Eyes Above The Waves

Robert O'Callahan. Christian. Repatriate Kiwi. Hacker.

Thursday 26 January 2017

Disable Your Antivirus Software (Except Microsoft's)

I was just reading some Tweets and an associated Hackernews thread and it reminded me that, now that I've left Mozilla for a while, it's safe for me to say: antivirus software vendors are terrible; don't buy antivirus software, and uininstall it if you already have it (except, on Windows, for Microsoft's).

Update (Perhaps it should go without saying --- but you also need to your OS to be up-to-date. If you're on Windows 7 or, God forbid, Windows XP, third party AV software might make you slightly less doomed.)

At best, there is negligible evidence that major non-MS AV products give a net improvement in security. More likely, they hurt security significantly; for example, see bugs in AV products listed in Google's Project Zero. These bugs indicate that not only do these products open many attack vectors, but in general their developers do not follow standard security practices. (Microsoft, on the other hand, is generally competent.)

Furthermore, as Justin Schuh pointed out in that Twitter thread, AV products poison the software ecosystem because their invasive and poorly-implemented code makes it difficult for browser vendors and other developers to improve their own security. For example, back when we first made sure ASLR was working for Firefox on Windows, many AV vendors broke it by injecting their own ASLR-disabled DLLs into our processes. Several times AV software blocked Firefox updates, making it impossible for users to receive important security fixes. Major amounts of developer time are soaked up dealing with AV-induced breakage, time that could be spent making actual improvements in security (recent-ish example).

What's really insidious is that it's hard for software vendors to speak out about these problems because they need cooperation from the AV vendors (except for Google, lately, maybe). Users have been fooled into associating AV vendors with security and you don't want AV vendors bad-mouthing your product. AV software is broadly installed and when it breaks your product, you need the cooperation of AV vendors to fix it. (You can't tell users to turn off AV software because if anything bad were to happen that the AV software might have prevented, you'll catch the blame.) When your product crashes on startup due to AV interference, users blame your product, not AV. Worse still, if they make your product incredibly slow and bloated, users just think that's how your product is.

If a rogue developer is tempted to speak out, the PR hammer comes down (and they were probably right to do so!). But now I'm free! Bwahahaha!

Comments

G
The title says it all. I did exactly that a few months ago coincidentally.
MrTortoise
I did this 10 years ago...
JohnnyCache
Yeah I haven't installed any real antivirus for ages...an occasional MWB and Superantispyware sweep is all I've needed.
Riyaz Mansoor
Did this about 4 years ago. Had no issues even before MS - just need to exercise patience and general knowledge.
Miller Scout
Same here @johnnyCache.
Mark Robson
I really agree. It is particularly troubling for application software vendors, that it's essentially impossible to test against common AV software. The AV vendors update and patch their products frequently, modifying the way they hook the OS. They don't ever allow anyone access to pre-release versions. This is the kind of thing that, even with the best of intentions, causes problems. As a long-time software developer, I have seen many problems caused by AV behaviour, particularly network hooks which modify traffic (TLS interception anyone?).
forsyth
I switch off Microsoft's Windows Defender as well. It makes my laptop unusable when it's running, which I've found to be a general problem with AV software.
SRV6
This was meant for 3rd party antiviruses. Leave Windows Defender on.
Grif
if your laptop's running slow uninstall software you don't need and make sure your main hard drive is in good condition. also go to windows search and type up misconfiguration turn off all startups you don't need you can do the same in services, but i recommend you leave Microsoft services on
Stijn Sanders
I guess what we need is "the people's AV". If Mozilla gets Firefox back on track, could they start something?
amias
as that article shows , its not a political issue its a functional one , essentialy anti virus breaks apis and makes their results unpredictable.
Dr. Net!
I have not used AV software for years (apart from on the mail filter) - must have been around 8.06. Ubuntu ofcourse.
Ricky Gupta
I totally agree with this. I bought new TP-Link USB wireless Adapter and whenever I connected to my wifi, windows 10 crashes with bad pool header error and only after uninstalling my MalwareBytes software, that crash got fixed.
