Should I keep using Windows Defender or use another free antivirus software?

[Jello]

7 hours ago, KarRev said:

I'm glad that I've found this thread (sorry for bumping) as I'm thinking about switching from free antivirus to a paid one. But I can't make the choice. I just don't want to pay for a service that wouldn't work well. Which is better? Avira, Kaspersky, Avast, another one?

I don't think anyone is going to give you a hard time for bumping this; it's a completely valid question. And it's one that will probably have many different opinions.

 

I personally use Bitdefender, and I explained why back in my post from 2021, it's just worked for me. Ever since I started using it I have never had any issues with viruses. It's worked for me personally, and I like the level of control it gives me. And if you look for deals, I think it's worth it, and once you get your first subscription you'll be getting 75% off offers for three year subscriptions. So it's really worth it for the peace of mind, in my opinion. When I was using Pandasoft, AVG and McAfee, I got some viruses, and it never happened with Bitdefender.

 

That being said, Windows Defender has actually become really damn decent, and I wouldn't really be worried if it was my primary AV program. I would still rather have a dedicated service, but for most people, WD is probably sufficient. And my desire to have a paid service is more paranoia after experiencing the wild west days of the internet back in the late 90's and early 2000's.

 

But yeah, WD is probably fine, but in my opinion if you really want to pay for a service, I would go with Bitdefender. And I'm sure someone else will be along to tell me why I'm wrong.

[Murdoch]

8 hours ago, KarRev said:

I'm glad that I've found this thread (sorry for bumping) as I'm thinking about switching from free antivirus to a paid one. But I can't make the choice. I just don't want to pay for a service that wouldn't work well. Which is better? Avira, Kaspersky, Avast, another one?

 

Avast is awful. Last I checked it typically scored poorly in detection results, and as a computer tech with 14 years of professional experience I can tell you it often causes excess resource use problems and other technical problems. AVG is the same, in fact I seem to recall reading somewhere they were basically the same app under the hood.

 

Avira I think is generally regarded as OK. Kaspersky definitely is. Mcaffee is shite. Better than it used to be on the excess resource usage front (I once battered my way into a Windows installation performing so bad I thought the hard drive was grinding itself into powder to find McAffee using 75% of the CPU!) and again, detection rates not great. Trend is also one to avoid. Random fits of excessive CPU usage are not uncommon. Even the mobile app is crap. I saw one customer's copy malfunction and completely gobble all the space on his phone. ESET's stuff is generally very good and generally one of the best for efficient resource usage.

 

As Jello said, Windows Defender has gotten surprisingly solid over the years. It doesn't offer some of the features a good paid system will, but it's core engine appears to be really good. The best weapon against security threats is common sense. I can't remember the last time I had a computer come in that was hit with a genuine virus - ie: malware that got in by exploiting security flaws. Most malware people end up with they got suckered into somehow.

Edited February 3, 2023 by Murdoch

[TheMagicMushroomMan]

Best AV - Common Sense

Runner up - Windows Defender

Backup plan - Malwarebytes

[Dweller Dark]

18 minutes ago, TheMagicMushroomMan said:

Best AV - Common Sense

Runner up - Windows Defender

 

This. If nothing else, scan files with Windows Defender if you're concerned.

[indigotyrian]

I haven't thought about antivirus in quite a while. I've just used Defender since about what, a decade ago?, which works just fine. Never dealt with any infections or anything like that.

 

The truth is that malware running directly on a personal computer as a vector of attack has become obsolete, apart from ransomware. The real vectors of attack nowadays that target individuals are social engineering and phishing. With the proliferation of cloud-based computing and smartphones as dominant platforms for computer use, the common thread between all of them is the human on the other end, who may become exhausted, anxious, inebriated, scammed, or may otherwise have their common sense compromised. If I can convince you to click on a link that grabs your Discord token or to fill out a form requesting your personal information, it doesn't matter if you're doing it on a PC or a smartphone or wherever else, and it certainly doesn't matter what anti-malware measures you have.

 

As keeps coming up perennially in this thread, "common sense" is still the best defense, but for different reasons nowadays. Keep a cool head (very precious few things in life require or benefit from immediate panicked action), always think about what you click on, and don't for a second think you're better or smarter than any other poor sap that might fall victim.

 

 

[Murdoch]

47 minutes ago, segfault said:

As keeps coming up perennially in this thread, "common sense" is still the best defense, but for different reasons nowadays. Keep a cool head (very precious few things in life require or benefit from immediate panicked action), always think about what you click on, and don't for a second think you're better or smarter than any other poor sap that might fall victim.

