
Avoid Non-Microsoft Antivirus Software - bzbarsky
http://robert.ocallahan.org/2017/01/disable-your-antivirus-software-except.html
======
bad_user
I also want to raise an alarm about a current AV practice, not mentioned in
the article:

    
    
        AV products like Bitdefender will MITM
        your HTTPS connections by installing their
        own root certificates, by default and 
        without warnings
    

In the name of "security", this undermines the very purpose of what HTTPS is
about, knowingly endangering their users.

And consider that I, a highly technical and security conscious software
developer, only noticed it because I saw green icons appearing in my search
results and then noticed that Google's SSL certificate is now a fake. And I
only noticed it because I know how this shit works and those green icons
seemed suspicious.

And yes, I'm using the word " _fake_ ", because I doubt that companies like
Bitdefender have to pass the same certifications as a certificate authority or
that they have any deals whatsoever with Google. And it's a serious
vulnerability, because their certificate can get stolen and used by malicious
software, not to mention you now have to trust a third-party with all of your
secure connections, which includes your Google searches exposing your most
secret desires, your Facebook and Slack chats, your bank account, everything.
A third-party that does not have the scrutiny of your open-source web browser.

That's just preposterous and these products only survive because users are
gullible and technically illiterate.

~~~
yAnonymous
Microsoft doesn't exactly have a great record with root certificates either.

>Emergency Windows update revokes dozens of bogus Google, Yahoo SSL
certificates

[https://arstechnica.com/security/2014/07/emergency-
windows-u...](https://arstechnica.com/security/2014/07/emergency-windows-
update-revokes-dozens-of-bogus-google-yahoo-ssl-certificates/)

They revoked certs like this silently in the past which makes it even worse.

~~~
kbart
You can manage pre-installed root certificates manually in Windows. As far as
I've seen, there was nothing sinister in default Windows root CA list.

~~~
yAnonymous
That's hardly relevant for the average computer user. By default, root certs
are updated automatically.

>As far as I've seen, there was nothing sinister in default Windows root CA
list.

Are you in any way related to MS or is your memory just very short?

>Emergency Windows update revokes dozens of bogus Google, Yahoo SSL
certificates

[https://arstechnica.com/security/2014/07/emergency-
windows-u...](https://arstechnica.com/security/2014/07/emergency-windows-
update-revokes-dozens-of-bogus-google-yahoo-ssl-certificates/)

~~~
kbart
_" Thursday's unscheduled update effectively blocks highly sensitive secure
sockets layer (SSL) certificates covering 45 domains that hackers managed to
generate after compromising systems operated by the National Informatics
Centre (NIC) of India. That's an intermediate certificate authority (CA) whose
certificates were automatically trusted by all supported versions of Windows"_

I'd argue that's a problem in CA trust model, not MS. If you trust a certain
CA, of course you trust their issued certificates _by design_. Currently, if
some high tier CA f*cks up, there's no other way to invalidate their issued
certificates than propagating CRLs and removing its certificate from the root
CA stores manually (or by updates, as in MS case).

------
tempestn
What's more, as third party antivirus software becomes increasingly
irrelevant, many of these companies resort to harmful and even actively
malicious tactics to stay in business. On the more benign end, you see an
increase in 'safe web browsing' and such tools that parse javascript while
browsing and somehow attempt to make it.. safer, I guess. My main experience
with these things is when they randomly decide to block bits of code on our
sites, breaking functionality for no discernible purpose.

Far worse are the lengths that a company like AVG will go to to get and keep
their software installed on your computer. Their browser toolbars essentially
take all the dirty tricks they've apparently learned dealing with malware to..
build a piece of malware. Honestly whether it's active malice, incompetence,
or lack of motivation I don't know, but I do know I've spent hours trying to
extract their stuff from people's browsers. (I should say here that I fully
expect someone reading this has managed to uninstall an AVG toolbar with no
issues. They have multiple different auxiliary tools to their antivirus, and
I'm not sure specifically which one(s) caused me trouble personally. It's also
likely that they're only a _real_ pain in certain circumstances. But
regardless, if you google something like 'how uninstall avg' or 'avg malware'
I'm sure you'll find many more examples.)

~~~
TeMPOraL
> _I should say here that I fully expect someone reading this has managed to
> uninstall an AVG toolbar with no issues. They have multiple different
> auxiliary tools to their antivirus, and I 'm not sure specifically which
> one(s) caused me trouble personally._

I can say this: I never had a problem with uninstalling a browser toolbar, or
restoring the default search engine in the browser. What I always have
problems with, is _getting rid of AV software itself_. Oh God, how hard it is
sometimes.

Norton AV taking half an hour to uninstall is a known thing; I'm convinced
they actually have some Sleep() calls in their code just to piss people off.
But just last week I tried to get rid of Comodo AV (+ 2 bullshit pieces of
software it installed) on my neighbour's computer. Took a while. The
uninstaller didn't work (it reported "an error" and gave up), so ultimately I
had to resort to manually deleting stuff until the uninstaller finally
unlocked itself and cleaned up the rest.

I've been having similar experiences with all AV software in past few years.
They're a menace.

