Hacker News new | past | comments | ask | show | jobs | submit login
Microsoft Kills off ISVs by Foisting Its Own Products That Are No Better (kaspersky.com)
431 points by roadtouniverse on Nov 11, 2016 | hide | past | web | favorite | 199 comments

A lot in here about Defender/Microsoft Security Essentials.

> [MSE] doesn’t have: parental control, built-in VPN, webcam protection, password manager, backups, exploit protection, protection for online banking and online shopping, proactive protection against future threats and dozens scores hundreds of other features which are all useful in providing maximum protection and a better user experience

That's exactly what I like about it. Stuff the "user experience": I don't want an AV product that tries to run my life for me. (I don't want Windows 10 to do it either, which is why I tried it for less than a week and went back to Windows 7.) AV products are bloated, difficult to use and always in your face when they should just silently remove viruses. Which is what MSE does for me.

Anecdote time.

A couple of weeks ago, my neighbors asked me for some help with their printers. Their wifi printer had suddently stopped working, then they bought a new one (which of course costed less than a ink cartridge) which also didn't work.

After the initial shock of dealing with windows 10 (I hadn't used windows, especially a home version, for years), I found out, by plugging a cable, that the printer actually worked just fine. Checking the wifi router admin page showed that the printer was correctly connecting to the network.

At that point I suspected firewall issues. The Windows firewall control panel was disabled claiming to be managed by the antivirus. I looked at MSE, and it was also disabled. I asked my neighbors and they said that they had been using MSE but McAfee had somehow appeared recently on their computer (possibly sneakingly installed by some unrelated application).

And of course McAfee was there, already demanding protection money. I uninstalled it after clicking through dozen of scary popups warning that the computer would be overwhelmed by viruses, my bank account emptied and my identity stolen.

Immediately after that a popup appeared from Windows system tray telling me that my computer was unprotected and I should install Avast immediately. I quickly got rid of that only for yet another popup to appear (for some AV that I had never heard of).

Eventually I managed to get rid of all AVs, re-enabled MSE, and suddenly the printer started working again.

I think MSE should really just treat every other AV as malware, although I'm sure MS would get a lot of backlash.

My parents Windows laptop came with a free copy of McAfee, which rendered it COMPLETELY useless. That is not an exaggeration. It wasn't a fast laptop but it should be able to browse mails and Internet. It couldn't. After Uninstalling the AV software it was like I had replaced the HDD with an SSD. I will never ever use any 3rd party AV software. It's just glorified bloatware as far as I'm concerned.

This has been my consistent experience with McAfee in particular. I worked for 4 years in low level tech support, fixing computers for people that were sold in retail. We were required to recommend Anti-Virus software to our customers, and the whole store consistently recommended Webroot (which we sold) not because it was particularly good, but because it was the only option we had that didn't slow the machine to a crawl. Replacing McAfee with almost anything else on the market felt like it doubled the machine's speed.

I personally haven't run antivirus software for years on my own machines. I recommended that all of my customers learn basic security practice instead, and reminded them that the antivirus program they used is there as a tool to help them, and not a replacement for safe browsing.

I often hear people promoting common sense over antivirus solutions and while I do agree that some degree of common sense is required, there are still a lot of attacks that can bypass safe browsing.

In the past we've seen malware injected into ads that then load on legitimate sites. Hosts get hacked too and their sites can then be used to serve malware.

You're right to teach your customers safe browsing habits but they do still need an antivirus as well.

Disclaimer: antivirus solutions are not perfect either. Particularly with new attacks. So while I do advocate using them it's also good not to take them for granted (e.g. assuming you can get away with running any old binary you've downloaded from Limewire because you have an AV installed). The best approach is common sense with the AV as a safety net.

> In the past we've seen malware injected into ads that then load on legitimate sites

Just another reason to use an adblocker.

A major part of safe browsing (and safe computer usage in general) is an ad-blocker that defaults to requiring you to whitelist the content you want to let through.

Have you found a workable way of doing that?

I manually whitelist in uMatrix, but it's pretty inconvenient and does not stop attacks coming from domains previously whitelisted/deemed safe.

uMatrix is the best I have. I've accepted the inconvenience as minor in comparison; but previous whitelisting is a problem that I actually hadn't considered. I can't think of any reasonable way to prevent that - even catching changed/new scripts and requiring approval to run them won't help if all you can see are minimized scripts.

I guess you could have a kind of crowd-sourced de-minificarion project, combined with checking script hashes, but I think that would be considered a form of pirating and thus require a lot of piracy-related workarounds. Perhaps one could have a de-minification tool which only stores the steps to deminfy a script, and then you could apply it based on the script's hash.

Mine too.

Mother-in-law called because she could connect to Internet.

Turned out McAfee was just demanding their protection fee.

So: McAfee bad. Cannot speak for Kaspersky, haven't used it for years. Defender is OKish.

But one that I sometimes recommend is Vipre from Sunbelt Software.

My builds are slightly faster with it and on one occasion it took down an infection that no other AV I tried managed.

(Of course this can just be because the malware writers didn't care to code in resistance to it but then again it supports Kasperskys claim that diversity is good.)

To be fair, kaspersky is better than the others. It screws up hour machine much less than most av programs.

Do I sense a possible previous GS Agent? If not, I do remember those days well. Clients would constantly come into the store because the trial version of Norton/McAfee etc completely broke the machine's network stack.

Once an agent, always an agent. :)

Back in the 90s McAfee was the best AV around. By quite some margin as well from what I recall. But then around 1998/2000 - i forget the exact year - the AV went from being nimble and reliable to a slow and troublesome mess. It went from being a market leader to one of the worst solutions available. And it seem to happen in just one version number jump.

Ever since then, it's been consistently awful to the point of ridicule. But sometimes I have flashbacks to when even I would recommend it.

Same thing happened with AVG, and then Avast. Fortunately Microsoft Security Essentials came out about the same time every other simple AV became a bloated mess.

The problem now is that MSE doesn't seem to keep up with the latest viruses and hacks. My kids wrecked our Windows 7 computer twice by trying to download Minecraft addons. (First time it installed an ad-bot that was running hidden Firefox windows in the background and swamping our internet connection by loading pages and clicking ads. Second time it was a rootkit that added it's own "recovery" partition to the drive; which it used to reinfect the computer even after I wiped and reinstalled Windows 7.)

Now we have Windows 10 and they all have their own non-admin accounts, so hopefully they can't install anything super destructive.

Weren't you running non-admin accounts on Windows 7? That goes a long way to making sure that any damage can be undone.

I'm upvoting because I agree that, in my experience, you get no more than what you pay for in relation to anti-virus.

Those free AVs and ones bundled by mega ISPs? Prepare to pay in computer resources, and even then your protection is probably only mostly adequate.

The only true anti-virus is awareness and user education. Risky behavior and unwise reactions to suspicious emails are the two infection vectors that secure software can't stop.

Coming in to say the same thing. In my case it was Avast! which says its name through the speakers every 30 seconds while you're using the computer for some reason. I think it also tries to install toolbars in the browser, which is not really the role of antivirus software.

With Microsoft in the OEM hardware business, hopefully the end of this era is coming. Sure, Microsoft's own pushes towards Edge and Office 365 are annoying... but easily disabled without any scary warnings. Maybe Edge is better for people than Chrome, I dunno, I like Chrome and haven't bothered to try Edge.

I like anecdote time!

When I was very young I had this job where I would go to people's houses to repair their computers. What I would often find would be computers so slow to the point of being unusable. After a few months I'd realized there were only two scenarios here:

- Computer full of spyware. CleanUp / Restore and anti-spyware + anti-virus installation would often work wonders for the customers.

- Computer running Panda Antivirus. Uninstalling Panda and installing Avast would always work wonders for the customers. Best thing was when they've asked how I solved their problem so quickly and I replied "uninstalling Panda". "But I paid for it" would be their response, to which I would follow up with a "call them and get a refund".

Anti-virus, what an interesting industry!

The funny thing is that Avast which used to be my go to choice for the past 5-7 years has gotten quite bloated and intrusive as well.

