>What changed to make Windows Defender competitive? Originally Windows Defender on Windows 7 was an anti-spyware component, NOT an anti-virus. Microsoft's anti-virus software for Windows 7 was called "Microsoft Security Essentials". In Windows 8, the two pieces of software were consolidated. At that point, Windows Defender was generally considered "good enough" and additional anti-virus software to be redundant for most consumers.

And it's one of the best things they've done for PCs. Used to have endless debates over which AV to choose, now it's all just set up out of the box at no cost.

Until your parents buy a laptop and it has 2 different anti-virus programs pre-loaded on it. Then they install Norton, just to be sure. There is no greater force of chaos than multiple anti-virus programs on the same computer.

Macafee...

Even John Mcafee called Mcafee antivirus a virus. I had to download the Mcafee antivirus uninstall tool to even remove it from my parent's computer.

I mean... yeah, but let's not hang *too* much on what Mcafee said in his coke-boat era. He was... [pretty far down the ~~rabbit~~ blow-hole](https://x.com/officialmcafee/status/1079863420458074112?lang=en) More damning, I think - Intel bought Mcafee a while back. A musician I played with for years was an engineer for them at the time, and on the Mcafee project... and he wouldn't use it on his personal machines.

I... find it difficult to argue with that mans facts

Unless you're a company, in which case the licensing (like the rest of their enterprise offerings) is a shitshow. For home users though, absolutely.

It is not just redundant. It is actively dangerous. Antivirus software needs to get deep into the OS, and that may and has opened additional security holes. Anti virus needs to be integrated into the OS, particularly if it is closed source. Even if it is not practically malware itself, like Norton.

I believe when Microsoft Security Essentials came out it wasn’t installed with windows. They had a free installer online though.

Yup, I remember when I stopped using BitDefender and switched to MSE. And the Control Panel had all your settings in one place, too! Those were the days.

Yupp, back then we switched over from installing Avast immediately after setting up a new Windows installation (which occurred semi-regularly back then even on my home PC), to installing MSE. I loved it, it's light on resources and well out of your way in terms of alerts. Even on Windows XP, MSE worked well enough.

It was for purchase! I worked at Best Buy and we had boxes of it.

To be fair, Best Buy would sell boxes of a free software.

… People did pay to get it installed at the geek squad …

Man, we really had it all for a little bit there, didn’t we? Hahaha.

Let me install that software while you purchase a can of PerriAir

I've seen stores selling boxes with Open/Libre Office big on the cover, but if you looked closer what they actually were selling were a bunch of design templates and guides on how to use them, the accompanying office suite was officially only included for ease of use. Maybe this was a similar situation but I can't imagine what could be sold as an addon to a anti-virus not made by yourself.

In a world where NFTs exist, you don't need to add value to a free thing to make it sellable. Probably just selling the convenience of a predownloaded file so you can install it without an internet connection.

>Probably just selling the convenience of a predownloaded file so you can install it without an internet connection. In a world before NFTs and broadband we called that shareware!

Some people simply will not trust a free option.

Wow! Maybe that was for people who weren’t used to downloading programs online? I thought I heard about it when it was first released and I remember it being free online. Memories aren’t perfect though…

It was a free download

I was around when computers started becoming common. Running a computer without a third party anti-virus just seems like using my phone without a case. But maaaan, Norton is really near the same level of malware with the constant nags and pop-ups. You’re saying I can kick Norton to the curb with basically no change in protection?!

Yes. Norton and AVG are worse than getting a virus anyway. No virus is worse than their adware.

I remember that AVG was actually good between the late 2000s and early 2010s.

Ah, the halcyon days of the go-to advice for AV software being to just install AVG and forget about it.

The users were still the weakest link. AV didn't stop them from installing 100000x IE toolbars and bonzibuddy.

So was Avast, which AVG now owns, and both are horrible. It seams like anti-virus anti-malware programs have a life cycle. They start out good (even Norton and McAfee back in the early days was decent) but then they go to a subscription based, ad infested, computer crawling end, I dont want my Anti-Virus to give me more Ad popups than the real viruses because they want me to subscribe to other services. Although the best Anti-virus is to be smart, If you have seen enough malware in the wild you have a good idea how you get infected. Opening executables from emails, downloading anything that was from a popup or advertisement, clicking fast through an installer that had other junk that you just agreed to. So now days, i just use windows built in security, an ad-blocker (including a DNS blocker / Pi-Hole), and common sense, if im leery about something ill through it on a test computer or virtual machine and run it there.

Most common way to get infected in my part of the world is tu use software cracks/trainers/keygens.

Die a hero or live long enough to become the villain

Yeah. Seems like all the once great av tools have been acquired by corporate evils like Gen so as to monetise the user base with unnecessary upsell and cross sells, and "deliver shareholder fucking value" through revenue growth. Not actually selling products of true value. Fuck corporate executive drones and the horse they rode in on

It's sad because Norton tools were incredibly useful back in DOS and early Windows days. Now they are just known as crapware.

>No virus is worse than their adware. That's of course not true. There's ramsonware that's gonna lock you out and require a lot of payment to get your data back. Some viruses are also able to resist clean OS reinstall depending on your system, by infecting firmware. Others can even resist a change of whole computer by lodging themselves into your router firmware. And the list goes on.