~~~
tempestn
Ya, IIRC it wasn't specifically the AVG toolbar, but some other thing in
integrated into the browser. It refused to uninstall, and then even when I
downloaded and ran the super-secret installer from their site, it replaced
itself on the next restart. Extremely frustrating.

------
neko_koneko
Ok, disclaimer first: I've previously worked at Kaspersky Lab (incident
response division). Now, I want to say that many of the incidents that we have
investigated, would have been prevented by anti-virus software (in many cases
AV software was deliberately disabled by user). And I'm talking about
incidents that resulted in million-dollar thefts - not just cases of some user
getting cryptolocker on their home computer. I agree that AV software is
bloated and has very large, messy and barely maintainable codebase, but I
disagree with people who say that "I have never used any AV products and in 10
years have never been infected with malware" \- this attitude is careless, to
say the least, and in corporate environment could lead to huge financial
losses. There are many criminal groups that put serious effort in the
development and distribution of malware - not just script kiddies, but
professional programmers and hackers.

BTW, there are also region-specific malware - so for example I would rely more
on Kaspersky for detection of malware targeted at Russian businesses, than
Symantec or Microsoft AVs.

~~~
NameNickHN
Any AV software is better than having none but that's not the point of the
article. It specifically recommends Microsoft's AV and to stay clear of all
the others.

I'm sure it's hard on all the AV vendors out there but with Microsoft
Essentials and Windows Defender I don't see the need for a third party AV.

~~~
floatboth
Forget even Windows Defender. The one and only "AV" a normal user will ever
need is…

Google Safe Browsing.

Seriously.

Anything you download is already checked with Google, why waste CPU cycles on
checking it again locally?

~~~
nugget
Google runs the largest advertising network in the world. Plenty of malware
slips through the cracks every day, both downloadable apps/software/extensions
as well as ads that lead to obvious scams. Facebook, Microsoft, Yahoo etc all
suffer the same problems. I think these problems are likely unavoidable at
that kind of scale. But I would never rely on these companies as the only (or
even primary) line of defense.

~~~
floatboth
Of course the primary line of defense is not running random crap executables.

------
zamalek
As always, it depends on the product that you are referring to. Purely by
coincidence, I installed [product] again a few weeks ago, after having used
Defender since Windows 10 launched.

> see bugs in AV products listed in Google's Project Zero

All software has vulnerabilities, including Defender. Searching for [product]
in Project Zero shows that only 3 vulnerabilities have been discovered (which
is arguably a bad thing, but not according to this author) and it took, at
most, 4 days for them to be resolved.

> if they make your product incredibly slow and bloated

This is precisely the reason that I have returned to [product]: performance.
I'm running off an HDD and Defender saturates my HDD for a good 2 minutes
after boot. I don't experience this with [product]. In addition, it has a
"gaming mode" which allows you to further cut back on its activity (I have
never needed it). Looking at objective tests, Defender fares quite poorly in
both performance[1] and protection[2].

Additionally, a homogeneous market is an easy market to exploit. Let's assume
that everyone took this advice and installed Defender. It is guaranteed that
Defender has vulnerabilities. If you wanted to pwn as many machines as
possible, you would only have to worry about exploiting a single AV.

This is just bad advice, I'm sticking with the competition (which may not
always be [product]). There are bad players (McAfee, Norton) but that does not
mean everyone sans Microsoft is utterly incompetent.

[1]: [http://www.av-comparatives.org/wp-
content/uploads/2016/05/av...](http://www.av-comparatives.org/wp-
content/uploads/2016/05/avc_per_201604_en.pdf) [2]: [https://www.av-
test.org/en/antivirus/home-windows/windows-10...](https://www.av-
test.org/en/antivirus/home-windows/windows-10/)

~~~
drzaiusapelord
>This is just bad advice, I'm sticking with the competition (which may not
always be [product]).

This is my thinking as well. Microsoft's virus definitions are often worst in
class and the agent itself only seems to update its definitions daily or, at
most, twice day while 3rd party applications do so hourly or more. I've never
seen MSE or Defender stop any ransomware attack. Not once. It just can't move
fast enough to keep up.

Avast, Sophos, ESET, Panda, etc all trounce MS. Most of these are free for
home and are largely trouble-free. Just because the author had a bad
experience with Norton and McAfee doesn't mean the MS product is superior. I
suspect the person who wrote this isn't a sysadmin who manages many users. The
level at which MS can't keep up is embarrassing. I'm surprised to see this
kind of thing at the top of HN.

My only compliment for MS is that SmartScreen is very aggressive in Win10 and
will often flag suspicious executables correctly. I suspect the author is
confusing SS with Defender. SS works because its heuristics based. Defender
sucks because its signature based. The nice part is that these are two
seperate applications, so if you run Avast or ESET, you still get SS.

Its also worth mentioning that a lot of Win10 "privacy" guides, often linked
on HN, recommend disabling SS. I can't stress how much of a questionable
practice that is. SS is a proper security layer and if sending MS a hash of an
executable is such a problem for you, I suggest getting off Windows, as
Windows does so much worse in regards to privacy even after following those
guides.

