Disable Your Antivirus Software (Except Microsoft's)

Disable Your Antivirus Software (Except Microsoft's)
Eyes Above The Waves
Robert O'Callahan. Christian. Repatriate Kiwi. Hacker.
Archive
2026
March
Anthropic And AI Principles
January
Why Trump Is An Antichrist
2025
December
Taiwan
November
Pouakai Circuit 2025
AI And Jesus In Late 2025: A Road Trip Report
October
Some Thoughts About Money From A Christian In Big Tech
Crosbies Hut 2025
June
Not Joking About AI
Building A PC
April
Rakiura Northwest Circuit
February
Tongariro Northern Circuit 2025
January
Pararaha Valley 2025
2024
December
Mt Arthur/Tablelands/Cobb Valley
November
Queen Charlotte Track 2024
October
Auckland Half Marathon 2024
Advanced Debugging Technology In Practice
June
Waihohonu Hut 2024
So You Want To Build A Browser Engine
Real-Time Settlers Of Catan
April
Auckland Waterfront Half Marathon 2024
Whanganui River Journey 2024
2023
December
Rees-Dart Track 2023
Caples/Routeburn Track 2023
Abel Tasman Kayaking
November
Mount Pirongia 2023
Blog Migrated
April
Why I Signed The "Pause" Letter
Auckland Waterfront Half Marathon 2023
2022
December
Travers-Sabine Circuit 2022
Paparoa Track
September
Aotea Track 2022
Success, Privilege And God
July
Tūrangi Road Trip
May
Round The Mountain Track: Ups and Downs and a Twist Ending
April
New Zealand's COVID Strategy Worked (But It Could Have Been Better)
March
Motutapu Island Camping Trip
January
Motatapu Track
Hump Ridge Track
The End Of The Runway
2021
December
Mt Pirongia 2021
Do We Really Need A Link Step?
November
Some Observations On The NZ CovidPass System
October
How WHO Failed
September
Emulating AMD Approximate Arithmetic Instructions On Intel
rr Trace Portability: Diverging Behavior of RSQRTSS in AMD vs Intel
June
Spectre Mitigations Murder *Userspace* Performance In The Presence Of Frequent Syscalls
Tama Lakes Winter Tramp 2021
May
Forward Compatibility Of rr Recordings
Lake Waikaremoana 2021
April
Print Debugging Should Go Away
Demoing The Pernosco Omniscient Debugger: Debugging Crashes In Node.js And GDB
Visualizing Control Flow In Pernosco
March
On-Premises Pernosco Now Available; Reflecting On Application Confinement
What Would Jesus Do ... About Vaccination?
February
Mercer Bay
January
Dehydration
Tongariro Northern Circuit 2021
2020
December
Rees-Dart Track
Kepler Track 2020
Exploiting Precognition In Binary Instrumentation Of rr Replays
November
rr remix: Efficient Replay-Only Binary Instrumentation
DOM Recording For Web Application Demos
Debugging With Screenshots In Pernosco
rr Repository Moved To Independent Organisation
Pernosco Now Available For Individual Developers
Auckland Half Marathon 2020
October
Pouakai Circuit 2020
The Parable Of The Two Bus Drivers
September
New Zealand's Long Term COVID19 Strategy
August
Surprising Words In Luke 1:16-17
What's So Amazing About Mark 10:32
Scaling Debuginfo For Zero-Cost Abstractions
What Is The Minimal Set Of Optimizations Needed For Zero-Cost Abstraction?
June
Cape Brett 2020
My Google Maps Disaster
May
Why Forking HTML Into A Static Language Doesn't Make Sense
Omniscient JS Debugging In Pernosco
April
Have Some Humility, Mike Hosking
March
What If C++ Abandoned Backward Compatibility?
Debugging Gdb Using rr: Ptrace Emulation
January
Static Customization Of Function Signatures In Rust
Updating Pernosco To Rust Futures 0.3
2019
December
A Risk Of Transactional Politics For Christians
Nelson Lakes Tramping: Lessons And Observations
Nelson Lakes Tramping: Travers-Sabine Circuit
Nelson Lakes Tramping: Angelus Basin
November
Your Debugger Sucks
Supercharging Gdb With Pernosco
The Power Of Collaborative Debugging
Omniscient Printf Debugging In Pernosco
The BBC's "War Of The Worlds"
Explaining Dataflow In Pernosco
October
Improving Debugging Workflow With Pernosco
Auckland Half Marathon 2019
Pernosco Demo Video
Food In Auckland 2019
Pouakai Circuit
Is Richard Dawkins A Moral Realist?
September
Dissatisfied With Docker
July
Cape Brett 2019
Auckland Rust Meetup: "Building An Omniscient Debugger In Rust"
June
Stack Write Traffic In Firefox Binaries
Winter Tramp: Waihohonu Hut To Tama Lakes
May
A Few Comments On "Sparse Record And Replay With Controlled Scheduling"
Microsoft's Azure Time-Travel Debugging
Don't Call Socially Conservative Politicial Parties "Christian"
Debugging Talk At Auckland Rust Meetup
April
Goodbye Mozilla IRC
Update To rr Master To Debug Firefox Trunk
Mysteriously Low Hanging Fruit: A Big Improvement To LLD For Rust Debug Builds
Rust Discussion At IFP WG2.4
March
Marama Davidson And The Truth About Auckland's History
February
Banning Huawei Is The Right Decision
Rust's Affine Types Catch An Interesting Bug
Mt Taranaki 2019
January
Experimental Data On Reproducing Intermittent MongoDB Test Failures With rr Chaos Mode
2018
December
Vox On Nietzsche
Hollyford Track
Milford Track 2018
November
Capitalism, Competition And Microsoft Antitrust Action
Raglan
Comparing The Quality Of Debug Information Produced By Clang And Gcc
What Is "Evil" Anyway?
Comments on "REPT: Reverse Debugging of Failures in Deployed Software"
October
Auckland Half Marathon 2018
Problems Scaling A Large Multi-Crate Rust Project
Harmful Clickbait Headline About IT Automation
The Fine Line Between Being A Good Parent And A Bad Parent
The Costs Of Programming Language Fragmentation
September
More Realistic Goals For C++ Lifetimes 1.0
The Danger Of GMail's "Smart Replies"
"Crazy Rich Asians"
Rangitoto Fog
August
Long Live The Desktop Computer
ASAN And LSAN Work In rr
Diagnosing A Weak Memory Ordering Bug
The Parallel Stream Multiplexing Problem
July
Gerv
Why Isn't Debugging Treated As A First-Class Activity?
June
Yosemite: Clouds Rest And Half Dome
Bay Area Visit
Crypto-Christians In Tech
May
rr 5.2.0 Released
Intel CPU Bug Affecting rr Watchpoints
Update: Pernosco
rr Chaos Mode Improvements
Research Wishlist: A Filesystem For Efficient Host-Guest File Sharing
Priority Is Overrated
April
rr Trace Portability: x87 "Data Pointer" Broken On Skylake