Anonymous
What version of Malwarebytes? In case you are unaware the recent version of Malwarebytes has been riddled with thousands of bugs and issues. You can look at their forum
Peter Kasting
Was "now that I've left Mozilla for a while" supposed to be linked to somewhere, rather than underlined?
Robert
No. I just wanted to make sure Mozilla doesn't get blowback.
Oscar Goldman
Does Microsoft make anti-virus software for the Mac? If not, then what?
Robert
I'd use whatever Apple offers; if they don't offer anything, then "nothing" is probably better than the usual A/V vendors. MacOS is locked down reasonably tightly already.
Jeffv
If you are a business, Bromium. Not quite AV, but something better, imo, as it doesn't use signatures, but looks for aberrant behaviour; e.g your email should not be trying to access your customer database. Best of all, the way it works is to let the infection think it's succeeded, while recording what it's trying to do, and that can be shared without exposing your security.
SRV6
Mac's do not require any antivirus.
Psycho
Sir, i hope you never have children
Former Mac User from 80s.
heheh... Yeah that is it.. Mac don't require antivirus.. They are immune to all digital threats.. You might want to search that on snopes.com!!!
SRV6
My wife is a graphic designer and uses nothing but Macs. Her company uses Macs. None have security on them. Is there Mac malware? Yes but far and few between. http://www.pcadvisor.co.uk/how-to/security/do-apple-macs-need-antivirus-os-x-security-explained-2016-3418367/
Jeff M
Mac's don't usually require antivirus software, because they have three significant deterrents. First is Malware Check, which functions similarly to Windows Defender, but runs silently in the background without any user interface. 99% of users never know that it's there. The second is GateKeeper. It's default configuration requires that any binaries be signed by a developer with an active developer account with Apple before it will run. (This can be disabled on an app-by-app basis or globally, but it is on by default). This allows malicious apps discovered in the wild to be disabled by Apple unless the user specifically re-enables them. The third is that any app sold through the App Store undergoes a code review and also is required to be sandboxed from other processes. So, while it's not perfect, given those three mechanisms, and the fact that the Mac installed base is less than 10% of windows, means that malware and viruses are virtually nonexistent on the Mac.
TerryC
Just to be clear, if I'm not mistaken, Gatekeeper started with Lion (10.7), so those of us using Snow Leopard this advice is not relevent.
joe_h
"Mac's don't usually require antivirus software, because they have three significant deterrents." BS! Macs don't have as many issues with malware because they have such tiny market share, and malware creators don't target it as much. The simple fact is as an OS Windows is more secure and has fewer exploits. This isn't even debatable. http://www.businessinsider.com/android-most-vulnerable-operating-system-in-2016-2017-1
Mr Roboto
What about open source antivirus like ClamAV?
Robert
I don't know much about it. Being open-source means it's probably less crazy-bad than the others. Still, I'd be skeptical that it's a significantly better recommendation than Windows Defender, for Windows 10 users.
l
As far as I know, it is the only free (as in freedom) antivirus. If you need more security than that, just go free software full way and ditch MS Windows altogether in favor of a free OS such as GNU/Linux.
nicu
1. ClamAV has poor virus detection rate 2. it is only a virus scanner (to be used on files or folders), it does not provide a resident shied checking the files before you open them.
Unknown
ClamAV is an AV solution you need to run manually. It is therefore a nice enough "stick behind the door" for tech savvy users, not your average Joe. There are ways to make ClamAV work as a real-time AV scanner, but that software isn't made by the people behind ClamAV, and the last time I tried it, my CPU had a continuous load of 30%. SO I use ClamAV sometimes, I use online AV scanners more often and monthly malware scans. No virus or malware on my system for 10 years. That said, I run a strictly configured router/firewall on a completely separate PC and every device that connects through my LAN is on a separate VLAN with even stricter rules. All of the computers I use have mostly PortableApps tools and browsers are as vanilla as possible, with the exception of 'uBlock Origin' and 'uMatrix'.
Anonymous
Try this link to improve detection rate of ClamAV : https://www.securiteinfo.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml?lg=en
Andreas
Hi Robert, what about applications such as https://heimdalsecurity.com/en/products/heimdeal-free that simply keep your average virus magnet applications up-to-date? Would you recommend that on the side, along with whatever the OS offers?