They even bought/merged with AVG which was quite annoying 10 years ago.

So MSE it is for friends/relatives.

I miss the days when one could run the virus scanner once a month and not have it always be on.

In fact some of my Win7 computers behind NAT I run without any active anti-virus.

I've lived through and heard about this so many times that it stopped being an anecdote for me a long time ago; it's just how hostile most of the 3rd party AV applications are.

They, IMHO, should be given no system access and should only be allowed to implement something like IsHarmful(s DataStream) (bool, string) - maybe a little more and that's it.

The thing is, modern antiviruses rely on context to classify data as malware or not. It is fine if antivirus.exe is trying to remove itself; not so much if it is being removed by calc.exe.

It's much more useful to look for suspicious behavior than to try to classify streams of data as "harmful".

This is part the AV/FW vendors fault, part Microsoft's fault. Yes, on Windows the security products are too often as nasty as the malware they claim to protect you from but Microsoft has failed to design a sane security experience that works with legit 3rd party vendors.

Currently on Windows 10, it's surprisingly difficult for "normal" users to know if av/fw are available by default and how they work. How the built-in security works with 3rd party solutions is more confusing, even for power users.

I had a similar issue with my dad a year ago or so. Solved with a chromebook.

Same deal with my wifes machine. We just backed up her documents and gave it the ol' nuke-n-pave treatment.

I can't be arsed dealing with that crap.

> Anecdote time

This isn't an anecdote. This is life for many, many users.

nice anecodete as well: http://stackoverflow.com/search?q=is%3Aanswer+avast

not all of them are bad, but there sure are a lot of them along the lines of 'disabling/uninstalling Avast solved the problem'

I really think desktop computers are too complicated for the average user, and MS should move to a managed application model like apple is doing. Only apps approved by MS will be allowed to install UNLESS you disable this in the control panel somewhere with ample warnings. MS Could then force these companies to clean up their acts.

While practical this creates instant monopolies.

It also doesn't have: TLS MITM, adware, a bundled rebranded version of chromium with the same-origin policy turned off, privdog, a bundled password manager that has a bug allowing remote code execution through <img> tags and all the other things that came with many AV products over the past years.

I'm not completely devoid of sympathy for Microsoft here.

That's irrelevant to the main point, though: that Microsoft isn't giving users a fair choice between its product and the others. Instead it's causing users to switch to its own product in a misleading and anti-competitive way (is the point of the article).

Not exactly, we have all been dumping on Microsoft for having terrible security and they have what essentially boils down to a public health problem for their entire ecosystem. Then, no one knows what they are adding as AV, much like injecting unreviewed vaccines.

They are making decisions to scan anyway and enable their solutions whenever they can because I won't stop and ask users which crapware they installed to supposedly scan their system before telling them to give up on windows.

I find it very funny that Kaspersky claims Microsoft was a security leader when they were in a total downward spiral but is unhappy now that I have to think twice about whether my recommendation to switch to Linux is out of date advice.

I don't have a good solution for maintaining an add-on AV market and actual security.. But pushing them to just do the bundleware and not be the AV is a pretty good solution for Microsoft and their users that financially Microsoft pays for instead of profiting from. Still, it might be too late for them to retain a position on consumer devices of any sort.

Microsoft absolutely IS facilitating a fair choice, what they're doing is making it so that consumers are left "in a lurch" where they have to re-up their licenses or end up with a totally unprotected computer. Please read on, I will explain.

My experience just last month: you cannot run 2 anti-virus systems at once, they all aggressively lock out their competitors. McAfee causes Kaspersky to crash, and in the opposite case a lot of scary looking warnings go up. Imagine if insurance was done this way, or home security, or even physical security.

Most fields of personal security allow for overlapping coverage. Anti-virus products explicitly try and avoid this and then use that to their advantage to force you to re-up, paying for coverage. Defender is the default option that steps in so that consumers CAN take the time to make a rational and educated choice.

Because most consumers with anti-virus software didn't choose it! Anti-virus vendors compete much more at the level of securing hardware vendor contracts (or eking out an existence in counterpoint to them).

This is REALLY important and is a case where Microsoft is actually being very progressive and pro-consumer. Anti-virus software, of pivotal importance for windows users, is now on even footing with games and word processors. They must compete for consumer attention and affection and demonstrate value and cultivate consumer loyalty. Even if Kaspersky is one of the better actors in this space, it's a space fundamentally toxic to consumers.

Exactly. 99% of the "additional features" are pure, useless bloat and I don't want to pay for them.

If Kaspersky had an offering that combines their definitely superior scanning engine with Defender's/MSE's stupidly easy and unobstructive UX, I'd buy it in a heartbeat.

(Well, maybe not a heartbeat. Would be nice if their website worked without enabling JS and didn't ask me to download PDFs afterwards… seriously?)

But I think the point is the user should decide if they want this bloat not Microsoft. I agree I would never use kaspersky or norton or any other system like this, but there are people who do want to use them. It's the individuals choice to use these systems, not Microsofts. But this is the model Microsoft are going towards and if we don't like it, lets stop using and promoting them.

> the user should decide if they want this bloat not Microsoft

The average windows user hasn't a clue whether a piece of software is bloat, or really important

One of the most common issues I come across when fixing PCs of friends or relatives is "my antivirus thingy says I need to buy it or I'll get viruses" and my solution is always the same: uninstall whatever version of Kaspersky, or Norton or AVG shipped with the machine and replace it with Defender/Essentials, which just works, and more importantly, is practically invisible while doing it. Frankly, the tactics used by AV companies to try and scare users into buying their software are downright immoral.

Microsoft is losing out to Apple, who have no qualms about deciding what you can and can't have on their platform (Flash anyone?). From a marketing point of view I can definitely understand why they would do this.


For every legitimate product/service on Windows platform MS has to fight a tsunami of crap, which reduces battery life, prevents shut down/sleep, increases startup time, etc, etc

Especially with sw breaking between versions (even from major vendors) because they never followed best practices

The fighting battle he mentions is also being fought by MS, against a lot of enemies as well

Many people do not really choose, but get these alternate AVs installed by sneaky opt-outs together with their mouse mat drivers (!).

Sure, Windows 10 is a trainwreck. But that's no news, and antivirus solutions have been bloated shit for much longer than that.

I feel like the perfect compromise would be to separate the definition and engine/UI components and allow some interoperability between the two. So if I want to, I can use Kaspersky/McAfee's definitions (probably on some kind of paid subscription), but the engine/UI is Defender, so no bloatware or nag screens. Conversely, if I want to, I can install Kaspersky for whatever extra bits they do, but still fetch the latest definitions from Microsoft.

I was about to post this quote; it's amusing to see it within the first 13 comments.

I am sympathetic to the author's UX arguments, but it has always seemed to me like the OS vendor was clearly the party whom I wanted to handle my virus protection, if any. I'm already obliged to trust them and they're in the best position to do the job (API access, etc.)

If you as a third party want to convince me you're better at protecting my computer, you've got an uphill battle considering the hacks necessary to do the job (and it never seemed like lots of AV API support is the answer, since you could just build first party AV functionality instead with better integration). Also not convincing: hundreds of non-AV features like a password manager.

"Better user experience" would not be the way I describe it.

> proactive protection against future threats

Does this mean heuristic analysis? Because apparently MSE does that: http://answers.microsoft.com/en-us/protect/forum/mse-protect...

MSE does it, but its engine is among the slowest and worst on the market. It's really the only downside.

Moreover Windows has built-in-VPN and parental control stuff. Maybe not as advanced. And MSIE has SmartScreen that provides some protection for web.

Exactly. Defender is non-invasive and good enough. It's my opinion that most anti-virus software should be classified as a virus - it screws with your computer in ways you don't understand and don't like, and it's usually very hard to get rid of.

Somebody at work went and managed to get themselves infected with some type of bitlocker-type virus a few months back, and so the decision was made to push AVG to all machines. What a PITA. I might as well have gone back to using spinning-rust instead of SSDs for compiling in Visual Studio, until I figured out how to eradicate the AVG tentacles scanning and intercepting everything. And AVG is supposed to be one of the better ones.