CPUID Features, XSAVE, And rr Trace Portability
Heaphy Track #2
Payment Express's "Account2Account" Is Bad For Security
March
Speeding Up `dwarfdump` With Rust
Too Many DWARF Packaging Options
"Zach": AI Fraud In Christchurch
Tongariro Northern Circuit #2
January
Neal Stephenson's "Seveneves" (Mild Spoilers)
Long-Term Consequences Of Spectre And Its Mitigations
Captain Sonar
Hooray For cargo build --all-targets
The Fight For Patent-Unencumbered Media Codecs Is Nearly Won
Ancient Browser-Wars History: MD5-Hashed Posts Declassified
On Keeping Secrets
Meltdown/Spectre Needs Better Disclosure
2017
December
Mixed Blessings Of Greenfield Software Development
Marriage On Credit
Routeburn-Caples
rr 5.1.0 Released
Maintaining An Independent Browser Is Incredibly Expensive
November
In Praise Of Rust's structopt For Command Line Parsing
Tararua Southern Crossing
October
Auckland Half Marathon 2017
Microsoft's Chrome Exploitation And The Limitations Of Control Flow Integrity
"Slow To Become Angry"
Type Safety And Data Flow Integrity
Legacy Code Strikes Again
Thoughts On Microsoft's Time-Travel Debugger
Building On Rock, Not Sand
Microsoft Using Chromium On Android Is Bad For The Web
September
Complaining About Twitter Again
Dreaming The Singularity
Facebook's "Explaining React's License" Doesn't
Some Opinions On The History Of Web Audio
Sonny The Prophet
rr 5.0 Released
rr Trace Portability
August
Fedora/Ubuntu Kernels Work With rr Again
Igloos Are Hard
Epsom Electorate Town Hall Meeting
Public Service Announcement: "localhost" Is Not Necessarily Local
When Virtue Fails
Stabilizing The rr Trace Format With Cap’n Proto
July
Selecting A Compression Algorithm For rr
Upstream Stable Kernels Work With rr Again
Let's Never Create An Ad-Hoc Text Format Again
Confession Of A C/C++ Programmer
Usenix ATC 2017
An Inflection Point In The Evolution Of Programming Langauges
Bay Area Progress Report
June
Patch On Linux Kernel Stable Branches Breaks rr
Rising Tolerance For Static Analysis False Positives?
Lazy Religion Tropes In Mass Media
Is The x86 Architecture Sustainable?
New "rr pack" Command
How I Found A 20-Year-Old Linux Kernel Bug
Another Case Of Obscure CPU Nondeterminism
WebAssembly: Mozilla Won
May
Should Debuggers Report Idempotent Writes?
A Couple Of Papers About Commodity Multicore Record And Replay, And A Possible Way Forward
rr Usenix Paper And Technical Report
Obscurity Inhibits Persuasion
Perceptions Of Violent Crime
April
Call Out China For Their Treatment Of NK Escapees
One Does Simply Walk Into Mordor
Rust Optimizations That C++ Can't Do (Version 2)
Rust Optimizations That C++ Can't Do
Pararaha Valley
Let's Make NZ More Expensive For Tourists
March
The Parable Of The Workers In The Vineyard Really Is About Grace
Blogging Vs Academic Publishing
Thoughts On "Java and Scala’s Type Systems are Unsound" And Fuzz Testing
Deterministic Hardware Performance Counters And Information Leaks
Using rr To Debug Go Programs
February
Against Online Voting
306 Points In "Lords Of Waterdeep"
"New Scientist" And The Meaning Of Life
What Rust Can Do That Other Languages Can't, In Six Short Lines
rr 4.5.0 Released
I Really Admire Jehovah's Witnesses
January
A Followup About AV Test Reports
Tripling Down Against USA Conference Hosting
Rustbelt Is Hiring
rr Talk At Auckland C++ Meetup, February 21
Really, Please Stop Booking International Conferences In The USA
Disable Your Antivirus Software (Except Microsoft's)
Browser Vendors And Business Interests
Browser Vendors Are Responsible For The State Of Web Standards
Parenting Notes
Cheltenham Beach
How China Can Pressure North Korea
Is CMS Software Generally Really Bad?
2016
December
On "Arrival"
October rr Talk Online
Disemploy The Middle/Upper Class
Some Comments On "Sapiens"
November
Overcoming Stereotypes One Parent At A Time
Stop Saying "Xs Do Y" Disingenuously
Handling Hardware Lock Elision In rr
Misinterpreting Close Contests
Welcoming Richard Dawkins
Dangerous Permissions
October
Auckland Half Marathon #4
Implications Of ASLR Side-Channel Attacks
Valuing America
Dell, Your Website Security Is Broken
Pivoting To Cyber-Forestry
Ironic World Standards Day
Tawharanui Revisited
rr Paper: "Lightweight User-Space Record And Replay"
Bay Area Talks About rr And Beyond, October 2-7
rr 4.4.0 Released
September
Is Apple A Christian Environment?
Theism And The Simulation Argument
Auckland Food 2016
August
Avoiding Cache Writebacks For Freed Memory
Random Thoughts On Rust: crates.io And IDEs
Saga Of The Exiles
False Accusations
Why I Don't Watch "Game Of Thrones"
Changing Attitudes To Pornography
July
The True Story Of "Amazing Grace"
Further Improving My Personal Digital Security
Ordered Maps For Stable Rust
Itanium Zombie Claims Another Victim
June
rr 4.3.0 Released
Nexus 5X vs Wettest June Hour In Auckland's History
Relearning Debugging With rr
Handling Read-Only Shared Memory Usage In rr
Dear Ubuntu, Please Fix Your Debuginfo Packaging
Democracy Is Impressive
PlayCanvas Is Impressive
Managing Vast, Sparse Memory On Linux
Nastiness Works
"Safe C++ Subset" Is Vapourware
Mt Pirongia
Whanganui River Journey
Some Dynamic Measurements Of Firefox On x86-64
Are Dynamic Control-Flow Integrity Schemes Worth Deploying?
How To Track Down Divergence Bugs In rr
The Diving Bell And Twitter
Research Needed: A Meta (Dis) Assembler
May
Men Behaving Badly
Stop Booking Conferences In The USA
Data > Personal Anecdotes > Media Anecdotes
x86-64 SSE/AVX Register Usage
Autonomous Vehicles: I Want To Believe
Data On x86-64 Register Usage
Pain Management
History Rhymes
April
Android's Update System Is Ridiculous
Leveraging Modern Filesystems In rr
Skylake Erratum Affecting rr
GNOME High-DPI Issues
March
Using rr To Debug rr
Obituary
Running Firefox For Windows With rr
SIGKILL And PTRACE_EXIT_EVENT
Digital Spring Cleaning
My Self-Identification
Leaving Mozilla
February
"These Bugs Are Impossible To Fix Without rr"
Deeper Into Chaos
Rewrite Everything In Rust
Introducing rr Chaos Mode
rr Talk At linux.conf.au
rr 4.1.0 Released