Robert
You should stick to applications that are good at updating themselves. For example there's no need for Heimdal to update Firefox or Chrome, and getting it involved adds potential for catastrophic bugs. So it depends on what applications you use. If a random person asked me with no further information, I'd probably play it safe and say no since there's potential for badly-implemented updates to do great harm.
Anonymous
Microsoft has a tool for enable processor based protection that may be helpful for some people. https://en.m.wikipedia.org/wiki/Enhanced_Mitigation_Experience_Toolkit
SRV6
EMET ius being discontinued on July 2018
SRV6
Windows 10 has EMET features built in.
Anonymous
Not all of them... https://betanews.com/2016/11/24/windows-10-security-emet/
Anonymous
For now....
Marcos Mayorga
Just use Linux, you don't need AV at all, I've never used AV for more than 20 yrs so far
Former Mac User from 80s.
Linux fan boys are as bad as Mac fan boys.. Mark my words, when you get hit.. It will be bad.
Anonymous
As a layman, are you talking about always-on virus scanners that run in the background or also on-demand file scanners? I would guess the latter are less intrusive to the os?
Jeabo
Yes, you are very much right. In fact, running bit defender and something like McAfee together will cause the OS to become unstable. Just my experience after doing thousands of virus cleanings.
Jeabo
That is why most real time scanners will disable Windows antivirus software. (And McAfee is utter garbage these days)
Robert
On-demand file scanners are certainly a lot less problematic.
Anonymous
The only time I ever use AV is to scan files in a VM. Be safe online, not stupid.
Anonymous
I vaguely recall that a few years back, my laptop would intermittently Blue Screen until I uninstalled Norton. I still use MalwareBytes (the free version, with no "active" protection), and I run it occasionally just in case, but otherwise I stick with MSE (or whatever it's called) on my Windows boxes.
PK
I used AV in the past, but after getting Windows 10 machine, I really use only the Defender. It works great, nothing bad happened yet, and it doesn't scream on full volume every time definitions are updated ;-)
Anonymous
For home use I don't disagree with you. We all know that by the time the AV software finds an infection it's too late anyway. But a lot of businesses these days are allowing or requiring BYO devices with their user base. We have to protect everyone's systems. We can't have people running on networks in such an insecure way. Here, our security appliances & firewalls can help to mitigate security threats imposed by rogue devices, but that is not enough. Ideally, everyone just becomes more tech-aware and can figure out that they shouldn't click that link in their email because they probably aren't descended from African royalty. But I don't see that happening anytime soon. As long as people keep clicking on stupid things, then they need stupid software to babysit them.
Robert
I can't imagine why you'd allow regular users to attach BYO devices to your corporate network. That aside, what evidence is there that any third-party AV is a net security win over Microsoft's built-in stuff? I haven't seen any, even with all the comments around this post.
markrobertsbarter
Calling the major vendors' products "anti virus" kind of highlights a lack of research, on your part. Apparmor/SELinux, for example, is pretty much considered best practice in the Linux world, so why is it that similar third party functionality in the suites that you dismiss as "AV" suddenly becomes worthless in the Windows world. There's much more to the major - let's call them what they are - HIPS software packages than you give them credit for.
Robert
SELinux has all kinds of problems. However, at least it has defined interfaces; the source is open and operates in a transparent fashion; distros take responsibility for configuring it and making it work with their application packages; and it hasn't been a source of egregious security bugs. Windows AV on the other hand is a crazy mess of closed-source code doing random patching, hooking, parsing arbitrary complex data formats in ring 0 and other blunders, changing unpredictably, with practically no coordination.
amias
windows is different to linux in this respect because software vendors are considered potentially hostile to the OS as they are frequently not aligned to its goals. linux distros on the other hand tend to provide software that is more closely matched to the OS because of its maintainers including or packaging them instead of vendors.
Chris Tschantz
This smells all too consumer to me. Users who are diligent about patching not only their OS but third party software as well (Reader, Java etc.) MAY be able to get away with nothing more than Defender; However, what ever happened to Defense in Depth? At any business or enterprise, you have to do your best to protect the data, employees as well as your customers. Sure, traditional AV isn't always going to protect you but most AV \ EPP vendors are doing their diligence to include technology in their products that go way beyond what traditional AV ever did. In addition, there are other products to consider like Application Whitelisting technology. Of course, these in concert with other technologies like DLP, IDS, NGFW, SIEM etc. can all help protect the business. Common Defense in Depth here. But to recommend either nothing or Microsoft built in offering is not the best approach if you care about the things you need to protect.