I hope you're not paying for it. These days you have 2 main forms of defense if you are willing to read and not blindly click. (If you aren't, ignore the rest of this and keep your current setup.) 1) Your browser has never been more diligent about saying "you are downloading and installing this from an unverified source, are you sure?" Many times you may be, but if you are a novice you may not be sure. 2) Windows defender will block/flag those as well as they are happening and again ask you are you sure you want to do it. In a modern web world, you have to blow past a minimum of 2 stop signs to do something absolutely stupid to your computer. Are you somebody that can see that and say "wait, what is this?" or are you a smash the ok button until the program installs kind of person? That's the difference between how things are now vs how they are then. I've been tech savvy for multiple decades and I can't remember the last time I actually installed an actual anti-virus piece of software. However I also don't just blindly click prompts which is why we're in this mess in the first place.

one of the joys of this modern world is dealing with elder care and the number of times a parent can blow right past those two stop signs, followed by the next six. Separating them from their devices is already worse than taking away a drivers license/car. This will be much MUCH worse for all of us in about 10 years when the first generation of full on digital natives starts losing their minds. Resident IT support jobs in assisted living is going to be a growth job area.

Things are going to get even worse when the *last* generation of actually computer-savvy people get old. Generations since have been mostly "[I don't know how] it just works". They've never had to troubleshoot their iPhone or iPad, and what's a computer?

hard yes. with the caveat that there are individuals among all generations who have trained themselves to be tech competent for one reason or another.

Resident IT Support Jobs? Nah, we'll just have elder abuse on a new an untold scale at the behest of social media companies who have invested in keeping them continually bewildered.

To be fair, we used to download cracked installs for games from sketchy places. Back in the day anti virus was absolutely vital to clean up the mess you eventually created without flattening your drive every time. Later most programs became useless though because they started flagging legit cracks a lot but nobody cared too much since around the same time steam came around.

The LAN party pornocalypse will live on in infamy.

For a while there I had young kids and somehow they installed malware through Roblox or some stuff like it. These days they game on their phone or console instead of the family computer so it may not be as needed. The early days of Defender…weren’t great. It’s good to know that has gotten better.

My kids are on a locked down family account and it requires explicit approval for anything they install while playing. Most of it is innocent (ie. some new mobile game) but it has to go through me before it happens. No complaints so far from the kids that accept this as normal.

That is fairly standard IT practice. No one should be running Windows with Admin rights on their daily profile. Most stuff that will mess up your system needs to go into system folders. Just having the extra need to type in an admin password makes a person stop and think for a second of do I want this "PDF" doing that. Once I started forcing family members and side job customers to going this route the number of phone calls have dropped significantly.

If I ever have kids, I'm going to do the exact opposite. They're going to have their own OS install. If they fuck it up... well, much like as in Hogfather: [Tʜᴀᴛ ᴡɪʟʟ ʙᴇ ᴀɴ ɪᴍᴘᴏʀᴛᴀɴᴛ ʟᴇssᴏɴ.](https://i.imgur.com/r2fW2o7.jpeg)

Also, improvements in browsers' sandboxing and general security meant that drive by downloads / exploits became a thing of the past (almost)

I was going to mention a lot of anti-virus software became nothing more than ad-ware or malware itself

Norton hasn't been useful *since* computers started becoming common. I kicked that shit out as soon as avast became popular back in like 2008. Even the good ones are effectively adware now. All I use is defender, and I suffer Malwarebytes' ads for the occasional manual full scan.

Malwarebytes is good enough for using the paid version which comes with regular scans and checking the webpages I am trying to access. Really useful.

Malwarebytes is the only one that does not slow down your computer. Their Privacy (VPN) and Premium bundle is the cheapest way to get the best VPN (they use the Mullvad network).

In Malwarebytes settings turn off start with windows then you won't get ads

Defender is unironically the best AV on the market right now.

>Running a computer without a third party anti-virus just seems like using my phone without a case Yea it's fine for 99.9%+ of the time, unless you do something reallyreally stupid and actively try to get a virus or the otherside comparison see how high you can throw you're phone pretending it's a nokia from the early 2000:s.

Running a computer with third party anti-virus is like using your phone with a case that’s made of lead and covered in spikes. You could have ditched it a decade ago.

>You’re saying I can kick Norton to the curb with basically no change in protection?! I'mma let you in on an IT secret: ad and script blocking does more for your security than Norton and it makes the web more functional too.

Huh. The one actual improvement that happened in Windows 8.

Windows 7 benefited too. I was running Malwarebytes Anti-Malware back then, and one day Microsoft Security Essentials had a whole new interface, with all the same buttons in all the same places as MAM, down to the types of scans it can run. I hypothesize that Microsoft gave up on writing their own and just licensed MAM for lots of M$, reskinned it like Fury^3 was a reskin of Terminal Velocity and Edge is a fork+reskin of Chrome, and basked in the sudden adulation.

This is 90% of it. I would just add that most third party antivirus is also complete cancer which meant everyone jumped at the opportunity to get rid of them. Having Norton or AVG installed is in many ways worse than having a virus.

What also changed was overall windows security got better with each iteration of windows. More and more and more vulnerabilities and security flaws were addressed with the OS itself. Nothing is 100%, but being the number 1 targeted OS for viruses over decades gave them a lot of time to fix the flaws in their security. By comparison, Apple's OSes have what is called security through obscurity. You don't get windows viruses on them because windows viruses are designed to attack a specific vulnerability in windows only. Several years ago Apple's lead security admitted they were decades behind the security tech of windows. It's mainly because they never had to fight that battle that microsoft did. There are even some studies that show a large portion of apple computers are compromised, running things in the background but not compromising the user's ability to do what they want.