Reflecting On The
The Lord Of The Rings
Movies
Rakiura Track
Kepler Track
January
Making Honest Money With The Internet Of Things
Kereru
innerText: Cleaning A Dark Corner Of the Web
2015
December
Feelings Versus Facts At Christmas
Abel Tasman Track
CppCast rr Podcast
November
Even More rr Replay Performance Improvements!
rr Replay Performance Improvements
Debugging Leaks With rr
TPPA Protest
Perfection In Imperfection
rr In VMWare: Solved!
An Extraordinary Sunday
October
Research Projects That Should NOT Be Funded
KPMG Gets It Totally Wrong About Pittsburgh And Auckland
rr 4.0 Released With Reverse Execution
Hobbiton
Heaphy Track
September
Apple's Next Frontier: Fusion
Booting Fedora 22 On A Lenovo ThinkCentre M53
August
Hooray For WebExtensions
Parenting
July
Two Reverse-Execution Optimizations
Midwinter Road Trip
rr Talk Video From TCE 2015
June
Whistler Hike
Bug In Newer Linux Kernels Affecting rr
Israel, Part 3
Israel, Part 2
Israel, Part 1
Small Change To rr Behavior
May
rr Performance Update
BlinkOn 4
Using rr To Debug Dropped Video Frames In Gecko
Piha Night Walk
April
rr 3.1 Released
Another VMWare Hypervisor Bug
Reverse Execution And Signals
March
Eclipse + Gecko = Win
Paper Titles
Auckland University rr Talk Next Week
The Problems Of Significance Testing (aka What's Wrong With Computer Science)
Debugging Gecko With Reverse Execution
What Is The Endgame Of Weak Computer Security?
February
Great Barrier Island
Computer Industry T-Shirt Museum
January
Routeburn-Greenstone
2014
December
Is Human Immortality Possible?
Queen Charlotte Track
rr 3.0 Released With x86-64 Support
Portland
We Aren't Really Going To Have "Firefox On iOS"
November
The Rise Of "Versing"
Mount Te Aroha
Relax, Scaling User Interfaces By Non-Integer Scale Factors Is Okay
Sci-Fi
HTML5 Video Correctness Across Browsers
Auckland Half Marathon --- Barefoot
October
Are We Fast Yet? Yes We Are!
Pinnacles Tramp #2
Photos From North America
Back In New Zealand
September
Upcoming rr Talk
rr 2.0 Released
VMWare CPUID Conditional Branch Performance Counter Bug
August
Milestones On The Road To Christianity
cf1e5386ecde9c2eb9416c9b07416686
Choose Firefox Now, Or Later You Won't Get A Choice
July
Multiverses And Anthropic Reasoning
Implementing Scroll Animations Using Web Animations
May
Unnecessary Dichotomy
Against The "Internet Of Things"
Milford Track
April
Getting Back To Work
Fighting Media Narratives
Mozilla Matters
Responsible Self-Censorship
March
Conflict
Introducing rr
Mozilla And The Silicon Valley Cartel
Taroko National Park
Maokong
Introducing Chaos Mode
My Linkedin Account Is Dead, And Why Is Google Being Stupid?
Fine-Tuning Arguments
Internet Connectivity As A Geopolitical Tool
Te Henga Walkway
Q&A Panel At ACPC This Friday
February
3 Mile Limit
World Famous In Newmarket
Implementing Virtual Widgets On The Web Platform
Mozilla At Motuihe
Camels
January
Lake Waikaremoana
Web Specifications And The Frame Problem
Tiritiri Matangi Island
Boating
2013
December
We Need A "Dumb Device" Movement
Blood Clot
Why I Don't Worry About Global Warming (Much)
One Day The Luddites Will Be Right
WebRTC And People-Oriented Communications
Another Knee-Jerk Reaction To International Rankings
Does John Banks Only Do Good?
Wanaka
November
Mozillians At The Tongariro Crossing And Orakei Korako
A Tale Of Two Cities
October
Summit Day Zero
Prescriptive Vs Descriptive Frameworks
Avoiding Burnout
Travel Madness
September
The Forge Of Disappointment
A Tip For The Surivial Of Humanity
Unexpected Visitors
Debugging Transient Rendering Issues With GNOME Shell Screencasts
Servant Leadership
August
Indoi
Creating Screencasts On Linux
SVG-In-OpenType Progress Update
Mozilla Code Reviews Talk On Air Mozilla
Prepare To Stop
Mozilla Engineering Culture Talk Now Online
July
A Shock Of The Ordinary
Happy Days
Avoiding Copies In Web APIs
Movie Picoreviews
Contributing Advocacy
June
Gradual Changes Afoot
Developer Parallelism
Meeting Absenteeism
May
Blink, PNaCl, And Standards
Taiwan Travelogue
Travel
The Direct Route
Web Audio Progress
April
Rotorua
Hunuas Tramp
Upcoming Travel Plans
Google Vs New Zealand
The Chris Problem
The Future Of Cheating
Blink
March
Mitigating Control-Flow Exploits With x86 ISA Extensions
RIP Crazy Noodle
Getting The Facts
Why I Work
Seeking Relevance
There Is No Such Thing As Computer Security
Technical Advantages Of A Web-Only Platform
February
A Small Example Of The Value Of Browser Engine Diversity
And Then There Were Three
Waiheke Island Sculpture Trail
SVG In OpenType: A New Approach To SVG Fonts
January
Mount Taranaki
Optimizing Bugzilla Usage
2012
December
Great Barrier Island
November
More Movie Reviews
What To Do When Visiting New Zealand
October
Trouble Ahead For SVG Stacks (Maybe)
Motutapu Camping
Karekare
September
Web Audio In Firefox
Blast From The Past
August
Granularity Of Import Directives In Programming Languages
A Confession Of Sorts
Attention NZ TV Sports Interviewers
July
In-Flight Movies
North Head To Takapuna
Tawharanui
Muriwai
June
Bolo
Computer Science In Beijing
Google Plus Spam
Experiencing Beijing
To Beijing
Leaving Linkedin
The City And The City
Mangawhai
May
The Canvas getContext() Mistake
Firefox Vs The New York Times
Crosbie's Hut
Accelerated Scrolling In Firefox: Past, Present And Future
Sad And Pathetic Machines
April
Korea
The Internet Experiment Has Failed
March
Retrospective On Our Trip To Europe
Wakaraanga Creek
I'm Back
Retro Movie Showcase
Requiring Planet Mozilla Content To Be Mozilla-Project-Related
February
Movie Overdose
Upcoming Travel
Foo Camp, ECOOP, And Conferences
Alternatives To Supporting -webkit Prefixes In Other Engines
The Problem With Counting Browser Features
January
Mozilla Tree Adventures
You Know You're In Australia When...
MediaStreams Processing Demos
"Cut The Rope" and HTML5 Audio
Risk Tolerance
2011
December
A Case For Non-Fatal Assertions
Revelation
Television
Love
Developernomics
November
Moves In Computer Science Education
Politics
ITEX And TVNZ
Latency Of HTML5

