Windows Defender is often seen as a good antivirus, but I want to inform you of a cost noone sees but developers because of Defender.
Website Article: https://christitus.com/bad-windows-defender/ .
►► Digital Downloads ➜ https://www.cttstore.com
►► Patreon ➜ https://www.patreon.com/christitustech
►► Twitch ➜ https://www.twitch.tv/christitustech
►► Website and Guides ➜ https://christitus.com
Website Article: https://christitus.com/bad-windows-defender/
It should also be noted that I bought my code signing certificate from comodo and it was fulfilled by Sectigo. Which is strange because comodo's pricing is considerably cheaper.
I just hate that it's like fucking IMPOSSIBLE to disable it….
my life will be complete when Louis Rossmann & Chris create a podcast together.
It is completely true and I agree 100% with the content of this video ðŸ‘ðŸ‘
Well, I did not expect that high prices for nothing…
Thanks for the video!
microsoft is a corporation. Never trust corpos.
Thanks for the information it helped me to keep choosing Windows Defender over the rest of AV
Microsoft, the trillion dollar coorporation, who is literally legally obligated to generate profit for shareholders: Does anything to make money
Linux youtubers: GASP
What a great and informative video! Thanks so much for your candor and honest opinions on this topic. Keep up the great work!
…seemingly corrupt?!
Windows defender just tried to remove my own program and called me an "attacker"
"You have to pay us for protection". Doesn't sound like a mafia at all lol
I always keep telling people this, you don't need anti-virus, because by the time you HAVE a virus already installed and running on your computer, it just too f***ing late to do anything about it, because guess what? That virus could bypass anti-virus and install a rootkit that survive any formatting, restoring from backup, or hell, they could hack the CPU microcode itself and persist no matter what you f***ing do! Just look at the Black Hat Conference and they'll straight up show you that they CAN hack the CPU and insert rootkit.
Windows have something like MIC, but it's dogcrap compared to Linux no matter who you talk to, Linux straight up have options like Tomoyo, AppArmor, and SELinux to isolate program behavior and hell, there are a lot of push toward containerizing software with AppImage, Snap, Flatpak, and so forth, do you see the same on Windows? Lol no. Granted, virus could bypass most defenses on Linux once it's **RUNNING**, but the whole point of the security model is to prevent the virus from ever being able to run in the first place and therefore stopping it in it's track from breaking your computer.
Thank you for bringing this issue to light. I'm not a dev but appreciate this information. As far as Windows Defender I disabled it years ago.
I use Comodo's fire wall only, not their antivirus as you can only get the firewall as part of their Internet Security Suite now, and then disable the whitelist entries, the firewall, for any program that I have installed, including any Microsoft entries, so the firewall catches any outgoing internet requests.
This works very well for putting a check on any app that wants to randomly call home. The firewall asks if its ok for the app to access the internet. Not running an anti-virus at this time. Was using AVG but Avast has been slowly disabling features on AVG in an attempt to move AVG users to Avasts anti-virus. One valuable feature AVG had that is now gone is their free emegency boot CD to run AVG off the CD oe USB to check for virus's. It's now an Avast feature.
As a hobbyist developer, I hate code signing. It's an expensive hassle for me, and the benefits for the user are dubious. Anyone hacker can buy a code signing certificate and just repackage a popular app with whatever malware and re-sign it. That's why I switched to Microsoft Store. The developer account is free. I don't need a code signing certificate, because they take care of the code signing. And, they handle hosting, payments, and auto-updates.
I knew there was something wrong when it declared an exe I downloaded was ransomware, but when I ran it anyway, nothing happened. I'll remember to do that every time!
I hate it because it deletes crap that I told it to NOT delete, this makes me super mad
You're not wrong, Brother Chris. Micro$lop and crApple are not good companies. They are bad companies that deserve any misfortune that may come their way, and Mafia is how I have described them for many years. Defender is just part of the latest scam the Redmond Retard Digi-Nazis are using to advance their cartel. They are no better than the Cupertino Clown Posse.
Sounds like the same sort of experience as when making iOS apps. You pay Apple 99 dólares a year for the privilege of being able to upload your apps to the app store, which they can revoke at any time if breaching the agreement (but Sir, of course, you might think), and then having to maintain signing certificates for signing the apps and so on.
