
Microsoft Kills off ISVs by Foisting Its Own Products That Are No Better - roadtouniverse
https://eugene.kaspersky.com/2016/11/10/thats-it-ive-had-enough/
======
m0nty
A lot in here about Defender/Microsoft Security Essentials.

> [MSE] doesn’t have: parental control, built-in VPN, webcam protection,
> password manager, backups, exploit protection, protection for online banking
> and online shopping, proactive protection against future threats and dozens
> scores hundreds of other features which are all useful in providing maximum
> protection and a better user experience

That's exactly what I like about it. Stuff the "user experience": I don't want
an AV product that tries to run my life for me. (I don't want Windows 10 to do
it either, which is why I tried it for less than a week and went back to
Windows 7.) AV products are bloated, difficult to use and always in your face
when they should just silently remove viruses. Which is what MSE does for me.

~~~
gpderetta
Anecdote time.

A couple of weeks ago, my neighbors asked me for some help with their
printers. Their wifi printer had suddently stopped working, then they bought a
new one (which of course costed less than a ink cartridge) which also didn't
work.

After the initial shock of dealing with windows 10 (I hadn't used windows,
especially a home version, for years), I found out, by plugging a cable, that
the printer actually worked just fine. Checking the wifi router admin page
showed that the printer was correctly connecting to the network.

At that point I suspected firewall issues. The Windows firewall control panel
was disabled claiming to be managed by the antivirus. I looked at MSE, and it
was also disabled. I asked my neighbors and they said that they had been using
MSE but McAfee had somehow appeared recently on their computer (possibly
sneakingly installed by some unrelated application).

And of course McAfee was there, already demanding protection money. I
uninstalled it after clicking through dozen of scary popups warning that the
computer would be overwhelmed by viruses, my bank account emptied and my
identity stolen.

Immediately after that a popup appeared from Windows system tray telling me
that my computer was unprotected and I should install Avast immediately. I
quickly got rid of that only for yet another popup to appear (for some AV that
I had never heard of).

Eventually I managed to get rid of all AVs, re-enabled MSE, and suddenly the
printer started working again.

I think MSE should really just treat every other AV as malware, although I'm
sure MS would get a lot of backlash.

~~~
markatkinson
My parents Windows laptop came with a free copy of McAfee, which rendered it
COMPLETELY useless. That is not an exaggeration. It wasn't a fast laptop but
it should be able to browse mails and Internet. It couldn't. After
Uninstalling the AV software it was like I had replaced the HDD with an SSD. I
will never ever use any 3rd party AV software. It's just glorified bloatware
as far as I'm concerned.

~~~
zeta0134
This has been my consistent experience with McAfee in particular. I worked for
4 years in low level tech support, fixing computers for people that were sold
in retail. We were required to recommend Anti-Virus software to our customers,
and the whole store consistently recommended Webroot (which we sold) not
because it was particularly good, but because it was the only option we had
that _didn 't_ slow the machine to a crawl. Replacing McAfee with almost
anything else on the market felt like it doubled the machine's speed.

I personally haven't run antivirus software for years on my own machines. I
recommended that all of my customers learn basic security practice instead,
and reminded them that the antivirus program they used is there as a tool to
help them, and not a replacement for safe browsing.

~~~
laumars
I often hear people promoting common sense over antivirus solutions and while
I do agree that some degree of common sense is required, there are still a lot
of attacks that can bypass safe browsing.

In the past we've seen malware injected into ads that then load on legitimate
sites. Hosts get hacked too and their sites can then be used to serve malware.

You're right to teach your customers safe browsing habits but they do still
need an antivirus as well.

Disclaimer: antivirus solutions are not perfect either. Particularly with new
attacks. So while I do advocate using them it's also good not to take them for
granted (e.g. assuming you can get away with running any old binary you've
downloaded from Limewire because you have an AV installed). The best approach
is common sense with the AV as a safety net.

~~~
GrinningFool
A major part of safe browsing (and safe computer usage in general) is an ad-
blocker that defaults to requiring you to whitelist the content you want to
let through.

~~~
cryptarch
Have you found a workable way of doing that?

I manually whitelist in uMatrix, but it's pretty inconvenient and does not
stop attacks coming from domains previously whitelisted/deemed safe.

~~~
GrinningFool
uMatrix is the best I have. I've accepted the inconvenience as minor in
comparison; but previous whitelisting is a problem that I actually hadn't
considered. I can't think of any reasonable way to prevent that - even
catching changed/new scripts and requiring approval to run them won't help if
all you can see are minimized scripts.

~~~
cryptarch
I guess you could have a kind of crowd-sourced de-minificarion project,
combined with checking script hashes, but I think that would be considered a
form of pirating and thus require a lot of piracy-related workarounds. Perhaps
one could have a de-minification tool which only stores the steps to deminfy a
script, and then you could apply it based on the script's hash.

------
mattlondon
I've felt like AV software is often worse than the viruses: intrusive, slow,
ineffective, getting in the way, and not once detecting anything.

Pretty much all of my "family tech support" is related to the AV doing
something stupid like auto-deleting cookies or flashing up big scary messages
for something trivial.

