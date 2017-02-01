Google Chrome Engineer Says Windows Defender 'the Only Well Behaved Antivirus', Cites 'Tons of Empirical Data' (onmsft.com) 67
Days after former Firefox developer Robert O'Callahan said that antivirus security suites are not necessary, and AV vendors are of little help. A Google Chrome engineer has echoed the same message, reaffirming that Microsoft's built-in software is indeed the most well-behaved security suite. From a report: Apparently the disdain for 3rd party AV solutions runs deep amongst browser developers, as in response to the threads a Google engineer, Justin Schuh, had this to say: "Browser makers don't complain about Microsoft Defender because we have tons of empirical data showing that it's the only well behaved AV."
Re: MicroShaft (Score:1)
They're not glorifying effectiveness (though most testing shows they all are pretty equal now) instead they're explaining that Microsoft's solution behaves well with applications which is generally true as it's less invasive.
As a former developer of web browsers (6 years of it), I can confirm that from a developer's point of view, Microsoft hooks more cleanly into the sockets API than the other's I've used.
Don't get your panties in a bunch.
Re: (Score:2)
Re: (Score:2)
When I tried out Bit Defender in 2014, it would fill up my RAM, and I'd have to reboot once a day. It's been some time now, since I've used it, and I don't know if they ever got around to fixing that or not.
I'd agree (Score:4, Insightful)
I tend to agree. I used to have third party anti-virus on the wife's machine and the kids' machine, but really the most effective malware prevention is to take away root/admin privileges altogether. Anti-virus doesn't protect against the stupidity of users. If they install malware, no anti-virus will stop them. Almost everything that the anti-virus software caught was benign and were false alarms. And despite being useless, the crap software was a resource hog.
I have since uninstalled anti-virus. I will do an occasional malware bytes scan, but have done so less and less frequently as I find little but tracking cookies.
So, yes, I agree with this report.
Re: (Score:2)
Doing nothing is an improvement over many third-party antivirus products. Remember the fun Norton bug last year, where they had a buffer overflow in their image parser that meant that someone sending you an email with an image attachment (even if you never opened the attachment) could run arbitrary code with kernel privilege? Quite why they thought that the part of their program that parses and inspects data that's expected to be malicious should run with kernel privilege instead of in a deprivileged sand
Re: (Score:3)
Same here, to be honest. AVG became unusable due to bloat a couple of years ago. Avast can have some serious issues when presented with a combination of Windows 10 with Anniversary Update and a Skylake CPU. The remainder all seem to be as bad as much of the malware they ostensibly protect you from.
I confess I spent a while feeling paranoid after I finally gave in and uninstalled Avast, but a few months on, I've had no problems with a combination of Windows Defender and a weekly Malwarebytes scan.
Re: (Score:2)
AV software is 90% placebo. All virus writers test their wares against the major AV systems before they release them. Any virus you encounter in the wild is probably not going to trigger yours.
I keep all my email viruses in a folder to see how long it takes AV software to catch up. It can take weeks. Sometimes they never do.
Sandboxing and restricted permissions is the way to go (as you note).
Re: (Score:2)
I do this too. I also have a folder on Google Drive called "Viruses" for exactly the same purpose. It's been getting pretty full lately; I feel a little like Egon with his neighborhood-sized twinkie.
Wish they hadn't said that. (Score:1)
Now Microsoft will promptly fuck up Defender.
Re: (Score:2)
Now Microsoft will promptly fuck up Defender.
They already did that. It's detection routines are so weak you may as well not be running AV.
Yup it is great to only have to support 1 solution (Score:1)
Nice self serving answer from browser guys. You can read their posts as:
"We like only having to do version, You guys on MAC and Linux switch to Win10. All you hold outs on old Win, get to Win10."
"Oh PS: We are turning off your ability to see what the browser is running. So not only your hardward is not yours, and the OS is not yours, your browser you have not control over. Oh, and full tracking keys are ours too!"
Disable ad-blocker for a paragraph of twitter crap (Score:5, Informative)
I clicked on the link, get a popup asking me to disable my ad-blocker...fine. Done. Turns out the article is about a paragraph and just regurgitates some twitter garbage. Utterly useless site.
Re:Disable ad-blocker for a paragraph of twitter c (Score:5, Insightful)
These engineers forgot the most effective, powerful anti-virus product that is an absolutely essential install; the ad blocker.
Re: (Score:1)
Regardless of anyone's particular sentiments on aPK (he doesn't bother me), black-holing garbage domain names (something something hosts file) and IP addresses (if possible) is an excellent source of additional protection.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Yeah - too late by then. Buh-bye!
