For the vendors, minding which essential features to stick to to offer, is crucial for them to stay balanced and relevant (besides keeping up with the current threatscape).
"
Fix not what's not broken" does not often just make sense for a feature, but for the entire product offering too. Likewise, why add more than what is essentially expected of your product?
Many AVs have already been providing extras like VPNs, Password Managers, banner control and cleaners. Some of the freemiums/freebies also resort to in-app advertising for upgrading the same.
Sure, there will be some users who would be happy to avail extras. However, I've seen many users who just want the core security aspect. The rest is bloat for them. Including some of them like PMs or trustable VPNs in extra-premium packages is fine, but IMO the AV companies should not unnecessarily invest time and money in extras like cleaners or performance enhancers that add just a little value to their domain of work... while dedicated and customizable apps offering the same are famously available.
Gaming Mode is common in some AVs where notifications and idle/scheduled scans are restricted. Other than that, there are a few utilities that disable unnecessary services, free up RAM for a better gaming experience. Pair that with customized Process Lasso and there you go
I wouldn`t be so sure about WD being so good and, in addition, i would never put all the eggs in one basket. In other words i would avoid having OS + AV = Microsoft. I like diversity.
I totally agree! Besides, even though Microsoft will be the one having most details knowledge and know-hows of the working of Windows, their expertise and experience with the cyberthreats would be lesser compared to major players who have been solely doing this 24*7*52 since years. Getting intel from these players is not enough.
WD is improving impressively especially ATP, no doubt. But I would not trust it wholly. Also it is supposed to be the most targeted now that it's the default built-in.
I have a few small requests I would like such as a script locker where scripts can be stored safely. This way any script not in the locker on a PC can easily be blocked and also the scripts can be protected from being overwritten by malware. This way script hosts are made safe...
Basically what one practices currently in the available solutions by -
- having a default-deny/app locker and then a list of whitelisted scripts +
- having access protection for a set of script files
.. you're suggesting to combine them into a little specific unit. It's a good idea
Endpoint solutions mainly focus on practicality and demand of features among the users. If it rises enough, maybe some vendor might consider implementing it. Have you ever suggested this on any AV forums?
But honestly if you ask me, most of the time the free option provides you more than enough protection against day to day threats. Lets take Kaspersky for example. The free version provides you all the essential protection already, while purchasing the paid version gives you a more customizable experience. 99% of these customizations are not going to affect your protection.
Many if not all of the AVs have the same virus definitions between the paid and free version, and if by some chance the paid version is able to detect a virus that is not yet detected by the capabilities of the free version, they will be promptly updated to ensure protection.
"Some specific protection being enough" is up to an individual, but not entirely.
An average user might get infected with a strong config. We know nothing is full-proof. Neither human decisions of course, nor the solutions.
That average user practicing safe habits might as well get infected with a light and simple config - if once in a blue moon he visits something that is compromised, shady or runs some non-legit app for some obvious reasons by creating an exception in the security rules he set. Boom, one bad out of all hundred things that happened to him did the nasty thing.
Safe habits sure reduce the probability of attacks but don't eliminate them.
If the user could not identify the infection, be it minor or a disastrous one, he (feels he) is safe in his Wonderland. He's good. It might even not be something he would care much about.
And the opposite that a paranoid user might think of some minor events as risks and might freak out... eventually running multiple scanners or scratching his head whether he should again clean install his system for peace of mind.
The above are only a few combinations among various possible scenarios.
Most of the times, the IS (paid) version of an AV provides important complementary features (firewall - IDS, IPS, ..., Advanced ML that help over unrecognized threats - though detected ones soon get added to common sigs, Application Control or HIPS, and more customization) over the basics (AV sigs, BB, surfing protection).
One might want to use another solution to add the missing features of a free AV. I would prefer to have that or a complete suite and not just rely on a free AV/default-deny for regular use.
I do not think of those complete packages as necessary, but I do advocate their use.
The missing features of a free AV cover different attack vectors and their scope of protection also differs. Combine that with the years of cybersecurity expertise that Security Vendors put into their various modules to make it a one big integrated and tightly-coupled product. Now add some default-deny and safe browsing
These are my thoughts. Everyone has their own set of usage and spectrum of knowledge... and may feel the need for more or less protection.
Coming back to the topic, I think
- providing more practical & customizable solutions appropriate for various groups of target users. With time, there's always room for improvement
- offering better lockdown setups suitable for different use cases
- expanding the scope of protection w.r.t. the constantly evolving threatscape
- progressing their technologies (like ML added years back and being improved ever since; better system & network analysis so as to identify potential breaches and provide improved post-breach remediation measures - like some major corporate players are advertising nowadays)
are more eligible for concerns rather than adding a stockpile of less useful features to impress only a handful.