However Windows Defender seems to be good for me on Win10 - it just sits there
out of the way, I don't even know its running. I _LIKE_ the fact it doesn't
have "online protection" or password managers or parental controls or
whatever. It feels lightweight and does not cause everything to become 3x or
4x (or worse!) slower like every other AV software I've encountered

Whenever I go to perform family tech support I remove any random AV software
they've been tricked into installing and just leave Windows Defender and that
usually solves the issues (obviously making sure they are up-to-date on
patches & still using 2FA)

~~~
XzetaU8
Although i agree with most of what you said, Windows Defender is not as
lightweight as you think it is.

[https://www.av-comparatives.org/wp-
content/uploads/2016/11/a...](https://www.av-comparatives.org/wp-
content/uploads/2016/11/avc_per_201610_en.pdf)

~~~
cmdrfred
It certainly feels lightweight though and that is the important metric.

~~~
rufius
Some might argue it's the only real metric that matters for user perception.
That said, if it's hitting your battery that will be hard for user to
perceive.

------
stewh_
Microsoft has a problem - poor 3rd party software and drivers make Windows
extremely unreliable. Microsoft takes the blame, and Windows looks unreliable.
Apple takes a different tack, they simply lock down their APIs and ecosystem
to avoid this. Is Microsoft trying to go the Apple route - but maintain some
openness? Giving 3rd parties core low-level APIs is ripe for chaos.

I had to install Kaspersky on my main laptop since some VPN software imposed a
policy that it installed and up-to-date to connect to a contractor's secured
network. It was absolutely terrible. It killed my battery, slowed my machine,
killed my TCP stack at one point, interfered _all the time_ , and became
generally unbearable. It frustrated me so much, I now do all network
operations via a secured VM to avoid the Kaspersky curse on my main work
machine.

~~~
Maarten88
And you are an educated user. I'm sure millions of users have the same user
experience, but don't know why their Windows works so poorly. This happened
because a few years ago they downloaded some software from download.com to
"fix" a computer issue and unknowingly installed 5 antivirus packages that now
compete for computer resources (or worse) at the kernel level.

Microsoft is damned if they do, and damned if they don't fix this for their
users. Maybe Kasperski is collateral damage in this effort, but I think
Microsoft is right to use the Windows 10 upgrade as an opportunity to try and
remove these mostly terrible software from users' pc's. Let Kasperski convince
users how their software is better so people actively choose it over
Microsoft's solution. I do this with Chrome too: as long as it's better I
reinstall it every time no matter what Microsoft tells me about Edge.

------
andersonmvd
It's the dirty speaking of the "poorly washed". Kaspersky is said to faked
malware to harm rivals ([http://www.reuters.com/article/us-kaspersky-rivals-
idUSKCN0Q...](http://www.reuters.com/article/us-kaspersky-rivals-
idUSKCN0QJ1CR20150814)). TrendMicro allowed remote command execution on the
user machine ([https://bugs.chromium.org/p/project-
zero/issues/detail?id=69...](https://bugs.chromium.org/p/project-
zero/issues/detail?id=693&redir=1)). Probably Microsoft is right, your PC may
be better protected without a AV, using an AD block instead for example.
Probably not (I'm not a specialist in the low level stuff anyways). But the
point is that MS is fighting with tools it has (in an ugly way). But it's
widespread. Apple enforces Safari on iPhones for example. Amazon explores bias
in its marketplace ([http://dealnews.com/features/Are-You-Really-Seeing-the-
Best-...](http://dealnews.com/features/Are-You-Really-Seeing-the-Best-Price-
on-Amazon/1790307.html)). Kind complicated, but that's how the world is. Doing
all for a higher profit. Because of that I'm sure that Kaspersky would do the
same if they were in their position. Perhaps a little different, but taking
advantage of its size to increase their profit for sure.

------
huhtenberg
Re: Microsoft removing 3rd party software -

A friend of mine runs a 3-person software company making desktop Windows
software. Nothing terribly exciting, think - a ToDo list or similar. They put
nothing in the kernel, stick to documented API, make no deep tie-ins into the
system (e.g. Windows Explorer extensions). Just a perfectly simple standalone
piece of software with minimal dependencies that can run even on XP.

Not two months ago they started getting reports that the software was
disappearing from users' machines. The Start menu icon was still there, as was
the Uninstall entry, but the EXE was nowhere to be found. Naturally they
thought of the antiviruses, but there was no pattern. Fast forward two weeks
and the only commonality between all reports was a freshly installed Windows
10 update. The update silently wiped their software off. And to understand why
that happened or to file a "false positive" report with Microsoft, the only
option was to cough up few hundred dollars for opening a "priority support"
ticket with them. Not everyone was affected, just a fraction of a percent. You
could still reinstall the software and Windows won't make a peep or complain
in any way.

While it made very little sense, it still clearly showed that _users were no
longer in control of their machines_. Moreover, Microsoft outright lied when
they said "all your files and apps will remain where they are" while
installing an update.

So it's not _just_ about loosing control over your own computer, but it's also
about being treated like a sheep that Microsoft owes no explanations to and
can do what the hell it wants. I sure hope Kaspersky Labs will have enough
rage, funds and patience to drag Microsoft through courts and whip it back in
place.

~~~
userbinator
You can also find various stories of AVs detecting perfectly clean _Hello
World_ programs as "malicious". One example I remember particularly clearly
was a beginner who had just downloaded GCC and was starting to learn C, and
wondering why the executable kept disappearing. It was his AV. Ironically, the
same code compiled with MSVC _didn 't_ get detected...

The other category of software that frequently gets false positives are
demoscene productions, which admittedly do push the boundaries and can involve
things like custom packers and unorthodox API usage, but are certainly not
malicious by any definition. Of course there's also the
cracks/patchers/keygens, which are not malicious to the user but are often
detected as such anyway.

~~~
obsurveyor
Just got a complaint yesterday of anti-virus software quarantining a file out
of a users's .git folder, breaking the repo completely until they restored it.

------
drewg123
This seems to be mostly about A/V.

When I was doing a lot of MacOSX kernel / driver work 8-10 years ago and
keeping up with all the darwin lists, we'd get tons of questions from A/V devs
porting their software from Windows to Mac. There were all kinds of bad
questions. The worst one I remember is somebody asking why they were not
allowed to hold a kernel mutex across notifying a kernel-space A/V deamon &
waiting for it to respond (deadlock?).

After seeing multiple questions like this from these folks, I resolved to
never run a 3rd party A/V suite again, and have run nothing but vendor
provided A/V.

------
youdontknowtho
Anti-virus software is a complete failure. Kaspersky is trying to save a
sinking ship. AV isn't a good business because its a failed area of
development.

The idea that Kaspersky is somehow radically better than other AV vendors is a
joke. Sure, some of them are comically bad, but none of that are that good.
"Good enough" is often good enough.

