a program, or a false negative resulting in a crypto virus infection that shuts your entire business down? Our customers pay us monthly, and if there are problematic false positives, we can go straight to the appropriate vendors and get it resolved.

        We recently worked a case where some vertifore software was conflicting in a strange way with the BitDefender engine. It took a bit to get resolved as it was a deep iss

        • I have had AV software have false positives on software I was compiling and it would delete it immediately. I even tried to mark that area as safe but to no avail. I ended up getting rid of the AV software since I could not get work done that way.

          I have also run into AV software where a bad update went through and the software ended up attacking the OS and did quite a lot of damage in terms of downtime.

          At the end of the day it is easier for me to avoid viruses than it is to deal with most AV software I have

    • by roca ( 43122 )

      I wrote about the weaknesses of the AV-Comparatives tests here: http://robert.ocallahan.org/20... [ocallahan.org]
      Testing against only already-identified malware is bogus. But FWIW, Defender has a 97% catch rate in AV-Comparatives' latest report.

      • by wbr1 ( 2538558 )
        Good info to have. When I do read on the subject it is only one source. av-test is another. The third is decidedly more anecdotal and subjective, but we see a lot of infected PCs here, with a lot of different AVs. so you do get some clues that way as well.
  • I was always a fan of Symantec. Their entire suite became a huge resource hog. But, it was always better in antivirus tests. Once I found out that Microsoft stops checking for viruses where the exploit has be fixed in Windows, that made sense. Defender just stopped checking for viruses that will do no harm to the system. Drops the overhead dramatically.
  • Use GNU/Linux (Score:4, Insightful)

    by zakzor ( 4830975 ) on Wednesday February 01, 2017 @10:45AM (#53780421) Homepage
    I don't use any AV software. I don't need to. I have ClamAV in a live session for customers. And that way there's no files locked.
    • by DrXym ( 126579 )
      That's great and every one can all do the same with absolutely no consideration at all of what they bought the computer for.
  • by QuietLagoon ( 813062 ) on Wednesday February 01, 2017 @10:48AM (#53780439)

    ...Browser makers don't complain about Microsoft Defender because we have tons of empirical data showing that it's the only well behaved AV....

    There is more, a lot more, to an a/v than what is seen via the myopic view of a browser developer.

    • Yeah. All those other things that most AV vendors do like forge SSL certificates, behave like rootkits, open your emails before you even click on them (hell even Microsoft stopped this 10 years ago), bypass firewalls and other parts of windows, set themselves up as essentially impossible to remove. ...

      Defender is missing all those features.

  • As soon as you agree to compensate my clients for lost data when ransomware sneaks in under Defender's nose, maybe I'll pay attention to that brown stuff you're spewing.

  • Anti-virus suites have one huge problem. They are worse than getting a virus. At least a virus tries to hide and not kill your system. AV programs have no such respect for the users.

  • by Ambassador Kosh ( 18352 ) on Wednesday February 01, 2017 @11:43AM (#53780807)

    I had bitdefender installed on my machine about a year ago and I was writing c++ HPC software. Everything was compiled with the Intel compiler and mkl with profile guided optimizations. Bitdefender started detecting my binaries as virus infected and deleting them. This happened a few times and I disabled it for a month and later turned it back on with newer virus definitions and the same issue kept happening. It even detected some of the binaries I had on a shared drive and deleted them also.

    The false positive rate on some of these scanners is just too high.

    I will just stay with windows defender since it has not interfered with any of my debugging or profiling and has never deleted the software I am compiling.

  • Strongly suspect the main reason the browser developers like Microsoft Defender as a "well behaved" AV is because it's purely a file level defence, and so doesn't interfere with the behaviour of the browser. Unlike many third party AVs, that will intercept internet traffic, looking for bad stuff before it hits your browser.