~~~
zamalek
> often flag suspicious executables correctly

The false-negative rate is embarrassing, though - especially with reputable
open-source projects. Still, unblocking the file potentially gives a user more
time to think about what they are doing.

> recommend disabling SS

The last one I saw left UAC turned off. Defender might not be the best (in
addition to Windows 10 spying), but Microsoft really does have the best
defaults otherwise.

------
owenwil
This is my advice to everyone I know that gets a new Windows PC. Windows 10's
built-in protection is more than adequate, and catches the majority of bad
software - anything more is unnecessary, and many of the AV vendors are
predatory.

~~~
romanovcode
It sucks that you cannot reset your Windows to MS-Vendor settings.

For example if you get some Acer laptop and reset it using windows built-in
functionality it'll still reset it with all the bloatware - including AV.

~~~
danieldk
Can't you just download a pristine Windows 10 ISO from Microsoft's website and
install from that? I've done that on my Dell Precision and it works great.

~~~
floatboth
You can! Just make sure it's the exact same edition and language that came
with the laptop. It will just pick up the OEM key from the ACPI table.

------
chime
> At best, there is negligible evidence that major non-MS AV products give a
> net improvement in security.

I apologize for present anecdote when data is needed but I manage a Windows
network with 100+ users and on a daily basis, Kaspersky catches 5-10 emails
from Outlook that have nasty attachments. It prevents my users from opening
these innocuous looking but nasty Invoice-Jan-2017.docx files. Without a good
AV there is no way to know which Invoice-Jan-2017 has a virus/worm vs. which
doesn't. Relying on the Office security feature is not sufficient because
actual vendor/customers send macro-enabled files to us regularly.

~~~
shultays
> Invoice-Jan-2017.docx uh, docx files can hack my PC now?

Is this a bug of MS Word or docx format really has ability to become a virus?

~~~
technion
An extraordinary amount of Cryptolocker outbreaks were due to .docx files
containing macros.

Yes, it has a default behaviour of "prompt to execute macros", but it happily
shows the advice in the malicious document to "please click yes at this prompt
to get a free iPhone", at which point the majority of users click "yes".

~~~
mavhc
.docx files can't contain macros

~~~
neko_koneko
.docx files could contain macros just fine.

~~~
emodendroket
They cannot. Anything that has macros has to be docm.

~~~
neko_koneko
Sorry, my bad. I meant files in OOXML format.

------
rubbingalcohol
It's irresponsible to make such a broad claim and back it up with really vague
anecdotal evidence. Yes, there are a lot of lousy AV products that are at best
a break-even for security, but there are some that don't suck and generally
you have to pay for them - what a strange concept.

I'm not going to advocate for any particular vendor as I used to work for an
AV company (and currently use a product from a competitor). But I can attest
that I've used products that have caught threats that Windows Defender didn't,
and many products also include a much more robust and configurable firewall.

It's annoying when someone else's lousy code breaks your own code. This
happens to the sites I administer frequently, where we will randomly get
blacklisted by some no-name AV product's web security feature. I understand
the frustration when you have no control over this. But to conclude that all
AV software is bad does not follow from the evidence given.

~~~
krylon
> really vague anecdotal evidence

[...]

> I can attest that I've used products that have caught threats that Windows
> Defender didn't

Since you brought it up, the latter statements sounds suspiciously like the
very definition of "really vague anecdotal evidence. SCNR

~~~
nurettin
Perhaps it is counter-anecdotal evidence showing the futility of anecdotal
evidence as a whole.

------
aszantu
Granny won't believe me :( she feels safer because of some popup that tells
her she's safe.

~~~
dschuetz
This is the most authentic argument I have read so far on this subject. People
do not care about vendors. People care about how _they_ feel. For everything
else going beyond the "You are safe!" popup (try to explain "DLL injection?"
to your Granny! Okay, "blocking updates" she might understand) a user needs a
far deeper understanding of what goes on under the hood of the OS, or
practically any software based on said OS. "Uninstall AV software" does not
make people feel safer, now that the narrative of "AV is making the Internet
safer" is practically standard.