Robert
"Defense in depth" does not mean that the answer to "should I install this 'security' product?" is always "yes". Each product you install adds vulnerabilities to your system as well as protecting you from some set of threats. The sets of threats overlap (e.g. if you're scanning email on the mail server, scanning it again on the client doesn't do much). > But to recommend either nothing or Microsoft built in offering is not the best approach if you care about the things you need to protect. I'd like to see an independent evidence-based evaluation of this. I haven't, and one hasn't turned up in all the comments around this post. Lacking one, and given the egregious blunders of the major AV vendors that have come to light, I still think being conservative in what you install, as I have advised, is perfectly reasonable for the average user.
Bruce
I guess that one could then argue that since Microsoft also includes IE and/or Edge in their operating systems, one should not install Firefox, Opera, or Chrome either. After all, you are adding more software with more bugs and we do want to be conservative in what we install, right?
Robert
If IE/Edge are installed but you don't use them, no problem.
nicu
Some years ago I used to put MSE on some people computers, that was until they came back infested. Now I won't recommend it to anyone. (still, I have to admit I didn't check recently, since I mainly use Linux with no AV)
Anonymous
What about Emsisoft? If you are going to recommend to uninstall AVs, you should at least be aware of the popular ones and more.
Tyagraj Varma
These days most of the malware comes from online. Just run your browser in a software like sandboxie. You won't need an 3rd party AV, unless you often connect unknown USB devices.
Anonymous
Your advice is flawed, opportunistic, irresposible and dangerous to people who don't understand the malware landscape that is out there. Your reputation, in my mind at least (as I don't speak for others) has been tainted. The average Joe on the street is better served with anti-virus on their computer than not. No software is perfect.
Robert
> The average Joe on the street is better served with anti-virus on their computer than not. I believe you may be right about that which is why I suggested Microsoft's stuff.
Anonymous
The problem if you only use Windows defender (on Win 8.1 about myself) is that you could be infected by a virus (like a trojan) while browsing a web page with firefox. I've made EICAR tests with Windows defender and firefox and defender doesn't notice the viruses in a web page (but it works with IE 11).
Robert
EICAR-like tests are mostly meaningless for browsers. By the time malware has been around long enough to be analyzed and its signature(s) (binary, behavioural, whatever) blocked by AV tools, modern browsers will have already fixed whatever holes they were exploiting. Firefox doesn't need to explicitly detect Web-bourne viruses; Firefox's job is to make sure that all such content is harmless. For modern browsers that are kept up to date your real threats are zero-day exploits, which can easily evade any AV product.
Anonymous
I think I need a good AV also because a few weeks ago, i've been on a TV streaming webpage and there was a trojan into the page. It has been detected by my AV but not by Firefox. What could you advise in this case?
Robert
I thought I was clear before. Without more details it's probably not worth me saying anything more.
Anonymous
I've done this since I understood a little more about how these security solutions work (5 or 6 years ago). I don't understand why Windows Defender is different from the others AV. If you could explain this point I would appreciate it.
Robert
I mentioned it in the post. Based on the data I've seen, I have a much higher opinion of Microsoft's people and processes than the other AV vendors. Also, because Microsoft's stuff ships with Windows they are more likely to get the integration right and be held to reasonable quality standards.
Anonymous
Hooray another educated opinion from someone who does not actually fix PCs for a living. Thanks for that. You just made my job harder, but more profitable. Microsoft themself say that their AV solution is "Baseline", which means is the lowest you should go, not the highest. I keep seeing quotes about the crappy state of AV, but it always focuses on Norton, Mcafee etc., who are historically crap and simply sell more product. Avira or Bitdefender never apear in these quotes or lists of bad AV/vendors. I can find zero evidence that MS AV is any good, only the oposite, as the frequent infected PCs I have to fix are usually using either MSE/Defender, Norton or Mcafee, which is as good as using a magic 8-ball. MS AV does not scan web page content in non-MS browsers, so malvertising and link scanning in FF or Chrome is non-existent. If you are going to recommend MSE/Defender, at least show some evidence or reference to how good it is at its job, not mere opinion and belief. It is provably consistently below average, and for a while fell off the bottom of the AV test/comparison sites.