The AV vendors update and patch their products frequently, modifying the way they hook the OS. They don't ever allow anyone access to pre-release versions. This is the kind of thing that, even with the best of intentions, causes problems.

As a long-time software developer, I have seen many problems caused by AV behaviour, particularly network hooks which modify traffic (TLS interception anyone?).
forsyth
I switch off Microsoft's Windows Defender as well. It makes my laptop unusable when it's running, which I've found to be a general problem with AV software.
SRV6
This was meant for 3rd party antiviruses. Leave Windows Defender on.
Grif
if your laptop's running slow uninstall software you don't need and make sure your main hard drive is in good condition. also go to windows search and type up misconfiguration turn off all startups you don't need you can do the same in services, but i recommend you leave Microsoft services on
Stijn Sanders
I guess what we need is "the people's AV". If Mozilla gets Firefox back on track, could they start something?
amias
as that article shows , its not a political issue its a functional one , essentialy anti virus breaks apis and makes their results unpredictable.
Dr. Net!
I have not used AV software for years (apart from on the mail filter) - must have been around 8.06. Ubuntu ofcourse.
Ricky Gupta
I totally agree with this. I bought new TP-Link USB wireless Adapter and whenever I connected to my wifi, windows 10 crashes with bad pool header error and only after uninstalling my MalwareBytes software, that crash got fixed.
Anonymous
What version of Malwarebytes? In case you are unaware the recent version of Malwarebytes has been riddled with thousands of bugs and issues. You can look at their forum
Peter Kasting
Was "now that I've left Mozilla for a while" supposed to be linked to somewhere, rather than underlined?
Robert
No. I just wanted to make sure Mozilla doesn't get blowback.
Oscar Goldman
Does Microsoft make anti-virus software for the Mac?

If not, then what?
Robert
I'd use whatever Apple offers; if they don't offer anything, then "nothing" is probably better than the usual A/V vendors. MacOS is locked down reasonably tightly already.
Jeffv
If you are a business, Bromium. Not quite AV, but something better, imo, as it doesn't use signatures, but looks for aberrant behaviour; e.g your email should not be trying to access your customer database. Best of all, the way it works is to let the infection think it's succeeded, while recording what it's trying to do, and that can be shared without exposing your security.
SRV6
Mac's do not require any antivirus.
Psycho
Sir, i hope you never have children
Former Mac User from 80s.
heheh... Yeah that is it.. Mac don't require antivirus.. They are immune to all digital threats.. You might want to search that on snopes.com!!!
SRV6
My wife is a graphic designer and uses nothing but Macs. Her company uses Macs. None have security on them. Is there Mac malware? Yes but far and few between.
Jeff M
Mac's don't usually require antivirus software, because they have three significant deterrents. First is Malware Check, which functions similarly to Windows Defender, but runs silently in the background without any user interface. 99% of users never know that it's there.

The second is GateKeeper. It's default configuration requires that any binaries be signed by a developer with an active developer account with Apple before it will run. (This can be disabled on an app-by-app basis or globally, but it is on by default). This allows malicious apps discovered in the wild to be disabled by Apple unless the user specifically re-enables them.

The third is that any app sold through the App Store undergoes a code review and also is required to be sandboxed from other processes.

So, while it's not perfect, given those three mechanisms, and the fact that the Mac installed base is less than 10% of windows, means that malware and viruses are virtually nonexistent on the Mac.
TerryC
Just to be clear, if I'm not mistaken, Gatekeeper started with Lion (10.7), so those of us using Snow Leopard this advice is not relevent.
joe_h
"Mac's don't usually require antivirus software, because they have three significant deterrents."

BS! Macs don't have as many issues with malware because they have such tiny market share, and malware creators don't target it as much. The simple fact is as an OS Windows is more secure and has fewer exploits. This isn't even debatable.

Mr Roboto
What about open source antivirus like ClamAV?
Robert
I don't know much about it. Being open-source means it's probably less crazy-bad than the others. Still, I'd be skeptical that it's a significantly better recommendation than Windows Defender, for Windows 10 users.
As far as I know, it is the only free (as in freedom) antivirus. If you need more security than that, just go free software full way and ditch MS Windows altogether in favor of a free OS such as GNU/Linux.
nicu
1. ClamAV has poor virus detection rate 2. it is only a virus scanner (to be used on files or folders), it does not provide a resident shied checking the files before you open them.
Unknown
ClamAV is an AV solution you need to run manually. It is therefore a nice enough "stick behind the door" for tech savvy users, not your average Joe. There are ways to make ClamAV work as a real-time AV scanner, but that software isn't made by the people behind ClamAV, and the last time I tried it, my CPU had a continuous load of 30%.