I'm a fan of Kaspersky's research. AV isn't one of the areas where people need
to be spending their time, though. I don't know how you could say AV works
with a straight face.

ALSO: MS isn't a monopoly anymore.

~~~
ComodoHacker
>AV isn't one of the areas where people need to be spending their time,
though.

Do you have an alternative _working_ approach to securing end users' devices?

>I'm a fan of Kaspersky's research.

And yet you suggest to stop doing that research.

~~~
rspeer
Security involves more than anti-virus. Kaspersky does more than anti-virus.

In fact, one could claim by now that anti-virus and security have very little
to do with each other, so stop equating them in your retorts.

~~~
ComodoHacker
>Security involves more than anti-virus. Kaspersky does more than anti-virus.

Nowhere I stated or implied otherwise.

>one could claim by now that anti-virus and security have very little to do
with each other

This claim is trivial to disprove. Imagine there's no AV anymore (yet
firewalls and HIPSes are still in place). Do you think overall security
(measured, say, in damages $$$) won't change? There would be an immediate
disaster.

------
tobltobs
I don't get the MS strategy. They became popular because they made it easy for
developers to build staff for their platform. But then they started morphing
their platform into some kafkaesque Labyrinth of new hip and then soon to be
retired libs/frameworks. If a developer is brave enough to master this he will
then be disappointed trying to monetize it. The Window store (or whatever the
current name is) is like a combination of itunes and the play store, but only
the downsides mixed together.

~~~
Pxtl
Because Grandma's computer is full of malware and antivirus programs that make
it unusable and her grandkids are telling her to just buy a Mac next time.

------
arkitaip
Antivirus and firewall are two apps that I expect come with Windows, so as a
consumer who actually paid for Windows 10 I don't care if Kaspersky is whining
about this.

As messy as av/fw are on Windows 10, let's not forget how things were before
in the bad old days; security products were sometimes as bad as the malware
they claimed to protect you from. Remember when you helped family and friends
and how Norton was so difficult to remove it required a dedicated removal
tool? Remember the countless of cleaners that used all kinds of scummy
advertising techniques to trick users into installing them, often decreasing
performance and safety?

As the "computer guy" for a lot of people, I'm glad that AV+FW are included in
Windows 10. I am, however, disappointed how sub par they perform and how user
hostile they are.

On Windows 10, the firewall is completely opaque and Microsoft decided to
remove the firewall icon from the tray. So users naturally don't know if it's
installed or not or what it's doing. Also, it's buggy as hell because on more
than one computer I've had to keep resetting it to defaults simply because it
would regularly stop ALL outgoing connections. Took some time to figure that
one out and for most casual users that would have been impossible to solve,
especially since there is no freaking firewall icon to click on anymore.

The antivirus has a more visible and sane presence but performs poorly in the
independent AV tests. For some reason it changes names more often than a porn
star, further confusing users. The blog post fails to mention Microsoft
Defender, the fifth incarnation of the AV on Windows 10, so there are five
different AV that Microsoft offers/has offered.

Microsoft needs to improve the quality of their built-in security products,
both how successful they are at protecting users but also the overall
usability experience.

------
w8rbt
System security should be built-in, not bolted on by snake oil vendors looking
to make a buck. Nothing against kaspersky, I like them, but I'm with Microsoft
on this. Games, browsers and other add-ons are higher-layer applications where
competition makes sense.

If MS really wanted to make system security an even playing field where
vendors could actually be effective, they'd make it modular (like Linux's LSM)
so that admins could easily swap out security solutions without busting the
system (slow, bloated, ineffective, etc.).

Vendors are a large part of the problem. They want more money, more often and
in many cases really harm performance and do little to protect the system.

------
orf
I get their point and Kaspersky is pretty good. However Antivirus products
have typically been utter and complete crap, slowing down computers a
ridiculous amount and to non technical people it's just "their computer is
slow, oh look how fast this mac is".

My father has three freaking antivirus/antimalware solutions installed. Maybe
defender could be better, but if it reduces the market share of the nortons,
comodos etc then I'm all for it.

------
coderjames
> uninstalling user-installed apps

I ran into this when the Windows 10 Anniversary Update rolled out. In my case
the program Microsoft uninstalled was a Start Menu replacement, so I didn't
actually have a functional start menu for several hours after the upgrade
until I got the updated version of the 3rd-party program installed.

This left me shocked, dumbfounded, speechless, and furious. Everything I've
observed over the last 20 years says Microsoft honours backwards compatibility
above all else. Raymond Chen has great blog posts about the huge efforts they
used to go through. My understanding is that's why businesses have stuck with
Windows; it'll keep running their 10, 15 ,20 year old legacy VB line-of-
business apps even on their newest OS. Apparently Microsoft has now decided to
throw out backwards compatibility? I don't understand this decision.

~~~
edp
Not defending Microsoft's behaviour with Windows 10, but I'm guessing that an
app that replaces parts of windows' shell is not exactly using public Windows
API to do so. It's often using hacks and workarounds instead. There's no
backward compatibility here because there wasn't any compatibility to begin
with. The same thing is happening on MacOS when applications use undocumented
private APIs and for some reason Apple decides to take them away.

Unless the updates really uninstalled the application instead of just breaking
it, and that's really (another) bad decision from Microsoft.

~~~
ntauthority
'Just breaking it' in the case of these shell enhancers would result in the
user having no user interface whatsoever after the upgrade.

Windows' upgrade process could in theory disable the shell extension, but that
would be even _worse_ than uninstalling the program given how programs on
Windows do not take kindly to being 'half-installed' (case in point:
uninstallers that break when some application files are removed).

This is what backwards compatibility leads to, and there is no way all parties
can win in this scenario.

~~~
edp
I didn't think about this, uninstalling it is better in that case. However
based on coderjames' comment, I guess it wasn't completely uninstalled, and,
as you said, left him without a usable system. I agree, backwards compatiblity
is a double edged sword.