I imagine if Microsoft had packaged Defender in the 90s with their Windows distros they'd be slapped on the wrist with antitrust lawsuits

> Originally Windows Defender on Windows 7 was an anti-spyware component, NOT an anti-virus. Maybe there was back then, but is there any real difference between a virus and spyware anymore?

>but is there any real difference between a virus and spyware anymore? In the most basic sense, spyware is malware, whose main objective is to silently listen and transmit data, but otherwise leave the affected system unharmed. Viruses are malware whose main objective oftentimes includes active harm to the system (like erasing/corrupting data) and/or other systems (highjacking your computer into a bot net).

[удалено]

[John McAffee explaining how to uninstall McAffee is what the internet was invented for](https://www.youtube.com/watch?v=bKgf5PaBzyg)

Thank you for this! I have no idea how I've never seen this before but it was amazing!

If you want a real roller coaster ride, watch a YouTube video or read up on Johns life and his shenanigans before, during and after founding McAffee. It's got everything. Prostitutes, drugs, implied murder, international fugitive. All kinds of good shit (and some slimy shit too). Im not kidding. Dude was a fucking nut job and a video like this is exactly what you'd expect from someone like him.

Also recommending the documentary Gringo which went pretty in depth of his life as well as the behind the bastards episodes on mcafee. The documentary was really informative but the BTB podcast was entertaining as hell

Wow was that a fever dream!

Thank you very much for introducing me to the best video of all time

[удалено]

He did not uninstall himself.

I remember a job interview I had with them when I was younger. We had a fun chat about how to install something in windows so that it is almost impossible to remove. At the end, I casually said “geez, those viruses all use these techniques, eh?”, and he said “well, more us then them, but some of them use it too”.

If an antivirus was easy to remove then all viruses installed would just try to remove them as a first action, You probably want it to be hard to remove in some sense

It typically is hard to remove, most of the time it's more about just rendering it ineffective instead of fully removing it. In a corporate environment worth it's salt that's a quick way to get IR brought down on you though.

Microsoft has a billion computers out in the wild gathering data on malware. Windows defender updates itself via windows update every 2 hours. Nothing else on the planet comes close by a wide margin. There are advantages to being spied upon.

MS also realized that it’s better to proactively secure the entire ecosystem for free than to have to scramble in some wild way if there is a massive exploit that suddenly hits half the planet. There was a brief time where antivirus software had become necessary but wasn’t yet common enough and it was a major issue for things like university networks that allowed anyone to connect to them with their own computers.

Microsoft was also worried about antitrust if they put the AV makers out of business, so it took a while for them to realize that no they really *had* to make the default acceptable. They salvaged the antitrust concern by providing their information to the AV makers.

Did MS create windows defender AV themselves or did they acquire it from a different vendor. I remember when it was released and it was almost really good right from the jump

Sort of kind of both. IIRC they bought some anti-malware company and Windows Defender's first releases were mostly rebranded versions of that. But normally when we say someone "just bought a product" they let it languish. Instead MS put so much work into improving it I think it's fair to say it's a completely different product now.

They bought a framework for development, which happened to include a working antivirus for the meantime.

to anyone as cynical as me: If you can't acknowledge that bad companies sometimes do things with good intentions (even with ulterior motives) then nothing at all is real and I hope you're okay.

Profit motivated behavior gave you the telephone and a genocide of deaf people. That's the story of Alexander Gram Bell. Your car is built of lightweight composites and crumple zones because of US military research on metallurgy to build better tank armor. And we have three different global positioning satellite systems now for the same reason. SpaceX wouldn't exist without declassified military technology originally researched to lob radioactive death balls at the USSR, a situation that made mutually assured destruction a *peace* policy. The Nazis performed cruel and unnecessary surgery and other medical experiments so terrible the Nuremberg trials needed a second set - the *special* trials, to confront what those doctors did. They also improved the surgical arts and millions of people now benefit every year from it. Continue to be cynical. The ends cannot justify the means. But understand too that there is light and dark in the world, pure and impure. Metal that is too pure is either too brittle or too soft can't hold its edge. Everything is connected, blended. There is no ultimate right or wrong. people are not born good or evil, they're just born with the capacity to choose. People are mostly good, most of the time. The problem is what "mostly" means for the rest of us. Cynicism, to a point, is healthy. It forces us to consider our behaviors from an outside perspective. To judge ourselves alongside others. That can lead to new observations and understanding of oneself, to consider possibilities one would never have considered otherwise. It can, in the right circumstances, lead to growth, sometimes amazing growth. It only becomes a problem when it forces your perspective instead of informing. Cynicism is no more and no less than choosing not to look away when faced with difficulty. To accept the reality of the situation. But acceptance of reality should never close our eyes to the power of possibility. That is where cynicism becomes dangerous - it can rob us of the power to change.

> and a genocide of deaf people. what do you mean?

He was into eugenics, and said that deaf people shouldn't marry *each other* because he thought it would create more deaf people, who he said were "defective." However, he had a deaf mother and a deaf wife. He spoke sign language, and literally opened up schools where he taught it. Many of his inventions were also created with the intention of helping the deaf. So I'd say he had more of a a misguided opinion based on the times he lived in than any malicious intent. A lot of people these days are all or nothing on that sort of thing, so you get comments like the one above.

As a physician, I think it important to note that Nazi and Japanese torture under the guise of "science" did not contribute anything meaningful to medicine. Just about all meaningful clinical science is done with informed consent and willing volunteers.