Windows has: parental control, password manager, backups, webcam protection (on UWP Apps; hardware-based solutions are available for $0.00003)

Chrome, Firefox and Edge have: exploit protection, protection for online banking and online shopping

There is no such thing as "proactive protection against future threats"

Besides the VPN, why should I pay money for any of this crap even if I do want it?

Windows has a VPN client, too, don't forget.

There are plenty of free VPN clients for every platform. I think the parent was referring to the server.

Kaspersky has no VPN server feature. Its only VPN feature is a client[0] that will auto-connect to one of their servers. So the only thing it really has on the built-in Windows VPN client is the supply of servers.

[0]: https://support.kaspersky.com/12726

Nice, so you are the MSE target audience... Problem is, they don't just target you, they also target others without informing them of the lesser level of protection MSE provides.

Yes, I believe developers are not the primary target audience of any AV. Common users will benefit from the additional features and better protection of 3rd party AV solutions more.

I completely agree.

This and the introduction of hostile upgrades on Windows 7 was the reason I actually switched to a Linux based operating system (Xubuntu), with my old Windows 7 as occasional virtualized guest operating system for old applications.

I was never happy with Microsofts product policies and aggressive strategies, but I accepted them since they did not cross the lines too much. Also, I thought the barrier to switch was much higher.

It is not. There is no reason not to switch away from proprietary, closed OS such as Windows or Mac OS these days. Unless you are really a fan, of course. But then you are willing to pay the price.

As OSs go I agree, Linux is a viable and in many ways a better alternative to MacOS and Windows. But there are still quite a few thrid party apps that do not have good Linux equivalents.

Side question, off topic: I am seriously considering switching to Linux (Windows slow, auto-updates outside my control). I'd start with a dual boot and see whether i will miss some apps.

My sticking issue is mailbox. I like local email storage bc of responsiveness, offline use, as opposed to web ui. Is there an email/calendar client that can work on windows and linux, and update the same file? E.g if i sent an email on Windows, and now i am on Linux, i'd like to see it in my sent folder. Any tips?

Apparently that's possible with Thunderbird: http://kb.mozillazine.org/Sharing_a_profile_between_Windows_...

I think there aren't many more cross platform alternatives available anyway.

All imap clients operate this way. They sync from the server so you have identical representation of you mailbox and its folders on all devices. Once the sync is done, they can operate in an offline fashion.

Agreed. I was going to say, on passwords, I have Lastpass for that. I'll stick with my non-bloated MSE thank you very much.

More anecdote time! In fact, more like Ask HN time.

My brand new laptop becomes impossibly slow when Defender is on. Is this just me or is it supposed to be expected Defender behavior? When I code, every character appears half a second after I type it. Turn off Defender, and everything is blazing fast.

This thread is full of people claiming how 3rd party AV makes their computer slow and Defender doesn't, but, well, Defender does. Anyone have a clue? I don't mind the idea of running an AV like Defender but I do mind an unusable computer.

Defender can do this if its in the midst of scanning, and occasionally if you are using it while it is scanning this seems to stop it for finish it keep it perpectually scanning (depends what you are doing). My advice, shut everything down, pop up defender and let it run all the way through.

Also ensure all windows updates are done and installed - the background update manager can kill laptops in my experience, so again its best to let it get its job out of the way before using the laptop.

My first two thoughts:

(1) Might have a problem! (malware / something)

(2) Might need to let it run and do it's scanning thing for a while 'til it's initialization and/or setup is finished. I've never heard of anyone turning it off and on repeatedly.

Pretty much all of the Windows 10's "product that tries to run my life for me" can be disabled and function like any other version of Windows.

>> [MSE] doesn’t have: parental control

Thank the heavens. I mean, seriously, using parental controls as a parent is equal to failure at being a parent in my opinion. They're useless at best (because you can circumvent ANY of them), and instill false confidence in incompetent parents.

"Leave it to Beaver" families are not the only type, nor do children only exist in family contexts. It's rather conceited to make assumptions that assume only the best-case scenarios, or that problems only come from incompetence.

A more recent example I've personally seen is with a foster parent where several abused children were homed together. Their birth parent would consistently break visit rules, and attempt to establish side channel communications (facebook, email) with the kids so she could coach them on what to say in court. They agreed to do so, despite being extremely unhappy about the situation. They were happier in their new foster home than they'd ever been before, and yet they were overwhelmingly complicit with the demands of their schizophrenic birth mother.

Parental controls are useful in such scenarios where the children don't have normal baselines. Not only that, but when given unfettered access to a computer, kids will literally download anything they perceive as fun. Many games, game mods and the sites that host them include malware. Yes, parents should talk with them about safe browsing and downloading, but being a good parent and yet not understanding computers is entirely possible. Simple free software for controlling usage schedules and quantities should be baked into the system.

Possibly they are useful if your goal is to raise computer-savvy children, however. I never would have learned as much about computers if my school hadn't had ridiculous filtering and blocking software on their networks.

Kind of hard to study for the AP CS test when Bess is blocking the Sun JavaDocs because "hacking"...

If you're able to make a choice (and you consciously choose MSE) that's great. The complaint is that Win10 doesn't give that to most/all users.

Why should system security, of all things, be an opt-in "choice" that people can accidentally not make rather than an in-box concern for the operating system?

I've felt like AV software is often worse than the viruses: intrusive, slow, ineffective, getting in the way, and not once detecting anything.

Pretty much all of my "family tech support" is related to the AV doing something stupid like auto-deleting cookies or flashing up big scary messages for something trivial.

However Windows Defender seems to be good for me on Win10 - it just sits there out of the way, I don't even know its running. I LIKE the fact it doesn't have "online protection" or password managers or parental controls or whatever. It feels lightweight and does not cause everything to become 3x or 4x (or worse!) slower like every other AV software I've encountered

Whenever I go to perform family tech support I remove any random AV software they've been tricked into installing and just leave Windows Defender and that usually solves the issues (obviously making sure they are up-to-date on patches & still using 2FA)

Agree, most AV's get in the way of doing their job and are intrusive. As a developer we from time to time have problems with false positives or clashes with some AV's, so the customer gets annoyed and we have to contact the AV to get the false positive removed. Most seem to have a lot of bloat, but in the end get in the way.

I just wanna point out Windows Defender DOES have online protection, and it's gotten in my way pretty frequently. Whenever a new steam game is released it interferes with the download (goes from nearly a Gb/s to zero) while it scans the files being downloaded. And then when you start the game up loading times are in the 10 minute+ range because it's analyzing the binary.

You can disable these features though by turning off real time protection (which I had to do).

Although i agree with most of what you said, Windows Defender is not as lightweight as you think it is.


It certainly feels lightweight though and that is the important metric.

Some might argue it's the only real metric that matters for user perception. That said, if it's hitting your battery that will be hard for user to perceive.

The only AV I have love for is MBAM, not the real-time protection but the plain old system scan.

Microsoft has a problem - poor 3rd party software and drivers make Windows extremely unreliable. Microsoft takes the blame, and Windows looks unreliable. Apple takes a different tack, they simply lock down their APIs and ecosystem to avoid this. Is Microsoft trying to go the Apple route - but maintain some openness? Giving 3rd parties core low-level APIs is ripe for chaos.

I had to install Kaspersky on my main laptop since some VPN software imposed a policy that it installed and up-to-date to connect to a contractor's secured network. It was absolutely terrible. It killed my battery, slowed my machine, killed my TCP stack at one point, interfered all the time, and became generally unbearable. It frustrated me so much, I now do all network operations via a secured VM to avoid the Kaspersky curse on my main work machine.

And you are an educated user. I'm sure millions of users have the same user experience, but don't know why their Windows works so poorly. This happened because a few years ago they downloaded some software from download.com to "fix" a computer issue and unknowingly installed 5 antivirus packages that now compete for computer resources (or worse) at the kernel level.