~~~
ntauthority
I presumed from the context of the comment that 'usable' was rather loaded
language used to denigrate the built-in Start menu in Windows 10. The
interpretation works both ways, however.

~~~
coderjames
I meant that I literally did not have a visible Start Menu that I could
interact with because Windows 10 uninstalled the version of Classic Shell[1] I
was using as part of installing the Anniversary Edition upgrade. I actually
had that message pop up, "Windows has uninstalled this program because it is
known to be incompatible." Luckily there was an Anniversary Edition-compatible
version available that I could reinstall.

Note also that I don't especially consider Classic Shell to be an odd program
given that when I briefly worked at Microsoft a few years ago (Win 8.1 was
current), my manager actually recommended I install it on my second day there
on the company-provided computer in order to retain the classic UI because
that group found the Win8 touch UI to be unusable on the desktop.

[1] [http://www.classicshell.net](http://www.classicshell.net)

------
guilamu
I think this article is mixing up three different things which is
counterproductive when you're trying to convince people. Just go to the point
(not the pointS).

1\. Defender is not the best AV out there from a strict efficiency perspective
(IMHO, Defender is good enough for most people and is quiet enough & bloat
less enough compared to a lot of the competition).

2\. Killing the competition in the specific AV domain is bad for security
(IMHO, perfectly valid point).

3\. MS is globally trying to kill any competition by abusing its dominating
position (IMHO, another perfectly valid point).

2 & 3, while absolutely true, are shadowed by 1 which is a very questionnabe
point.

Too bad.

~~~
nxc18
The big advantage to Defender is that it will never turn off, never show you
an ad, and never ask for payment. Users are defended without needing to know
it.

Conditioning users to expect popups demanding payment is unconscionable.

------
turblety
I think that the unfortunate truth (well IMO) is that if you want security
and/or privacy then Microsoft is not the company for you. They have shown many
times to be in bed with the NSA
([http://techrights.org/wiki/index.php/Microsoft_and_the_NSA](http://techrights.org/wiki/index.php/Microsoft_and_the_NSA))
and I'm sure other spy agencies and are becoming less open and friendly
towards developers and it's users. It is bad that these decisions are
effecting businesses but we can all make the change by moving towards more
open operating systems and companies that give users and businesses back their
freedom, privacy and security.

~~~
fluidcruft
Seriously. I don't need to add the Kremlin into the mix.

------
imode
I uttered the same words when, after not booting up my machine for a month due
to a move, I got the lovely, lovely message...

"A component of the operating system has expired."

and I was unable to boot any further. still am not. had to turn back my BIOS
clock a month in order to "unlock it".

needless to say, a planned install of linux is on the way. I've had enough.

~~~
mynameisvlad
Are you running Insider builds? Because I believe there is a warning when you
first enable them that they _do_ expire, and in this case, it did. I've only
had an expiration BSOD when my Insider build expired; regular builds shouldn't
exhibit this behaviour.

~~~
imode
it's funny, I switched to insider builds, then switched _back_ to the regular
builds on a stock install of 10, and this still happened.

------
hs86
With the recent Humble Bundle deal I have tried again one of these antivirus
products (Bitdefender Antivirus Plus) after only using Windows
Defender/Security Essentials since the Windows 7 days.

Right after installing it I noticed that I MITMed myself with their "Web
Protection" feature. To show green check marks next to my Google search
results this "security" software intercepts my TLS traffic and alters it
without my consent. At least Microsoft's solution isn't that desperate to make
itself noticed even at the expense of my network stack's integrity.

This is my main issue with the "security" industry for Windows. To justify
their existence they have to remind their paying users all the time about
their involvement and sometimes they use really stupid and dangerous methods
to achieve this.

------
brudgers
I believe that when I am using Windows, my interests are more closely aligned
with Microsoft's interests than Kaspersky's. That's why I stopped using
Kaspersky in favor of Microsoft's built in security product...and similarly
why I stopped using Norton AntiVirus in favor of Kaspersky a few years before
that.

Independent of that, running Kaspersky means installing Kaspersky's root kit.
That's another low level vulnerability in addition to Microsoft's root
privilege. It's simply more attack surface. Fully utilizing Kaspersky means
sending telemetry to Kaspersky just as fully utilizing Microsoft's product
means sending telemetry to Microsoft. I've no reason to believe Kaspersky less
likely to be compromised than Microsoft.

To put it another way, Kaspersky's business, like many in the Windows
ecosystem is to AdWords or bloatware their way to rents extraction while free
alternatives exist. I'm ok with Microsoft making that model obsolescent and
Kaspersky adapting or dying because Kaspersky's argument isn't that it
provides significantly better anti-virus protection.

------
SyneRyder
Geez, Microsoft keep shooting themselves in the foot. I feel done with Apple
and I'm so ready to switch after the MacBook Pro 2016 dongle debacle & the
glorious Surface Studio... but then I read things like this and see Windows
uninstalling software without the user's permission (SmartFTP is the Windows
FTP client I would use!) and realize that I just can't switch to Windows even
if I want to.

Yesterday I fired up Windows 10 in a VM on my MacBook to get some development
work done, only to find Windows go straight into installing updates while I'm
on battery in a cafe & without my power cord. (But it insists "Don't Turn Off
Your PC".) 90 minutes later (!) Windows finally launched... just as I had to
run for my train home. I literally couldn't do my work that afternoon, all
because of Windows.

~~~
Insanity
You do not just have one choice to go with if you want to switch away from
mac.

If you do not like mac nor windows, maybe give Linux a shot? If you care about
the mac UI you can make Linux look like it.

For software development and normal usage I do not feel like I am missing out
on something by using Debian on the desktop and Ubuntu on my laptop.

If you use some specialised software for design you might want to check
compatibility though

~~~
SyneRyder
I'm seriously considering it now. I'm a consumer desktop software developer
(making Photoshop plugins) so I'll have to use Windows & Mac at least in VMs,
but maybe I can run Linux on the metal.

I haven't given Ubuntu a proper try, except the one time I tried to make my
plugins work with GIMP & Wine. Elementary looks interesting as well - their
website mentions some of the Apple attention to design detail that I
appreciate.