SO I use ClamAV sometimes, I use online AV scanners more often and monthly malware scans. No virus or malware on my system for 10 years. That said, I run a strictly configured router/firewall on a completely separate PC and every device that connects through my LAN is on a separate VLAN with even stricter rules. All of the computers I use have mostly PortableApps tools and browsers are as vanilla as possible, with the exception of 'uBlock Origin' and 'uMatrix'.
Anonymous
Try this link to improve detection rate of ClamAV :

Andreas
Hi Robert, what about applications such as https://heimdalsecurity.com/en/products/heimdeal-free that simply keep your average virus magnet applications up-to-date? Would you recommend that on the side, along with whatever the OS offers?
Robert
You should stick to applications that are good at updating themselves. For example there's no need for Heimdal to update Firefox or Chrome, and getting it involved adds potential for catastrophic bugs.

So it depends on what applications you use. If a random person asked me with no further information, I'd probably play it safe and say no since there's potential for badly-implemented updates to do great harm.
Anonymous
Microsoft has a tool for enable processor based protection that may be helpful for some people. https://en.m.wikipedia.org/wiki/Enhanced_Mitigation_Experience_Toolkit
SRV6
EMET ius being discontinued on July 2018
SRV6
Windows 10 has EMET features built in.
Anonymous
Not all of them... https://betanews.com/2016/11/24/windows-10-security-emet/
Anonymous
For now....
Marcos Mayorga
Just use Linux, you don't need AV at all, I've never used AV for more than 20 yrs so far
Former Mac User from 80s.
Linux fan boys are as bad as Mac fan boys.. Mark my words, when you get hit.. It will be bad.
Anonymous
As a layman, are you talking about always-on virus scanners that run in the background or also on-demand file scanners? I would guess the latter are less intrusive to the os?
Jeabo
Yes, you are very much right. In fact, running bit defender and something like McAfee together will cause the OS to become unstable. Just my experience after doing thousands of virus cleanings.
Jeabo
That is why most real time scanners will disable Windows antivirus software. (And McAfee is utter garbage these days)
Robert
On-demand file scanners are certainly a lot less problematic.
Anonymous
The only time I ever use AV is to scan files in a VM. Be safe online, not stupid.
Anonymous
I vaguely recall that a few years back, my laptop would intermittently Blue Screen until I uninstalled Norton.

I still use MalwareBytes (the free version, with no "active" protection), and I run it occasionally just in case, but otherwise I stick with MSE (or whatever it's called) on my Windows boxes.
PK
I used AV in the past, but after getting Windows 10 machine, I really use only the Defender. It works great, nothing bad happened yet, and it doesn't scream on full volume every time definitions are updated ;-)
Anonymous
For home use I don't disagree with you. We all know that by the time the AV software finds an infection it's too late anyway. But a lot of businesses these days are allowing or requiring BYO devices with their user base. We have to protect everyone's systems. We can't have people running on networks in such an insecure way. Here, our security appliances & firewalls can help to mitigate security threats imposed by rogue devices, but that is not enough.

Ideally, everyone just becomes more tech-aware and can figure out that they shouldn't click that link in their email because they probably aren't descended from African royalty. But I don't see that happening anytime soon. As long as people keep clicking on stupid things, then they need stupid software to babysit them.
Robert
I can't imagine why you'd allow regular users to attach BYO devices to your corporate network.

That aside, what evidence is there that any third-party AV is a net security win over Microsoft's built-in stuff? I haven't seen any, even with all the comments around this post.
markrobertsbarter
Calling the major vendors' products "anti virus" kind of highlights a lack of research, on your part. Apparmor/SELinux, for example, is pretty much considered best practice in the Linux world, so why is it that similar third party functionality in the suites that you dismiss as "AV" suddenly becomes worthless in the Windows world. There's much more to the major - let's call them what they are - HIPS software packages than you give them credit for.
Robert
SELinux has all kinds of problems. However, at least it has defined interfaces; the source is open and operates in a transparent fashion; distros take responsibility for configuring it and making it work with their application packages; and it hasn't been a source of egregious security bugs.

Windows AV on the other hand is a crazy mess of closed-source code doing random patching, hooking, parsing arbitrary complex data formats in ring 0 and other blunders, changing unpredictably, with practically no coordination.
amias
windows is different to linux in this respect because software vendors are considered potentially hostile to the OS as they are frequently not aligned to its goals. linux distros on the other hand tend to provide software that is more closely matched to the OS because of its maintainers including or packaging them instead of vendors.
Chris Tschantz
This smells all too consumer to me. Users who are diligent about patching not only their OS but third party software as well (Reader, Java etc.) MAY be able to get away with nothing more than Defender; However, what ever happened to Defense in Depth? At any business or enterprise, you have to do your best to protect the data, employees as well as your customers. Sure, traditional AV isn't always going to protect you but most AV \ EPP vendors are doing their diligence to include technology in their products that go way beyond what traditional AV ever did. In addition, there are other products to consider like Application Whitelisting technology. Of course, these in concert with other technologies like DLP, IDS, NGFW, SIEM etc. can all help protect the business. Common Defense in Depth here. But to recommend either nothing or Microsoft built in offering is not the best approach if you care about the things you need to protect.
Robert
"Defense in depth" does not mean that the answer to "should I install this 'security' product?" is always "yes".

Each product you install adds vulnerabilities to your system as well as protecting you from some set of threats. The sets of threats overlap (e.g. if you're scanning email on the mail server, scanning it again on the client doesn't do much).

> But to recommend either nothing or Microsoft built in offering is not the best approach if you care about the things you need to protect.

I'd like to see an independent evidence-based evaluation of this. I haven't, and one hasn't turned up in all the comments around this post. Lacking one, and given the egregious blunders of the major AV vendors that have come to light, I still think being conservative in what you install, as I have advised, is perfectly reasonable for the average user.
Bruce
I guess that one could then argue that since Microsoft also includes IE and/or Edge in their operating systems, one should not install Firefox, Opera, or Chrome either. After all, you are adding more software with more bugs and we do want to be conservative in what we install, right?
Robert
If IE/Edge are installed but you don't use them, no problem.
nicu
Some years ago I used to put MSE on some people computers, that was until they came back infested. Now I won't recommend it to anyone. (still, I have to admit I didn't check recently, since I mainly use Linux with no AV)
Anonymous
What about Emsisoft? If you are going to recommend to uninstall AVs, you should at least be aware of the popular ones and more.
Tyagraj Varma
These days most of the malware comes from online. Just run your browser in a software like sandboxie. You won't need an 3rd party AV, unless you often connect unknown USB devices.
Anonymous
Your advice is flawed, opportunistic, irresposible and dangerous to people who don't understand the malware landscape that is out there.