------
resfirestar
"Microsoft AV products" aren't exempt from breaking things with poorly
implemented features. MSE on Windows 7 makes games (specifically, fresh
installs of StarCraft II, CS:GO and Overwatch) unplayable for me due to CPU
usage spikes, apparently due to it thinking that various game executables and
settings files are suspicious. Exempting the directories from scanning and
disabling suspected malware sample submission had no effect, what finally
worked was switching to school-provided Sophos Endpoint. Antivirus can get
messy and intrusive no matter who does it.

~~~
raesene6
The thing is most anti-malware products cause perf. issues, but it seems to be
the 3rd party ones that actually make your security worse with poorly
implemented and secured features. It seems bizarre to me that commercial paid
for security products have such poor coding practices that a lone (albeit very
talented) researcher can find so many dangerous security vulnerabilities in
them.

These vendors should be leading the way in secure coding and design due to the
high-privilege level their code runs at.

------
mtgx
Yeah, trust Microsoft, he said:

[http://www.theverge.com/2017/1/25/14381174/microsoft-
thailan...](http://www.theverge.com/2017/1/25/14381174/microsoft-thailand-
government-surveillance-thai-censorship-encryption)

Isn't it funny how at the same time someone is recommending to not trust other
anti-viruses because they MITM you with their own certificates, Microsoft is
doing the same god damn thing, _or worse_ (allowing a whole country to spy on
you through it, and not just itself).

> “This program is an extensive review process that includes regular audits
> from a third-party web trust auditor.

Is that the same auditor that audited WoSign as well?

[https://blog.mozilla.org/security/2016/10/24/distrusting-
new...](https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-
and-startcom-certificates/)

Why hasn't Microsoft started requiring Certificate Transparency yet for all
certificates? Maybe then I'll believe them when they say they're sure nothing
wrong is going on here.

------
StreamBright
Anti-virus software is an anti-pattern in general. Having more bugs and
backdoors than the rest of the applications combined. I havent been using
anti-virus for the last 5-10 years I have just a simple rule set for using
internet and it proved to be sufficient for me. However, I have many friends
with anti-virus softwares and they still got viruses on their systems. I guess
this is anecdotal evidence but I would like to see a comprehensive study on
how effective anti-virus systems are.

[https://googleprojectzero.blogspot.hu/2016/06/how-to-
comprom...](https://googleprojectzero.blogspot.hu/2016/06/how-to-compromise-
enterprise-endpoint.html)

------
jug
For the past years it seems like even Windows (given the large attack surface)
viruses/trojans have become much less common than in the past. I think the
first line of defense in web browsers and various techs like SmartScreen etc.
has helped especially with fishy porn ad ridden websites wanting to download
FixWindows.exe, but also that we've moved to often use cloud oriented tools.
Nowadays we visit websites to get things done way more often than in the 80's
/ 90's when we ran executables from some friend's diskette or hard drive. And
as long as we visit websites it's way too much effort to exploit weaknesses in
their sandboxes that this is then almost entirely about targetted attacks.

Another example of how obnoxious it is becoming to merely _get_ to someone's
computer to infect it now that users rely less on executables, is that the
Fake Indian Microsoft Support Technician has become a thing. Actual humans
calling other humans and hoping for the best by social engineering. This is so
far fetched and works so rarely that the desperation is real.

E-mail has been another traditional way of getting to someone but that's
nowadays mostly Outlook.com or Gmail.com, which have their own very efficient
AV systems in place.

I guess my point with this is that even Microsoft's so-so antivirus tool
(given that it's less intrusive) should indeed be enough. Hell I think a user
with common sense will be fine with no AV whatsoever for longer than one may
think.

------
gravypod
How about we avoid all antivirus software, integrate virtualization as a key
feature of the UI of our operating system, and completely sandbox all apps. We
have the technology to do this (Qubes does it now) but it's not going
mainstream. I don't know why but I think this would be the end goal of
computing. Completely segregate your work from your machine and only give it
access to things that make sense. (Chrome doesn't need to see /etc/nginx or be
able to run systemctl).

I also don't think we should trust Microsoft to not use similar exploits as
other AV products in the future and I think the biggest problem here is
primarily an issue for proprietary software.

One example is " _Furthermore, as Justin Schuh pointed out in that Twitter
thread, AV products poison the software ecosystem because their invasive and
poorly-implemented code makes it difficult for browser vendors and other
developers to improve their own security_ "

I have a hard time beliving that a libre-AV would have this problem. I've
never seen bad architecture prevent security fixes and I've never seen bad
architecture stay for long when it's only one rewrite away from being fixed.
(I'm making no comments about compatability because no doubt even the command
arguments will be renamed and their order will be changed)

~~~
sjellis
> How about we avoid all antivirus software, integrate virtualization as a key
> feature of the UI of our operating system, and completely sandbox all apps.

This is basically the end-game for Flatpak:

[https://blogs.gnome.org/alexl/2017/01/24/the-flatpak-
securit...](https://blogs.gnome.org/alexl/2017/01/24/the-flatpak-security-
model-part-3-the-long-game/)

Flatpak is vendor-neutral, but it will provide the sandbox isolation that may
then enable Fedora to ramp up to Atomic Workstation, a fully containerized
desktop OS:

[https://fedoraproject.org/wiki/Workstation/AtomicWorkstation](https://fedoraproject.org/wiki/Workstation/AtomicWorkstation)

Hopefully we will see other Linux distributions integrate the technology as it
matures.