~~~
wuschel
After years of thinking and consideration, I switched recently. And behold...
it is great. Just do it - there is so much choice that I am sure you will find
your sweet spot.

My suggestions: Xubuntu or Ubuntu w/o all the nasties, Elementary OS, Debian,
Arch Linux or a BSD flavour.

~~~
milankragujevic
Only if you don't have AMD hardware. I bought a laptop with some AMD A10 APU,
integrated R7 graphics and a 1366x768 display. Installed Ubuntu to use it
instead of Windows 10 because Windows 7 doesn't want to install on a UEFI
machine where the HDD is somehow invisible to it and you can't use a USB 3
port because the installer fails to boot and all other nasties.

So I install Ubuntu and am greeted by a broken screen, where 2/3 of the screen
are on the right and 1/3 is on the left, like somebody cut a piece of film
badly so it's the previous frame and the current frame together.

I asked around and apparently Ubuntu 16.10 doesn't do AMD anymore because AMD
didn't write a proper GPU driver, and the old driver for Ubuntu 12.04 (that's
from April 2012 haha) is broken totally for new hardware.

So here am I using Windows 7 Pro in a virtual machine on Windows 10 home which
constantly bugs me with notifications, is very slow, eats battery and is
generally horrible.

Meanwhile my MacBook Air (which only has 4GB of RAM because I bought it with
my own money and I'm freelancing and am 16 years old) is laughing in the
background...

So, no, Linux is not the solution... :/

~~~
milankragujevic
Proof: [http://i.imgur.com/3wlPZZE.jpg](http://i.imgur.com/3wlPZZE.jpg)

~~~
wuschel
I see. Sad to see this development, and thanks for bringing this up. The
ability to run linux flavours is now definitely a purchase criterium for me
when it comes to new hardware.

------
yAnonymous
Microsoft need another expensive EU lawsuit. This is very similar to the
things they have already paid a lot of fines for in the past. It seems that
wasn't enough.

------
cardiffspaceman
I have installed Windows 10 on two systems. One has MSE enabled and the other
has Eset Nod32. Nod32 was installed on that machine under Windows 7 and after
converting the OS to Windows 10 it continued to work. Windows 10 is now
facilitating notifications that the Eset license needs to be renewed, but

IT IS NOT TRYING TO TRICK ME INTO USING MSE.

Also, back in the day I had an HP laptop with an AMD Duron processor, and it
came with Symantec AV. I had overtemp shutdowns. I diagnosed that the AV was
using most of the CPU cycles by far. So I researched the providers and somehow
Nod32 came out on top across two or three different AV shootouts. I replaced
Symantec with Nod32 and the laptop ran so much better. After that I only ran
bundled AV on new machines until I could get around to installing Nod32. Nod32
continues to behave appropriately.

On the machine that runs MSE instead of Nod32, there was a different
application chewing up the CPU cycles: The HP support assistant.

------
endgame
This is the world people predicted way back when Windows XP product activation
first became a thing, and we sleepwalked right into it.

------
rayiner
Microsoft auto-update should also automatically delete all third-party
crapware (all the garbage Lenovo utilities that come on Thinkpads, etc). It'll
go a long way to a more Apple-like experience.

------
Globz
I have been running MBAM (free version, scan only)/MSE for years without ANY
issues, not a single virus on any of my windows machine.

I can't understand the need for bloatware aka "anti-virus", if you take the
time to educate the users and train him to stop clicking and installing
whatever pops up in their screen then they can pretty much rely on MSE and
have a clear mind.

Obviously MSE might not detect EVERYTHING but basic education on how to treat
spam/advertisement/phishing goes a long way.

------
KirinDave
Quite frankly, I think the continuous consumer abuse by the windows antivirus
vendors is something that Microsoft is listening to here, and making it much
harder for questionably efficacious software to put you into a perpetual
license loop primarily fueled by scare tactics.

Sweeney had an argument, and one that I think Microsoft is trying to address.
Anti-virus software (including McAfee and Kaspersky) is responsible for _so
many daily fuckups in my corporate computing experience_ that I am
aggressively removing it from every computer I can find, and I tell everyone I
can do to the same.

It is _good_ that Microsoft is making them justify their existence, use less
deceptive re-subscription tactics, and in general providing very stiff
competition for them. In this specific case, it not monopoly tactics, this is
pro-consumer competition.

I hope people realize this, because I think most windows users read this and
then immediately squinted and said, "Kaspersky, huh?" It took me over an hour
to scrape that gunk out of the last windows 7 box I set up for my family, and
I was happy Win10 kicked it to the curb for me on the upgrade I just helped
with.

------
UK-AL
The AV industry needs to die. Security needs to built in, not just a 3rd party
add on.

------
rvijapurapu
After decades of providing us insecure software, are we supposed to blame
Microsoft for doing the right thing & getting things _almost_ right?

I have not yet found an Antivirus software which can truly educates the user -
there are wonderful opportunities in there for the right kind of
company/product. Proactive solutions beat reactive solutions hands down. Like
they say "Stitch in time saves nine"

------
jscholes
> Microsoft has even limited the possibility of independent developers to warn
> users about their licenses expiring in the first three days after expiration
> ... this is the crucial period during which a significant number of users
> seek extensions of their security software licenses.

So it's about profit, because the AV companies lose out in their historically
most lucrative period to keep paying users.

------
lazarus101
Please tell me again how this "new" Microsoft is so much better and more
ethical than Ballmer's Micro$oft.

~~~
creshal
Well, you can run .net Core and MSSQL on Linux now and get more servers moved
away from Windows, while still being trapped in Microsoft's walled garden.
Yay?