Robert
Avira: https://bugzilla.mozilla.org/show_bug.cgi?id=844714 Bitdefender: https://bugzilla.mozilla.org/show_bug.cgi?id=1310629 Firefox and Chrome use Google Safe Browsing for URL filtering so it's not "non-existent". Scanning Web content adds very little value. By the time malware has been around long enough to be analyzed and its signature(s) (binary, behavioural, whatever) blocked by AV tools, modern browsers will have already fixed whatever holes they were exploiting. Firefox doesn't need to explicitly detect Web-bourne viruses; Firefox's job is to make sure that all such content is harmless. AV products interfering with Firefox has historically made that more difficult --- including Avira and Bitdefender, as you can see above. Justin Schuh says it's the same for Chrome. This all assumes users are using up-to-date OSes and browsers, as I updated my post to make clear. Windows Defender may not be very good at the metrics you're talking about, but at least it does relatively little harm.
Chris
Well what if you never enable the plugings those AV products try to push onto your browser?
Robert
That doesn't necessarily stop them hooking and patching browsers; i.e. that wouldn't stop all the bad stuff they do.
Bruce
"Windows Defender may not be very good at the metrics you're talking about, but at least it does relatively little harm." For the test suites that look at false negatives, Microsoft's consumer solutions are generally the king of the hill. How is that "relatively little harm"?
Robert
See http://robert.ocallahan.org/2017/01/a-followup-about-av-test-reports.html about test reports.
Dan Stromberg
https://blog.cylance.com/dont-test-a-bomb-with-a-hammer
Matt Blalock
Which is why I never install browser addons that monitor/pre-empt/intercept/divert/parse or otherwise aggregate code or functionality into or onto my browsers, of which I use two: Chrome and FireFox. Nor do I lard on all the extra geegaws they beg you to buy. AND by-the-way, I never pay for AV software. I have used AVG Free, rightly or wrongly, in conjunction with FireFox (and now Chrome) for 18(?) years during which time I have fallen prey to an exploit only once and that was my fault. Any other security failures I experienced were with MSIE - and nothing could protect you from the flaws in MSIE. No AV product can protect you against your own stupidity, especially if you don't understand or acknowledge the shortcomings of the AV platform you use. I get the point about MSAV: who knows MS better than MS? Who better to create and build an AV architecture that works in harmony with MSOS, but then look at MSIE. I still think MSIE is terrible software and never use it. So I stick to what I know works, for now. But I will say this, and I wish someone would address this specific issue. What i fear, in light of the Russian exploit of the DNC, is that these foreign AV softwares could be engineered to backdoor any user and expose westerners to attack. Imagine planting evidence of criminal activity on thousands or millions of computers, implicating innocent users in criminal activities of which they have no knowledge and indictment for said crimes they did not commit: wire fraud, sex crimes, computer crimes, espionage, public infra-structure crimes, you name it, or leverage your system as a bot to attack dot-gov or public/private infrastructure. This has begun to steadily creep into my awareness of late.
Anonymous
Totally, that is what I do and say to my users/customers.
itLarry
yep. If some OS isn't able to secure itself (vs selinux, openbsd, ..) i don't use it. security as an after thought never worked and never will. just say bye-bye to this exensive crap that makes your box crawl - your apps crash and only gives a false sense of security.
Chris
Also are you discrediting places like Virus Bulleting or AV-Comparatives? https://www.virusbulletin.com/ https://www.av-comparatives.org/ That don't even bench the Microsoft built in av because of its low scores. I understand from a stand point of the browsers sake with their plugins. I don't even enable those because i want the browser to do that and the AV to catch anything the browser doesn't catch. I've gone back and forth on this myself as an IT professional and I find myself using AV because of those listed sites and Microsoft's admission that it's just a baseline product they include. To me performance is always what I'm looking for as I'm an avid PC gamer and I've never had issues with Bitdefender running on my PC slowing down my Games or Browsing. I have though run into those issues you mentioned where it gets tricky because the AV product is doing some stuff with the kernel. For example Asus tools to monitor my PC and adjust setting like voltages and bus speeds has an issue with BitDefender. My response to that was just to not use the software and seek alternatives to monitor temps.