 

 

 

Indeed. I am always careful with my words with scam victims and indeed all of my customers who sometimes refer to this themselves as stupid when it comes to tech. I always correct them, very forcefully, that no, you are not stupid, you lack knowledge. There's a difference.

[leejacksonaudio]

For my laptop, which I use for web, e-mail, and general non-music stuff, I run BitDefender. It's been solid, and it's caught several files that have come through e-mail lately.

 

For my music workstation, I use Windows Defender and I stay the hell off of the internet as much as possible.

 

@Murdoch , what thoughts if any do you have on BitDefender?

[Murdoch]

35 minutes ago, leejacksonaudio said:

what thoughts if any do you have on BitDefender?

 

I have no direct experience but i believe it to be generally well regarded, does well in tests.

[Herr Dethnout]

Is simple: Go only to safe places and don't download Doom IWAD from Supersecurenonvirusdownloads dot yxz dot ve

[VoanHead]

On 2/2/2023 at 7:24 PM, TheMagicMushroomMan said:

Backup plan - Malwarebytes

Seconding this, MB is like added security onto Windows Defender. I'm the paranoid type, and MB just helps in detecting shit that maybe WD doesn't catch on sometimes.

[DoomGater]

Windows Defender didn't do any harm ever to my linux systems. :-)
I don't want to be trolling, but honestly speaking, linux tends to be

less vulnerable for some reasons. Use Linux for shady online activities

and boot windows only if necessary... Worked for me quite good, but I have to admit,

it's long time since I've booted Windows now...

.
Learn what you are doing and why it might be dangerous.

And usually, Linux is a good teacher

 

[Murdoch]

52 minutes ago, DoomGater said:

I don't want to be trolling, but honestly speaking, linux tends to be

less vulnerable for some reasons.

 

It's generally referred to as "security through obscurity". Linux is just as capable of getting viruses as Windows. All systems have security holes, because programmers are humans and humans are not perfect. But because Desktop Linux has such a small user base and most people who create such things these days are motivated more by financial gain than just sheer dickish destruction, there is little to be gained from making a Linux virus. And as I said above, I cannot remember the last time I encountered a genuine virus on Windows, if one defines a virus as malware than infects via security holes rather than manipulating the user. These days it is done by manipulation mostly, and the tricks are easily spotted if you know what to watch out for.

Edited February 5, 2023 by Murdoch

[Edward850]

1 hour ago, DoomGater said:

I don't want to be trolling, but honestly speaking, linux tends to be

less vulnerable for some reasons.

Bashdoor (Shellshock).

Edited February 5, 2023 by Edward850

[DoomGater]

5 hours ago, Murdoch said:

(...) because Desktop Linux has such a small user base and most people who create such things these days are motivated more by financial gain than just sheer dickish destruction, there is little to be gained from making a Linux virus.(...)

Correct. And an important argument for Linux.

 

5 hours ago, Murdoch said:

(...) These days it is done by manipulation mostly, and the tricks are easily spotted if you know what to watch out for.

Also correct. Stupidity and ignorance cause more damage than all viruses together.

[Professor Hastig]

13 hours ago, DoomGater said:

Correct. And an important argument for Linux.

 

Well, yes and no. The last time I got an AV warning was more than two years ago, and that was from a file I already had considered suspicious before checking it. The only place where one needs to be concerned is warez sites, but one shouldn't use them anyway...

I think the big heyday of Windows viruses is over by now. Attacks these days are far more targeted than letting some bogus code run loose, and even a simple phishing attempt will bring magnitudes more return on investment for the instigator.

 

[Edward850]

1 hour ago, Professor Hastig said:

I think the big heyday of Windows viruses is over by now. Attacks these days are far more targeted than letting some bogus code run loose, and even a simple phishing attempt will bring magnitudes more return on investment for the instigator.

Correct, this hasn't been a thing since Windows XP where we had something actually viral and self-executing. Everything nowadays is malware run via social engineering, which is equally targetable on any OS and is only dependent on the user being the exploit, no amount of AV can protect a user from themselves as long as you have a flexible operating system. It just so happens that Windows is the obvious one given that's what someone is likely to be using. If everyone up and started using Linux tomorrow, they'd target Linux.

Edited February 6, 2023 by Edward850

[DoomGater]

7 hours ago, Edward850 said:

(...) If everyone up and started using Linux tomorrow, they'd target Linux.