Microsoft is damned if they do, and damned if they don't fix this for their users. Maybe Kasperski is collateral damage in this effort, but I think Microsoft is right to use the Windows 10 upgrade as an opportunity to try and remove these mostly terrible software from users' pc's. Let Kasperski convince users how their software is better so people actively choose it over Microsoft's solution. I do this with Chrome too: as long as it's better I reinstall it every time no matter what Microsoft tells me about Edge.

>Is Microsoft trying to go the Apple route - but maintain some openness? Giving 3rd parties core low-level APIs is ripe for chaos.

Giving 3rd parties access to low-level APIs also gives your OS ability to be used in versatile and innovative ways across the board. Also gives the ability to 3rd party software companies to allow you to add tooling and customization to your OS so that it does exactly what the user wants. And making you grow into the largest dominant OS out there.

On the other hand, I need to download more and more applications outside MAS on macOS because the sandbox doesn't even let basic apps like a custom file explorer to function properly, making a platform really usable only for a few use-cases the original vendor thought of.

It's the dirty speaking of the "poorly washed". Kaspersky is said to faked malware to harm rivals (http://www.reuters.com/article/us-kaspersky-rivals-idUSKCN0Q...). TrendMicro allowed remote command execution on the user machine (https://bugs.chromium.org/p/project-zero/issues/detail?id=69...). Probably Microsoft is right, your PC may be better protected without a AV, using an AD block instead for example. Probably not (I'm not a specialist in the low level stuff anyways). But the point is that MS is fighting with tools it has (in an ugly way). But it's widespread. Apple enforces Safari on iPhones for example. Amazon explores bias in its marketplace (http://dealnews.com/features/Are-You-Really-Seeing-the-Best-...). Kind complicated, but that's how the world is. Doing all for a higher profit. Because of that I'm sure that Kaspersky would do the same if they were in their position. Perhaps a little different, but taking advantage of its size to increase their profit for sure.

Re: Microsoft removing 3rd party software -

A friend of mine runs a 3-person software company making desktop Windows software. Nothing terribly exciting, think - a ToDo list or similar. They put nothing in the kernel, stick to documented API, make no deep tie-ins into the system (e.g. Windows Explorer extensions). Just a perfectly simple standalone piece of software with minimal dependencies that can run even on XP.

Not two months ago they started getting reports that the software was disappearing from users' machines. The Start menu icon was still there, as was the Uninstall entry, but the EXE was nowhere to be found. Naturally they thought of the antiviruses, but there was no pattern. Fast forward two weeks and the only commonality between all reports was a freshly installed Windows 10 update. The update silently wiped their software off. And to understand why that happened or to file a "false positive" report with Microsoft, the only option was to cough up few hundred dollars for opening a "priority support" ticket with them. Not everyone was affected, just a fraction of a percent. You could still reinstall the software and Windows won't make a peep or complain in any way.

While it made very little sense, it still clearly showed that users were no longer in control of their machines. Moreover, Microsoft outright lied when they said "all your files and apps will remain where they are" while installing an update.

So it's not just about loosing control over your own computer, but it's also about being treated like a sheep that Microsoft owes no explanations to and can do what the hell it wants. I sure hope Kaspersky Labs will have enough rage, funds and patience to drag Microsoft through courts and whip it back in place.

You can also find various stories of AVs detecting perfectly clean Hello World programs as "malicious". One example I remember particularly clearly was a beginner who had just downloaded GCC and was starting to learn C, and wondering why the executable kept disappearing. It was his AV. Ironically, the same code compiled with MSVC didn't get detected...

The other category of software that frequently gets false positives are demoscene productions, which admittedly do push the boundaries and can involve things like custom packers and unorthodox API usage, but are certainly not malicious by any definition. Of course there's also the cracks/patchers/keygens, which are not malicious to the user but are often detected as such anyway.

Just got a complaint yesterday of anti-virus software quarantining a file out of a users's .git folder, breaking the repo completely until they restored it.

Sounds like your friend ran into a bug. I don't see a reason to assume malicious intent unless Microsoft refuses to fix this issue.

There's a difference between antivirus-induced removal (such as this, where it does not affect all users, and could be caused by a leftover of third-party antivirus FWIW) and a proper blacklist entry in the migration system Windows uses.

The latter leaves no traces such as shortcuts/uninstall entries and actually shows a notification to the user; the former is as 'rough' as just removing the executable.

I'm wondering if the issue is that the .exe isn't signed. Windows is getting a lot pickier about .exes and .dlls being signed with a cert, including wanting them to be signed with a SHA-256 cert in addition to the SHA-1 cert (which you'll want, for backward-compatibility with older versions of Windows).


Just asked - signed with an EV cert using SHA2.

This seems to be mostly about A/V.

When I was doing a lot of MacOSX kernel / driver work 8-10 years ago and keeping up with all the darwin lists, we'd get tons of questions from A/V devs porting their software from Windows to Mac. There were all kinds of bad questions. The worst one I remember is somebody asking why they were not allowed to hold a kernel mutex across notifying a kernel-space A/V deamon & waiting for it to respond (deadlock?).

After seeing multiple questions like this from these folks, I resolved to never run a 3rd party A/V suite again, and have run nothing but vendor provided A/V.

Anti-virus software is a complete failure. Kaspersky is trying to save a sinking ship. AV isn't a good business because its a failed area of development.

The idea that Kaspersky is somehow radically better than other AV vendors is a joke. Sure, some of them are comically bad, but none of that are that good. "Good enough" is often good enough.

I'm a fan of Kaspersky's research. AV isn't one of the areas where people need to be spending their time, though. I don't know how you could say AV works with a straight face.

ALSO: MS isn't a monopoly anymore.

We use Kaspersky at my workplace as a building-wide policy... And yes, any time a developer has wierd bad behavior with connections or unexpected file errors, it's usually to blame.

>AV isn't one of the areas where people need to be spending their time, though.

Do you have an alternative working approach to securing end users' devices?

>I'm a fan of Kaspersky's research.

And yet you suggest to stop doing that research.

Security involves more than anti-virus. Kaspersky does more than anti-virus.

In fact, one could claim by now that anti-virus and security have very little to do with each other, so stop equating them in your retorts.

>Security involves more than anti-virus. Kaspersky does more than anti-virus.

Nowhere I stated or implied otherwise.

>one could claim by now that anti-virus and security have very little to do with each other

This claim is trivial to disprove. Imagine there's no AV anymore (yet firewalls and HIPSes are still in place). Do you think overall security (measured, say, in damages $$$) won't change? There would be an immediate disaster.

i meant their research into other areas specifically. they do way more than AV. its like they use AV to fund real security research.

I don't get the MS strategy. They became popular because they made it easy for developers to build staff for their platform. But then they started morphing their platform into some kafkaesque Labyrinth of new hip and then soon to be retired libs/frameworks. If a developer is brave enough to master this he will then be disappointed trying to monetize it. The Window store (or whatever the current name is) is like a combination of itunes and the play store, but only the downsides mixed together.

Because Grandma's computer is full of malware and antivirus programs that make it unusable and her grandkids are telling her to just buy a Mac next time.

> ...If a developer is brave enough to master this...

Knockout/Angular/React/Ember/Backbone devs are staring with amusement :).

Antivirus and firewall are two apps that I expect come with Windows, so as a consumer who actually paid for Windows 10 I don't care if Kaspersky is whining about this.

As messy as av/fw are on Windows 10, let's not forget how things were before in the bad old days; security products were sometimes as bad as the malware they claimed to protect you from. Remember when you helped family and friends and how Norton was so difficult to remove it required a dedicated removal tool? Remember the countless of cleaners that used all kinds of scummy advertising techniques to trick users into installing them, often decreasing performance and safety?

As the "computer guy" for a lot of people, I'm glad that AV+FW are included in Windows 10. I am, however, disappointed how sub par they perform and how user hostile they are.

On Windows 10, the firewall is completely opaque and Microsoft decided to remove the firewall icon from the tray. So users naturally don't know if it's installed or not or what it's doing. Also, it's buggy as hell because on more than one computer I've had to keep resetting it to defaults simply because it would regularly stop ALL outgoing connections. Took some time to figure that one out and for most casual users that would have been impossible to solve, especially since there is no freaking firewall icon to click on anymore.