That's for being able to distribute to end consumers. There's a different one price and certificate type for if you want to distribute your app as an in-house app etc.
I typically don't use AV as I don't download things I don't know. However, when I do use one I typically use ClamAV as I don't have to install it I just run it from a live usb.
Though that is not something an everyday user is going to know how to do, or even want to do. 🤷â€â™‚
I have been using Kaspersky TS for years and have never got a single malware even tho I have downloaded a f ton of stuff.
I'm not doubting what Chris said is true, but still, I'm staggered to hear that, nowadays, most people are trusting Windows Defender and not installing an AV program anymore!
I wasn't aware of some of the issues mentioned in the post about WD, but I wouldn't trust it for numerous reasons:
It's provided by a company that seems to almost have a conveyor belt (Microsoft call them updates) to introduce new bugs and security flaws into your PC, WD doesn't give you daily protection updates like a good AV, lacks many of the features of a good AV and, lastly, isn't actually that good either.
I'll stick with my Kaspersky Security Cloud (free). I'd never pay for AV, and (in my opinion) all factors considered, Kaspersky provide the best AV on the market.
i use norton 360 delux for up to 5 devices here dont use defender at all also use malwarebytes
if you want a free anti-virus then immunet.
sure it's not perfect sure but it's the one i go with normally when i have to deal with windows, which is pretty rare.
Too many false positives
im much more afraid of chrome, this shit of software unprovoked starts scaning disks, using extremely high cpu for hgours, probably checking hashes of your files so its as blatant 100% big brother spyware disguised as browser as you can immagine in your dreams.
“Why I hate Windowsâ€
Defender I always rip it out the system. Debloat Windows, install 3rd party AV set its firewall for apps not to call home the once I know don't need too. Also I monitor apps that have an open connection & amount data transferred once I found my AIO Corsair utility sending crazy amount off data I immediately blocked access for this utility. Another "better" way you can set the firewall to ask you each time if this app should be given access to the internet although this can get annoying if you work with many different apps. Although after a while the AV Firewall will remember all your settings & youll get less annoying pop ups. Also the HOSTS file I dont always trust I duplicate all the rules to my AV Firewall. I use a premium Corporate AV/Firewall.
looks like even ur average dev needs to pay for mafia protection
you can turn off SmartScreen and still use Defender. 🙄
Defender also has a heart attack after most scans
I would never use windows if my fingerprint works as a touch/tap to unlock fingerprint instead of swipe to unlock fingerprint in Linux. Please help me sir Chris
Honestly been using defender lately for about a year. I still swear by Avira for free anti virus. Bitdefender went through some really dark times when 8.1 came out. The free anti virus back then that they had, had very little features so maybe things have changed. Yes Avira is more annoying than Defender but my take on it was that if you have an anti virus that everyone else doesn't have then you're protecting yourself from major flaws by not having the cookie cutter built in setup. The anti viruses I've had a bad experience with: Kaspersky in 2009 on Vista(might have been 7). AVG from 2006 to 2008. Macafee around the same time as AVG I basically considered as Malware, this would have been on XP mostly I believe. Avast I actually liked for a long time but if I recall correctly at some point in time it locked me from booting windows during Win10 launch, so I switched to Avira. These things do improve over time but Macafee and AVG have always been pure trash and around 2013 the free version of BitDefender was seriously lacking when compared to Avast and Avira.
Edit: Sounds like pure profit on MS part to me.
I like Malwarebytes for a free antivirus.
Lol windows defender is same as BitDefender but adapted in windows better so you will criple the kernel and if you are in gnu use linux
ðŸ‘ðŸ‘ðŸ‘Thanks for sharing. Learnt something new today.
Hmmm…. hv upgraded from Xp to Linux and away from the "yearly headache" of jumping from 1 AV to another. Yes, every year I sat down and re-evaluate AV before buying a 1yr subscription for myself – that is living with winboxes.
Now I simply use ClamAV for my Nixboxes.
Software houses shifted this cost to consumers…
Wonder how win freeware & open source s/w developers handle this issue.
Who would have guessed Microsoft would do shade stuff… is not like they're a company with a story of shade stuff.
This is a VERY interesting subject, and not to be seen discussed very much. Thank you for the enlightenment. I didn't knew the rabbit hole was more deep that I thought about this.