Your reputation, in my mind at least (as I don't speak for others) has been tainted.

The average Joe on the street is better served with anti-virus on their computer than not. No software is perfect.
Robert
> The average Joe on the street is better served with anti-virus on their computer than not.

I believe you may be right about that which is why I suggested Microsoft's stuff.
Anonymous
The problem if you only use Windows defender (on Win 8.1 about myself) is that you could be infected by a virus (like a trojan) while browsing a web page with firefox.
I've made EICAR tests with Windows defender and firefox and defender doesn't notice the viruses in a web page (but it works with IE 11).
Robert
EICAR-like tests are mostly meaningless for browsers. By the time malware has been around long enough to be analyzed and its signature(s) (binary, behavioural, whatever) blocked by AV tools, modern browsers will have already fixed whatever holes they were exploiting. Firefox doesn't need to explicitly detect Web-bourne viruses; Firefox's job is to make sure that all such content is harmless.

For modern browsers that are kept up to date your real threats are zero-day exploits, which can easily evade any AV product.
Anonymous
I think I need a good AV also because a few weeks ago, i've been on a TV streaming webpage and there was a trojan into the page.
It has been detected by my AV but not by Firefox.
What could you advise in this case?
Robert
I thought I was clear before. Without more details it's probably not worth me saying anything more.
Anonymous
I've done this since I understood a little more about how these security solutions work (5 or 6 years ago).

I don't understand why Windows Defender is different from the others AV. If you could explain this point I would appreciate it.
Robert
I mentioned it in the post. Based on the data I've seen, I have a much higher opinion of Microsoft's people and processes than the other AV vendors. Also, because Microsoft's stuff ships with Windows they are more likely to get the integration right and be held to reasonable quality standards.
Anonymous
Hooray another educated opinion from someone who does not actually fix PCs for a living.
Thanks for that. You just made my job harder, but more profitable.

Microsoft themself say that their AV solution is "Baseline", which means is the lowest you should go, not the highest.

I keep seeing quotes about the crappy state of AV, but it always focuses on Norton, Mcafee etc., who are historically crap and simply sell more product.

Avira or Bitdefender never apear in these quotes or lists of bad AV/vendors.

I can find zero evidence that MS AV is any good, only the oposite, as the frequent infected PCs I have to fix are usually using either MSE/Defender, Norton or Mcafee, which is as good as using a magic 8-ball.

MS AV does not scan web page content in non-MS browsers, so malvertising and link scanning in FF or Chrome is non-existent.

If you are going to recommend MSE/Defender, at least show some evidence or reference to how good it is at its job, not mere opinion and belief.
It is provably consistently below average, and for a while fell off the bottom of the AV test/comparison sites.
Robert
Avira:
Bitdefender:

Firefox and Chrome use Google Safe Browsing for URL filtering so it's not "non-existent".

Scanning Web content adds very little value. By the time malware has been around long enough to be analyzed and its signature(s) (binary, behavioural, whatever) blocked by AV tools, modern browsers will have already fixed whatever holes they were exploiting. Firefox doesn't need to explicitly detect Web-bourne viruses; Firefox's job is to make sure that all such content is harmless. AV products interfering with Firefox has historically made that more difficult --- including Avira and Bitdefender, as you can see above. Justin Schuh says it's the same for Chrome.

This all assumes users are using up-to-date OSes and browsers, as I updated my post to make clear.

Windows Defender may not be very good at the metrics you're talking about, but at least it does relatively little harm.
Chris
Well what if you never enable the plugings those AV products try to push onto your browser?
Robert
That doesn't necessarily stop them hooking and patching browsers; i.e. that wouldn't stop all the bad stuff they do.
Bruce
"Windows Defender may not be very good at the metrics you're talking about, but at least it does relatively little harm."

For the test suites that look at false negatives, Microsoft's consumer solutions are generally the king of the hill. How is that "relatively little harm"?
Robert
See http://robert.ocallahan.org/2017/01/a-followup-about-av-test-reports.html about test reports.
Dan Stromberg
Matt Blalock
Which is why I never install browser addons that monitor/pre-empt/intercept/divert/parse or otherwise aggregate code or functionality into or onto my browsers, of which I use two: Chrome and FireFox. Nor do I lard on all the extra geegaws they beg you to buy. AND by-the-way, I never pay for AV software. I have used AVG Free, rightly or wrongly, in conjunction with FireFox (and now Chrome) for 18(?) years during which time I have fallen prey to an exploit only once and that was my fault. Any other security failures I experienced were with MSIE - and nothing could protect you from the flaws in MSIE. No AV product can protect you against your own stupidity, especially if you don't understand or acknowledge the shortcomings of the AV platform you use. I get the point about MSAV: who knows MS better than MS? Who better to create and build an AV architecture that works in harmony with MSOS, but then look at MSIE. I still think MSIE is terrible software and never use it. So I stick to what I know works, for now. But I will say this, and I wish someone would address this specific issue. What i fear, in light of the Russian exploit of the DNC, is that these foreign AV softwares could be engineered to backdoor any user and expose westerners to attack. Imagine planting evidence of criminal activity on thousands or millions of computers, implicating innocent users in criminal activities of which they have no knowledge and indictment for said crimes they did not commit: wire fraud, sex crimes, computer crimes, espionage, public infra-structure crimes, you name it, or leverage your system as a bot to attack dot-gov or public/private infrastructure. This has begun to steadily creep into my awareness of late.
Anonymous
Totally, that is what I do and say to my users/customers.
itLarry
yep.

If some OS isn't able to secure itself (vs selinux, openbsd, ..) i don't use it. security as an after thought never worked and never will. just say bye-bye to this exensive crap that makes your box crawl - your apps crash and only gives a false sense of security.
Chris
Also are you discrediting places like Virus Bulleting or AV-Comparatives?