The antivirus has a more visible and sane presence but performs poorly in the independent AV tests. For some reason it changes names more often than a porn star, further confusing users. The blog post fails to mention Microsoft Defender, the fifth incarnation of the AV on Windows 10, so there are five different AV that Microsoft offers/has offered.

Microsoft needs to improve the quality of their built-in security products, both how successful they are at protecting users but also the overall usability experience.

System security should be built-in, not bolted on by snake oil vendors looking to make a buck. Nothing against kaspersky, I like them, but I'm with Microsoft on this. Games, browsers and other add-ons are higher-layer applications where competition makes sense.

If MS really wanted to make system security an even playing field where vendors could actually be effective, they'd make it modular (like Linux's LSM) so that admins could easily swap out security solutions without busting the system (slow, bloated, ineffective, etc.).

Vendors are a large part of the problem. They want more money, more often and in many cases really harm performance and do little to protect the system.

I get their point and Kaspersky is pretty good. However Antivirus products have typically been utter and complete crap, slowing down computers a ridiculous amount and to non technical people it's just "their computer is slow, oh look how fast this mac is".

My father has three freaking antivirus/antimalware solutions installed. Maybe defender could be better, but if it reduces the market share of the nortons, comodos etc then I'm all for it.

> uninstalling user-installed apps

I ran into this when the Windows 10 Anniversary Update rolled out. In my case the program Microsoft uninstalled was a Start Menu replacement, so I didn't actually have a functional start menu for several hours after the upgrade until I got the updated version of the 3rd-party program installed.

This left me shocked, dumbfounded, speechless, and furious. Everything I've observed over the last 20 years says Microsoft honours backwards compatibility above all else. Raymond Chen has great blog posts about the huge efforts they used to go through. My understanding is that's why businesses have stuck with Windows; it'll keep running their 10, 15 ,20 year old legacy VB line-of-business apps even on their newest OS. Apparently Microsoft has now decided to throw out backwards compatibility? I don't understand this decision.

These start menu replacements hook into the OS shell on a low level, keeping the old incompatible version installed would (and has, in older versions of Win10) cause the user to _have no task bar, start menu or anything whatsoever_ because the start menu replacement crashes and burns, taking Explorer with it.

See also a similar comment[0] I wrote a while back about the policy to uninstall incompatible software.

[0] https://news.ycombinator.com/item?id=12416422

Not defending Microsoft's behaviour with Windows 10, but I'm guessing that an app that replaces parts of windows' shell is not exactly using public Windows API to do so. It's often using hacks and workarounds instead. There's no backward compatibility here because there wasn't any compatibility to begin with. The same thing is happening on MacOS when applications use undocumented private APIs and for some reason Apple decides to take them away.

Unless the updates really uninstalled the application instead of just breaking it, and that's really (another) bad decision from Microsoft.

'Just breaking it' in the case of these shell enhancers would result in the user having no user interface whatsoever after the upgrade.

Windows' upgrade process could in theory disable the shell extension, but that would be even worse than uninstalling the program given how programs on Windows do not take kindly to being 'half-installed' (case in point: uninstallers that break when some application files are removed).

This is what backwards compatibility leads to, and there is no way all parties can win in this scenario.

I didn't think about this, uninstalling it is better in that case. However based on coderjames' comment, I guess it wasn't completely uninstalled, and, as you said, left him without a usable system. I agree, backwards compatiblity is a double edged sword.

I presumed from the context of the comment that 'usable' was rather loaded language used to denigrate the built-in Start menu in Windows 10. The interpretation works both ways, however.

I meant that I literally did not have a visible Start Menu that I could interact with because Windows 10 uninstalled the version of Classic Shell[1] I was using as part of installing the Anniversary Edition upgrade. I actually had that message pop up, "Windows has uninstalled this program because it is known to be incompatible." Luckily there was an Anniversary Edition-compatible version available that I could reinstall.

Note also that I don't especially consider Classic Shell to be an odd program given that when I briefly worked at Microsoft a few years ago (Win 8.1 was current), my manager actually recommended I install it on my second day there on the company-provided computer in order to retain the classic UI because that group found the Win8 touch UI to be unusable on the desktop.

[1] http://www.classicshell.net

I think this article is mixing up three different things which is counterproductive when you're trying to convince people. Just go to the point (not the pointS).

1. Defender is not the best AV out there from a strict efficiency perspective (IMHO, Defender is good enough for most people and is quiet enough & bloat less enough compared to a lot of the competition).

2. Killing the competition in the specific AV domain is bad for security (IMHO, perfectly valid point).

3. MS is globally trying to kill any competition by abusing its dominating position (IMHO, another perfectly valid point).

2 & 3, while absolutely true, are shadowed by 1 which is a very questionnabe point.

Too bad.

The big advantage to Defender is that it will never turn off, never show you an ad, and never ask for payment. Users are defended without needing to know it.

Conditioning users to expect popups demanding payment is unconscionable.

I think that the unfortunate truth (well IMO) is that if you want security and/or privacy then Microsoft is not the company for you. They have shown many times to be in bed with the NSA (http://techrights.org/wiki/index.php/Microsoft_and_the_NSA) and I'm sure other spy agencies and are becoming less open and friendly towards developers and it's users. It is bad that these decisions are effecting businesses but we can all make the change by moving towards more open operating systems and companies that give users and businesses back their freedom, privacy and security.

Seriously. I don't need to add the Kremlin into the mix.

I uttered the same words when, after not booting up my machine for a month due to a move, I got the lovely, lovely message...

"A component of the operating system has expired."

and I was unable to boot any further. still am not. had to turn back my BIOS clock a month in order to "unlock it".

needless to say, a planned install of linux is on the way. I've had enough.

Are you running Insider builds? Because I believe there is a warning when you first enable them that they do expire, and in this case, it did. I've only had an expiration BSOD when my Insider build expired; regular builds shouldn't exhibit this behaviour.

it's funny, I switched to insider builds, then switched _back_ to the regular builds on a stock install of 10, and this still happened.

With the recent Humble Bundle deal I have tried again one of these antivirus products (Bitdefender Antivirus Plus) after only using Windows Defender/Security Essentials since the Windows 7 days.

Right after installing it I noticed that I MITMed myself with their "Web Protection" feature. To show green check marks next to my Google search results this "security" software intercepts my TLS traffic and alters it without my consent. At least Microsoft's solution isn't that desperate to make itself noticed even at the expense of my network stack's integrity.

This is my main issue with the "security" industry for Windows. To justify their existence they have to remind their paying users all the time about their involvement and sometimes they use really stupid and dangerous methods to achieve this.

I believe that when I am using Windows, my interests are more closely aligned with Microsoft's interests than Kaspersky's. That's why I stopped using Kaspersky in favor of Microsoft's built in security product...and similarly why I stopped using Norton AntiVirus in favor of Kaspersky a few years before that.

Independent of that, running Kaspersky means installing Kaspersky's root kit. That's another low level vulnerability in addition to Microsoft's root privilege. It's simply more attack surface. Fully utilizing Kaspersky means sending telemetry to Kaspersky just as fully utilizing Microsoft's product means sending telemetry to Microsoft. I've no reason to believe Kaspersky less likely to be compromised than Microsoft.

To put it another way, Kaspersky's business, like many in the Windows ecosystem is to AdWords or bloatware their way to rents extraction while free alternatives exist. I'm ok with Microsoft making that model obsolescent and Kaspersky adapting or dying because Kaspersky's argument isn't that it provides significantly better anti-virus protection.

Geez, Microsoft keep shooting themselves in the foot. I feel done with Apple and I'm so ready to switch after the MacBook Pro 2016 dongle debacle & the glorious Surface Studio... but then I read things like this and see Windows uninstalling software without the user's permission (SmartFTP is the Windows FTP client I would use!) and realize that I just can't switch to Windows even if I want to.

Yesterday I fired up Windows 10 in a VM on my MacBook to get some development work done, only to find Windows go straight into installing updates while I'm on battery in a cafe & without my power cord. (But it insists "Don't Turn Off Your PC".) 90 minutes later (!) Windows finally launched... just as I had to run for my train home. I literally couldn't do my work that afternoon, all because of Windows.