FWIW, Microsoft are developing VM-based isolation for the browser:

[https://threatpost.com/microsoft-edge-adds-app-guard-
browser...](https://threatpost.com/microsoft-edge-adds-app-guard-browser-
security/120925/)

------
leni536
I have the impression that the AV business is some kind of mixture of scam and
mafia.

~~~
pjmlp
Users are to blame by pirating software. Of course, pirates don't do it for
free.

~~~
antihero
Yes they do, the cracking scene ethos is all about technical one-upmanship and
the thrill and glory of beating copy protection. Or at least it used to be.
The really smart ones do it for their own enjoyment or ideological reasons.

~~~
pjmlp
Not really, back in the MS-DOS, Atari, Amiga, Acorn, Mac OS days you surely
need to first scan every single floppy before putting on the computer.

The cracking scene was equally full of virus.

Only in the very early days, during the genesis of the demoscene, it was as
you describe.

~~~
emodendroket
As I recall the early virus guys were more like vandals who wanted to cause
problems for the thrill of it than guys operating international rackets like
they are now. When was the last time you heard of a virus that just formatted
your hard drive or whatever?

~~~
pjmlp
Nowadays they encrypt it instead.

~~~
emodendroket
Yeah, and then they ask for a ransom. Not really the same as destroying stuff
just for the thrill.

------
interfixus
This - minus the Microsoft part - is what I have been preaching for many
years, even back in the late nineties, before pulling myself together and
decamping for Linuxland.

But users insist. I have probably never convinced anyone to go without the AV,
at least not on a permanent basis.

The best I can do is usually to set up som ClamWin and a daily or weekly scan
for everybody's peace of mind.

------
delegate
Who writes all these viruses ?

I mean, I've experimented with assembler when I was a teenager and I may have
developed some kind of program which could replicate itself.. but I highly
doubt today's viruses are written by teenagers...

Who and why do people write viruses ? Is this a thing at all or are all the
viruses written by the Antivirus makers themselves ?

More 'threats' is good news for the A/V makers so why not have a separate
department which develops them ?

I wouldn't be surprised at all, given that much crazier things are happening
in this world..

Can anyone confirm or disprove this ?

~~~
Maakuth
If you have some time to watch a video, here's a clip of F-Secure's Mikko
Hyppönen expaining some of the origins of network attacks and malware:
[https://www.ted.com/talks/mikko_hypponen_fighting_viruses_de...](https://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net)

~~~
hsivonen
Speaking of F-Secure, has taviso just not looked at F-Secure yet or does
F-Secure not have egregious blunders?

------
elorant
I was running a crawler the other day on one of my PCs from a console app.
Then suddenly the antivirus discovers that a page is infected, terminates the
connection and wrecks havoc to the app which stays hung there for hours and
I'm unable to terminate or even kill it from Task Manager. I had to restart
the PC for the task to be forcefully killed. Thanks but no thanks. I
uninstalled the damn thing the next day. How the fuck did antivirus software
became too intrusive?

~~~
smarx007
What's the difference between your crawler and the botnet client as far as the
AV concerned? You're the outlier among the AV customer segment.

------
jdc0589
Here's the deal, there are two DISTINCT classes of traditional AV software.
One generally sucks, the other does not.

First: free AV, generally marketed to the individual or small business. If
it's free, they are making money somehow; you are almost never getting it for
free out of the goodness of the vendor's heart. Most of this stuff is crap,
introduces ridiculous vulnerabilities in lots of instances, and can wreak
havoc on totally clean machines. For this class of AV, I 100% agree with OP;
kill it with fire (aside from maybe malwarebytes).

Second: paid AV products targeted towards large businesses and the enterprise.
Some of them still suck, but a lot of them are pretty good, and responsible +
low impact in general. We have ESET deployed to ~700 machines and have yet to
have a SINGLE problem caused by the AV while I've been here. Some of those are
workstations, but a huge number are servers (granted, they get a special kind
of av, not the full suite of web protection and everything).

That said, traditional AV is becoming more and more useless every month and is
starting to do very little aside from catch browser toolbars, random adware,
and if you don't have a firewall it can sometimes help block known bad
websites (at a cost). We have also had a fair number of instances where
malicious crap made it past MULTIPLE layers of email security and was caught
by AV on a workstation. Malware is not distributed such that every payload has
consistent content/file-hash anymore, the alternative products out there that
have a chance at pseudo-reliably catching real malicious stuff are neither
free, cheap, or realistically going to be deployed outside of medium to large
companies.

------
mherrmann
As someone who develops a (PyQt-based) desktop app [1], I can confirm this: My
app has so far falsely been put into quarantine by Avira and McAffee. It's a
pain...

[1]: [https://fman.io](https://fman.io)