That don't even bench the Microsoft built in av because of its low scores.

I understand from a stand point of the browsers sake with their plugins. I don't even enable those because i want the browser to do that and the AV to catch anything the browser doesn't catch.

I've gone back and forth on this myself as an IT professional and I find myself using AV because of those listed sites and Microsoft's admission that it's just a baseline product they include.

To me performance is always what I'm looking for as I'm an avid PC gamer and I've never had issues with Bitdefender running on my PC slowing down my Games or Browsing.

I have though run into those issues you mentioned where it gets tricky because the AV product is doing some stuff with the kernel. For example Asus tools to monitor my PC and adjust setting like voltages and bus speeds has an issue with BitDefender. My response to that was just to not use the software and seek alternatives to monitor temps.
Robert
OK for the sake of time I'll just focus on

> That don't even bench the Microsoft built in av because of its low scores.

This report does include Microsoft. In that test, MS got 97% (1570 out of 1619) ... lower than most of the other products, but the actual difference is very small.

The major problem with tests like this is that they are designed to fit the strengths of AV products and avoid their weaknesses. The report doesn't say how they acquire their malware samples, but I guess they get them from the same sources AV vendors do. (They're not writing their own since they say they independently verify that their malware samples "work" on an unprotected machine.) So what they're testing here is the ability of AV software to recognize malware that's been in the wild long enough to be recognized and added to someone's database. That's exactly the malware that AV systems detect. But in the real world users will often encounter malware that hasn't had time to be classified yet, and possibly (e.g. in spear-phishing cases) will never be classified. A more realistic test would include malware like that. The test writers should cover that by generating a whole lot of their own malware that's not in any database, and see how AV products perform on that. My guess is that the detection rate would be around 0% if they do it with a modicum of skill. Of course in the real world, some malware authors can and do iterate on their new malware until they're sure the major AV products won't detect it.

So for the sake of argument let's suppose 20% of the attacks in the real world use new unclassified malware and 80% use old malware and none of the 20% is detected by AV products. That would be 405 additional malware samples not detected by any product. Now Microsoft scores 77.6% and F-Secure is 79.9%. That difference doesn't look so important now.

The other major issue with this whole approach is that it takes no account of the downsides of AV products. If a product slows down your system massively (more than other products), that doesn't show up here. If a product blocks all kinds of valid content, that doesn't show up here. If a product introduces huge security vulnerabilities --- even if they're broadly known --- that doesn't show up here. If a product spams the user incessantly with annoying messages, that doesn't show up here.

Because of these systematic issues, this approach to testing actually does more harm than good because to the extent AV vendors care about these test results, they'll optimize for them at the expense of those other important factors that aren't being measured.

There are also some issues with this particular test report. For example they say how important it is to test up-to-date software, and then test "Microsoft Windows 7
Home Premium SP1 64-Bit, with updates as of 1st July 2016" and Firefox version 43.0.4. But on 1st July 2016, the latest versions were Windows 10 and Firefox 47.0.1.

Another issue I have with this particular report's product comparisons is that I suspect all it's really measuring is how closely their malware sample import pipeline matches the pipelines of other vendors. Maybe F-Secure won that benchmark because they happen to get their malware samples from exactly the same sources as AV-Comparatives and the other products use slightly different sources. The source of malware samples is critical here and I can't find anywhere they say what it is.
Anonymous
I am of your opinion
Anon_Code
what about the almost 5000 malware samples i got, which is not detected by Win defender...?
this blog post is the worst suggestion i'v ever read.
but is detected by 3th party AV's?
this is damaging to end-users. people should not even use mozilla because of all the vulnerable plugins it possesses...
Anonymous
I agree and I do not want to know how much energy is burned every day for the useless AV software.
justplus
what about Kasperski?
ABRAHAM GERARDO VALDEZ
since my first computer (year 1999)i don't use antivirus...
Chris
Was this more what you were trying to say?

Robert
I agree with that, but it's not all I was trying to say.
Michael Meeks
The false positive rate is horrendous, leading to silent and weird changes in behavior. For example a prominent AV solution stops git working under Cygwin on Windows - it fails with some weirdo error, no logging, no diagnostics, nothing to fix it. So - step 1. for all developers: disable AV on Windows.

Beyond that, the number of user-reported false positives as we tweak headers and re-compile LibreOffice is beyond belief - even though the binaries, installer etc. are signed. The whole "look for virus signatures" approach seems unlikely to succeed in the end anyhow, and the performance impact of AV is severe for most low-end machines (so I'd not enable it on Windows XP either since a) you're doomed anyway and b) you ought to be able to use the PC in the small window of life you have).

I'd put good money on someone creating entirely random PE executables by shuffling code fragments of any given binary and putting them through lots of AVs of hitting truck loads of false positives; it would be great to have a comparison of the lame-ness of AVs based on that alone I guess; and some independent benchmarks of their real impact on machines.

I guess the AV industry is just another clown in the circus =)
DEViATTED
I am so glad there are people who think the same way. I haven't used an AV for more than a decade now.

I think they're the most useless piece of software in existence today that act like virus themselves by slowing down computers, interfering with other processes and the beauty of it is PEOPLE pay for them!
previouslysilent
I've had to fix machines which have run only Microsoft's security and got infected, and SpybotS&D or MalwareBytes have easily found the problem.

In my experience it's the fully integrated security suites that are the biggest headaches.
I've had to turn off outbound mail scanning on wife's laptop because it fails for an unknown reason; she runs Avast.
Anonymous
I've been running MC Shield because of the high number of USB viruses in the country I live and I've heard Immunet is supposed to be good, both run alongside resident antivirus programs. How do these fit with the recommendation to not install 3rd party scanners and use windows defender instead?
Anonymous
Robert, I am not into all this chain of comments but seeing this:

> because of the high number of USB viruses in the country I
> live and I've heard Immunet is supposed to be good, both run
> alongside resident antivirus programs.

... I'm tempted to recommend the tool I was using several years in a row (on farm of Windows boxes at my previous job). And boy was it perfect! It's called Ariad:

If tools you mention are in the same vein like Ariad, it's very nice combo, I'd say (I used both Ariad + MSE in those older times). Because it deals more with infection causes than a consequences. Recommended!
Anonymous
I only noticed one thing about my Eset Internet security is that it overwrites some of the websites security certifications to it's own.
Robert
This paper says ESET is especially bad about its TLS interception: https://jhalderm.com/pub/papers/interception-ndss17.pdf
Begemotike
Finally, a voice of sanity in the wilderness. I run a small IT shop and I've had people call and rail on me for hearing about me telling something this exact thing. I can confirm, personally, that I have never, not once in 20 some years of doing this, seen AV actually protect the people who were always infecting themselves.