Conflict of interest (Score:5, Insightful)
The problem is that every company other than Microsoft has a built in conflict of interest. The AV software companies profit motives are not aligned with providing a good user experience. A good anti-virus system should be nearly invisible. Hard to convince customers to pony up a lot of money for security software unless you are always in their face and an anti-malware system that does this inherently results a bad product. Worse they have to keep tacking on extra "features" and products to convince customers their product is better than the next guys. Their business model is based on scaring customers so they buy their product based on perceptions rather than actually keeping them safe.
Re: (Score:1)
Least effective too (Score:4, Informative)
It's probably the "best-behaved" because it is one of the least effective anti-virus. It has terrible detection rates compared to its competitors. The other anti-virus programs may be pushier and embed themselves deeper into the host system, but that's necessary in order for them to (try to) root out the infections.
Arguably end-users do not need this sort of protection offered from better AV packages, that Microsoft's product is "good enough" for most users. Certainly, better Antivirus is no panacea; even the best scanner can still miss some viruses. Personally - having cleaned out too many virus-infected machines - I'd rather the end-user have the maximum available protection if only to slow down the infection rate a little, although that still doesn't help when the end-user deactivates the AV, never updates it or just flat-out ignores its warnings . But regardless of your opinion of the
/necessity/ of the software, you can't simply judge Microsoft's offering without taking into consideration its effectiveness. It is "best behaved" (for whatever that means) because it simply /does less/.
Re: (Score:1)
https://chart.av-comparatives.org/chart1.php
Just to summarize with a few popular AVs
Microsoft: 97% detection rate, 23 false positives
McAfee: 97.9% detection rate, 57 false positives
Kaspersky: 99.8% detection rate, 1 false positives
Avast: 99.6% detection rate, 13 false positives
F-Secure: 99.9% detection rate, 140 false positives
Doesn't look like MS is particularly bad.
Re: (Score:2)
These charts have to be misleading. I'd stake my life that they take 10,000 old known malwares and test against them. Not surprisingly, every vendor detects them. Then they take a dozen or so new malwares, and 2 vendors catch them. Eventually you have the 99.1% vs. 98.9% type results and they all look about equal. They are certainly not equal.
All it takes is one of those new malware threats to bring down your business for a day. If you want a chance at catching them, you go with vendors that do a good job a
As a security guy, I mostly agree... (Score:5, Interesting)
That said, I'm getting annoyed with AV packages still not being able to flag things like base-64-encoded Powershell scripts or Office doc VBS scripts that make direct references to system libraries. Almost all the malware that's made it through our defenses in the past six months has used one of these two techniques (plus a little code obfuscation, but still), and none of the AV packages I've tested (via sites that scan against dozens of packages) have ever flagged any of the most effective offenders.
I tend to agree as well. (Score:4)
Far too often, antivirus products follow the "cable television" market strategy:
"Yes, we know you already pay us for a subscription, but we can get so much more out of you by forcing you to see all kinds of shit you really don't want, including adverts for all our other services."
And, in the case of free antivirus, this too:
"We can see that you really dont want our full package, otherwise you would have bought it instead of opting for the free version-- but we feel compelled to try to upsell you each and every possible opportunity, and wont relent at all. We will even be really obnoxious with your notification area, and make your system play audio adverts, because that's how much we really want you to have a subscription (but see the prior market strategy-- we wont let up on the ads even if you do!)"
They invest tons of resources (both computational and time-wise) into making needlessly flashy UIs with big colorful buttons, and scary "CSI: Miami"-esque dialogs, when really--- the part that really matters-- how well they can trap execution events without bogging the system down-- seems to get nearly no love, and appears to get shittier and shittier.
Then you have Windows Defender. It's so plain, you instinctively ignore its presence. Excepting on older XP systems, (where there was a CPU utilization bug), it runs with a very modest system footprint. It does not constantly vomit spam into your system tray, and does not try to milk you for additional service agreements, or to switch to a paid version. It behaves itself very well.
If Avast or AVG behaved like that, instead of trying to be garishly tawdry and whorishly self-promoting like prostitutes, and reduced their system resource consumption habbits accordingly, they would win hands down.
But no, fleecing idiots is much more profitable.
I did a complete 180 on AV software (Score:4)
I started doing PC support in my Field with Grandmas and small business.
AV software WAS USEFUL in the XP/98 era. I would argue with slashdoters calling them morons for not running it as you had 1 min max before infection on Windows 2000 or XP with no firewall!!L
We all ran admin istrator aka root and Win32 even had account personation services. Gee a dialup with no firewall or shitty software one with IE 6 running Java and Adobe flash without a sandbox on a local admin account was the norm so what could possibly go wrong!!??
Vista god bless it made UAC, privilege speration, scrambled ram addresses with aslr, buffer overflow protected buffers in c/c++, and psuedo local admin accountants which instead used a token to run something. Thanks Theo from OpenBSD for inspiration.