The unintended purpose of this is to push developers over to MacOS or Linux. Conglomerates are naturally egotistical, greedy, and out of touch with the people they think are under their thumb. Microsoft has effectively held the world hostage with their software being standardized everywhere, and probably still think that's the case based on the way they're behaving (exceptions aside; I think their VSCode has a "FOSS" version).
Windows Defender is cooked in the Windows Kernel at this point in time (2022). Even fully disabled it is still doing some work exemple indexing and uploading file hashes for anti-terrorism/pedo hunting. There are ways to get rid of it but every time we write a guide, M$ update Windows to fix our way of deleting it. Its funny they made it like quantum particules which only do stuff if you dont look at it.
I don't agree at all. Windows is a paid product and Microsoft is the main responsible to keeping it "safe". Its lack of security should not make mandatory to buy extra software from third a party business just for the sake of "software development industry".
Any tech youtubers like Chris Titus ?
Windows Defender is less intrusive compared to other AV products. I would not be surprised if many people don't even know what it does. Other AV products are just as bad as insurance companies. Charging people money for nothing most of the time.
it looks like ransom ware developers aren't mostly going to get an EV, so the EV is more secure.
Yeah, let's not mince words: MS ev cert requirement is literally a protection racket for developers. Admittedly MS is not offering the certs, so I guess that's how they are getting away with it. But, come on, there has to be some back-channel here where MS gets a kickback from the ev cert people, otherwise why would they want that?
Please, please, look more in depth into EV certification and you’ll see that your main point here is invalid. It’s NOT the same thing as a regular certificate.
Not to say that MS defender doesn’t have its fair share of flaws, but between it and any other AV, even paid ones, I’d rather use Defender.
I use Enterprise version (sryly better gaming experience than Pro) with offline KMS activation and complete MS Defender shutdown; That machine is off the grid, no net for Microsoft fqrs. That's what they deserve fq MS and I pirate every single windows program I use.
Yup, the whole code signing scheme is totally a mafia system. The cheapest issuer I could find was certum, who has special open source certificates but still not 100% smartscreen-proof like the EV ones. Another solution would be to ditribute your self-signed key along with the software but that makes more sense for an enterprise internal tool of some kind. There's sigstore for containers and linux apps but doesn't help with smartscreen (you can pracically sign anything with sigstore, it just ain't trusted by MS or Apple). Apple only trusts its own certificates btw and they sign your app themselves upon auditing (on every update/version), which can take months if you have the slightest mistake in your app manifest…
Incorrect
There isn't anything preventing from running an executable that has not been signed with Extended Validation certificate. All you get is a single smartscreen prompt, which says says that the software could be potentially malicious and getting around it is as easy as clicking the "Run Anyway" option.
And with the other OV certificates that prompt only comes when the the software you're running hasn't been run by many users, if it's even been used by maybe around 5k to 10k people, it won't flag that executable anymore(the numbers depend on quite a few factors).
And Most people are going,
"Well why are they charging high sums to bypass that smartscreen prompt?"
The reason behind that is to provide exponentially better security and authenticity check, other certificates are relatively cheaper and if anyone wants to modify and distribute any software after modifications they could easily sign the modified executable with a cheap certificate and call it a day. And the user will think that the certificate is genuine and authentic and run. That is why they give a prompt before executing stuff that isn't signed by EV.
EV on the other hand ensures that any bad actor doesn't get their hands on it in two ways, first is the price and the second is the pretty rigours validation process which makes sure that the person truly is what they're saying, they verify the docs and cross check them with official sources. And they reject any false or counterfeit requests right away.
On top of that if one is found to be redistributing malicious execs signed under their certificate, the certificate gets revoked and flagged.
It ensures that any bad actor won't just buy EV to be able to get past the initial Smartscreen prompts because it costs much and most likely will be revoked if suspected to be used in anything malicious.
And the reason why it is that high is due to the Validation process itself, manually and properly validating documents for the certificates requires a good amount of people, and people don't work for free.
And once again, it is not that only EV certificate could bypass the Smartscreen prompt, you only need a few thousand users with any other certificate to bypass it. So nothing here is being "walled".
One either proves that their executable is safe by having a good userbase which means that the program at the very least is safe or they prove that they are legitimate by going through the vetting process, verifying the documents and paying a relatively high amount which will be for nothing if one does anything malicious with the certificate.