~~~
galfarragem
Your app looks promising! It seems heavily inspired on Sublime and that's a
very good sign. Is it available already?

~~~
mherrmann
Yes - click the big "Request early access" button on the home page.

------
tptacek
In case you're wondering, this is basically the advice that most security
people will give you as well, if you exclude "antivirus people" (who are
really off in their own weird world), all of whom will say "use our company's
product first, but no matter what you do, don't use Microsoft's".

------
cpeterso
AV causes all sorts of problems for Firefox, such as startup crashes or, in
some cases, AV MITM breaking Firefox updates, leaving users stranded on old
Firefox versions. In Firefox 53, Mozilla is starting to purposely make it more
difficult for extensions to rummage around in native code and external
software to inject DLLs into the running Firefox process:

[https://blog.mozilla.org/addons/2017/01/24/preventing-add-
on...](https://blog.mozilla.org/addons/2017/01/24/preventing-add-ons-third-
party-software-from-loading-dlls-into-firefox/)

------
aarongolliver
Defender has the nasty habit of aggressively scanning new games I download off
Steam. There are two occasions where it'll do it:

\- While it's downloading it seems to scan each chunk. I have a gigabit
connection, with defender off I can download at nearly full speed. With it on
I can download at about 1MB/s.

\- While the game loads a level. For example, the intro level to the new Deus
Ex took over 10 minutes to load the first time. At that point I disabled
defender entirely and just promised myself I would be careful. Naive, I know,
but at least I can play my video games.

~~~
Already__Taken
You can give it paths to exempt you know.
[https://www.tenforums.com/tutorials/5924-windows-defender-
ex...](https://www.tenforums.com/tutorials/5924-windows-defender-exclusions-
add-remove-windows-10-a.html)

~~~
aarongolliver
Yeah, but if you piss me off enough times I'm exempting all of my hard drives.
It hasn't caught a single virus since 2009. I've not found it that hard to
stay safe online.

------
franciscop
I will consider this. I " _maintain_ " my relatives computers which is
basically to install an anti-virus and adblock. They still get those sketchy
messages from friends from time to time though, which is the main reason that
I keep them with an AV. Is this correct? Does AV improve security for people
who cannot differentiate between a .pdf and an .exe?

Personally I don't use an AV, I am a bit paranoid and _technical competent_ so
my case and my relatives is totally different.

~~~
gtirloni
I don't use an AV either, but I'm very careful with the things I download (and
I don't download new stuff very often).

My relatives, on the other hand, will click just about anything that says
"click me" (even more if it says they will win a prize or something).

Windows Defender is great and it's enough for me but my relatives need
something that cover more areas. Any way you can think of tricking them, they
will fall for it. Even with AV, they routinely install malware (those that are
too new to be in the AV database or using new techniques not covered by
heuristics).

As far as I know, my relatives don't do anything but sit in front of their
computers trying to install malware ;)

~~~
roca
An iOS device, or better still a Chromebook, would be pretty good for users
like these.

~~~
franciscop
I don't even live in the same country so it's more of a "when you are around
can you check this please?"

------
herbst
I always think its super funny when a fucking ad pops up on someone desktop.
Usually done by anti virus tools. And how casually people click it away is
just amazing.

------
Roritharr
My main problem with this state of affairs is compliance. We have customers
that require us to get certain certifications from TÜV. The TÜV asks your
whole company to have certified AV Software in place on all machines. They do
not accept Windows Defender as a dedicated AV Solution, or atleast did not the
last time.

I'm still unsure what to tell them about our Macs and Linux Notebooks that
we've acquired since the last audit.

Does anyone have a solution for this?

------
dirtyaura
If you need AV, consider F-secure. They do quality products and take security
seriously.

Mikko Hyppönen, famous for his TED talk, is from F-Secure
[https://www.ted.com/talks/mikko_hypponen_fighting_viruses_de...](https://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net)

~~~
DavideNL
A year ago F-Secure had _very_ bad detection results in AV comparatives test.
However, it seems they have fixed that now... [http://chart.av-
comparatives.org/chart1.php?chart=chart2&yea...](http://chart.av-
comparatives.org/chart1.php?chart=chart2&year=2016&month=Jul_Nov&sort=1&zoom=2)

------
justin66
Any idea why the author is picking on Windows 7 here? Microsoft's free AV
works as well on Windows 7 as it does on Windows 10.

 _Perhaps it should go without saying --- but you also need to your OS to be
up-to-date. If you 're on Windows 7 or, God forbid, Windows XP, third party AV
software might make you slightly less doomed._

~~~
jamesgeck0
Microsoft's free AV works on Windows 7, but was only installed by default
starting in Windows 8.

------
Osiris
This is what I tell my family and friends. Whenever I help someone upgrade to
Windows 10, or work on their computer, I tell them to just use Microsoft
Defender.

I've also read various reports of security problems with AV software, so I'm
not comfortable recommending anything third-party.

Defender + uBlock is a pretty simple and effective combo.

------
hydrogen18
As a former IT support guy, I can't explain how much revenue Norton would
generate from me. They would regularly push updates that wiped all the
critical software from customer's systems. The software was often obscure
products from small vendors. Even in a small office, it was an easy day's work
for me that I would not have had otherwise.