------
neves
Great post. I'd like to know from fellow HNs: how does Windows Defender
compares with other anti-virus?

~~~
asddddd
Detects a bit less AFAIK, but doesn't have insane misfeatures like "web
protection" (MITM) and auto-installed plugins/whatever that you have to
disable one by one, bloat related to 1st point, scare popups to get you to
upgrade/renew/etc, and the general scummy BS that comes with having a 3rd
party antivirus.

I think it's good enough, in general. While a 3rd party AV might be more
effective for someone very prone to installing PUPs/malware, I still don't
think it's worth it - an adblocker likely makes much more of a difference just
by preventing people from clicking Google ads while looking for legitimate
software.

Side note: I've been happy with Win10. While I thought auto updates would be
bad, they've all been snuck in while I'm sleeping/AFK with no side effects.
Apart from the initial round of disabling various telemetry features, it's
been smooth, and the stupid stuff like unremovable start menu tiles has
gradually been fixed.

------
xbryanx
Side note...stop spreading this ridiculous and incorrect frog metaphor.

[https://en.wikipedia.org/wiki/Boiling_frog#The_science](https://en.wikipedia.org/wiki/Boiling_frog#The_science)

~~~
mark-r
I don't see any facts in that link that refute the metaphor. Old experiments
at 0.2 °C per minute show the frog dying, while newer experiments at 1.1 °C
per minute have the frog jumping to safety. It was already noted that the
speed of the heating affected the result in 1888.

------
Kenji
I hate how intrusive the Windows Defender is, it automatically deleted some
executables of mine I know to be clean (false positives). Just disable that
beast entirely, seriously (group policy or regedit). Makes your PC much
snappier. Defender is my biggest gripe with Windows 10.

Having anti-viruses installed is for fools. I just upload every single
executable to VirusTotal.com and make sure I know the source I downloaded it
from - this is far superior to any anti-virus and doesn't slow down your PC.

I said this when Windows 10 was new and I got tons of downvotes. I say it
again because it still holds true and needs to be said.

~~~
ssijak
"I just upload every single executable to VirusTotal.com". I would stop using
that OS even if it is the last OS on earth if I would need to do that..

~~~
Kenji
You have that problem with all executables that are not distributed through an
audited packet manager (or another safe channel). If you directly download any
executable for linux, or apks for android, you have the exact same problem.

------
neves
And he asks: "Who would be most pleased of all to see a monopolization of the
cybersecurity market?"

And answers: "Of course, the cybercriminals!"

What he doesn't say: one of the greatest cybercriminal is the American
Government.

------
mixedbit
From my experience AV software makes life of small developers targeting
Windows platform harder, so an argument can be made that Microsoft is actually
helping independent developers by improving installation and update
experience.

We often need to deal with user problems because the installation or update
process was blocked by AV software without any user visible message. Also
often an application is incredibly slow for some period after the installation
because AV is doing some additional scanning/blocking (again the user is not
informed about this and blames the application).

------
njharman
Sorry didn't read original article, its such ancient news.

This has been going on since days of DOS, like 35+ years.

"MS-DOS also grew by incorporating, by direct licensing or feature
duplicating, the functionality of tools and utilities developed by independent
companies, such as Norton Utilities, PC Tools (Microsoft Anti-Virus), QEMM
expanded memory manager, Stacker disk compression, and others."

This is Microsoft business success 101.

[https://en.wikipedia.org/wiki/MS-
DOS#Competition](https://en.wikipedia.org/wiki/MS-DOS#Competition)

------
ojbyrne
[https://en.wikipedia.org/wiki/Embrace%2C_extend_and_extingui...](https://en.wikipedia.org/wiki/Embrace%2C_extend_and_extinguish)

------
heisenbit
To hide the uninstall of competing software behind a "Turn on" button through
the dominant platform vendor may well be one step too far into the land of
violation of anti trust rules.

------
kriro
Pretty bad practices by Microsoft and sounds like that has a decent chance of
costing them money in the EU.

However I think the point that having one monopoly AV decreases security
because the bad guys can adapt to it is at least not as clear cut as it seems.
Especially compared to the scenario of someone having multiple AV programs
installed. AV programs themselves are excellent attack vectors, especially for
the more skilled attackers so reducing the number has at least some
theoretical benefit.

------
jondubois
It's interesting to know that even 'large' companies like Kaspersky Labs are
affected by this centralization of software.

In startup land this is common - I've seen so many bootstrapped startups fail
because they were out-spent or their market was monopolized by big companies
or big VC money.

Sometimes it feels like we're going to end up with one giant tech giga-
corporation that will just own everything and everyone will be employees of
it.

------
douche
Just looking at the headline(without the domain), and recent events, I thought
this was going to be about Teams vs Slack.

The reality is that an organization as big and as talented as Microsoft could,
if they put their mind to it, develop and release a software product in
virtually any market covered by their ISVs, and unless it is really terrible,
or the third-party tool is really good, displace it.

------
vic-traill
What jumped out at me was that the 'Compatibility Assistant' actually removed
a program (in the screen capture SmartFTP); that's _removed_ , not disabled.
Disabling a program which has compatibility issues may be a reasonable action,
removal, not so much

IANAL, but that seems at the least to be a bloody annoying action, and at the
most, anti-competitive as well as anti-consumer.

------
tteller
AV slows legitimate software that operates on large data sets to the point of
it being unusable. Case in point:

[https://github.com/yarnpkg/yarn/issues/990](https://github.com/yarnpkg/yarn/issues/990)

User comment: "MacBookPro takes 17 seconds, my Windows machine takes 122
seconds."

Because of AV - fast on Mac, slow on Windows.

------
LeanderK
this is why i don't trust microsoft azure. I recently had to watch a marketing
guy trying to sell me on azure, every second slide had a big, bold OPEN sign
on the upper right. An truly open company does not have the need to stress
every second slide that they are truly open. I tried using the service-bus (it
was not my choice) and stumbled up on [https://github.com/Azure/azure-sdk-for-
java/issues/465](https://github.com/Azure/azure-sdk-for-java/issues/465), it
is open since february! Node.js and the Rest-API were not working either and i
could not use the c# library from my mac since important DLLs were missing.