In that unlikely case, I'd fire up my Windows partition again :-)

 

[LexiMax]

If you actually care about system security, Mac >>>>>>>> Windows > Linux.

 

Macs actually protect the system against tampering even by the root user - it's called System Integrity Protection, and that protection extends from Secure Boot all the way to critical binaries and services on the root volume, which means your system is protected against modification by malware with root access and even by miscreants who has physical access to your computer.  It also has sandboxing/MAC that actually functions properly and is wide use by its applications, and it also had the good sense to abandon X11 a long time ago as the X server is a gigantic security hole that also happens to draw graphics.

 

On the other hand, I am unaware of any Desktop GNU/Linux distro in widespread use that properly secures its boot sequence or prevents root from blowing the system up in the same way that Macs do.  I also don't think most give desktop applications meaningful sandboxing - SELinux and AppArmor are only really used on the server, and since Flatpak tried to make it easy to port software to their runtime, they don't mandate the use of Portals, or even do much to prevent overly-aggressive up-front permission grants.

 

Windows only has sandboxing for UWP apps and doesn't have the leverage to force the issue like Apple does, but at the very least it leverages secure boot and has very aggressive update settings.  Microsoft actually has the know-how to make a secure operating system (see: Xbox One/Series system software) , but it also has the good sense to not yank the rug out of 37 years worth of applications.

Edited February 7, 2023 by AlexMax

[Professor Hastig]

2 hours ago, AlexMax said:

Windows only has sandboxing for UWP apps and doesn't have the leverage to force the issue like Apple does, but at the very least it leverages secure boot and has very aggressive update settings.  Microsoft actually has the know-how to make a secure operating system (see: Xbox One/Series system software) , but it also has the good sense to not yank the rug out of 37 years worth of applications.

 

And yet, when it was announced that Windows 11 requires Secure Boot the outcry was loud, especially from the Linux community, who to this day don't seem to have gotten a grasp at security issues and instead just smell another conspiracy targeted at them.

It makes me wonder if someone really manages to deploy a working Linux virus - how much damage can it inflict? The main concern here is not the small number of end users but all the servers running on Linux. Judging from my daily experiences with some people working on those there's still a widespread sentiment that Linux is secure by default while Windows is a walking security hole. It scares me if they let these beliefs creep into their work attitude.

 

[LexiMax]

8 hours ago, Professor Hastig said:

And yet, when it was announced that Windows 11 requires Secure Boot the outcry was loud, especially from the Linux community, who to this day don't seem to have gotten a grasp at security issues and instead just smell another conspiracy targeted at them. 

 

The Desktop Linux community seems to skew conspiratorial in general.  Somehow, the fact that the Linux Desktop isn't more popular is always Microsoft or Red Hat's fault.

 

Somehow, it never occurs to people that the fact that there are so many distros is an indication that the Linux community would rather fork and get 100% of what they want instead of collaborate on fewer distros and put more wood behind fewer arrows.

 

Or the fact that binary-level backwards compatibility does not appear to be a major priority for most of userland, and the most stable API on Linux seems to be, ironically, Win32 through Wine/Proton.

 

Or the fact that prioritizing distro-level packages is utterly at odds with the way most software on other OS's are distributed - as binaries with their own vendored dependencies.

[Professor Hastig]

14 hours ago, AlexMax said:

Or the fact that prioritizing distro-level packages is utterly at odds with the way most software on other OS's are distributed - as binaries with their own vendored dependencies.

 

I have lost count how many of these discussions I have seen recently, they seem to pop up everywhere and the argument always goes for "saving disk space" and "being able to swap out insecure libraries", but never - ever - for developer convenience. It is really no surprise that Linux often gets short changed by lack of app support. Having to maintain all those packages for different distros and making sure they all work with an unpredictable set of library versions is a neverending shitfight.

I'd bet that Linux coverage by application software will increase a lot if Appimage or Flatpak were better accepted.

 

Yes, I understand that for an end user "apt-get" etc. are super convenient, but I am convinced that few people really understand how much redundant support work is required to keep this operational.

 

At least this topic is seeing more discussion recently, so hopefully it is a sign of coming change.

 

The real irony in here is the "being able to swap out insecure libraries" argument. It really pales compared to the security issues that get overlooked in this ridiculous discussion.

 

 

 

Edited February 8, 2023 by Professor Hastig

[dpJudas]

On 2/7/2023 at 8:25 AM, Professor Hastig said:

 

And yet, when it was announced that Windows 11 requires Secure Boot the outcry was loud, especially from the Linux community, who to this day don't seem to have gotten a grasp at security issues and instead just smell another conspiracy targeted at them.

I think it is worth pointing out here that Apple also nicely illustrates the dark side of a completely locked down system: Apple has become god on the system. They dictate everything you are allowed to do. Someone that doesn't always have your best interest in mind. Sometimes the extra security is simply not worth it.

[Professor Hastig]

True, but just because security by becoming a prisoner is not really that appealing it doesn't mean there's a conspiracy to imprison the user behind every security-minded decision.

 

[dpJudas]

I don't need a conspiracy theory for Apple though. There's already plenty of examples of how they are using these things to tightly control what I'm allowed to run on their hardware and operating system.

[DoomGater]

On 2/7/2023 at 8:25 AM, Professor Hastig said:

that Linux is secure by default while Windows is a walking security hole. It scares me if they let these beliefs creep into their work attitude.

 

7 hours ago, Professor Hastig said:

Yes, I understand that for an end user "apt-get" etc. are super convenient, but I am convinced that few people really understand how much redundant support work is required to keep this operational.

 

So true. EVERY secure system needs maintenance and foresight planning, but Linux at least gives me the option to have a look under the hood. I can compile, what and how I like and

don't have to throw my money out of the window(s). Of course, a hardened windows server can probably be more secure than puppy linux on a non-tpm machine, but generally, I'd prefer

something, that is easier to see through, where I can put my hands on every screw and every bolt...

[LexiMax]

2 hours ago, dpJudas said:

I don't need a conspiracy theory for Apple though. There's already plenty of examples of how they are using these things to tightly control what I'm allowed to run on their hardware and operating system.

 

That might be true, but what is Desktop Linux's excuse for not taking the best parts of macOS's security hardening and sandboxing while leaving out the bad stuff?  Apple has been giving away the answer key for decades and Linux still fails the test.

 

Better still, if a distro is going to task itself with distributing software, why doesn't it patch in proper sandboxing and permission grants at the same time?  Why is Fedora (and Ubuntu, but they don't count because Snap sandboxing doesn't work outside Ubuntu) the only distro that's even remotely concerned with this, and why don't Linux users seem to care - that is, if they're not outright conspiratorial over Flatpak.

 

22 minutes ago, DoomGater said:

I'd prefer something, that is easier to see through, where I can put my hands on every screw and every bolt...

 

This is perhaps the biggest fallacy I see Linux users repeat.  The fact that you can, in a strict technical sense, peer into all parts of the stack doesn't mean you're capable of doing so, and at some point you have to trust another party, be that your distro, your compiler, people distributing Linux software (no sandboxing, remember?), or your unprotected initrd that may or may not have been drive-by exploited by persistent malware that Linux generally doesn't protect against.

Edited February 8, 2023 by AlexMax

[Graf Zahl]

8 hours ago, Professor Hastig said:

Yes, I understand that for an end user "apt-get" etc. are super convenient,

 

'apt'-ly proven by the seemingly endless problems some Linux users seem to have compiling GZDoom with its ZMusic dependency. >D

Sometimes a system can be so convenient that it breaks down the moment it isn't spoon-fed the perfect bits of information.

 

 

8 hours ago, Professor Hastig said:

but I am convinced that few people really understand how much redundant support work is required to keep this operational.

Yup, here's where things get murky. As long as the entire system means having to do the same stuff for 6, 7, 8, 9, 10,... distros it is a given that many software developers will give it a pass.

 

2 hours ago, dpJudas said:

I don't need a conspiracy theory for Apple though. There's already plenty of examples of how they are using these things to tightly control what I'm allowed to run on their hardware and operating system.

 

I can live without Apple-style security, but this doesn't mean the other platforms cannot take some pointers and improve matters.

Of course one big issue is that tighter security often means the user needs to be protected from themselves (as in being the instigator of running bad code) and in this case both Windows and Linux are notoriously badly behaved and offer next to nothing in terms of protection.

 

[dpJudas]

1 hour ago, AlexMax said:

That might be true, but what is Desktop Linux's excuse for not taking the best parts of macOS's security hardening and sandboxing while leaving out the bad stuff?  Apple has been giving away the answer key for decades and Linux still fails the test.

 

Better still, if a distro is going to task itself with distributing software, why doesn't it patch in proper sandboxing and permission grants at the same time?  Why is Fedora (and Ubuntu, but they don't count because Snap sandboxing doesn't work outside Ubuntu) the only distro that's even remotely concerned with this, and why don't Linux users seem to care - that is, if they're not outright conspiratorial over Flatpak.

 

This is perhaps the biggest fallacy I see Linux users repeat.  The fact that you can, in a strict technical sense, peer into all parts of the stack doesn't mean you're capable of doing so, and at some point you have to trust another party, be that your distro, your compiler, people distributing Linux software (no sandboxing, remember?), or your unprotected initrd that may or may not have been drive-by exploited by persistent malware that Linux generally doesn't protect against.

 

I think it is important to remember that in security you always have to consider who is the attacker, who is the victim, who do you implicitly trust, and how inconvenienced are you willing to be weighted up against the chance of getting compromised. My car is reasonably secured against typical attack vectors, but if sufficiently dedicated people wanted to steal it they could.

 

A typical Linux user implicitly trusts the distro packages, and those are chosen by people expected to be in the know about the app they package. Because of that, most of them probably do not feel the need to sandbox against rogue apps.

 

So then what are we left with? The app is hacked through the user opening files or net access. A typical Linux user is not particular concerned by this risk, clearly. Most of them are tech savvy enough that the "drive-by" exploit method rarely works against them. With a 1% market share nobody bothers making dedicated attacks against them anyway.

 

But let's say that the Linux user gets tricked into it anyway. What can such a hacked app access? The users' personal files.

 

You cannot sandbox the access to the user files without making it significantly more inconvenient to use the machine. It is already game over from the users point of view. Ask yourself, would you rather have the hacker: fuck up the system files (which isn't as easy as you make it sound, since you still need to elevate to root) or steal all your personal files and secrets? Apple's sandbox only protects you against the first one, unless you go into full iOS mode where the apps stops being nice to use.

 

Don't get me wrong though. I don't think sandboxing in principle is bad. I'm yet to see a system that actually lets me intelligently protect files from apps I don't trust (which means every single app on my phone, I might add) without making it absolutely hell to set up. The popups of what the app wants to access as demonstrated by Apple or Google is borderline useless. I still pretty much have to protect myself exactly the same way as if the sandbox didn't exist: don't install things I don't need or know where is coming from.

 

Note: I'm not an actual Desktop Linux user. This is just my personal perspective on this. As a developer, I want flatpak for easier distribution reasons, not security. :)

[Graf Zahl]

10 minutes ago, dpJudas said:

Don't get me wrong though. I don't think sandboxing in principle is bad. I'm yet to see a system that actually lets me intelligently protect files from apps I don't trust (which means every single app on my phone, I might add) without making it absolutely hell to set up. The popups of what the app wants to access as demonstrated by Apple or Google is borderline useless. I still pretty much have to protect myself exactly the same way as if the sandbox didn't exist: don't install things I don't need or know where is coming from. 

  

 

Well said. Actually, the biggest threat isn't really rogue software but overly nosy apps that are absolutely legitimate but still 'steal' private data. No protection scheme will help if an app can access your private address book, read all the content and in a moment where nobody is looking send it home. Regarding Apple, one has to admit, though, that they are the only one alerting the user when an app tries to access this stuff, while on Windows and Linux no alert will be raised.

 

Just by happenstance I read this earlier today:

https://devblogs.microsoft.com/oldnewthing/20230206-00/?p=107797

and I have to ask myself: Is Microsoft really THIS dense? There needs to be SOME protection for stored passwords!

It's a good thing that the only sensitive data in there I have is my Github/Gitlab access tokens.

 

 

[LexiMax]

9 minutes ago, dpJudas said:

I think it is important to remember that in security you always have to consider who is the attacker, who is the victim, who do you implicitly trust, and how inconvenienced are you willing to be weighted up against the chance of getting compromised.

 

Let me stop you here.  This line of reasoning you're going down doesn't really address any assertions I have made.

 

The chain of security that begins with secure boot all the way to critical functionality is better than nearly any Desktop Linux distribution, and certainly any that is in wide use.  Sandboxing and MAC, when implemented properly like how Apple does it, is effective at controlling application access to parts of the computer a user might not want a program to have access to.  These protections don't cover all threats, but I believe it's possible to reason about security in an absolute sense without getting mealy-mouthed about threat profiles, and I think that "macOS is a more secure OS than Desktop GNU/Linux" is a completely fair statement to make.

 

Believe me, I have no love for Apple.  But Desktop Linux has a reputation of being a secure OS that I feel is undeserved, and there are several things about security that Linux could learn from Apple, but refuses to due to fragmentation and cultural myopia.