[CamperBob2]

In my experience, that one-second wait to run a binary that you just built is due to realtime scanning by Windows Security. It's not very bright. It sees a new .exe file and assumes you downloaded it from the Pirate Bay, even though it was written by link.exe.

You can disable it as long as Group Policy doesn't dictate otherwise.

[alkonaut]

Not having an exclusion for a development directory is like using a 10yo machine or using a laptop without the power brick connected: it’s basically leaving half the perf on the table.

Still, a second seems a bit much for a real-time scan.

[pacoverdi]

Under Windows 11, a "dev drive" can also make a big difference.

https://learn.microsoft.com/en-us/windows/dev-drive/

[throwaway888abc]

Thanks for tip, TIL

[0cf8612b2e1e]

Clearly you do not work for corporate America. Any amount of performance loss is acceptable to check a security compliance checkbox somewhere.

[DanielHB]

This is the number 1 reason to use macbooks instead of windows laptops at any job. Security compliance software is like a cancer on windows, macos has some of this kind of crap as well but is nowhere near as bad.

[alkonaut]

I work for a large, slow moving US company in traditional industry. Of course there is an exclusion list, and it contains a few commonly used dirs like “C:\dev” and so on. If that would change (or if the request years back to have company wide exclusions wouldn’t have been listened to), it’s the kind of thing I’d insta-quit a job over, even after 20 years.

So anecdotally (N=1) it’s not automatically horrible in US orgs.

[wkat4242]

Don't forget the enterprise market has a whole different threat model. Even though blanket exclusions are often used, a determined attacker will quickly figure out to dump their remote exploration tool in c:\dev .

[josephcsible]

If the attacker gets far enough to be able to put something in c:\dev and run it, your protections have already failed.

[levodelellis]

I'm on linux tho (and the author of the article)