    That's good from a browser point of view, because they don't have to deal with browsing problems being caused by the AV engine (for example, without whitelisting, ESET's engine will cause

  • Defender just gets on with its job with relatively little overhead or other intrusion. The same cannot be said of virtually any other AV suite. Even the "reputable" ones like McAfee, Norton etc seems to exist as a form of crapware these days and are so bloated and slow that any protection comes at a high price.
  • by khz6955 ( 4502517 ) on Wednesday February 01, 2017 @11:58AM (#53780947)
    Well, it would be considering the Defender developers have full access to Windows.
  • by epine ( 68316 ) on Wednesday February 01, 2017 @12:21PM (#53781189)

    I read the entire thread up to my standard filter level, and this is what I concluded: the singular of anecdote is "one size fits all".

    It's pretty clear from what I've read here that for a low-value target, I'd just settle for the low-hanging fruit of Windows Defender, ad blocking, a DNS block list, etc.

    It's also pretty clear that for a high value target (e.g. law firm, bank) where the minimum system install is a bulked-out i7 I'd elect to suffer the bloat & obtrusiveness in order to obtain the somewhat better catch rate of a first-tier third-party solution. The people working for these kinds of institutions are pretty demoralised to begin with, it will just look like business as usual (and so it is).

    The other side of this is that "one size fits all" is directly connected to the competency porn carapace. "Well, I work for banks and law firms and YOU can't handle the truth". But what actually gets written is this "YOU can't handle compensating my clients for a 48-hour loss of service". This tends to be a person whose amygdala has swollen to such a painfully large size that he or she can no longer multiply 1% times 365 (the constant friction of a badly behaved "solution") and can only multiply 100% times 2 days (as specified under the total availability-loss Weimar Reparations Act).

  • Someone has obviously not used BitDefender.

  • I haven't run any virus checker other than the one built-in to Windows for years now. They all catch old or obvious viruses. None of them is going to catch a new, clever virus. There's not a whole lot in the middle. Add in the virus-like behavior of the AV itself, the performance-suck of most of them, and it just doesn't make any sense to use them.

    As another poster pointed out: user error is the biggest cause of virus infection. Train your users, use Windows Defender as a sort of "sanity check", make regula

  • I have a strong instinct to take it with a bucket of salt when a stranger on the internet tells me "oh yeah, you should ditch your AV."
  • I've been running my company on MSE/FEP/Defender for the past 6 years with zero headaches caused by the anti-virus software itself and an infection rate of maybe 5 or 6 per year across 200 PC and laptops. Users have local admin rights. Perimeter IDS catches some things that get through.

    It seems to work better than any other anti-virus I've used and I hate them all. It's certainly the least annoying.
  • Antivirus software is a hot topic in IT security right now. Not because you need AV, but because most AV is terribly designed and breaks security in other applications. And while Windows Defender may not score particularly well on canned tests used by AV reviewers, it doesn't break as much software as other AVs do.

    Remember that in order to work, AV has to inject itself all over the place in your system to intercept network activity, disk activity, etc. But if it does that at the expense of other security

  • Most AV software is bloated crap that offers little actual security.

    Microsoft has been focusing on power efficiency and battery life, so I'm not surprised if they traded off a little detection capability in order to run smoother.

    Antivirus isn't even on the top of the list for avoiding an infection. That would be (1) don't browse as admin, (2) keep software updated, and (3) use an adblocker or filtering proxy.

    With the vast majority of malware being drive-by downloaders, a good adblocker or filter offers more

  • AV software for anyone that has had to use it for any amount of time can easily tell you that Windows Defender is the *only* AV software anyone should be using anymore. Back in the day, there were a number of products out there which I would call good. Now, probably due to increased pressure for more profits, subscriptions, and increased monetization of every aspect of their business I wouldn't want any of them. Not only are they all bloated resource hogs, they cause more problems than viruses they catch. I

If a subordinate asks you a pertinent question, look at him as if he had lost his senses. When he looks down, paraphrase the question back at him.

Working...