Windows 10 goes further too by using x86 features to separate data from executable bits directly on the CPU and signed bootloaders.
AdBlock and sandboxed Adobe products and AdBlock all make Windows OK now. Not perfect, but OK.
I just reused an Asus sabertooth I threw out in storage 2 years ago . I thought it was broken! Why? Esset kept making my ssds loose data. I thought SATA ports were bad. Went thru 3 expensive ssds. It was my damn AV software glitching them.
Keep updates current, run AdBlock, DNS service like the free Norton DNS servers on your router's, and heaven sakes don't click everything you download and you will be fine in 2017. AV software forges SSL certificates too which is dangerous
Re:I did a complete 180 on AV software (Score:4, Interesting)
Re: (Score:2)
Account impersonation is still there, even in 64-bit Windows. It's required for how Windows works. If you want to see it, set up a VM, run Metasploit against it (use smb_login) and get a meterpreter shell, load incognito, and list and impersonate tokens to your heart's content.
As an insider, can confirm (Score:4, Interesting)
I used to work for an AV vendor in their IT department. Others in my family have continued working in the software security industry for decades. They really are just bloated resource suckers with little value. As such, I haven't run anti-virus beyond windows defender for a little over 10 years, not even on my kids computers. They're kept up to date, ads are blocked on my network, and I have taught my kids how to recognize an executable from other kinds of files (thank god for re-enabling file extensions being shown, the stupidest Windows default of them all).
We had one virus when my daughter opened an email that gave her some nasty popups constantly. She learned a valuable lesson that day, but I was able to reverse it in less than an hour booting into safe mode and removing the files. Been fine otherwise.
Oh really? (Score:2)
That does rather presume you're running Windows.
Which, lets be honest, Windows is SO badly full of security holes compared to any other OS that Microsoft HAD to come up with Defender to avoid loosing all credibility.
Defender still appears to really just be an easy copout workaround for Microsoft, rather than them addressing the actual problem which is the fundamentally weak architecture of Windows itself.
Re: (Score:2)
Defender still appears to really just be an easy copout workaround for Microsoft, rather than them addressing the actual problem which is the fundamentally weak architecture of Windows itself.
The best antivirus software for Windows is Linux.
Big surprise (Score:1)
Developers of new software sometimes bump into false positives, and they are either smart enough to avoid malware or never even notice when one gets past their installed virus scanner. So they prefer one of the weakest virus scanners.
[acts surprised]
RAV Antivirus? (Score:1)
RAV Antivirus was bought in 2003 by microsoft. Not long after that, microsoft came out with its own antivirus offering. Back in the day, RAV was the best out there, finding and cleaning things the other major makers missed. Hmmm
Sad to say I have no trouble accepting this (Score:2)
After years of pain from the likes of Norton, McCafee, Sophos, Nod32 all of which can make you want to have a virus instead of the antivirus, Windows defender is the only one that hasn't compelled me to rip it out.
I agree! (Score:2)
I think Windows Defender is better than any of the AV out there - and that this signifies that MS has finally found its core competency. It needs to get out of the OS business and stick to AV.
Utter shite (Score:3)
That said, no AV is a poor prospect too, especially for business. I work for a local break-fix shop that also is branching into MSP work for out small to mid biz clients. Out system uses a modified Bitdefender + site blacklisting. It works well but does have a foot print. I say it is useful though because some of our clients are 30-50 seat law firms, insurance companies, and financial institutions - you would not believe how heavily targed they are with social engineer attacks designed to install malware. Mostly through email attachments, but there have been DOS attacks, password attacks against open ports, and DNS redirect attacks.
User training is #1, but AV and good backups have saved the bacon more than once. We see constant removals of crypto virus installers, only 2x in the past 3 years has one actually gotten through by being too new for detection. How many would that be without an AV with a 95%+ catch rate?
Re: (Score:2)
Just a year or so ago it had an 85-89% catch rate
That actually seems really good for AV.
No AV is a panacea. It's just one tool in the toolbox. 85-89% is a really good starting place if you ask me. Add to that DNS blacklisting, ad blocking, content filtering, application whitelisting and sandboxing, you could have near 100%.
Re: (Score:2)
I switched all my Windows machines to Defender (Score:2)
Use GNU/Linux (Score:3, Insightful)
There is more to an a/v... (Score:2)
...Browser makers don't complain about Microsoft Defender because we have tons of empirical data showing that it's the only well behaved AV....
There is more, a lot more, to an a/v than what is seen via the myopic view of a browser developer.
Sure! It's okay to settle for Defender! (Score:3)
As soon as you agree to compensate my clients for lost data when ransomware sneaks in under Defender's nose, maybe I'll pay attention to that brown stuff you're spewing.