Serious Discussion Some guy asks if Windows Defender/Microsoft Defender is enough and this is the amazing answer he got back

[bazang]

Defender and Firewall could benefit from an enhanced, more user-friendly UI, as this is something they currently lack.

Windows Security is not for the layperson. It is for knowledgeable professionals and motivated enthusiasts.

Microsoft's approach is to make as little available as far as controls and settings to the home user as is possible. The objective at Microsoft is to have the person (consumer) involved as little as possible - or the best thing would be to have them never involved, make no decisions, and Microsoft manages the security.

Microsoft would have made that all happen but it is the "users want to use stuff" dinosaur thinking and user whining when they cannot do something that resulted in Microsoft abandoning every single worthwhile software-based security it has ever attempted to make home users secure.

 

[Parkinsond]

Windows Security is not for the layperson. It is for knowledgeable professionals and motivated enthusiasts.

Microsoft's approach is to make as little available as far as controls and settings to the home user as is possible. The objective at Microsoft is to have the person (consumer) involved as little as possible - or the best thing would be to have them never involved, make no decisions, and Microsoft manages the security.

Microsoft would have made that all happen but it is the "users want to use stuff" dinosaur thinking and user whining when they cannot do something that resulted in Microsoft abandoning every single worthwhile software-based security it has ever attempted to make home users secure.

That is why there is no prompts for outgoing connections in WF to avoid blocking some essential ones and negatively affecting usability.

 

[bazang]

That is why there is no prompts for outgoing connections in WF to avoid blocking some essential ones and negatively affecting usability.

Microsoft would block home users from doing a lot of things if it were not for users being users, which is to say people being people and all the problems they bring to security.

Microsoft planned on Windows S Mode and the only installable apps being only those via the Microsoft Store. In other words, they tried to bring the Apple Model to Windows, but it never worked out that way.

 

[Sorrento]

We used to call user intervention in an area of industry I worked in as 'Fingers that don't understand' - People wanted control over certain operations but lacked the understanding to make such decisions with the end result that users usually made things worse - I think that happens with the plethora of options that in the context of this thread that some AV's give.

 

[bazang]

We used to call user intervention in an area of industry I worked in as 'Fingers that don't understand' - People wanted control over certain operations but lacked the understanding to make such decisions with the end result that users usually made things worse - I think that happens with the plethora of options that in the context of this thread that some AV's give.

If a person does not know what they are doing on a digital device or within this digital world, then they should be prohibited from owning only a old school dumb smart phone, no XBox, no PS1, no PC, no tablet, and definitely never a smart phone.

As I keep repeating... people are ALWAYS the problem. Software cannot compensate for people and their ignorance and stupidity.

Perhaps one day AI will be able to Pimp Daddy Powdered Palm Bitch Slap users when they do their insecure nonsense.

Participating within the global ether should require a license - just like a driving license - because insecure users harm others way more than they harm themselves.

 

[Sorrento]

A very close relative (my wife) continually has issues with her Apple smart watch/ phone, & more with icons that disappear move around on their own & much more, a watch that goes into theater mode on its own sometimes several things at the same time... So every few weeks I or one of my children sort it out & all it well again, I'm eternally grateful for her having a Mac as its partially locked down as when she used Windows things were even worse - Stop faffing with it I often say but if my nearest & dearest can change things she will - I also only now maintain a few relatives & friends PC's, 99% of all problems are caused by users faffing about with things they do not understand...

 

[roger_m]

MD uses almost the RAM as K (50-150 MB) and rarely use CPU (K also, except while browsing with encrypted connections scan on).

RAM usage only impacts performance on computers with very little RAM. I don't doubt your experience with CPU use, as with any antivirus it can vary greatly from one computer to the next. But on the whole, in my experience, there are several antiviruses that are often much lighter than Defender.

 

[Parkinsond]

RAM usage only impacts performance on computers with very little RAM. I don't doubt your experience with CPU use, as with any antivirus it can vary greatly from one computer to the next. But on the whole, in my experience, there are several antiviruses that are often much lighter than Defender.