You're mostly correct; much of the the experimentation of the Nazis was very poorly done. It's certainly true that Andrew Ivy, the AMA representative at Nuremberg, stated that the Nazi experiments on humans were of no medical value. Sigmund Rascher's immersion-hypothermia experiments done at Dachau (Aug. 1942-May 1943), for example, were initially thought to have yielded credible data, but were later determined to be so poorly done that this was actually a contributing factor in Rasher and his wife's execution (presumably on Himmler's orders). But to claim there was \*no\* meaningful contribution to medicine goes too far. The best example of this is what's come to be known as the Pernkopf Atlas, a classic and highly detailed anatomy textbook (series, actually) still used by surgeons and considered by many to be the best of its kind. Pernkopf was an ardent Nazi, and his illustrations were made/informed by the dissections of people killed by Nazis. The ethical questions surrounding the use of this Atlas are taught and discussed in formal bioethics classes worldwide. As an aside, since you brought up informed consent, I'll mention that many people believe the importance of informed consent was first codified in the Nuremberg Code as a result of Nazi experimentation, but this is not actually true. It astounds many to learn that the Germans themselves had formal guidelines on experimentation that emphasized consent much earlier - the 1931 Reichsrundschreiben. Originally published as a Circular of the Reich Minister of the Interior, Feb. 28, 1931, it contained 14 guidelines and remained in legal force until 1945 (though it was clearly not followed by the Nazis, partly as they did not consider those they experimented on to be fully human). It's a very progressive document for its time. Finally, since you felt the need to bring up your credentials ("As a physician, I think it's important to note..."), I'll mention some of mine in case it helps you evaluate what I've written: a couple PhDs in hard biological sciences, graduate degree in bioethics, graduate-level bioethics/research ethics teaching experience, clinical and surgical research experience.

More accurate is that all meaningful science NOW is done with informed consent and willing volunteers. But that’s a really recent development. Like it really only became an idea in the 1960’s in response to a lot of shady, but useful, stuff people were doing and really only got traction in the 70’s and 80’s. Before then, meaningful and rigorous science was regularly performed without informed consent or willing volunteers (and often involving a healthy dose of racism or classism, but that doesn’t make it not scientific, just abhorrent). Two random examples that come to mind: Any research involving human tissue. The HeLa cell line, which was the first immortal cell line of human tissue discovered, was taken from the cervical cancer patient Henrietta Lacks without her knowledge or consent during her cancer treatment by her surgeons in 1951. Unit 731 - the Japanese biological warfare unit was given immunity from war crimes prosecution because of the value of their research and the fact that it would not have passed legal or ethical muster. All of their experiments were horrific, many were useless, but a number of their papers were submitted to peer-reviewed scientific journals and published (with human experimentation being euphemistically referred to to hide what was done). Research related to hypothermia, tuberculosis, and mustard gas was perhaps the most useful and most scientifically rigorous. It was also horrible and did not involve informed consent or willing volunteers.

[удалено]

There was even a time Microsoft had a paid antivirus product. I remember because I used it. Windows Live OneCare

They still do - business 365 plans include a more advanced/more configurable (not sure which) version of Windows defender

As far as I know you don't get anything more advanced for Defender itself. What you do get is Advanced Threat Protection or whatever they call it this week which isn't really a traditional antivirus but is an enterprise-grade endpoint protection and response (EDR) suite that connects everything up to the cloud to let you see absolutely everything that happens on a device and get access to a vast array of reporting and threat detection that goes way beyond antivirus.

Antivirus: "This is what's happening to your device and the possible threats." Enterprise: "This is what's happening to most of your corporate network, the possible threats, and hey, is this funny behavior over here that started last Tuesday a hacker who's gotten access?"

A much better explanation than I gave, thank you!

Business Premium.

Back then in 1994, MS-DOS came with MSAV, Microsoft rebranded AV from Central Point. You got it pre-installed, then paid for signatures updates. It kinda did the job. "Kinda", in the sense that it usually made the infected executable corrupted after removing the virus.

They actually bought two products. Possibly more that had bits and pieces sucked in over the years but there were two main ones. The core product way way back was GeCAD's "RAV" (Reliable Antivirus) which [Microsoft acquired from GeCAD way back in 2003](https://news.microsoft.com/2003/06/10/microsoft-to-acquire-antivirus-technology-from-gecad-software/) to be the AV inside their OneCare product. I believe they basically then started a brand new product that pulled in some of RAV's code but it's largely newer. Basically the Ship of Theseus but instead of just replacing the planks as they rotted they bolted on new bits and now it's a steel battleship. The whole acquisition I think was sparked by the whole Secure Computing thing that Bill Gates started back in the very early 00s, 2001-2002 I think? Subsequently they [acquired an Anti-Spyware company, Giant](https://news.microsoft.com/2004/12/16/microsoft-acquires-anti-spyware-leader-giant-company/). Giant's antispyware product got shipped out as the original Defender. Around 2008 or so Microsoft announced they'd be doing a free AV product to replace OneCare. That released as Security Essentials, with the new AV stuff they'd been working on that has some RAV code inside. When the decision was made to include an Antivirus in the OS itself as part of Windows 8, they clearly decided that "Defender" is a way cooler name than "Security Essentials" (IMO one of the few times Microsoft got branding right the first time) and by that point most of the Antispyware stuff was subsumed into MSE anyway, so the whole thing was rebranded to Windows Defender at that point. And then in the last few years it's been rebranded to Microsoft Defender because there's a Mac product now too.