You do not just have one choice to go with if you want to switch away from mac.

If you do not like mac nor windows, maybe give Linux a shot? If you care about the mac UI you can make Linux look like it.

For software development and normal usage I do not feel like I am missing out on something by using Debian on the desktop and Ubuntu on my laptop.

If you use some specialised software for design you might want to check compatibility though

I'm seriously considering it now. I'm a consumer desktop software developer (making Photoshop plugins) so I'll have to use Windows & Mac at least in VMs, but maybe I can run Linux on the metal.

I haven't given Ubuntu a proper try, except the one time I tried to make my plugins work with GIMP & Wine. Elementary looks interesting as well - their website mentions some of the Apple attention to design detail that I appreciate.

After years of thinking and consideration, I switched recently. And behold... it is great. Just do it - there is so much choice that I am sure you will find your sweet spot.

My suggestions: Xubuntu or Ubuntu w/o all the nasties, Elementary OS, Debian, Arch Linux or a BSD flavour.

Only if you don't have AMD hardware. I bought a laptop with some AMD A10 APU, integrated R7 graphics and a 1366x768 display. Installed Ubuntu to use it instead of Windows 10 because Windows 7 doesn't want to install on a UEFI machine where the HDD is somehow invisible to it and you can't use a USB 3 port because the installer fails to boot and all other nasties.

So I install Ubuntu and am greeted by a broken screen, where 2/3 of the screen are on the right and 1/3 is on the left, like somebody cut a piece of film badly so it's the previous frame and the current frame together.

I asked around and apparently Ubuntu 16.10 doesn't do AMD anymore because AMD didn't write a proper GPU driver, and the old driver for Ubuntu 12.04 (that's from April 2012 haha) is broken totally for new hardware.

So here am I using Windows 7 Pro in a virtual machine on Windows 10 home which constantly bugs me with notifications, is very slow, eats battery and is generally horrible.

Meanwhile my MacBook Air (which only has 4GB of RAM because I bought it with my own money and I'm freelancing and am 16 years old) is laughing in the background...

So, no, Linux is not the solution... :/

This seems to be a problem with the APUs then. I have a Linux-based home server with an AMD CPU that works just fine, and a dual-boot gaming PC with Intel CPU and dedicated AMD GPU that also works wonderfully. (With the open-source drivers. Don't even bother with the Catalyst shit and go straight for Mesa.)

Use 16.04 for now. I have the same chip and the driver from here works on 16.04 flawlessly - http://support.amd.com/en-us/kb-articles/Pages/AMD-Radeon-GP...

I see. Sad to see this development, and thanks for bringing this up. The ability to run linux flavours is now definitely a purchase criterium for me when it comes to new hardware.

I actually quite enjoyed running Windows 10, but have linux installed on all my machines.

Having said that, battery life on my laptops are terrible with linux out of the box.

I was literally thinking exactly the same. Apple alienating us, and then when you look back at Microsoft, they're still really haven't changed.

So I'm going to give Linux a real shot, and improve my knowledge of it, as added benefit along the way. I'm investigating now which distro to start with.

For all web dev coding work, there should be no problem.

One of the things MS announced recently was differential updates, so essential updates like this will be a lot smaller and take a lot less time. I still think they shouldn't force them on us though.

What type of drive does your MacBook have?

It's an old school 1TB HDD, because I really need the storage. The drive is full of VMs of every version of Windows for cross platform testing - I actually use my Mac to mostly write Windows software!

Good point though, maybe I'll be happier if I just fork out for a 2TB SSD. But at the time Apple wanted $800 for a 1TB SSD and I wasn't prepared to pay Apple's inflated prices.

Microsoft need another expensive EU lawsuit. This is very similar to the things they have already paid a lot of fines for in the past. It seems that wasn't enough.

I have installed Windows 10 on two systems. One has MSE enabled and the other has Eset Nod32. Nod32 was installed on that machine under Windows 7 and after converting the OS to Windows 10 it continued to work. Windows 10 is now facilitating notifications that the Eset license needs to be renewed, but


Also, back in the day I had an HP laptop with an AMD Duron processor, and it came with Symantec AV. I had overtemp shutdowns. I diagnosed that the AV was using most of the CPU cycles by far. So I researched the providers and somehow Nod32 came out on top across two or three different AV shootouts. I replaced Symantec with Nod32 and the laptop ran so much better. After that I only ran bundled AV on new machines until I could get around to installing Nod32. Nod32 continues to behave appropriately.

On the machine that runs MSE instead of Nod32, there was a different application chewing up the CPU cycles: The HP support assistant.

This is the world people predicted way back when Windows XP product activation first became a thing, and we sleepwalked right into it.

Microsoft auto-update should also automatically delete all third-party crapware (all the garbage Lenovo utilities that come on Thinkpads, etc). It'll go a long way to a more Apple-like experience.

I have been running MBAM (free version, scan only)/MSE for years without ANY issues, not a single virus on any of my windows machine.

I can't understand the need for bloatware aka "anti-virus", if you take the time to educate the users and train him to stop clicking and installing whatever pops up in their screen then they can pretty much rely on MSE and have a clear mind.

Obviously MSE might not detect EVERYTHING but basic education on how to treat spam/advertisement/phishing goes a long way.

Quite frankly, I think the continuous consumer abuse by the windows antivirus vendors is something that Microsoft is listening to here, and making it much harder for questionably efficacious software to put you into a perpetual license loop primarily fueled by scare tactics.

Sweeney had an argument, and one that I think Microsoft is trying to address. Anti-virus software (including McAfee and Kaspersky) is responsible for so many daily fuckups in my corporate computing experience that I am aggressively removing it from every computer I can find, and I tell everyone I can do to the same.

It is good that Microsoft is making them justify their existence, use less deceptive re-subscription tactics, and in general providing very stiff competition for them. In this specific case, it not monopoly tactics, this is pro-consumer competition.

I hope people realize this, because I think most windows users read this and then immediately squinted and said, "Kaspersky, huh?" It took me over an hour to scrape that gunk out of the last windows 7 box I set up for my family, and I was happy Win10 kicked it to the curb for me on the upgrade I just helped with.

The AV industry needs to die. Security needs to built in, not just a 3rd party add on.

After decades of providing us insecure software, are we supposed to blame Microsoft for doing the right thing & getting things _almost_ right?

I have not yet found an Antivirus software which can truly educates the user - there are wonderful opportunities in there for the right kind of company/product. Proactive solutions beat reactive solutions hands down. Like they say "Stitch in time saves nine"

> Microsoft has even limited the possibility of independent developers to warn users about their licenses expiring in the first three days after expiration ... this is the crucial period during which a significant number of users seek extensions of their security software licenses.

So it's about profit, because the AV companies lose out in their historically most lucrative period to keep paying users.

Please tell me again how this "new" Microsoft is so much better and more ethical than Ballmer's Micro$oft.

Well, you can run .net Core and MSSQL on Linux now and get more servers moved away from Windows, while still being trapped in Microsoft's walled garden. Yay?

Gates's Microsoft. This is a Bill Gates move all the way.

Great post. I'd like to know from fellow HNs: how does Windows Defender compares with other anti-virus?

Detects a bit less AFAIK, but doesn't have insane misfeatures like "web protection" (MITM) and auto-installed plugins/whatever that you have to disable one by one, bloat related to 1st point, scare popups to get you to upgrade/renew/etc, and the general scummy BS that comes with having a 3rd party antivirus.

I think it's good enough, in general. While a 3rd party AV might be more effective for someone very prone to installing PUPs/malware, I still don't think it's worth it - an adblocker likely makes much more of a difference just by preventing people from clicking Google ads while looking for legitimate software.

Side note: I've been happy with Win10. While I thought auto updates would be bad, they've all been snuck in while I'm sleeping/AFK with no side effects. Apart from the initial round of disabling various telemetry features, it's been smooth, and the stupid stuff like unremovable start menu tiles has gradually been fixed.