I have tried almost all free AVs, except Panda.
The performance impact between is not that wide.
In order from the least to the most (for me) is: MD, K, Avast-AVG, SEP, B, Avira, Avast One.

 

[roger_m]

I have tried almost all free AVs, except Panda.
The performance impact between is not that wide.
In order from the least to the most (for me) is: MD, K, Avast-AVG, SEP, B, Avira, Avast One.

Have you tried K7 or 360 Total Security? Along with Panda, they are some of the very lightest antiviruses.

 

[Parkinsond]

Have you tried K7 or 360 Total Security? Along with Panda, they are some of the very lightest antiviruses.

Are they free? I only use free stuff

 

[roger_m]

Are they free? I only use free stuff

Panda and 360 TS both have free versions. But they are not products I recommend. I just listed them because they are extremely light.

 

[monkeylove]

Windows Security (properly configured on the Pro edition of Windows 10 or 11) is adequate, but default Windows Defender by itself along with Windows Security default configurations on the Home edition of Windows are not adequate.

Security is not software. Security is a process which involves the user(s). People are intrinsically a part of that process and they are always the problem. ALWAYS. That is why companies such as Microsoft want as little to do with home users as is possible. For one, most home users do not want to pay for software or security services.

It is no surprise that tech leaders and giants are in business to earn a profit. I think that there are many out there who mis-characterize those companies' actions as shady and anti-consumer at any cost. That is not true. Not even partly true. Corporations are created and exist to serve the investors and shareholders. They don't function on being kind and generous to the world. The world does not operate on humanistic values, and it never will.

Many companies in the security space are willing to do more for consumers - IF AND ONLY IF - those consumers stop all their insecure behaviors. It is not a valid argument to state "Windows Defender allowed my system to be infected" when the user/person is a link clicker, downloader, pirater of software, "user that wants to use stuff," or whatever other bad, insecure behavior.

Every single piece of published code has as part of its EULA and/or Terms of Service -- "Offered AS IS and use at your own risk and peril." Every EULA out there.

Any person that uses any digital device and doesn't have adequate knowledge creates their own risk. Nobody owes them a thing and nobody else is responsible for protecting the user. It is ALWAYS the user's accountability and responsibility for digital security.

There are now more malware that can't be detected, that do not involve user activity, that target embedded software, and that lurk in systems to steal data. Given that, there's no "adequate" in this issue.

Security is software and services, and services don't involve users as the latter wouldn't know what to do when security systems ask whether something should be blocked, permitted, deleted, etc. And users can't afford to pay for services because they can't afford to do so.

Finally, all security systems are intrusive by default, and users cannot perform as well as those.

 

[Parkinsond]

Panda and 360 TS both have free versions. But they are not products I recommend. I just listed them because they are extremely light.

Not just free, also has a minimal level of efficiency and does not impact performance negatively.

 

[monkeylove]

There are no longer security programs that are "enough" because malware have become more sophisticated. Given that, you are better off getting the best free programs, and if you can afford it, paid.

"Best" refers to malware protection, real-time protection, and system impact. Not all can be the best for all three, so you need to find the one that does best overall.

Finally, for those looking for paid software, the final factor is price. If you can find promo deals and avoid the price hike for the second year, then that's what you should consider.

 

[bazang]

There are now more malware that can't be detected, that do not involve user activity, that target embedded software, and that lurk in systems to steal data. Given that, there's no "adequate" in this issue.

The adequate solution is to configure and operate the digital device in a manner that prevents anything other than whitelisted code from executing. It certainly is possible and there are millions of systems out there that work in that mode without issue. The difference are the users who are not "users that want to use stuff" and do all manner of stupid stuff.

Security is software and services, and services don't involve users as the latter wouldn't know what to do when security systems ask whether something should be blocked, permitted, deleted, etc.

Services are paid and the device is managed by the people who operate those services. There is a very high degree of automation in many available security services.

And users can't afford to pay for services because they can't afford to do so.

