Disable Your Antivirus Software (Except Microsoft's)

[V_R]

I was just reading some Tweets and an associated Hackernews thread and it reminded me that, now that I've left Mozilla for a while, it's safe for me to say: antivirus software vendors are terrible; don't buy antivirus software, and uininstall it if you already have it (except, on Windows, for Microsoft's).

Update (Perhaps it should go without saying --- but you also need to your OS to be up-to-date. If you're on Windows 7 or, God forbid, Windows XP, third party AV software might make you slightly less doomed.)

At best, there is negligible evidence that major non-MS AV products give a net improvement in security. More likely, they hurt security significantly; for example, see bugs in AV products listed in Google's Project Zero. These bugs indicate that not only do these products open many attack vectors, but in general their developers do not follow standard security practices. (Microsoft, on the other hand, is generally competent.)

Furthermore, as Justin Schuh pointed out in that Twitter thread, AV products poison the software ecosystem because their invasive and poorly-implemented code makes it difficult for browser vendors and other developers to improve their own security. For example, back when we first made sure ASLR was working for Firefox on Windows, many AV vendors broke it by injecting their own ASLR-disabled DLLs into our processes. Several times AV software blocked Firefox updates, making it impossible for users to receive important security fixes. Major amounts of developer time are soaked up dealing with AV-induced breakage, time that could be spent making actual improvements in security (recent-ish example).

What's really insidious is that it's hard for software vendors to speak out about these problems because they need cooperation from the AV vendors (except for Google, lately, maybe). Users have been fooled into associating AV vendors with security and you don't want AV vendors bad-mouthing your product. AV software is broadly installed and when it breaks your product, you need the cooperation of AV vendors to fix it. (You can't tell users to turn off AV software because if anything bad were to happen that the AV software might have prevented, you'll catch the blame.) When your product crashes on startup due to AV interference, users blame your product, not AV. Worse still, if they make your product incredibly slow and bloated, users just think that's how your product is.

If a rogue developer is tempted to speak out, the PR hammer comes down (and they were probably right to do so!). But now I'm free! Bwahahaha!

http://robert.ocallahan.org/2017/01/disable-your-antivirus-software-except.html


An interesting read. Thoughts?

I'm currently running Avira but am tempted to get Defender a go, just to see if its any better/worse/same/different.

 

[EvanDavis]

On my W10 Acer I only runWindows Defender. Once a month I scan with Malwarebytes and have never had any nasty's.

 

[muckshifter]

I read a similar 'article' not so long ago. There isn't really anything wrong with MS Defender per say as is with any other AV program ... it's free, and is now turned on by default if no other AV is present. If you install a 3rd party AV program and it fails, Devender takes over the job while 'you' go 'fix' the problem. I can personally attest to that.

 

[muckshifter]

oh, and then there is ...

https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx?id=16

... so far I have 70 infected files detected, is gonna take a wee while to check all the files in all my drives.

I wonder if I should have run a quick scan first.

 

[Ian]

An interesting read... and from a source that should know what's going on.

I'm not brave enough to stop using Kaspersky and trust defender on my main PC, but on other devices I will use Defender or Avira. Kaspersky seems particularly active at blocking suspect JS files or web vulnerabilities in a way that I've not seen Windows Defender do - but that's not a particularly scientific test, as Defender may just stay silent about it.

If you do try it @V_R, please do report back in a month or two and update us!

 

[TriplexDread]

I don't have one installed. I haven't had one in stalled for a long time now. I am quite vigilant regarding infections. If unsure don't click, just delete

I run Mbam, and MSE. I do regular registry sweeps and allow windows updates whenever needed. That's it

 

[V_R]

If you do try it @V_R, please do report back in a month or two and update us!

So I tried uninstalling Avira and running Defender.

Defender kept saying there was another AV running. So it wouldn't run real time.

Tried the Avira removal tool, CCleaner, manual removal etc. But gave up in the end.

I might revisit one day if I can find out what was causing it, but for now Defender can do one.

 

[Ian]

Not a great start to Windows Defender then!

 

[muckshifter]

Not a great start to Windows Defender then!

err, Defender won't 'fire up' if there is another AV present ... maybe Avira needs a good kick up the posterior.

 

[V_R]

I removed all traces of it, even used their own removal tool that deletes all the registry entries etc. Still no dice.

Unless it thought MalwareBytes or something were AV's...

 

[floppybootstomp]

If I may throw me twopennorth in, my own view is that any AV program is only as good as it's current database, all the rest is smoke and whistles and presentation.

In my experience all the ones I've tried are quite adept at actually removing nasties.

And Bitdefender was quite exceptional at this task, it eliminated whole folders without even asking and these were not strictly viruses or Malware.

 

[EvanDavis]

So since my last comment I have now only been running Windows Defender on my main PC. Today I scanned with Superantispyware, Malwarebytes and Trend Micro Housecall and they all came back and gave me a clean bill of health.

 

[Becky]

That's good to know @EvanDavis

 

[bootneck02]

An even better solution is to run LINUX

 

[V_R]

You are in no position to give security advice!

 

[bootneck02]

Yes but I learned a lot

 

[V_R]

I had a second go at running Defender and uninstalling Avira. This time ti worked without issue. I have no idea either.

So, been a bit over a week now with WD. I am yet to have my PC taken over by hackers or all my monies stolen.

Result.


Seriously though, its doing a fine job so far, and yes I've scanned with other scanners to check (ESET Online being one) + MAB.

I do have one complaint though - I have a Wireless Charger for my phone sat on my desk plugged into one of the USB ports .

Defender keeps telling me the device isn't working properly and there is no way to stop this, so it keeps putting a yellow exclamation mark on the tray icon instead of a nice green tick, which is annoying.

Obviously its fine, its purely a wireless charger nothing more. there is not an issue and I can't find a way to tell Defender to ignore it.

Other than that no complaints.

 

[Justin DeTorres]

MSE is the best security software for free. I'm using it from the beginning.

 

[Abarbarian]

Running Windows without anti virus software !!!!!! you might as well stick a gun in your mouth and pull the trigger.

I used to use free anti-virus stuff but was given a free years subscription to ESET. Boy am I glad I am running it.

Alert: ESET detects and blocks "Petya" Diskcoder.C malware—best practices for ESET and non-ESET users


[URL='http://support.eset.com/alert6488/']

[/URL]

 

[EvanDavis]

Running Windows without anti virus software !!!!!! you might as well stick a gun in your mouth and pull the trigger.

I've been running both my W10 machines with only Windows Defender for going on 7 months now ( maybe more ) and no issues so far.