Robert
OK for the sake of time I'll just focus on https://www.av-comparatives.org/wp-content/uploads/2016/12/avc_prot_2016b_en.pdf. > That don't even bench the Microsoft built in av because of its low scores. This report does include Microsoft. In that test, MS got 97% (1570 out of 1619) ... lower than most of the other products, but the actual difference is very small. The major problem with tests like this is that they are designed to fit the strengths of AV products and avoid their weaknesses. The report doesn't say how they acquire their malware samples, but I guess they get them from the same sources AV vendors do. (They're not writing their own since they say they independently verify that their malware samples "work" on an unprotected machine.) So what they're testing here is the ability of AV software to recognize malware that's been in the wild long enough to be recognized and added to someone's database. That's exactly the malware that AV systems detect. But in the real world users will often encounter malware that hasn't had time to be classified yet, and possibly (e.g. in spear-phishing cases) will never be classified. A more realistic test would include malware like that. The test writers should cover that by generating a whole lot of their own malware that's not in any database, and see how AV products perform on that. My guess is that the detection rate would be around 0% if they do it with a modicum of skill. Of course in the real world, some malware authors can and do iterate on their new malware until they're sure the major AV products won't detect it. So for the sake of argument let's suppose 20% of the attacks in the real world use new unclassified malware and 80% use old malware and none of the 20% is detected by AV products. That would be 405 additional malware samples not detected by any product. Now Microsoft scores 77.6% and F-Secure is 79.9%. That difference doesn't look so important now. The other major issue with this whole approach is that it takes no account of the downsides of AV products. If a product slows down your system massively (more than other products), that doesn't show up here. If a product blocks all kinds of valid content, that doesn't show up here. If a product introduces huge security vulnerabilities --- even if they're broadly known --- that doesn't show up here. If a product spams the user incessantly with annoying messages, that doesn't show up here. Because of these systematic issues, this approach to testing actually does more harm than good because to the extent AV vendors care about these test results, they'll optimize for them at the expense of those other important factors that aren't being measured. There are also some issues with this particular test report. For example they say how important it is to test up-to-date software, and then test "Microsoft Windows 7 Home Premium SP1 64-Bit, with updates as of 1st July 2016" and Firefox version 43.0.4. But on 1st July 2016, the latest versions were Windows 10 and Firefox 47.0.1. Another issue I have with this particular report's product comparisons is that I suspect all it's really measuring is how closely their malware sample import pipeline matches the pipelines of other vendors. Maybe F-Secure won that benchmark because they happen to get their malware samples from exactly the same sources as AV-Comparatives and the other products use slightly different sources. The source of malware samples is critical here and I can't find anywhere they say what it is.
Anonymous
I am of your opinion
Anon_Code
what about the almost 5000 malware samples i got, which is not detected by Win defender...? this blog post is the worst suggestion i'v ever read. but is detected by 3th party AV's? this is damaging to end-users. people should not even use mozilla because of all the vulnerable plugins it possesses...
Anonymous
I agree and I do not want to know how much energy is burned every day for the useless AV software.
justplus
what about Kasperski?
ABRAHAM GERARDO VALDEZ
since my first computer (year 1999)i don't use antivirus...
Chris
Was this more what you were trying to say? https://www.onmsft.com/news/google-chrome-engineer-says-windows-defender-the-only-well-behaved-av
Robert
I agree with that, but it's not all I was trying to say.