It was a scary experience and it will take some time until azure will gain my
trust. What would help is entangling microsoft and azure into a s structure
like google has done with alphabet. With the current structure clashes of
interests are inevitable.

------
pjc50
I don't hear anybody complaining about Apple's anti-competitive ban on AV for
iOS.

Oh, wait, that's because iOS is orders of magnitude more secure than Windows
and doesn't really _need_ an AV product. Whereas Windows has been plagued by
malware for decades. Nobody wants to buy AV in the same way that nobody wants
to buy health insurance; it's an unfortunate necesssity in an imperfect world.

Unfortunately the tradeoff we're facing here is the "information feudalism"
one. People aren't realistically able to secure themselves, so they end up
having to pick a quasi-monopolist and delegate to them the ability to ban
software. Such bans can be extremely arbitrary. Occasionally even your
headphone jack gets taken away. But people put up with it because it works for
them in a way that anarchy doesn't.

Microsoft would clearly love to make Windows behave like iOS: apps only
installable from the store which has power of veto and takes a cut. Heck,
Apple would probably like to do that with OSX. Neither has quite managed it
yet.

I suspect the long term way out of this is a proper user-owned subscription-
driven open hardware company, but that's a very hard thing to build and a hard
sell to the average user.

~~~
WayneBro
Meh. Apple is a tyrant and they're worse than Microsoft has ever been.
Furthermore, Apple sucks for business computing.

There's a reason that every business on the planet runs Windows and that the
Mac only has a piddly ~7% market share.

The difference between Microsoft and Apple is that Microsoft usually corrects
their big mistakes while Apple defends theirs to the death. That's why (among
many, many other issues) Mac users were forced to buy one-button mice for 15
years and that's why they could only resize a window by the lower right corner
until around 2007. LOL!

There's also a reason that Windows is orders of magnitude more secure than
"the Mac OS" \- it gets attacked way more often.

\- [http://www.ibtimes.com/nope-apple-computers-arent-more-
secur...](http://www.ibtimes.com/nope-apple-computers-arent-more-secure-
windows-theyre-just-attacked-less-2334220)

------
EJTH
Good read. Makes me glad I haven't made the switch to win10 yet. And yes
windows defender is horrible, the other day it just decided that all .lnk
shortcuts to browsers were infact malware (Even if it was just an ordinary
shortcut)... Anyone else experienced this with windows defender?

------
cowl
While he is on the point on Microsoft's general anti competitive behaviour
Antivirus publishers behave the same. you want an ANTI-VIRUS, but then you get
continually bombarded with reminders that you are missing a Firewall, VPN,
Password manager, and everything else they can think off.

------
dman
In case microsoft is listening - please expose a knob to the user allowing
them to make the file modification hooks be no-ops. There are times when I am
doing critical things where I dont want the file modified callbacks to AV
viruses / other spyware to be invoked.

------
dz0ny
Microsoft is creating walled garden and has all right to do that... for some
sectors. The most problematic for me is public sector (gov) because they are
forced to use Microsoft products by their own agenda, others are free to
choose and I believe they do that...

~~~
ivan_gammel
Public sector can always go Linux, as it already happening everywhere. There's
no need in great UX, just good enough one to perform their functions. For many
even a thin client working with cloud-based apps is good enough.

------
rloc
Security fixes and improvements should be made at the OS level. And it is:
Microsoft, Apple and Linux receive fixes very quickly. No software editor will
be able to do better than the OS to fix and stop threats.

I stopped using AV softwares a long time ago for the following reasons:

\- It slows down your device (memory, cpu, disk access, etc.).

\- It annoys you a lot more than it stops or solves any security concern. I've
yet to hear from someone telling me their AV software saved them from an
actual real virus... If this ever happens it's probably a damn advanced attack
that even the AV software doesn't know about.

\- It's extremely hard to remove, especially when pre-installed as a bloatware
on a PC. Sometimes it's also installed as an extension of other software
(browser, etc.).

\- It usually takes wrong decisions (false positive) that lead to broken web
pages, legitimate software that stops working, etc. And unfortunately the
"standard" user has no way to figure out it's due to the AV. I can't count the
number of times I had to work with my customers on figuring out what was
making my website or software not run (or even not to install) on their
machine. One time I had to write to an AV editor in order for my browser
extension to be whitelisted. Never got any answer...

AV softwares can be easily replaced with common sense and a set of very simple
rules.

\- Have a hardware/software firewall that blocks everything expect what's
required (allowing only web when initiated from the machine is enough in 99%
of the cases). Every major OS now comes pre-configured with a software
firewall which removes 90% of the threats.

\- Use a strong email service or software (gmail, etc.). This way you reduce
the likelihood that a virus, spam, or fishing email passes through.

\- Don't open email attachments coming from unknown or non trusted senders.
Even when the sender seems legitimate, double check that the email makes sense
(not an unusual behavior), pay close attention to URLs, written language and
words. Don't click links without knowing where it goes (domain name, https,
etc.). Email remains the most simple way to install a virus or a trojan on
someone's computer so be very very attentive when acting upon an email. If you
use an email provider (like gmail), report the spam or phishing attack very
quickly so that 1/it can be stopped quickly for others and 2/it teaches the
Machine learning to do better next time.

15 years I've been applying these rules and I never got any virus without
using any AV software. My devices run like a charm (PC or Mac).