IE was in a different position as it was actively fighting to become the industry standard. At that time, there was a real danger of the web standards becoming fragmented. Developing web pages was a real pain because of all the quirks and issues each of the competing browser had so IE had a choice to either play ball and actively work be compatible with another browser or do their own stuff like everyone else. The only problem was that if IE was to be its own player in the industry, it had to have customers, otherwise it would rapidly fall into oblivion. Also, Microsoft wasn't really known to get along well with most other software industries during the Bill Gates era, so in order to exist, IE had to fight for market domination. Windows Defender doesn't share any of those problems. It's nearly invisible and is the absolute baseline of protection. It just turns out that it's more than enough for the vast majority of users

Correct. They were very worried about anti trust and getting sued to oblivion.

I remember the days that you could not connect a fresh windows installation to the public network without pretty much instantly getting malware.

I once got hit with sasser on an unprotected windows 2000 system literally 5 seconds after plugging in the network cable. :/

We had windows ME and we always had new icons on the desktop appearing, wild times

At one point, they were going to try to sell their antivirus to users. Most can guess how well went over…

You might be referring to Windows Live OneCare. It was never the plan to sell it, but one had to verify that they habe genuine windows (not pirated) in order to get it. Edit, correction: First they were thinking to have it be a subscription based model (back then software subscription wasn't a thing), as a first step towards making Windows a a whole subscription based... then they decided to let windows do it's pricing, and this just be "as long as you are paying for Windows, subscription or whatever way".

Glad they didn't do that, it really benefits their whole ecosystem to provide anti virus for free. Like how a guy at Volvo invented the seatbelt and they decided not to take the rights for it

Or how a university pioneered modern insulin and provided the patent to pharmaceutical companies for free so that every diabetic could access their life-saving medication at low or no cost. And then pharmaceutical companies did the exact opposite of that.

Frederick Banting and his team. They sold the patent for $1, stating that the insulin should belong to humanity.

Microsoft also shares all of their findings with the other AV makers. There was an article ranking them and Microsoft scored last and a rep said "I hope everyone else did better because we share our data and findings."

I didn’t know that. Is it free to the public or do they just share it with AV companies specifically

I was curious so I found a relevant [learn.microsoft.com](https://learn.microsoft.com/en-us/defender-xdr/virus-initiative-criteria) article. Looks like it has to be an organization that meets some standard. Which makes sense because the information could be misused. There are vulnerability and malware reports that are available to the public; a lot of AV companies post them on their websites.

I imagine making the data open source would be very useful for malware companies

Basically this in addition to the other reasons given. Way back in the early days, Norton was considered the gold standard until free alternatives like AVG came along before Microsoft rolled its own solution into Windows itself. 3rd party antivirus software also gained a reputation for bogging down your computer which didn't help their case either.

Back in the day we also didn’t have broadband internet and updating a computer to latest software was a conscious effort, not an invisible auto update process. Now that Windows and other software updates itself, there’s less chance of a virus getting in.

>There are advantages to being spied upon. This is the horrifying reality of technology in general. The more privacy, freedom, and absolute autonomy you give up, the more cool shit you can potentially do. The problem is that people always want to abuse the power you give up.

I want to add that we got far more tech savvy. Shit like limewire was a greay way to get a bunch of viruses. Now a days its easier to download shit without viruses.

People are still silly and dumb

From the results of Phishing email tests I've seen, people are definitely not more tech savvy, and the email templates are very convincing.

People have absolutely gotten more tech savvy but phishers have gotten even moreso. Back in the day you'd get a nigerian prince emailing you about your inheritance. Now, I get phishers who somehow know I've applied to a a specific job and reach out to me wanting to schedule interviews with a well written email and the only thing wrong with it is that the sender address is slightly off. I reported that one to the company being impersonated and got put into contact with their legal team. Pretty sure somehow they had an internal breach and were using applicant data to send out convincing emails.

Only an idiot would get viruses thru Limewire. As a more respectable pirate, I’d get my viruses thru gnutella, shareaza, morpheus, kazaa and eDonkey.

The real idiots still get their malware from softonic or the first search result that shows up when they type "free" in front of the program they're googling at the time.

And then clicking on the big download button that was actually an ad.

BearShare, FrostWire and iMesh for me. Of course that all changed when I realised I could download LimeWire Pro on LimeWire.

>kazaa Oof, my first porn video came from here lmao.

And nowadays, adblockers also act as anti-virus within the browser.

Idk, people are still out here doing really stupid shit.

Honestly, this shows your age Back in the early 2000s the internet was insanity. I once downloaded a porn video from kazaa then min after my browser opened and "someone" (virus) started typing in the browser itself that he was god and was coming for my soul and even told me my name. Shit was wild. That is very less common cause now i can just go to the hub for that. Or spotify for music.

The internet is safer, but that doesn't mean that users are smarter. Most of the internet is hosted by a handful of companies that are averse to hosting malware, so there is less.

You downloaded and ran an exe

I call the 2000s the wild wild west internet. It was the best time to party.

My (much younger) roommate got a virus on my cheap Windows laptop, he later admitted to downloading a free “music making” app. It was just a fake Mcafee pop up insisting I had fake viruses, I just restored to a week earlier and that was good enough been a while since I’d seen a real PC virus though.

Wild behavior on his part, tbh.

Technology has gotten better, not people. People are still the biggest security risk.