But they sure can afford to buy expensive digital devices. Just as long as those kinds of "users that want to use stuff" get to do what they want while jeopardizing everybody else's security and economic well-being in an inter-connected world.

There is a personal accountability and responsibility in owning a digital device. If the user cannot meet those duties, then they should not be permitted to purchase a device in the first place. Corporations will sell idiots as many digital devices as the idiots are willing to pay. Then those idiots end up infecting multiple other idiots, and the infection chain grows exponentially from there. The costs of all that just gets passed onto those who fulfill their obligations and do pay for software and services. So everybody else except the idiots pay the price of their idiocy.

But, economically, it is better for all to have a heavily malware infected world - the tens of millions of jobs created globally to cope with the consequences of the actions of hundreds and hundreds of millions of idiots.

 

[jackuars]

Windows Security is not for the layperson. It is for knowledgeable professionals and motivated enthusiasts.

Microsoft's approach is to make as little available as far as controls and settings to the home user as is possible. The objective at Microsoft is to have the person (consumer) involved as little as possible - or the best thing would be to have them never involved, make no decisions, and Microsoft manages the security.

Microsoft would have made that all happen but it is the "users want to use stuff" dinosaur thinking and user whining when they cannot do something that resulted in Microsoft abandoning every single worthwhile software-based security it has ever attempted to make home users secure.

That logic doesn't hold up. A complicated UI isn’t a security measure—it’s just bad design. If Microsoft wanted to prevent casual users from messing with security settings, that’s exactly what User Access Control (UAC) is for.

Security tools like Defender and Firewall are built into Windows - a consumer focused O.S, meaning they should be accessible to all users, not just IT pros. A confusing interface doesn’t make things safer—it makes users more likely to ignore or disable security features out of frustration.

Microsoft has historically prioritized user-friendly interfaces across its software ecosystem, so the argument that they intentionally maintain a complex UI to discourage users contradicts their broader design philosophy.

Good security is about making protection effortless, not gatekeeping it behind a convoluted interface.

 

[annaegorov]

That logic doesn't hold up. A complicated UI isn’t a security measure—it’s just bad design. If Microsoft wanted to prevent casual users from messing with security settings, that’s exactly what User Access Control (UAC) is for.

Security tools like Defender and Firewall are built into Windows - a consumer focused O.S, meaning they should be accessible to all users, not just IT pros. A confusing interface doesn’t make things safer—it makes users more likely to ignore or disable security features out of frustration.

Microsoft has historically prioritized user-friendly interfaces across its software ecosystem, so the argument that they intentionally maintain a complex UI to discourage users contradicts their broader design philosophy.

Good security is about making protection effortless, not gatekeeping it behind a convoluted interface.

I would have to agree with that. Making an operating system doesn't mean you know how to design a usable UI. Same for game makers who don't play the game, like Tom Clancy's Division 1 and 2

 

[Jonny Quest]

Defender and Firewall could benefit from an enhanced, more user-friendly UI, as this is something they currently lack.

Especially the Firewall. I would rather use a 3rd party AV with their firewall that makes more sense, and is easier for normal users like myself to understand.

 

[Khushal]

One thing you failed to mention is that windows defender is fairly easy to bypass, look at defendnot as an example. And independent testing still puts windows defender in the middle of the pack for AVs. Except for VIPRE, K7, Malwarebytes, Panda, Quick Heal and Trend Micro, every other antivirus blocks more threats than windows defender. Malware Protection Test March 2025

I will stick with my ESET subscription for now.




Firefox just uses Google Safe Browsing, btw.


Also, the whole Jumpshot spying thing happened before Gen bought Avast/AVG. Jumpshot and ceased its operations in January 2020. Norton started merging in mid-2021.

To add on:
VirusTotal this is a defender bypasser using nircmd and it is not detected by WD for over a month. It is seen used by about a 1000 malware samples on virustotal.

 

[Parkinsond]

To add on:
VirusTotal this is a defender bypasser using nircmd and it is not detected by WD for over a month. It is seen used by about a 1000 malware samples on virustotal.

B, Avira, and Symantec could not detect it, too.