Michael Meeks
The false positive rate is horrendous, leading to silent and weird changes in behavior. For example a prominent AV solution stops git working under Cygwin on Windows - it fails with some weirdo error, no logging, no diagnostics, nothing to fix it. So - step 1. for all developers: disable AV on Windows. Beyond that, the number of user-reported false positives as we tweak headers and re-compile LibreOffice is beyond belief - even though the binaries, installer etc. are signed. The whole "look for virus signatures" approach seems unlikely to succeed in the end anyhow, and the performance impact of AV is severe for most low-end machines (so I'd not enable it on Windows XP either since a) you're doomed anyway and b) you ought to be able to use the PC in the small window of life you have). I'd put good money on someone creating entirely random PE executables by shuffling code fragments of any given binary and putting them through lots of AVs of hitting truck loads of false positives; it would be great to have a comparison of the lame-ness of AVs based on that alone I guess; and some independent benchmarks of their real impact on machines. I guess the AV industry is just another clown in the circus =)
DEViATTED
I am so glad there are people who think the same way. I haven't used an AV for more than a decade now. I think they're the most useless piece of software in existence today that act like virus themselves by slowing down computers, interfering with other processes and the beauty of it is PEOPLE pay for them!
previouslysilent
I've had to fix machines which have run only Microsoft's security and got infected, and SpybotS&D or MalwareBytes have easily found the problem. In my experience it's the fully integrated security suites that are the biggest headaches. I've had to turn off outbound mail scanning on wife's laptop because it fails for an unknown reason; she runs Avast.
Anonymous
I've been running MC Shield because of the high number of USB viruses in the country I live and I've heard Immunet is supposed to be good, both run alongside resident antivirus programs. How do these fit with the recommendation to not install 3rd party scanners and use windows defender instead?
Anonymous
Robert, I am not into all this chain of comments but seeing this: > because of the high number of USB viruses in the country I > live and I've heard Immunet is supposed to be good, both run > alongside resident antivirus programs. ... I'm tempted to recommend the tool I was using several years in a row (on farm of Windows boxes at my previous job). And boy was it perfect! It's called Ariad: https://blog.didierstevens.com/2010/07/18/mitigating-lnk-exploitation-with-ariad/ If tools you mention are in the same vein like Ariad, it's very nice combo, I'd say (I used both Ariad + MSE in those older times). Because it deals more with infection causes than a consequences. Recommended!
Anonymous
I only noticed one thing about my Eset Internet security is that it overwrites some of the websites security certifications to it's own.
Robert
This paper says ESET is especially bad about its TLS interception: https://jhalderm.com/pub/papers/interception-ndss17.pdf
Begemotike
Finally, a voice of sanity in the wilderness. I run a small IT shop and I've had people call and rail on me for hearing about me telling something this exact thing. I can confirm, personally, that I have never, not once in 20 some years of doing this, seen AV actually protect the people who were always infecting themselves. The other major issue is that by and large, the biggest problems are PUPs, which many AV solutions cheerfully ignore - or even install. Which is why in the end, prevention (patches, user education, user lockdown) and remediation (malwarebytes et al, backups, restores) have been the only thing that really works. And yes, leave Windows Defender on.
Aleksey
This is a terribly ignorant article, written by someone who does not understand vectors of attack, the nature of viruses in the past decade, or anything, really, about security. It also certainly explains why millions of people are part of zombie botnets without even knowing that they are. Mind-boggling stupidity on display.
RejZoR
Sorry, but Windows Defender is absolute garbage. Slow, poor (well, non existent to be honest) proactive features, only thing good about it is that it's easy to use since it hardly has any settings. Are you a Microsoft shill? Coz no one in right mind would recommend Windows Defender over products like Kaspersky, avast! or Bitdefender. Of which last two also offer free versions that are not any worse protection wise than their paid counterparts. Diversity in antimalware field gives users immunity. If everyone used Windows Defender, bad guys would just have to bypass that and they'd be done. And trust me, bypassing Windows Defender is easy. But if bad guys have to craft their packages to bypass 20 different products, they have to make compromises, extensive testing and even then chances are one vendor will nail them and share the sample with rest is very high. And with cloud systems, they can't test it in advance because it means AV vendors will get an insight on the malware and if they don't, they can't be sure it's not detected already. It's why everyone else is better than Microsoft, because they have complex multilayer protection systems.
Aleksey
I was too lazy to write all that out, but yes, exactly. Homogenuity, using AV by the same company that made the OS, is insanity. In addition, Windows Defender/MSSE are simply way behind in innovative technologies like deep cloud AI (Symantec) or Webroot's tracking and reversal of suspicious application behavior. People who write such articles are terribly ignorant, and they believe they still live in an era where you could, first of all, know when you have a virus, and second, eliminate it by "scanning" after it executed. The only thing that still works to root out modern viruses are hacker utilities like Combofix. Modern antiviruses are trying to catch up, but Microsoft is certainly way behind all of them.