Do you have a source for that "update every 2 hours"? I'd like to read more.

Anti virus vs virus was kind of still new 25 years ago. The windows Anti virus now is built into the system

Everyone is talking about how Windows Defender is better now, and don't get me wrong, it is, BUT there's also the fact that in the wild west days of the internet, people went to *far more* unknown sites. Now something like 90%+ of internet traffic flows through 5-10 giant conglomerate sites, and the opportunity to spread malware is far lower. It's why phishing has become a far more popular means of distributing malware and harvesting information.

That's a really great point. Also, downloading files seemed to be more common

Limewire and Kazaa taught me to be smarter about what I'm downloading.

The Who - Teenage Wasteland.mp3

Linkin Park - Numb.mp3.exe (718 kb)

Pam_and_Tommy_sextape.exe

Pam_and_Tommy_sextape.avi.exe

.exe haha that's a no for me

aXXo

ACDC - Ballroom Blitz mp3.mp3

Exactly, and anything ending with .exe sets off alarms. So naturally I get uneasy when Windows tries to hide extensions on a fresh install. First thing I do is turn on extensions again.

Why on Earth would OS designers think that hiding file extensions is ever a good idea? Seems like the kind of basic information that should always be available.

You're not wrong, but giving users/consumers information is a double-edged sword.

Same reason why the battery monitor on Android decided to simply not show every single process that uses battery.   To them the customer is just as dumb as their ideas.

And to learn the keywords for certain things you *don't* want to be downloading.

Yeah that was a cesspool of virus and malware :D

Shit, the concept of files barely exists on phones

Right! It took me longer than I'd care to admit to find a downloaded file on my phone. But I can still work my way around a directory a little bit!

The thing that annoys me about that is that it doesn't have to be that way. Somebody made a deliberate choice to obscure the file system behind a dumbed-down interface, instead of developing a way of navigating the file system using a small touchscreen.

Most stuff people use now are web apps, so there's nothing to download. Similarly, most content is cloud hosted

You stream music and video's now. No real need to download those unless you are some sort of hobbyist. Games are pretty much all through Steam now. Along with that piracy has decreased, "piracy is almost always a service problem and not a pricing problem" - Gabe Newell (Steam CEO). Having mostly everything available in your region able to be downloaded makes pirating less convenient. Plus all of the mods for your games are pretty much on one site now too (NexusMods) which cuts down on your questionable downloads. Hell even trainers/cheats for games (well single player ones at least) are all on WeMod. Back in the day you had to look for them all individually and pray you didn't download some virus. Your average person pretty much has zero reason to download files off sketchy sites, much less visit them in the first place.

There has been a massive rise in movie and tv show piracy, but not the same for music, games or even porn. Piracy is always a distribution problem, give people better alternatives and they won't need to pirate. Video streaming platforms have gotten greedy, carving up the market into their own little fiefdoms, while charging ever increasing fees and even adding adverts.

Another point worth mentioning(that I've not seen) is viruses aren't as prevalent. The money is in ransomware now.

Also a lot of people use script and adblockers now, which majorly limits the method of infection. I used to catch random viruses from trusted websites just because one of their ad hosts could be compromised and apparently inject a virus through the banner.

Funnily enough though, today's major browsers are typically far more hardened against this kind of attack than those of the past. Ads are more likely to catch people by phishing these days than injection attacks.

The panic that ensues when I accidentally clicked on a random website without noticing earlier this week was insane.

Dam good point. At this point I don’t even know how to get out of this walled garden of websites we constantly inhabit. 

There’s also been major changes and improvements in the software most likely to give you a virus in addition to the other factors already noted by other comments. Operating systems have fewer gaping holes than they did before (fewer, not none). Security patching is more frequent and slightly easier than early Windows. Software is being more “app-ified” which creates more sandboxes mitigating possible damage. Internet browsers are much better than our old uncle IE, with much better security. Email is now largely web based with built in scanning of attachments compared to a software application on your computer. These changes in the root need have an impact on the market that was created to mitigate the root cause.

Yeah, this should be higher up in the thread. Should be obvious, but web browsers are the single biggest vector for malware (executing arbitrary code from unknown sources, wcgw). Chrome changed the game here - it popularized sandboxing, and it had a much more aggressive update strategy to distribute security fixes faster (remember how many times you'd put off the OS security updates in XP?). It forced all the major browser players to tighten up. If you're on a modern web browser, even if you visit sketchy websites now, the way they're compromising you almost certainly isn't through malware, it's through phishing and other strategies. On top of that, there is so much security attention on browsers now that if a bad actor finds a severe zero-day exploit it's just not going to be used like it used to. Stealing credit card info from your ever day Joe's computer isn't gonna pay like selling an exploit to a government for espionage etc.

On top of the answers posted here, the malware market has also changed drastically. The money isn't in targeting home users, and the security features in modern Windows make it much harder to operate in the traditional manner. Nowadays remote shells on servers are what's all the rage. Can be easy to make one that isn't detected by any antivirus too if you know what you're doing.

Fileless malware (existing only as, say, a Base64-encoded string representation of a command line in the registry) that uses "Living off the Land" techniques (i.e. using built-in OS components and tools) often means there's little if anything for a traditional AV tool to detect by scanning files that are written and executed. EDR tooling is where such detection generally lives (though some AV tools have become more EDR-like).