While I'm a big defender of freedom and open source, I can easily understand
and forgive proprietary OS providers choices with regard to the AV editors.

~~~
harry-wood
The thing with the "don't open email attachments" type advice, is that somehow
it's not enough (I think it's more complicated actually. You need another
bullet point for "keep your browser up-to-date" and/or avoid certain typos of
website and certain links. There's several types of traps beyond email
attachments) I despair at teaching my old parents how to not get malware
infections. They may last a couple of months, but it's only a matter of time
before something they do leaves me spending the weekend trying to run virus
cleanups. I'm sure my parents' experience is indicative of many other less
tech-savvy folk.

But anti-virus isn't the solution either. This happens _with_ anti-virus
eating half their CPU. I don't really know a sensible way to let my parents
have a windows laptop these days. They use an iPad now, and that's the end of
it.

I certainly agree with your top and bottom sentence there. AV software is
basically an industry which shouldn't exist (or at least shouldn't be anywhere
near as well-known and lucrative as it is). The reason it has existed, is
because Microsoft have in been poor on security in general. I think more
specifically we can say that earlier versions of windows took an approach of
being way too permissive with things like file permissions. It seems to me
they've been gradually phasing in more sensible limits ever since, and if
they're also phasing out 3rd party AV software, I can see that might be a
sensible rationalisation too.

Might be. I'm not 100% sure because, while they are improving general
security, the other challenge microsoft has always faced is that hackers
target windows first because it's most popular. Previously hackers had a mish-
mash of several different AV softwares to stay ahead of. By making every
windows machine a highly regularised defender-running target, this might make
life easier for hackers.

~~~
rloc
Funny thing is that I installed ubuntu on my parents very old laptop (from
2001) that lost Windows XP support and it works really well. No virus until
now.

I replaced the Graphical User Interface with a lighter one though to maintain
decent performances.

------
verytrivial
In case Eugene is reading this, instead perhaps:

MICROSOFT KILLS OFF INDEPENDENT SOFTWARE VENDORS BY FOISTING ITS PRODUCTS THAT
ARE IN NO WAY BETTER ON USERS

for the tweet? (The products are in no way better, not the users!)

------
ianai
Sort of makes me root for the increasing irrelevance of the desktop.

~~~
andersonmvd
You're missing the point. It may happen with mobile as well. Actually already
started. Remember last news regarding Apple kicking off some apps?

~~~
ianai
Apple's just downright done this many times in the past. Flux -> "iOS Night
mode", for instance. If anything, mobile devices make it easier for
google/apple to push options out.

------
chrismorgan
Why does Microsoft even _allow_ trial installations of all of these sorts of
things? It’s cut-and-dried user-hostile behaviour, as are bundled installers
as a class. Microsoft has the power to kill these pieces of software. I wish
they would.

~~~
noselasd
How do you determine that a piece of installed software is a trial version, so
you can police it based on that attribute ?

~~~
chrismorgan
The sort of trial installations we’re talking about are ones ones that are
bundled with other software or preinstalled on a new computer. Microsoft
should be forbidding both.

------
phyushin
Am I crazybor has the title of this post changed like 3 times

------
piyush_soni
Why was the original HN title (which was also the heading for the article)
changed? This (new) one doesn't convey the sentiments of the article.

~~~
kriro
I was wondering the same. Iirc the original title was "I've had enough" or
something similar, only glanced at it the first time around.

------
yAnonymous
HN changed the title to something more Microsoft-friendly, instead of leaving
the original blog headline. Figures.

~~~
dang
The HN guidelines call for changing titles when they are misleading or
linkbait:
[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html).
What we did here is standard practice and has zero to do with Microsoft.

When moderators change a title, we always try to replace it with
representative language from the article itself. In this case you can find
that language in bold at the bottom of the article.

Users who feel strongly about Microsoft (for or against) are fond of accusing
the refs of being biased (against or for), but that's the case with every
emotional topic. Moderation always feels like that. We're as careful as we
know how to make sure it isn't true in reality.

~~~
yAnonymous
Why didn't you use the closing of the article "MICROSOFT KILLS OFF INDEPENDENT
SOFTWARE VENDORS BY FOISTING ITS PRODUCTS ON USERS THAT ARE IN NO WAY BETTER"
then, which happens to be bigger and bolder than the quote you chose and
represents the tone of the article a lot better?

Instead, you replaced it with the most positive line you could find until
users complained.

You do this time and time again and it smells like bullshit.

~~~
dang
That won't fit in 80 chars, so we had to edit it. We also edit superlative
language and outrage language out of titles. This is all tediously routine.
Actually the current title is more indignant than we'd usually allow ("kills
off", "foisting"), so this case is actually a counterexample to what you say.

> _You do this time and time again and it smells like bullshit._

This is a sample bias. People notice the cases they dislike and fail to notice
the ones they don't, thus weighting their sample. The more strongly you feel,
the more this effect will skew your view.

No doubt we do have biases—though I'd be flabbergasted if the one you're
accusing us of were among them—but given how hard we work to be neutral, and
how powerful this sample-weighting dynamic is, moderator bias is a poor
explanation here. It's like a programmer being too quick to blame the
compiler.

------
pif
You based your business on a proprietary platform. No formal contract was
covering your rights. What are you complaining about?

~~~
rplnt
So you can't complain now? Microsoft is pushing its own (inferior) solution
and making it harder for other vendors to compete. While we can debate whether
it should be fine for them to do that, there are laws limiting monopolies from
this kind of (maybe not this exact case) behavior.

Also, it works the other way around - you wouldn't need to complain if there
was a formal contract.

------
bronlund
The greed is getting the better of them. They are so desperately trying to
duplicate the success of others that they forget what success is all about.

Fun fact: If you bought one share of MSFT the 23.Dec 1999, you would be down 2
cent today.

~~~
easytiger
> Fun fact: If you bought one share of MSFT the 23.Dec 1999, you would be down
> 2 cent today.

They've had at least 2, that i can think of, 2for1 stock splits since 1999.

So that's wrong. If you had invested $10k in 1999 you'd likely have > $35k now
including dividents.

~~~
bronlund
Thanks, I forgot about the splits. What if you bought Apple for $10K?

Update: As far as I can see they have had two 2 for 1 splits and one 7 for 1
split. Meanwhile the price of the stock has gone from $3.696 to $107.79.
Meaning that you would have over $400K today + dividends.

~~~
belltaco
What if you invested 1 year ago? You'd be down ~10% on Apple and up ~10% on
MSFT. Anyone can pick an arbitrary timeframe to suit their argument.