After multiple episodes of this, it dawned on me that I shouldn't be able to
reinstall the software if Norton truly was removing it. The issue was that
Norton's products did indeed remove it as part of an antivirus "update", but
they quickly released another "update" that got rid of the problem. I turned
off something labeled "pulse" updates and set it to daily instead. Not only
did I never see this problem again, the PC's generally had better performance.

------
Spooky23
Pretty questionable advice.

Microsoft AV is fast and non-disruptive, but is a laggard in terms of
effectiveness, even by the standard of AV.

It's best used when you need to check the AV box, and it is less disruptive
than other solutions.

------
hexmiles
Reading trought the comments, i see that a lot of people don't like antivirus,
but what alternative we have, is mcrosoft antivirus really a better
alternative.

I personaly have avast installed and i don't like it very much, i find it too
invasive (it keep prompting to delete an firefox addons from test pilot, for
example) and i always disable https scanning, but from comparison that i found
online, seem that microsoft AV do much worse in respect to others.

what HN crow suggest to protect a Windows machine (win10), is microsoft AV
really better or just like the others?

------
kriro
Some good points. The antivirus software itself is probably an interesting
attack vector. However I don't like the assertion that Microsoft scanners are
sufficient without some evidence (and In wouldn't be shocked if the MS-AV
software itself was exploitable, too). At least run some tests and compare a
couple of state of the art products.

The situation is generally bad, AV vendors are often shady. However I think
"vet your AV vendor" is much better advice.

~~~
Beltiras
Most computer users are not competent enough to use their machine properly
(and need stronger AV to protect them). What makes you think they have the
technical capability to "vet their AV vendor"?

~~~
kriro
Those users usually rely on some support structure which I assumed was the
intended audience of the article. At least I wouldn't expect my parents to
even search the internet for some article that tells them to turn off all
antivirus except Defender.

------
billpg
My pet gripe: Warning me about cookies as if they are malware.

------
yrio
What about open source antivirus software like ClamAV?

~~~
exadeci
It's perfect!

I use [http://www.clamwin.com/](http://www.clamwin.com/) which is just an easy
way to install it.

There was a pdf about antiviruses that was posted a few month ago IIRC and
they all had huge flaws except surprisingly ClamAv which had minor ones.

------
JustSomeNobody
What always bothered me about MS Windows was that for a long time one HAD to
use 3rd party AV SW. This should have been MS's responsibility from the very
beginning. I don't go to third parties for seatbelts and anti-lock brakes when
I buy a car. I shouldn't have had to use a 3rd party AV SW.

~~~
WorldMaker
Microsoft had an injunction from the anti-trust lawsuit that they couldn't
bundle AV with Windows because that would be "anti-competitive", which is why
Security Essentials had to be downloaded for XP/Vista instead of just coming
installed. Lucky for all of us the statute of limitations on that decision
finally expired.

I agree, something like AV should be a function of the OS, not a "competitive"
(race-to-the-security-theater-bottom) bolt-on from some third party.

------
ForFreedom
I got for free Norton Security with my new Dell laptop. On installing I was
unable to enable windows defender or firewall. Norton takes over the security
by default.

I contacted Symantec and had to uninstall Norton Security and install Norton
Antivirus for the windows firewall to be activated.

~~~
hsivonen
The first thing you should do with a PC is to delete all partitions and
install a fresh OS. Even if you aren't installing Linux, you should download
untampered Windows 10 (the same edition that the PC came licensed for) from
Microsoft and do a fresh install without OEMware.

~~~
WorldMaker
Or make sure you buy a "Signature Edition" PC in the first place, which is
Microsoft's program for "junk free" systems [1] you can find in Microsoft
Stores or if you ask the right Best Buy or office store.

[1]
[https://www.microsoftstore.com/store/msusa/en_US/cat/categor...](https://www.microsoftstore.com/store/msusa/en_US/cat/categoryID.69916600?icid=MSstore_footer_PR_Signature)

------
avenoir
Curious to know why people are still running antiviruses. I haven't had one
running since, i believe, Windows 7 release and switching over to
Chrome/Firefox from IE but even IE is very resistant to threats these days.

------
tehabe
Just yesterday I had the computer of a friend in front of me, it had three
anti-virus applications installed. No idea which was running. I wonder though,
do those uninstall mechanism actually work and remove everything?

I kinda have my doubts.

------
z3t4
While many AV companies are really bad, AV per say is still an extra layer of
security. Telling people to remove a layer of security is bad advice. There's
a problem though and if I knew how to solve it I'd be rich!

~~~
guardian5x
That's not how Security works at all. Its not about adding layers of security.
That would imply installing 10 AntiVirus would be even better. But instead
you're just increasing the attack surface, and slow your system down.

------
baal80spam
In principle, I agree with the article.

Personally, on Win7 I use a combination of 3 things:

\- MSSE \- TinyWall as a lightweight firewall \- heavily modified HOSTS file

Never had malware/virus problems and sometimes I do visit shady webistes or
download quirky software.

