Yes, a small number, but it changes each year due to AV vendors (including Microsoft) changing how their AV works. It also depends on whether one looks at the impact from passively running the antivirus vs actively running a scan.
Ah yes, I have my Windows power user bingo card dusted off! So far in this thread I’ve got:
- Antivirus software is malware
- We have to disable Windows Updates because I didn’t like them 30 years ago
- Windows Defender hogs resources, laptop reviews showing Windows systems getting 10 hours of web browsing battery life are lying, Windows Defender actually ruins the performance of your computer
- It’s better to complain constantly about Windows and spend hours disabling functionality rather than switch to Linux
I’m just waiting for “Windows sucks I’m thinking about switching to Linux but never end up doing it” and I’ll have a bingo!
>Windows Defender hogs resources, laptop reviews showing Windows systems getting 10 hours of web browsing battery life are lying, Windows Defender actually ruins the performance of your computer
There are definitely times when I wish I could disable it outright. Often someone will want my help reviving an old computer or laptop and it'll have to sit for a day in a loop of windows update fighting windows defender for resources with neither of them making much headway before one or the other will finish enough to let the other run for a bit.
We use some software that stores each record in a separate file; basically using the filesystem as a database.
Without adding an exception to Windows defender, that software is unusably slow. Once the exception is added (or defender is turned off) the software is nice and fast again.
The solution there is adding the exception, not turning off Defender, especially when you don't have control over what other activities may take place on the system.
Exceptions are valid when scoped to a container where you reasonably expect to be the sole user of the data therein and it contains no executable code.
I understand and mostly support the idea of mandatory AV for the people who can barely handle the concept of a file system.
There is also a class of user forged in the fires of the primordial internet who would never in a trillion years be tricked into clicking a fake explorer.exe window in their browser.
Giving users choice is the best option. Certainly, make it very hard to disable the AV. But, don't make me go dig through DMCA'd repos and dark corners of the internet (!) to find a way to properly disable this bullshit.
> There is also a class of user forged in the fires of the primordial internet who would never in a trillion years be tricked into clicking a fake explorer.exe window in their browser.
Until they've had a couple drinks. Might still need a more sophisticated fake than that, but they exist. I'm with you on the disabling part though: I think Apple gets it right with SIP, it takes a reboot in recovery mode to disable it temporarily and a single command while in recovery mode to make it permanent.
Skilled in what exactly? In x-raying all data storages on a system with a naked eye and spotting there a malware? In sniffing ether around the system and smelling a malicious bits on the radio spectrum coming in? How does this skill works?
I've been using computers for 40 years, have never installed and have always disabled malware scanners, and never had a virus. Maybe I'm special. But I'm not that special. There are 3 billion Android uses in the world, almost all of them don't have malware scanners, and almost all of them have never been infected by a malware. Ditto iPhone users.
To be fair, I haven't used Windows for the latter 1/2 of that 40 years. So maybe it's only Windows users who need to go around x-raying all data storages.
I've used computers a bit less since 90s, and I'm also careful not to do dumb stuff on it. But I can't guarantee that any of any PCs at any time is virus free, because I don't know it and can't know it. And that includes Linux btw, though statistically it is much safer. But Linux is beside the point, the whole topic is about removing a Windows component, and on Windows there are millions of different malware.
Skilled in not falling for the kind of malware, that Defender is able to catch.
It’s not a very high bar: I have not seen it find anything in a long time, neither on my machines, nor on the ones I inspected after they had been owned.
In what universe is windows defender “resource-crippling?” There are windows laptops that will sip battery for an entire workday plus extra hours while running defender the entire time. So clearly it’s not “resource-crippling” if it can run on a laptop with a single digit wattage power draw.
And then we’ve got the “I need to control my system I’m too smart for antivirus” folks all over this thread.
Well, if you’re so smart why are you using a consumer OS designed for idiots?
(I like OP’s tongue-in-cheek work and post a whole lot better than the neckbeard army describing how Windows is broken and totally doesn’t work and how we have to disable updates and antivirus because we are power users I guess so we just do that for no reason)
> In what universe is windows defender “resource-crippling?”
This one? Not all of us want to throw perfectly usable hardware in the e-waste pile. Windows 10 was perfectly fine on my old Haswell miniPC, save for Defender wasting CPU cycles and IO doing..."checks".
Let’s cut the bullshit, Defender is basically unchanged as a concept since Windows Vista or maybe even Windows XP. It runs completely fine on 15 year old hardware.