Side note...stop spreading this ridiculous and incorrect frog metaphor.


I don't see any facts in that link that refute the metaphor. Old experiments at 0.2 °C per minute show the frog dying, while newer experiments at 1.1 °C per minute have the frog jumping to safety. It was already noted that the speed of the heating affected the result in 1888.

I hate how intrusive the Windows Defender is, it automatically deleted some executables of mine I know to be clean (false positives). Just disable that beast entirely, seriously (group policy or regedit). Makes your PC much snappier. Defender is my biggest gripe with Windows 10.

Having anti-viruses installed is for fools. I just upload every single executable to VirusTotal.com and make sure I know the source I downloaded it from - this is far superior to any anti-virus and doesn't slow down your PC.

I said this when Windows 10 was new and I got tons of downvotes. I say it again because it still holds true and needs to be said.

"I just upload every single executable to VirusTotal.com". I would stop using that OS even if it is the last OS on earth if I would need to do that..

You have that problem with all executables that are not distributed through an audited packet manager (or another safe channel). If you directly download any executable for linux, or apks for android, you have the exact same problem.

And he asks: "Who would be most pleased of all to see a monopolization of the cybersecurity market?"

And answers: "Of course, the cybercriminals!"

What he doesn't say: one of the greatest cybercriminal is the American Government.

From my experience AV software makes life of small developers targeting Windows platform harder, so an argument can be made that Microsoft is actually helping independent developers by improving installation and update experience.

We often need to deal with user problems because the installation or update process was blocked by AV software without any user visible message. Also often an application is incredibly slow for some period after the installation because AV is doing some additional scanning/blocking (again the user is not informed about this and blames the application).

Sorry didn't read original article, its such ancient news.

This has been going on since days of DOS, like 35+ years.

"MS-DOS also grew by incorporating, by direct licensing or feature duplicating, the functionality of tools and utilities developed by independent companies, such as Norton Utilities, PC Tools (Microsoft Anti-Virus), QEMM expanded memory manager, Stacker disk compression, and others."

This is Microsoft business success 101.


To hide the uninstall of competing software behind a "Turn on" button through the dominant platform vendor may well be one step too far into the land of violation of anti trust rules.

Pretty bad practices by Microsoft and sounds like that has a decent chance of costing them money in the EU.

However I think the point that having one monopoly AV decreases security because the bad guys can adapt to it is at least not as clear cut as it seems. Especially compared to the scenario of someone having multiple AV programs installed. AV programs themselves are excellent attack vectors, especially for the more skilled attackers so reducing the number has at least some theoretical benefit.

It's interesting to know that even 'large' companies like Kaspersky Labs are affected by this centralization of software.

In startup land this is common - I've seen so many bootstrapped startups fail because they were out-spent or their market was monopolized by big companies or big VC money.

Sometimes it feels like we're going to end up with one giant tech giga-corporation that will just own everything and everyone will be employees of it.

Just looking at the headline(without the domain), and recent events, I thought this was going to be about Teams vs Slack.

The reality is that an organization as big and as talented as Microsoft could, if they put their mind to it, develop and release a software product in virtually any market covered by their ISVs, and unless it is really terrible, or the third-party tool is really good, displace it.

What jumped out at me was that the 'Compatibility Assistant' actually removed a program (in the screen capture SmartFTP); that's removed, not disabled. Disabling a program which has compatibility issues may be a reasonable action, removal, not so much

IANAL, but that seems at the least to be a bloody annoying action, and at the most, anti-competitive as well as anti-consumer.

AV slows legitimate software that operates on large data sets to the point of it being unusable. Case in point:


User comment: "MacBookPro takes 17 seconds, my Windows machine takes 122 seconds."

Because of AV - fast on Mac, slow on Windows.

this is why i don't trust microsoft azure. I recently had to watch a marketing guy trying to sell me on azure, every second slide had a big, bold OPEN sign on the upper right. An truly open company does not have the need to stress every second slide that they are truly open. I tried using the service-bus (it was not my choice) and stumbled up on https://github.com/Azure/azure-sdk-for-java/issues/465, it is open since february! Node.js and the Rest-API were not working either and i could not use the c# library from my mac since important DLLs were missing.

It was a scary experience and it will take some time until azure will gain my trust. What would help is entangling microsoft and azure into a s structure like google has done with alphabet. With the current structure clashes of interests are inevitable.

I don't hear anybody complaining about Apple's anti-competitive ban on AV for iOS.

Oh, wait, that's because iOS is orders of magnitude more secure than Windows and doesn't really need an AV product. Whereas Windows has been plagued by malware for decades. Nobody wants to buy AV in the same way that nobody wants to buy health insurance; it's an unfortunate necesssity in an imperfect world.

Unfortunately the tradeoff we're facing here is the "information feudalism" one. People aren't realistically able to secure themselves, so they end up having to pick a quasi-monopolist and delegate to them the ability to ban software. Such bans can be extremely arbitrary. Occasionally even your headphone jack gets taken away. But people put up with it because it works for them in a way that anarchy doesn't.

Microsoft would clearly love to make Windows behave like iOS: apps only installable from the store which has power of veto and takes a cut. Heck, Apple would probably like to do that with OSX. Neither has quite managed it yet.

I suspect the long term way out of this is a proper user-owned subscription-driven open hardware company, but that's a very hard thing to build and a hard sell to the average user.

Meh. Apple is a tyrant and they're worse than Microsoft has ever been. Furthermore, Apple sucks for business computing.

There's a reason that every business on the planet runs Windows and that the Mac only has a piddly ~7% market share.

The difference between Microsoft and Apple is that Microsoft usually corrects their big mistakes while Apple defends theirs to the death. That's why (among many, many other issues) Mac users were forced to buy one-button mice for 15 years and that's why they could only resize a window by the lower right corner until around 2007. LOL!

There's also a reason that Windows is orders of magnitude more secure than "the Mac OS" - it gets attacked way more often.

- http://www.ibtimes.com/nope-apple-computers-arent-more-secur...

> I don't hear anybody complaining about Apple's anti-competitive ban on AV for iOS.

There is no antivirus for iOS, not even from Apple. That's not anti-competitive.

Where the rest goes, I don't know. But I'm not going to take most antivirus vendors very seriously until they stop adding gratuitous security holes when installed.

Do you think we'll reach a point where computers end up in this vetoed manner?

I see it has happened with iOS, despite widespread popularity (yes I have an iPad for reading), and I see GateKeeper etc. on Mac and warnings about unsigned apps on Windows 10 but it hasn't quite got to the "you can't run what you want" stage yet.

It is almost like they (Apple and Microsoft) are trying to outdo each other in locking down machines (arguably sensible for some users). I wonder where it will stop.

What metric are you using to compare the security of a smartphone to a desktop?

Good read. Makes me glad I haven't made the switch to win10 yet. And yes windows defender is horrible, the other day it just decided that all .lnk shortcuts to browsers were infact malware (Even if it was just an ordinary shortcut)... Anyone else experienced this with windows defender?

While he is on the point on Microsoft's general anti competitive behaviour Antivirus publishers behave the same. you want an ANTI-VIRUS, but then you get continually bombarded with reminders that you are missing a Firewall, VPN, Password manager, and everything else they can think off.

In case microsoft is listening - please expose a knob to the user allowing them to make the file modification hooks be no-ops. There are times when I am doing critical things where I dont want the file modified callbacks to AV viruses / other spyware to be invoked.

Microsoft is creating walled garden and has all right to do that... for some sectors. The most problematic for me is public sector (gov) because they are forced to use Microsoft products by their own agenda, others are free to choose and I believe they do that...

Public sector can always go Linux, as it already happening everywhere. There's no need in great UX, just good enough one to perform their functions. For many even a thin client working with cloud-based apps is good enough.

Security fixes and improvements should be made at the OS level. And it is: Microsoft, Apple and Linux receive fixes very quickly. No software editor will be able to do better than the OS to fix and stop threats.

I stopped using AV softwares a long time ago for the following reasons:

- It slows down your device (memory, cpu, disk access, etc.).