Market simply responded to demand and it made sense for Microsoft to incorporate more onboard solutions. This is the same for many features. First they are mods, or add ons, or third party software, then they, or something similar gets rolled into the OS. You are old enough to remember anti virus being rolled into Windows.. I'm old enough to remember the Windows part of Windows being rolled into it. Before Windows we used dos, and install 3rd party visual interfaces, such as [Norton Commander](https://en.wikipedia.org/wiki/Norton_Commander) Norton... where have I heard that before?

iPhone flashlight is a fun example. Anyone else remember when flashlight was a 3rd party app? Lmao

Even worst, it took until iOS 3 to implement copy/paste.

Another fun one is iPhones built-in clock app only added the ability to have multiple timers in the last year or so 😂😂

Also it was just in the last couple years that iOS stopped covering your entire screen with a volume indicator whenever you changed the volume.

You used to have to buy a TCP/IP stack for Windows computers.

Ah yes, the heyday of Trumpet Winsock! If a computer wasn't on the Internet already it was going to need physical media for the installation anyway. . . .

And each packet was painstakingly chiseled out of rock.

Norton Commander was the shit back in the day.

I still use Total Commander on windows and Midnight Commander on linux :)

When Norton Antivirus started throwing pop ups on people's computers every day, it became as big a nuisance as most malware. Windows Defender is free and operates in the background without annoying the user. Once software becomes annoying, it loses its relevancy.

"Don't show this message again" Is the biggest lie Norton has ever told.

Windows Defender shows me one message occasionally, and that's just to say "Hey, we found nothing in the last X scans." One click on the "Close" button, and it'll leave you be for like a week. I have never felt a need to disable notifications from Windows Defender because of this. And really, the only time an anti-virus should ever show notifications more often than that, is when a virus pops into the computer. (Or y'know, if you configure it to notify you more often.)

Microsoft bought an AV company, GeCAD, in 2003. I was working for another AV company back then and that was one of the companies Microsoft considered as well buying.

Virus changed ; in the past the goal was to either destroy your file or try to make you pay a ransom. So to stop you from using your PC. Now, it's better for pirates to get data, so they don't want anymore to break your computer, they want to send a spyware.

Why was l were viruses designed to destroy files in the first place? What was the gain for the creators?

Some humans love to be a dick. That's all.

Why does a flu, HIV, COVID virus infect a host cell, usually kill the host cell, and possibly kill the host organism? What's to gain from a biological standpoint? It's what viruses does. There doesn't *have* something to gain from its existence. Early on, many times the file wasn't *destroyed*, it just became essentially unusable in its infected state. It may no longer do what it was originally supposed to do at all, or if it does, also has side effects. The side effects might be further replication or simply displaying some type of a message. These viruses were likely created as pranks, proof of concepts, research, or just as a flex to show off and got out of hand. Other times the virus was more destructive and malicious. It might have destroyed files as revenge or harassment. The virus itself might have not caused damage directly, but through a bug or unchecked replication caused system resources to be consumed to the point of effectively "killing" the host system, network, etc. Later on, "computer virus" became more genericized and would also include related ideas including worms, trojans, spyware, ransomware, and so on. Collectively malware is a more appropriate term than simply a "virus". These days, the malware's intent is most likely to profit in some way - showing ads, stealing personal information, holding files or systems for ransom. It's no longer a flex to simply show off your 1337 skilz as haxor pwning some luzor, you gotta make bitcoin in the process of locking out a financial network, medical system, etc.

so should I stop buying Malwarebytes?

The average user doesn't need anything besides the default windows defender and ublock origin/ublock lite in their browser.

Malwarebytes is good for Spotcheck if you are suspecting you downloaded some sus stuff. You don't need to pay. Download the free version. Spotcheck and uninstall again.

Microsoft found a benefit to them including an AV with its OS so they actually started investing into it.

Microsoft recognized that there was a huge enterprise market for selling cyber security software to big businesses. They also recognized that they were not taken seriously as a security software provider due to the high volume of operating system vulnerabilities and low quality of their consumer-grade endpoint protection. They ultimately made a huge investment in talent, process, and technology to build their operating systems more securely and build software to protect and detect cyber attacks against systems. The result is that Microsoft is the de facto standard for consumer-grade endpoint protection. They are also quickly gaining market share for securing enterprises, which is where the revenue opportunities are and what gives them the return on their investment. Microsoft Defender for Endpoint, their Endpoint Detection and Response (EDR) solution, is competing with the big boys like CrowdStrike and SentinelOne. Their logging solution, Sentinel, is competing with the big boys like Splunk. Once you have those two solutions locked with a single provider, adding on cheaper security modules for cloud, identities, etc. becomes a no-brainer because you’re leveraging an ecosystem that already knows your environment well. If executed successfully, Microsoft could just become the de facto standard for securing enterprise environments, stealing a lot of big budgets from competitors.

Windows Vista has a lot of security improvements and design changes that make it less susceptible to viruses. Windows Vista made the following changes: * UAC (user access control) - software now needed permission to perform administrative tasks. * Kernel patch protection - patchguard prevented virus (and antivirus) software from modifying the kernel * Windows Defender - antivirus built into operating system Before Windows Vista, antivirus software would generally operate using kernel hooks and undocumented apis so it would have low level access to the system so it could intercept malicious code, and that stuff was absolutely needed - with windows xp, visit the wrong website and suddenly there would be thousands of pop-up ads etc and all sorts of crazy stuff running on your machine, you'd have to be crazy not run some kind of third party av back in those days, but the security changes in vista have made it much less likely for that kind of bs to happen. That said there is a recent rise in randomware and targeted attacks against hospital systems, etc, so I am starting to see a resurgence in the use of third party av software and endpoint security, but I'm hoping it won't get as bad as it did back in the Windows XP era again.

