Do tech aware people like nearly everyone in this forum, need Defender (or another AV) to run at all? How many people here completely or partially stop it from running?
It was really infuriating to disable, FWIW. I spent hours fighting with it one day. The UI doesn't let you fully disable it: you have to use registry keys and the group policy editor. The end result has this hilarious property where it is flagging the fact that I disabled it as tampering that might indicate malware? I don't know if I even can disable that part... and I apparently didn't even succeed fully anyway as I now am getting occasional notifications saying Defender did a scan and I am like "as far as I can tell, Defender us fully off" :/. At least I did--as far as I have so far been able to tell--succeed in disabling the "real-time" thing that kept "quarantining" my files.
windows defender was one of the (many) reasons I gave up on windows and replaced the last windows machine I had with a Mac Mini. (FC33 on my main)
Very similar experience here, coupled with windows defender randomly switching itself back on and quaranteening half my (completely benign) development folder.
The last time it did that I spent an entire afternoon trying to get it disabled and get my files back onto the machine with only limited success.
I think it may be a windows home vs windows professional thing.
But rather than wrestle with it further I just gave up. Only thing I had left that really needed windows was word and excel which ironically actually now work better and crash less on the mac mini than they ever did on windows.
I had to get signed permission from our IT contractors to disable it. But then again, I was trying to get a PDF of a Categorical Logic paper from an Italian university’s website and the filters kept blocking for pornography and sending emergency messages to the contractor to audit my computer.
Sounds weird...
Do you know to what extent those are correlated? That is: is the contractor told every time the filter thinks it has found adult entertainment? Or was your case exceptional?
This reply is really delayed, but our office rather small and so the contractor is notified and the event logged every time the filter thinks it blocks adult entertainment. I was being stubborn and repeatedly trying to access the site via other directories, link patches, etc. and that’s why the contractor was actually notified in real time.
I personally don't see a reason to have any kind of AV installed on my system(AV software is generally a performance decrease anyways). I should note that I used to work in the AV industry many years ago, so I consider my security knowledge above average and almost everything that I consider non-essential is being run inside a VM(also do RE as a hobby).
I will contend that antivirus is a net-positive to absolutely nobody. Not technically adept users, not office workers, not grandma, nobody.
It slows down literally everything you do with your computer in the best case. In the worst case it breaks things and is itself an exploitation avenue. Mostly it just isn't actually very good at its job and malware defeats it regularly.
This is a bad tradeoff and other mitigation strategies make more sense in every scenario I can conceive of.
Oh no, it certainly helps grandmas and the one-per-classroom public computers (China, 2008-). You get all the USB sticks coming in and out, and before you know it you get that one obnoxious virus that hides all folders and replaces them with a .exe of the same name.
And yeah they do boot from a readonly C: with some magic to make it appear writable per session. But re-infection is quick, especially when you have extra writable data partitions.
I think application whitelisting by signature is a better fit for that use case. If for some reason you are required to allow arbitrary applications then the malware protection is probably going to cause more problems than it solves anyway.
On one very tiring day I decided I wanted to see that stupid useless video someone had sent me, and I updated Flash to see it. It failed and I thought no more of it.
Happily, the worm detected Avast and shut it down regularly and that's how I 4h later found out I had behaved like a regular user instead of a power one.
AV helps:
1) People do stupid things
2) defense in depth
The truth is that even really good technologists sometimes make mistakes. My insurance agent's email got hacked recently. I was in the process of renewing a policy, so opened the link to a phishing site and entered credentials. Oops. Thankfully I immediately noticed and changed the password (+ had two factor on.) Had that been an attached PDF instead I probably would have opened it.
At this point, consumer/end machine AV is a bit like vaccinations for diseases that are largely under control- attacks aren't spreading because the there are many protections in place, but if the unprotected population rises (especially in high value targets like developers) than the attacks will increase.
Configure AV? Sure. In fact just last week or so I had to validate that a server level product was really scanning user uploaded files correctly, so I had purposefully download known bad file (The sample file from EICAR) https://www.eicar.org/?page_id=3950). Getting defender setup so I could handle that file was annoying but manageable. I've also disabled real time scanning of certain applications and processes for performance reasons.
However, would I run without it on at all? Nope- I'm pretty good driver, but I still wear my seatbelt.
first thing i do for a fresh windows install: i jump in the group policy editor and disable Defender and other things. been burned way too many times. granted, some of my projects definitely raise a lot of red flags heuristically...being packed and self modifying, etc.
If anything I think it makes more sense to have higher security requirements for a computer that will be primarily used outside of a controlled corporate network.
Do you disassemble every EXE file before running it? Do you have an absolute protection against zero-days? (In the latter case it can't protect you against initial infection, but it will clear things up once the threat is discovered.)