- It annoys you a lot more than it stops or solves any security concern. I've yet to hear from someone telling me their AV software saved them from an actual real virus... If this ever happens it's probably a damn advanced attack that even the AV software doesn't know about.

- It's extremely hard to remove, especially when pre-installed as a bloatware on a PC. Sometimes it's also installed as an extension of other software (browser, etc.).

- It usually takes wrong decisions (false positive) that lead to broken web pages, legitimate software that stops working, etc. And unfortunately the "standard" user has no way to figure out it's due to the AV. I can't count the number of times I had to work with my customers on figuring out what was making my website or software not run (or even not to install) on their machine. One time I had to write to an AV editor in order for my browser extension to be whitelisted. Never got any answer...

AV softwares can be easily replaced with common sense and a set of very simple rules.

- Have a hardware/software firewall that blocks everything expect what's required (allowing only web when initiated from the machine is enough in 99% of the cases). Every major OS now comes pre-configured with a software firewall which removes 90% of the threats.

- Use a strong email service or software (gmail, etc.). This way you reduce the likelihood that a virus, spam, or fishing email passes through.

- Don't open email attachments coming from unknown or non trusted senders. Even when the sender seems legitimate, double check that the email makes sense (not an unusual behavior), pay close attention to URLs, written language and words. Don't click links without knowing where it goes (domain name, https, etc.). Email remains the most simple way to install a virus or a trojan on someone's computer so be very very attentive when acting upon an email. If you use an email provider (like gmail), report the spam or phishing attack very quickly so that 1/it can be stopped quickly for others and 2/it teaches the Machine learning to do better next time.

15 years I've been applying these rules and I never got any virus without using any AV software. My devices run like a charm (PC or Mac).

While I'm a big defender of freedom and open source, I can easily understand and forgive proprietary OS providers choices with regard to the AV editors.

The thing with the "don't open email attachments" type advice, is that somehow it's not enough (I think it's more complicated actually. You need another bullet point for "keep your browser up-to-date" and/or avoid certain typos of website and certain links. There's several types of traps beyond email attachments) I despair at teaching my old parents how to not get malware infections. They may last a couple of months, but it's only a matter of time before something they do leaves me spending the weekend trying to run virus cleanups. I'm sure my parents' experience is indicative of many other less tech-savvy folk.

But anti-virus isn't the solution either. This happens with anti-virus eating half their CPU. I don't really know a sensible way to let my parents have a windows laptop these days. They use an iPad now, and that's the end of it.

I certainly agree with your top and bottom sentence there. AV software is basically an industry which shouldn't exist (or at least shouldn't be anywhere near as well-known and lucrative as it is). The reason it has existed, is because Microsoft have in been poor on security in general. I think more specifically we can say that earlier versions of windows took an approach of being way too permissive with things like file permissions. It seems to me they've been gradually phasing in more sensible limits ever since, and if they're also phasing out 3rd party AV software, I can see that might be a sensible rationalisation too.

Might be. I'm not 100% sure because, while they are improving general security, the other challenge microsoft has always faced is that hackers target windows first because it's most popular. Previously hackers had a mish-mash of several different AV softwares to stay ahead of. By making every windows machine a highly regularised defender-running target, this might make life easier for hackers.

Funny thing is that I installed ubuntu on my parents very old laptop (from 2001) that lost Windows XP support and it works really well. No virus until now.

I replaced the Graphical User Interface with a lighter one though to maintain decent performances.

In case Eugene is reading this, instead perhaps:


for the tweet? (The products are in no way better, not the users!)

Sort of makes me root for the increasing irrelevance of the desktop.

You're missing the point. It may happen with mobile as well. Actually already started. Remember last news regarding Apple kicking off some apps?

Apple's just downright done this many times in the past. Flux -> "iOS Night mode", for instance. If anything, mobile devices make it easier for google/apple to push options out.

Why does Microsoft even allow trial installations of all of these sorts of things? It’s cut-and-dried user-hostile behaviour, as are bundled installers as a class. Microsoft has the power to kill these pieces of software. I wish they would.

How do you determine that a piece of installed software is a trial version, so you can police it based on that attribute ?

The sort of trial installations we’re talking about are ones ones that are bundled with other software or preinstalled on a new computer. Microsoft should be forbidding both.

Am I crazybor has the title of this post changed like 3 times

Why was the original HN title (which was also the heading for the article) changed? This (new) one doesn't convey the sentiments of the article.

I was wondering the same. Iirc the original title was "I've had enough" or something similar, only glanced at it the first time around.

We've updated the title again from “I hope we and Microsoft can return to fighting cybercriminals together”. “That’s It. I’ve Had Enough!” is clickbait—it appeals only to our inclination to share in indignation.

HN changed the title to something more Microsoft-friendly, instead of leaving the original blog headline. Figures.

The HN guidelines call for changing titles when they are misleading or linkbait: https://news.ycombinator.com/newsguidelines.html. What we did here is standard practice and has zero to do with Microsoft.

When moderators change a title, we always try to replace it with representative language from the article itself. In this case you can find that language in bold at the bottom of the article.

Users who feel strongly about Microsoft (for or against) are fond of accusing the refs of being biased (against or for), but that's the case with every emotional topic. We're as careful as we know how to make sure it isn't true in reality.

Why didn't you use the closing of the article "MICROSOFT KILLS OFF INDEPENDENT SOFTWARE VENDORS BY FOISTING ITS PRODUCTS ON USERS THAT ARE IN NO WAY BETTER" then, which happens to be bigger and bolder than the quote you chose and represents the tone of the article a lot better?

Instead, you replaced it with the most positive line you could find until users complained.

You do this time and time again and it smells like bullshit.

That won't fit in 80 chars, so we had to edit it. We also edit superlative language and outrage language out of titles. This is all tediously routine. Actually the current title is more indignant than we'd usually allow ("kills off", "foisting"), so this case is actually a counterexample to what you say.

> You do this time and time again and it smells like bullshit.

This is a form of sample bias. People notice the cases they feel strongly about and fail to notice the ones they don't, thus weighting their sample. The more strongly you feel, the more this effect will skew your view.

No doubt we do have biases—though I'd be flabbergasted if the one you're accusing us of were among them—but given how hard we work to be neutral, and how powerful this sample-weighting dynamic is, moderator bias is a poor explanation here. It's like a programmer being too quick to blame the compiler.

You based your business on a proprietary platform. No formal contract was covering your rights. What are you complaining about?

So you can't complain now? Microsoft is pushing its own (inferior) solution and making it harder for other vendors to compete. While we can debate whether it should be fine for them to do that, there are laws limiting monopolies from this kind of (maybe not this exact case) behavior.

Also, it works the other way around - you wouldn't need to complain if there was a formal contract.

Illegal anti-competitive behavior, perhaps.

You may not have any legal recourse, but you can certainly complain. It's reasonable to expect companies to adhere to standards of decency and respect. If they don't, complain or they'll never learn. Also, PR matters, so complaining loudly does impact policy.

I suggest you read up on The United States v Microsoft.[0] It was kind of a big deal.

[0] https://en.wikipedia.org/wiki/United_States_v._Microsoft_Cor....

Legally you're correct, but where's the sense of fair play?

The greed is getting the better of them. They are so desperately trying to duplicate the success of others that they forget what success is all about.

Fun fact: If you bought one share of MSFT the 23.Dec 1999, you would be down 2 cent today.

> Fun fact: If you bought one share of MSFT the 23.Dec 1999, you would be down 2 cent today.

They've had at least 2, that i can think of, 2for1 stock splits since 1999.

So that's wrong. If you had invested $10k in 1999 you'd likely have > $35k now including dividents.

Thanks, I forgot about the splits. What if you bought Apple for $10K?

Update: As far as I can see they have had two 2 for 1 splits and one 7 for 1 split. Meanwhile the price of the stock has gone from $3.696 to $107.79. Meaning that you would have over $400K today + dividends.

What if you invested 1 year ago? You'd be down ~10% on Apple and up ~10% on MSFT. Anyone can pick an arbitrary timeframe to suit their argument.

That is success :D

Including dividends?

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact