SwiftOnSecurityDec 28, 2022

Asked by @ajsnonsense: Should I use Norton or move to Defender?

This is one of those questions that can be answered in an edgy way historically 1, turns out to be simple in practice 2, and at broad scale is very complex 3.

1.) Those out of practice will tell you Defender sucks. But it doesn't anymore. Ignore them.
2.) Those talking practically will say absolutely use Defender. Make sure you're on the latest Windows build with Tamper protection enabled and your "Win10 privacy tool" didn't unknowingly disable half the protection features through ignorant choices, and you have a super-powerful solution for free. And they are right. That's what I do.
3.) Defender for home users is great, but intractably could do more because it is cuffed by the requirements it work perfectly without much user input across a billion devices, and that attackers will always test against it even if it can adapt quickly via cloud. [I AM TALKING CONSUMER ONLY THIS DOES NOT APPLY TO DEFENDER ATP OR CUSTOMIZED ENTERPRISE STUFF LIKE ASR GROUP POLICY]
Some third-party vendors have their own very novel and more noisy approaches to try to differentiate themselves from this free offering. I won't get in that here.

tl;dr I would not use anything bundled in a computer, I use Defender, but also do not discount unique approaches others can bring to the table – and if you make an informed choice, I support that.

This is the kind of thing you can't say in 280 characters.

Show threadSwiftOnSecurityDec 28, 2022

The fact is you can reasonably run a modern Windows system without any antivirus at all. Normal user operations just browsing the web have never been safer.
But when you start having users unfamiliar with Windows quirks opening email attachments, getting redirected to sites because they don't have an adblocker, tricked into fake updates.

That's where antivirus saves your ass. It can monitor for failure and respond to it. It acts as a partial backstop to many other layers failing. That SHOULD be its job. If antivirus ever gets a legitimate detection, that is a huge series of failures to make it to your box.

It's easy to be edgy on this topic. Nuance appears pudgy.

Show threadSwiftOnSecurityDec 28, 2022

Even in my hopefully measured response, people I respect can disagree based on their experience and value weights.

I could easily run my personal Windows boxes with no antivirus at all. I'd be fine. I know how this stuff happens, and my target profile for 0days.

I run antivirus anyway. That's my choice. It's informed by what I've seen. And my own mistakes along the way. I was a teen in the halcyon days of XP where you could artisan layer on numerable products to protect yourself.

Browser blast doors like Sandboxie, HIPS change alerting like Comodo, anti-exploit shims like EMET, and a plethora of antivirus vendors.

I don't know how to communicate this better without an extended speech presentation.

Show threadOphitoxaemia
@SwiftOnSecurity I quit anti-virus on Windows in the late 90's when I tried to get rid of them by canceling the credit card and still got charged on the new one. When I complained they told me they had a special arrangement with the anti-virus company where they could continue to charge canceled card numbers on a new number, I've been out from that BS since
Dec 28, 2022 at 4:52amWeb
Show threadOphitoxaemiaDec 28, 2022
@SwiftOnSecurity I didn't need anti-virus then because there was an easy way to destroy every virus and I saw anti-virus as a virus on its own. Not true now?