Fred
This article is complete bullshit from someone who does not know anything about new security threats and attack vectors spreading in 2017. Relying on an OS and all softwares, plugins, middleswares, drivers and other stuff up to date for being safe is just non-sense. Combination of standard AV and behavioral/sandboxing technos remain an effective way to protect from Internet threats (as well as awareness, and being up to date of course).
Anonymous
Anonymous
Since Win 95 i am used to AV Suites, and every Time it was a disaster. From slow PC, to annoying and false Messages, up to finally heavy destroyed Win OS, all of this i have seen. The First was Norton AV because i trusted Norton Commander on Dos. This was the first mistake... later i must install Win95 new... ca. every Year i tested another AV Programs or Suites, because most of it was free on Magazine CD/DVD... every Time was the same annoying or destroying of Software and OS (and Time). I Think.... Why dos every PC Magazine prefer AV Suites ? it was every time annoying and slow on my Gaming PC. Many Years later i payed many Money for Norten Internet Security Suit, and it was a better then the first Version i used, but the PC-speed was only 1/4 from before, and so many Messages from the Suit, i think ... whats going on in my PC is it infected or defect or what is it ? I wanted to deinstall it..... mistake 2... i had to use an special uninstall program, because of the deeeeeeeeep integrating in the OS, simple deinstall destroyed my WinXP. But i had luck, i never had a Virus from Internet. The last AV Programs i used was Free AV and AVAST..... same shit, but more annoying with activation online, messages and updating that don't real work... but better with deinstalling. I did See a Video from CCC Germany, because how easy a PC was infected if a AV Suite is installed. Without an AV nothing had happen, but with AV they easy become Admin Privilege and full OS/PC access !!! Then 3 Years without AV, @2009 MSE beta message arrived, i looked, installed the Beta and tested it with an official Virus Download. MSE worked fine with download, copy and delete the harmless but real Virus. Since then i used only MSE and never had any Problems or slow PC, i never experience a slow or annoying Windows because of MSE. OK only one negative Part on MSE, if i install an old Game or Software, the start of the install is very very slow (but i don't think, that is MSE fault, its more a OS Fault with old installer Software in combination with MSE) but this Problem dont hurt much, if i must wait a minute more or deactivate MSE temporary and don't wait. The better Question is: Why are here so many People that say MSE is Shit? I can say MSE is not shit, it is very usable and silent and fast. AV Suits are better? they Should work in a Sandbox ?(witch is ridiculous slow). Yes there are good AV in this World, but they are very expensive and they are not in the next PC Shop to bye. Why must a AV Suit change the Browser Software ?(this is not her piece of Software). and what if a new closed Source Sandbox-Browser arrive, how can the save the User ? I am very satisfied with MSE since the Beta. I am more Safe, more Speed, lesser annoying, lesser Problems with MSE + adblocker + Scriptblocker.(that dont change the Browser Software) Thats the best every Internet-User can do, to secure Yourself ! Brain.exe is not important then... Who else will say that an AV Suit will be better and safer for free?
Naturebitz
In light of the recent "Avast breaking the installation of Windows 10 1803 update" I'm inclined to agree with Robert.
tlhonmey
Aside from the results of bad passwords on remote-access systems the most common compromises I see these days are... Malicious browser extensions. Doesn't matter what OS or whether you have antivirus or not. I've not seen a single antivirus program yet capable of detecting the difference between a legitimate extension and a malicious one. So unless your user is an idiot who believes the "you must install this codec to continue" website ads and runs things that come in unexpected email attachments from strangers, traditional antivirus does nothing. Keep up with software security updates and you'll screen out 95% of the bad stuff. Don't install browser extensions or other programs just because some random website says you should and you'll be rid of another 4.9%. The rest are things that a good antivirus program probably won't help with anyway, so it's probably not worth it. Using something to scan incoming emails for known threats might be helpful if you get a lot of mail from John Q Public and so have to read everything. That's about it.