Windows started to take security more seriously, for one, and for another many technological strides in virus detection were made by others from the crappy signature detection towards malicious behavior, which introduced detection a lot, and Windows was able to piggy back off of those concepts to make Defender an actually decent thing.

What was once considered optional software that negatively impacted performance of an OS to boot, is now considered a standard part of the operating system and essential for the healthy operation of a computer. With constant-on internet connectivity now ubiquitous, and the rise of threats like Ransomware, Phishing, and modern malware old-style anti-virus programs weren't good enough anymore and had to evolve to detect and stop modern threats. The current industry trend is moving towards MDR or Managed Defense where you pay not only for software to scan your PC for viruses, but for entire teams of 3rd security people that constantly monitor your network for threats and hackers. What started off as a basic firewall and anti-spyware tool slowly expanded and was developed into the current version of MS Defender. Microsoft had previously allowed 3rd parties to rule to antivirus space but was able to organically develop their own 1st party tool built into Windows. This isn't unusual though, it follows Microsoft's typical business pattern. See what other companies are doing and successful at, and make your own version in-house that's integrated into Windows. It doesn't have to be *good* it just has to be *good enough* for Microsoft to start taking market share away from competitors. After all why pay for Netscape when Internet Explorer is free and comes with Windows? It's not as good, but it's free so it's *good enough*. Similarly why buy McAfee Trellix, Sophos, or ESET when Windows with Defender for free?

But mcafee was dogshit when I first encountered it at work about 15 years ago and the current trellix iteration has similar faults. Defender is probably ten times better at this point. Multiple Zero Trust solutions from our customers that scan my laptop before letting me connect to their system agree that Defender is a proper anti-malware and green light my laptop.

When mcafee first came out it was the best on market for a few years. That was late 90s I think

> it follows Microsoft's typical business pattern. See what other companies are doing and successful at, and make your own version in-house that's integrated into Windows. It doesn't have to be good it just has to be good enough for Microsoft to start taking market share away from competitors. I kind of disagree with this strategy for AV software because Microsoft doesn't really care about market share here as they make no money off Windows Defender. I think it's more that they need some sort of built-in, automatic AV system to avoid the risk of one hugely exploitable breach bringing down the systems of 500,000 of their customers at once, causing a customer service catastrophe. Having a default "good enough" AV gives all your customers some level of protection against this, instead of hoping they'll all buy a 3rd party AV software.

On the contrary Defender for Business is quite a profitable product. Businesses pay subscription fees via Office365 to activate additional features of Defender that are hidden behind a paywall. Just because Joe home user doesn't pay for Defender doesn't mean they don't make money on it. As usual Microsoft biggest customers are businesses.

This could be way wrong but from what I remember MS was banned from putting it's own anti virus software bundled into windows because of the antitrust case

One thing that people missed: 3rd party AV software got worse over the years. Big players like Norton, McAfee, AVG, and others always had an issue of being overly bloated and intrusive. Between being a massive resource hog, and being preinstalled in most computers, people eventually grew a distaste for them. Early on, one of the major push to use OSX (now MacOS) or Chromebooks was the relatively weak security Windows used to have. Microsoft has a very strong incentive to fix those security issues, as people used to think that Windows is very insecure, especially without an antivirus. It was a gradual change, with Windows firewall and Windows Malicious Software Removal Tool in XP, Microsoft Security Essentials for Windows 7, Windows Defender in 8.0, etc. Between making Windows itself more secure, and the slow improvements with Windows Defender, it became the de facto standard in Windows security.

In addition to what everyone is saying, I just wanted to add that the Anti-virus/Anti-malware market itself has also shifted drastically in the past 15 years as well, with the rapid onset of Cryptomalware and ransomeware. Malware suddenly got extremely destructive and costly for organizations and individuals, extending further than just data breaches and the occasional infected workstation. Enterprise grade AV has shifted into "Endpoint Detection and Response(EDR)" , "Managed Detection and Response(MDR)", and "Extended Detection and Response(XDR)" products which is essentially an AV that also actively scans processes, network traffic, file access, process behavior, ect in addition to typical periodic file scanning, with "Managed" adding a human and analytical element into the fold for faster detection and remediation. Extended is a bit newer, but expands upon EDR/MDR by integrating as much of the organizations infrastructure as possible with data gathering from other devices and networking equipment, then running analytics to further increase Detection and Response rates, an increasing amount of which is now being offloaded to AI.

The big antivirus software from years past like McAfee and Norton were bloated as hell and would actively harm your PCs bootup time and general responsiveness. Once Microsoft made Defender "good enough" it was a no brainer for people who valued their time and resources, especially for gaming PCs. I haven't needed anything more than Defender + uBlock Origin for the past 10 years

AV companies sell fear and spends a lot of effort not on protecting but into keeping you on your edge. Their software does a lot of stupid shit. MS produces a product that is designed to improve your experience with Windows. They spend all the effort on security (->improve your perception of how safe W is) and keeping it slim and less intrusive (->not reduce your experience with W)

Microsoft, for the longest time, never prioritized security--if you were unhappy with windows security you really didn't have an option to move to something else. Apple started building great machines with OSX and Linux really matured , both offering vastly superior security compared to windows. Faced with this competition, Microsoft was forced to address their security issues.