Hacker News new | ask | show | jobs
by EvanAnderson 71 days ago
The OS should do the SYSTEM-level lifting and scanning processes and behavior analysis should run sandboxed as low priv processes. It would require a clearly defined API and I feel like MSFT was always reticent to commit, leaving AV manufacturers to create hacky nightmares.
1 comments
labelbabyjunior 71 days ago
Well the OS should do nothing—remember MS was taken to court over that—but better privsep on the part of the AV, sure.

Technically, Defender can be replaced with 3rd party AV.

link