As always, it depends on the product that you are referring to. Purely by coincidence, I installed [product] again a few weeks ago, after having used Defender since Windows 10 launched.
> see bugs in AV products listed in Google's Project Zero
All software has vulnerabilities, including Defender. Searching for [product] in Project Zero shows that only 3 vulnerabilities have been discovered (which is arguably a bad thing, but not according to this author) and it took, at most, 4 days for them to be resolved.
> if they make your product incredibly slow and bloated
This is precisely the reason that I have returned to [product]: performance. I'm running off an HDD and Defender saturates my HDD for a good 2 minutes after boot. I don't experience this with [product]. In addition, it has a "gaming mode" which allows you to further cut back on its activity (I have never needed it). Looking at objective tests, Defender fares quite poorly in both performance[1] and protection[2].
Additionally, a homogeneous market is an easy market to exploit. Let's assume that everyone took this advice and installed Defender. It is guaranteed that Defender has vulnerabilities. If you wanted to pwn as many machines as possible, you would only have to worry about exploiting a single AV.
This is just bad advice, I'm sticking with the competition (which may not always be [product]). There are bad players (McAfee, Norton) but that does not mean everyone sans Microsoft is utterly incompetent.
>This is just bad advice, I'm sticking with the competition (which may not always be [product]).
This is my thinking as well. Microsoft's virus definitions are often worst in class and the agent itself only seems to update its definitions daily or, at most, twice day while 3rd party applications do so hourly or more. I've never seen MSE or Defender stop any ransomware attack. Not once. It just can't move fast enough to keep up.
Avast, Sophos, ESET, Panda, etc all trounce MS. Most of these are free for home and are largely trouble-free. Just because the author had a bad experience with Norton and McAfee doesn't mean the MS product is superior. I suspect the person who wrote this isn't a sysadmin who manages many users. The level at which MS can't keep up is embarrassing. I'm surprised to see this kind of thing at the top of HN.
My only compliment for MS is that SmartScreen is very aggressive in Win10 and will often flag suspicious executables correctly. I suspect the author is confusing SS with Defender. SS works because its heuristics based. Defender sucks because its signature based. The nice part is that these are two seperate applications, so if you run Avast or ESET, you still get SS.
Its also worth mentioning that a lot of Win10 "privacy" guides, often linked on HN, recommend disabling SS. I can't stress how much of a questionable practice that is. SS is a proper security layer and if sending MS a hash of an executable is such a problem for you, I suggest getting off Windows, as Windows does so much worse in regards to privacy even after following those guides.
The false-negative rate is embarrassing, though - especially with reputable open-source projects. Still, unblocking the file potentially gives a user more time to think about what they are doing.
> recommend disabling SS
The last one I saw left UAC turned off. Defender might not be the best (in addition to Windows 10 spying), but Microsoft really does have the best defaults otherwise.
All software has vulnerabilities but not all software has the egregious blunders that Travis Ormandy finds --- so many, in such a short period of time.
Furthermore, most software provides value that offsets security risks. Since the entire value of AV products is to improve security, when they fail to do that, they're worse than useless.
The homogeneous market argument is weak. If a determined attacker wants to compromise as many machines as possible with a single attack, they'll come up with an exploit that passes all AV products.
Avira won the speed test? It reliably made every PC I installed it on 2-3 times slower and adds a few minutes to the boot time compared to MSE or whatever it is now called.
The real-time scanning mode of Windows Defender completely destroyed the performance of Cygwin Setup when accessing a mirror stored on my NAS, to take one example. I'm not talking about a few minutes extra; it issued loads of network requests for every signature verification Setup tried to do, the process was still non-responsive after several hours. Turned off realtime scanning, and it immediately finished.
Realtime monitoring has the biggest risk of performance degradation.
Yeah, through the new Windows control panel ("Settings" -> "Update & Security" -> "Windows Defender"). Windows will hound you about that (and there is no way I know to turn off the nag).
As far as I know, only if you fall for the dark pattern nag. I haven't run in to this, either because I haven't had it disabled for long enough or because Microsoft buckled and removed it.
> see bugs in AV products listed in Google's Project Zero
All software has vulnerabilities, including Defender. Searching for [product] in Project Zero shows that only 3 vulnerabilities have been discovered (which is arguably a bad thing, but not according to this author) and it took, at most, 4 days for them to be resolved.
> if they make your product incredibly slow and bloated
This is precisely the reason that I have returned to [product]: performance. I'm running off an HDD and Defender saturates my HDD for a good 2 minutes after boot. I don't experience this with [product]. In addition, it has a "gaming mode" which allows you to further cut back on its activity (I have never needed it). Looking at objective tests, Defender fares quite poorly in both performance[1] and protection[2].
Additionally, a homogeneous market is an easy market to exploit. Let's assume that everyone took this advice and installed Defender. It is guaranteed that Defender has vulnerabilities. If you wanted to pwn as many machines as possible, you would only have to worry about exploiting a single AV.
This is just bad advice, I'm sticking with the competition (which may not always be [product]). There are bad players (McAfee, Norton) but that does not mean everyone sans Microsoft is utterly incompetent.
[1]: http://www.av-comparatives.org/wp-content/uploads/2016/05/av... [2]: https://www.av-test.org/en/antivirus/home-windows/windows-10...