~~~
huhtenberg
You want to add EMET to the mix.

[https://microsoft.com/emet](https://microsoft.com/emet)

------
roryisok
I've been beating this drum for years, MS Security Essentials is the only
passably decent antivirus app there is, and seems to be the only one that
doesn't try to scare users into paying for upgrades.

------
doczoidberg
half offtopic: do I need an AV software on my android smartphone? Friends
always ask me which they should use (because I am the "computer guy") and I
tell them that I don't have one.

~~~
floatboth
If you don't install pirated apps from shady sources, you absolutely do not
need AV on your Android device.

~~~
tootie
My android seems to have some sneeky adware on it and I've never installed
anything not for the Google or Amazon stores or written myself.

~~~
floatboth
Of course, you have to look at what you're downloading from the stores, Google
Play isn't aggressively pre-moderated like the Apple App Store. Still, apps
are sandboxed and can't do really evil shit without special permissions. Make
sure these random apps don't request the "draw over other apps" one.

------
cube00
Tried this with my parents, they said "can you guarantee that this free
Microsoft thing will catch everything McAfee would?".

There is a lot to be said for the skepticism around "free" products.

------
mtgx
What's wrong with avoiding Microsoft anti-virus, too? Or os he giving this
advice only because most people _can 't_ disable Microsoft's antivirus
anymore, anyway?

~~~
roca
Because my guess is that Defender is reasonably implemented and does the
basics right, and therefore is significantly better than nothing for the
average user. That guess is based on anecdotal observations of the quality of
developers and practices at Microsoft vs what we've learned about A/V vendors
via bug disclosures.

------
galfarragem
Any relevant information about Avast? I'm using their free version for 10
years and don't have any major complains.

~~~
smasty
Avast also does HTTPS MITM. It's on by default, but can be disabled in Web
shield preferences.

I've just tested it in a clean VM running Windows 7, and the MITM didn't work
in current Firefox stable, but it did in IE. However, as far as I can tell, it
only MITMs DV certificates, not EV. Also, when it MITMs a self-signed
certificate, it generates an untrusted certificate, but it says it was
generated by Avast, so the user could trust it more easily.

Also, in my experience, the free version of Avast considerably affects
performance on slower machines (no SSD, earlier-gen CPU, etc.), but YMMV. It
also tries to install Chrome as a default browser, a Google toolbar for IE,
various "Secure browsing" extensions to other browsers and lot's of other
annoying crap.

------
youdontknowtho
I've often wondered how much energy has been waster on AV. All of those hard
drives thrashing and all of those scans.

~~~
pbhjpbhj
It's probably sold a lot of PC upgrades too.

------
SuperVivid
Couldn't be said oft enough. Still seeing people buying a new "security suite"
every year.

------
warcode
Haven't had any issues with ESET NOD32 in the last 10 years.

I've turned off the MITM on https though.

------
karlb
Does this apply to Macs?

I know that many Mac users don't use anti-virus. Are they right not to?

~~~
floatboth
If you don't download apps from random shady sources, you don't really need
AV. Recent versions of macOS default to only allowing apps from the App Store.

~~~
hmage
> Recent versions of macOS default to only allowing apps from the App Store.

That's incorrect, with the introduction of Gatekeeper the default setting for
it was to allow only signed apps — all app store apps are signed, but
developer can sign apps outside of app store. The default setting didn't
change since then.

------
fuzzy2
I'd like to agree. But I can't. Even if disregard detection scores,
Defender/Security Essentials is _slow_. It uses humongous amounts of CPU time,
which slows down slower PCs (like Celeron N3150) a lot. It also tends to
saturate disk I/O.

In short: It sucks so bad it's virtually unusable.

------
ndesaulniers
One of Mozilla's previous CEOs and a bunch of big wigs now work at AVG.

------
adamconroy
AV software is a great example of a cure being worse than the disease

------
jagger11
_security_ software doesn't mean _secure_ software

------
Endy
Nah, I'll stick with Avast & HitManPro, thanks.

------
Hydraulix989
I've seen false negatives multiple times in Microsoft's.

------
fowse
That's awesome man

------
EJTH
I really haven't had any real use for AV software after i disabled flash on
all my browsers...

------
khana
"I did this 10 years ago..." True dat.

------
Acalyptol
Might be true for people who know what they're doing. However I've seen a
decrease in the number of toolbars installed in my mom's computer since I've
installed an antivirus.

~~~
e40
Is she on XP or something without Defender?

------
KayL
Most people forget the malware on hacked website. Browsers won't give you a
warning. (OK. Chrome will show you a RED screen but not for all) They need not
hack into your system. But they collected your login info, credit card. I even
want to install one on my MacOS.

MS AV still too slow at the moment. In Windows 10, you could turn on Defender
to run both AV at the same time.