The other major issue is that by and large, the biggest problems are PUPs, which many AV solutions cheerfully ignore - or even install. Which is why in the end, prevention (patches, user education, user lockdown) and remediation (malwarebytes et al, backups, restores) have been the only thing that really works.

And yes, leave Windows Defender on.
Aleksey
This is a terribly ignorant article, written by someone who does not understand vectors of attack, the nature of viruses in the past decade, or anything, really, about security. It also certainly explains why millions of people are part of zombie botnets without even knowing that they are. Mind-boggling stupidity on display.
RejZoR
Sorry, but Windows Defender is absolute garbage. Slow, poor (well, non existent to be honest) proactive features, only thing good about it is that it's easy to use since it hardly has any settings. Are you a Microsoft shill? Coz no one in right mind would recommend Windows Defender over products like Kaspersky, avast! or Bitdefender. Of which last two also offer free versions that are not any worse protection wise than their paid counterparts. Diversity in antimalware field gives users immunity. If everyone used Windows Defender, bad guys would just have to bypass that and they'd be done. And trust me, bypassing Windows Defender is easy. But if bad guys have to craft their packages to bypass 20 different products, they have to make compromises, extensive testing and even then chances are one vendor will nail them and share the sample with rest is very high. And with cloud systems, they can't test it in advance because it means AV vendors will get an insight on the malware and if they don't, they can't be sure it's not detected already. It's why everyone else is better than Microsoft, because they have complex multilayer protection systems.
Aleksey
I was too lazy to write all that out, but yes, exactly. Homogenuity, using AV by the same company that made the OS, is insanity. In addition, Windows Defender/MSSE are simply way behind in innovative technologies like deep cloud AI (Symantec) or Webroot's tracking and reversal of suspicious application behavior.

People who write such articles are terribly ignorant, and they believe they still live in an era where you could, first of all, know when you have a virus, and second, eliminate it by "scanning" after it executed.

The only thing that still works to root out modern viruses are hacker utilities like Combofix. Modern antiviruses are trying to catch up, but Microsoft is certainly way behind all of them.
Fred
This article is complete bullshit from someone who does not know anything about new security threats and attack vectors spreading in 2017.
Relying on an OS and all softwares, plugins, middleswares, drivers and other stuff up to date for being safe is just non-sense.
Combination of standard AV and behavioral/sandboxing technos remain an effective way to protect from Internet threats (as well as awareness, and being up to date of course).
Anonymous
Xem
dinh duong cho ba bau
Anonymous
Since Win 95 i am used to AV Suites, and every Time it was a disaster.
From slow PC, to annoying and false Messages, up to finally heavy destroyed Win OS, all of this i have seen.

The First was Norton AV because i trusted Norton Commander on Dos. This was the first mistake... later i must install Win95 new... ca.
every Year i tested another AV Programs or Suites, because most of it was free on Magazine CD/DVD... every Time was the same annoying or destroying of Software and OS (and Time).
I Think.... Why dos every PC Magazine prefer AV Suites ? it was every time annoying and slow on my Gaming PC.
Many Years later i payed many Money for Norten Internet Security Suit, and it was a better then the first Version i used, but the PC-speed was only 1/4 from before, and so many Messages from the Suit, i think ... whats going on in my PC is it infected or defect or what is it ?
I wanted to deinstall it..... mistake 2... i had to use an special uninstall program, because of the deeeeeeeeep integrating in the OS, simple deinstall destroyed my WinXP.
But i had luck, i never had a Virus from Internet. The last AV Programs i used was Free AV and AVAST..... same shit, but more annoying with activation online, messages and updating that don't real work... but better with deinstalling.

I did See a Video from CCC Germany, because how easy a PC was infected if a AV Suite is installed.
Without an AV nothing had happen, but with AV they easy become Admin Privilege and full OS/PC access !!!
Then 3 Years without AV, @2009 MSE beta message arrived, i looked, installed the Beta and tested it with an official Virus Download. MSE worked fine with download, copy and delete the harmless but real Virus. Since then i used only MSE and never had any Problems or slow PC, i never experience a slow or annoying Windows because of MSE. OK only one negative Part on MSE, if i install an old Game or Software, the start of the install is very very slow (but i don't think, that is MSE fault, its more a OS Fault with old installer Software in combination with MSE)
but this Problem dont hurt much, if i must wait a minute more or deactivate MSE temporary and don't wait.

The better Question is:
Why are here so many People that say MSE is Shit?
I can say MSE is not shit, it is very usable and silent and fast.

AV Suits are better? they Should work in a Sandbox ?(witch is ridiculous slow).
Yes there are good AV in this World, but they are very expensive and they are not in the next PC Shop to bye.

Why must a AV Suit change the Browser Software ?(this is not her piece of Software). and what if a new closed Source Sandbox-Browser arrive, how can the save the User ?

I am very satisfied with MSE since the Beta.
I am more Safe, more Speed, lesser annoying, lesser Problems with MSE + adblocker + Scriptblocker.(that dont change the Browser Software)
Thats the best every Internet-User can do, to secure Yourself !
Brain.exe is not important then...

Who else will say that an AV Suit will be better and safer for free?
Naturebitz
In light of the recent "Avast breaking the installation of Windows 10 1803 update" I'm inclined to agree with Robert.
tlhonmey
Aside from the results of bad passwords on remote-access systems the most common compromises I see these days are...

Malicious browser extensions.

Doesn't matter what OS or whether you have antivirus or not. I've not seen a single antivirus program yet capable of detecting the difference between a legitimate extension and a malicious one.

So unless your user is an idiot who believes the "you must install this codec to continue" website ads and runs things that come in unexpected email attachments from strangers, traditional antivirus does nothing. Keep up with software security updates and you'll screen out 95% of the bad stuff. Don't install browser extensions or other programs just because some random website says you should and you'll be rid of another 4.9%. The rest are things that a good antivirus program probably won't help with anyway, so it's probably not worth it.

Using something to scan incoming emails for known threats might be helpful if you get a lot of mail from John Q Public and so have to read everything. That's about it.