We are in the “Windows users complain endlessly and refuse to switch to Linux” bingo card right now. Windows has been this way since before you bought that mini PC.
I can go install Windows 10 on my Haswell mini-PC again if you'd like, show you a screencap of Defender eating 100% of the CPU if you'd like. Literally the only reason I commented was because I saw this behavior in real life, causing framedrops while playing video in Firefox. Am I a liar?
> Let’s cut the bullshit, Defender is basically unchanged as a concept since Windows Vista or maybe even Windows XP. It runs completely fine on 15 year old hardware.
Exactly. It's the same legacy scan every fucking thing you open AV architecture.
Back in the day of spinning disks it probably wouldn't have been too noticeable for the AV to marshal scanning to its usermode service and the filesystem to pull the data from cache for the original request afterwards. However now that we have 10GB/s+ capable SSDs the factor of slowdown is exponentially larger.
I can run ripgrep on a massive directory, make myself a cup of tea and return to it still searching for matches versus being done in < 10 seconds with defender disabled.
>In what universe is windows defender “resource-crippling?”
In any universe where you do a lot of small file IO. I'm not saying that other AV isn't far worse, but on access/write/delete AV massively kills performance when you do anything that creates/deletes tons of small files.
If you are a threat actor, you could get lucky and there isn't another Endpoint Detection and Response product installed, which would almost certainly intercept this.
If you are an EDR vendor, this is an obfuscated API call that EDR vendors can use to suppress or disable the Windows Firewall. CrowdStrike for example, can do either I believe, use Windows Firewall or use their implementation.
Well this is a straightforward sentiment with a real "my body, my choice" ring to it, isn't it? Until it isn't.
Perhaps your hardware, when connected to a network, has real effects on the rest of that network. What if your system joined a botnet and began DDOS activities for payment? What if your system was part of a residential proxy network, and could be rented in the grey market for any kind of use or abuse of others' systems? What if your system became a host for CSAM or copyright-violating materials, unbeknownst to you, until the authorities confiscated it?
And what if your hardware had a special privileged location on a corporate network, or you operated a VPC with some valuable assets, and that was compromised and commandeered by a state-level threat actor? Is it still "your hardware, your choice"? Or do your bad choices affect other people as well?
Man that is a silly line of thought. Your conclusion now has to be that all freedom is bad because peoples choices can have ramifications, yeah?
Oh, you chose to buy new shoes even though they were too tight which distracted you for 1 sec in your car on the way home, due to the discomfort, so you hit someone and they died.
Clearly people can not be trusted to buy their own shoes!
Geez what a cluster* of a comment. You mix in a bunch of theoreticals you came up with in 5 seconds that cover different domains and then don't actually go to the effort of critically examining your own statements, which is appreciated and makes for much higher quality comments.
>Perhaps your hardware, when connected to a network, has real effects on the rest of that network. What if your system joined a botnet and began DDOS activities for payment? What if your system was part of a residential proxy network, and could be rented in the grey market for any kind of use or abuse of others' systems?
This at least is "you, affecting others". But the obvious immediate response is that such things done via the network can be mitigated or blocked at the network layer, and indeed must be anyway since attackers are doing such things from across the world 24/7 regardless. I'd fully support ISPs having to throttle or even potentially block-until-fixed any customers who participate in active network attacks, and other parts of the internet throttling or black listing ISPs that refused to cooperate. But making someone deal with the consequences of their choices is no reason to deny them the choices in the first place, given that most of those making such choices are not, in fact, actually going to end up doing any of what you listed.
>What if your system became a host for CSAM or copyright-violating materials, unbeknownst to you, until the authorities confiscated it?
Here (and seriously ZOMG THINK OF THE CHILDREN, lol really? on HN, in 2025?) you veer off into personal consequences to the person making the choice, as opposed to them being part of an attack on others. This is just saying "there could be risks to you if you mess it up!" which is a complete non-statement.
>And what if your hardware had a special privileged location on a corporate network, or you operated a VPC with some valuable assets, and that was compromised and commandeered by a state-level threat actor? Is it still "your hardware, your choice"? Or do your bad choices affect other people as well?
Um. Hello? Why is corporate IT allowing you to BYOD to a special privileged location on the corporate network without even so much as any sort of management agreement or contractual responsibilities? At this point you've veered off the road of reality. Because in actual reality you don't own hardware in special privileged locations or at least don't have full choice over it by your own agreement. And if that's not the case hooboy is there a kind of a lot of other fundamental issues there. That's not an argument for a blanket universal policy.