My 2c here:
Change my mind.
- Why choose third-party security software?
I don't like placing all of my eggs in one basket. Though Windows Defender is widely regarded to work well these days, I prefer not trusting the same party (Microsoft) to implement every layer of security on my device. A third party like Kaspersky or ESET has its own technologies and are less likely to be biased to think in the same way as the OS designer.
I think it's better to answer "why not harden the OS?". Windows by default is somewhat modest in the hardening features they turn on by default. These features are great but also create compatibility issues in the form of app crashes, etc, for apps that are not compatible with the hardening technology. In general, Apple and Linux are far less caring about this. You can run many DOS and Win32 apps from 1990 on Windows 10. Good luck running even 3-4 year old Linux or macOS binaries on a modern version of the OS.
So if those use cases don't apply to you or you're willing to trade incompatibility for security, that's why the knobs exist to harden the OS more.
NOTE: By default on 64 bit Windows the bulk of the hardening features are turned on. The very few that are turned off are because they really do create a lot of compatibility issues.
- Why use an on-demand malware and adware scanners?
Honestly this is a really good question and I don't think this is very necessary anymore. The reasons for on demand scans would be:
- Some AVs prioritize fast startup and don't block services from loading before the AV engine starts. For those AVs, malware might have a chance to preload before the AV engine reacts, and a scan gives you a better chance at catching that
- Around sleeping/waking your machine or switching networks, you could've gone some amount of time with offline-only protection which is weaker with most AVs including Windows Defender. An on demand scan with network connection can help fill that gap a little
- Some AVs like Kaspersky also perform UEFI root kit scans as part of their on demand scan but not their on access scans
- Most AVs let you set different heuristics settings for on access vs on demand scans. You might not want your system to hang as your AV tries to unpack a 1GB RAR file you right clicked, but during an on demand scan you are fine with that.
Well pre UAC, it was obvious, because Administrator accounts allow malware to do way too many dangerous things without any prompts.
In a post UAC world, the Administrator account still has magical powers and UAC doesn't even let you control all of those. For example, the default UAC settings to minimize nagging still allows you to update/change drivers in Device Manager or change the date/time (severing SSL connections if you move the clock too much). Mapping network drives and DOS drives are allowed as an Administrator regardless of UAC settings. Both of those have been used by malware in the past to evade ransomware protected folders.
On a Linux machine, I've seen compromised servers because the sudo binary gets replaced or a fake path/alias gets injected to a sudo binary. That's one reason why you might not even want on a Linux machine to run as a user that is
capable of elevating to administrator. Not to mention I think in the last 5 years we are up to 3 or so extremely serious sudo vulnerabilities.
- Why did Microsoft implement UAC?
I actually think UAC is a great idea that other OS'es should offer. UAC as a concept lets you elevate permissions for a specific operation. I'd like to call out these cool features of UAC compared to sudo or password dialogs on macOS or Linux:
- You don't have to type in your password again. Excessively typing in your password can be less secure, especially in environments where you're recorded by security cameras or are in public. After installing a 4K security camera in my living room, I was able to zoom in on the video footage and clearly see myself logging into a website on my smartphone. Shoulder surfing attacks are getting worse and worse as technology gets better.
- The OS takes many safeguards to make UAC dialogs look/sound unique and prevents software from clicking the button themselves. Note that lately, macOS has implemented some similar features in their "enter your admin password" dialog because, unsurprisingly, malware started clicking those buttons for the user by faking input events.
- Reasons for the Microsoft Store and 10X?
I mean the cynical answer is that Microsoft would like to get in on Apple's action, having a App Store ecosystem means they get to take a cut of the profit
But more seriously, as a customer, I think it's nice to have one central store experience. I can trust Microsoft to filter their store of malware and other distrustful apps. I can give my credit card to Microsoft and trust they won't steal it or do sneaky auto-renewals that are impossible to cancel.