I have some family members who are running Windows 11. I appreciate from a privacy point of view this is already bad. I wish I could get them onto Linux but it’s not happening any time soon. It is what it is and I’d like to do the best I can for their privacy and security.
The threat model here definitely excludes any kind of targeted attack. As far as security goes, I’d like to do the best I can to avoid them picking up ransomware, having a virus destroy the system or otherwise losing data. For privacy, I’d just like to reduce the amount of general commercial surveillance and data collection.
I’ve seen all sorts of conflicting advice about the need for anti-virus on modern Windows. Does anyone here have any thoughts?
The family members in question are not incredibly tech savvy, so my primary feeling is that not having anti-virus is probably a security risk. I could be wrong and would be very interested in thoughts on this.
My current inclination is to go with Windows Defender. If I use a third-party anti-virus, that’s another company which gets a chance to pry around in the data on the system. Microsoft already own the OS so if they want to do privacy-invasive things they can, even if I’m not running Windows Defender. So they feel like the least-worst choice. (I appreciate Microsoft might find Windows Defender a convenient point to introduce spyware, so not using it might avoid some prying. But it still seems like the least-worst choice.)
Do not use 3rd party AV programs, almost all of them are malware/spyware.
Windows Defender is OK to use and “good enough”.
What your/many family members really need is a more security-conscious mindset so maybe try to educate them in this regard. No AV app will save you if someone clicks on everything that’s clickable without a second thought.
Thanks! While they are (sadly) not too interested in privacy, they do have some interest in security and I have done my best to educate them about common risks. But anyone can make a mistake and (although I am interested in counter-arguments) in their case I suspect having AV of some kind as an insurance policy is a net win.
Is there an anti-virus that’s privacy focused for Windows 10/11? I’ve seen some say that Windows Defender is sufficient but I’ve seen and heard of github repositories that can just disable Windows Defender without notification. Compared to an actual anti-virus, it just doesn’t do nearly as much since its so targeted. Any help or suggestions are greatly appreciated, thank you so much
The general recommendation is to not use any 3rd party AV apps as most of them are, in fact, malware or at least very privacy invasive.
Defender is “good enough” and you’re not giving your data to yet another company (and opening up your system to more vulnerabilities - AV apps are very much a prime target now).
I understood most were privacy invasive, I was just hoping to see if anyone had a suggestion instead of Defender because my trust in it, is very low. In my opinion, I would just replace the invasive nature of Defender to another AV
Not replacing but adding a 3rd party company product that will now get your data, too.
Maybe think about it this way … no AV app will protect you from a new virus that you just happen to run into at a very early stage. The thing that protects you the best are the usual suggestions:
never click attachments
don’t follow download links, surf to the website yourself
be very mindful where you download software from and whether or not you want to trust the dev
Why is your trust in it very low? I don’t use Windows (because my trust in it is very low ) but the last time I looked into it, empirical data / testing showed Windows Defender was about as capable as any of the 3rd party options, and you are already using WIndows, by using Windows you are already implicitly trusting Microsoft, so using Windows Defender does not require trusting any additional 3rd parties you aren’t already placing trust in. My takeaway when I looked into it, was that for people who prefer Windows or are stuck with it, Windows Defender is the least worst option
Yeah, common sense is a good way to protect yourself and your computer, but sometimes it is not good enough.
Malicious factors are hiding behind web scripts, like when you watch an online video they can silently run in the background, or when you receive an email they can infest the computer simply by opening the email. There are also viruses spreading from other network sources.
There are many test scripts available in Github. Just install one VM, isolate it from your network and execute them after updating Windows and WD definitions. It will miss many of these scripts and malicious actions.
What I can suggest is, go for a trusted vendor, like Bitdefender instead of Windows Defender. Yes, Windows Defender might be good for daily usage but you can never know what might hit you.
Security in the OS (and the applications that run on it) that’s just part of the software design (e.g., effective sandboxing, hardened memory allocation) will be better than badness enumerators (aka antivirus software). There is no reason to use something other than Defender on Windows unless you’re a business that wants endpoint management alongside just general antivirus functionality.
Stay away from third-party AVs and use only functionality of Windows Defender which doesn’t violate your privacy (e.g. no MAPS or Sample Submission). Also use MS security baselines (with a few adjustments) and go for a whitelisting solution (e.g. WDAC) instead of blacklisting.
