Thought I would pass along a link to this article I was reading about third party antivirus solutions.
The opinion of the author would seem to be... stick with the native Defender product.
Windows Defender, while better in Windows 10 than in all previous versions, is still not up to snuff per
any independent 3rd party analysis. I believe the mean detection rate is somewhere in the mid 80% range, which is horrendous and inadequate [should be in the 99%+ range]
- This will likely continue to improve, and in maybe 5 years might be on par with other 3rd party AV companies as Microsoft has invested heavily in the past few years within their threat detection departments, building brand new facilities for those departments.
...from my experience, all third party software gets so bulky over time that it not only slows down the computer but lets known viruses slip through
Factually inaccurate... no software gets "bulky" overtime, however the user's temp folder can [%USER%/AppData/Local/Temp], nor does software that's been properly configured slow down a PC.
- Temp folder should be emptied daily in my opinion, and users can configure a task to do so via task scheduler.
- More often than not, a corrupted user profile is the cause of slow performance issues, which is easily tested by creating a new user, logging off the current user, logging in the new user, and testing to see if the problem still exists. If it doesn't, it's generally more convenient for the user to simply move their personal files to a new user account (I always recommend moving user data folders [contacts, documents, downloads, etc.] to a separate partition as it's more convenient in the long term), then deleting the older user, but not the user files.
- Once logged into the new user account, with all personal files transferred over, a user will need to go through the AppData Local & Roaming folders to find user files they'll probably want to save
- Outlook stores .ost files in AppData, OneNote stores its backups there, Notepad++ stores config files there, CompanionLink, Rainmeter, Stardock, and many other applications do as well; additionally, the user's start menu folder, Win X folder, and several other custom experience folders are there as well.
- It's also recommended to load the user registry hive into the registry to pull product keys and other custom info for applications stored there (PuTTY stores all its profile data and authorized keys there, Box stores it's user folder there, etc.)
Startup items should be disabled on non-essential applications, and a 3rd party program should be employed to do so [Task Manager is not sufficient, as it doesn't list all startup items], and user installed services should almost always be changed from Auto to DelayAuto or Manual [3rd party software, such as Windows 10/8/7 Manager from Yamicsoft makes this more convenient and less problematic for users since it separates user installed services from Windows services].
As to viruses slipping through, this is all on the end user and, in 99% of cases, a result of user error, is user induced [bad/no IPsec practices, inadequate research on Internet Security suites and which should be utilized and which should be avoided, etc.], and always avoidable. PCs have been around far longer than Android phones and people still can't seem to comprehend they need to not only download apps from the Google Play Store, but also verify the permissions of the app, so it's obvious the problem is users are lazy as a whole, consciously refusing to take 1 - 2hrs to educate themselves on basic IPsec practices and policies. You can lead a horse to water, but you can't force it to drink.
no AV can protect against the plethora of brand-new malware that gets distributed every single day, because all AVs are primarily signature-based
This is both true and not true... AV signature updates base detection upon known signatures of malware, however it's not the AV engine that protects againsts new, unknown threats, that's HIPS. Using HIPS adequately requires basic knowledge of what the typical actions and access of any program should be, and should an end user employ an adequate HIPS policy, there shouldn't be any way a general user should be able to become infected by new malware whose signature is not yet known.
- We're well past the point where people can simply allow an internet security suite to auto manage every part of it's rules without customization, as HIPS is extremely effective provided it's employed correctly by the end user. Basic knowledge about expected access behavior is a requirement since it can cause serious system problems, by blocking legitimate system behavior, should it be employed incorrectly by the end user.
- It doesn't require a computer science degree, simply 1 - 2 hours of research on basic IPsec education, and unfortunately too many users aren't willing to do so... to which I say, if a general user isn't willing to spend 1 - 2hrs educating themselves, and following IPsec best practices, they deserve to be exploited. Most exploits a general user nowadays will experience come in the form of phishing emails, malicious sites and adverts, cracked software & keygens, and foreign storage insertion without proper policies in place to auto sandbox the the foreign storage medium. You can lead a horse to water, but you can't force it to drink...
It's futile to fuss over which AV is better than which.
Between individual users, yes... between independent, 3rd party testing comparisons, no; and even that isn't always as telling as it should be. For example, I'm partial to Comodo [not 10, as it has some serious flaws that need to be hammered out], however it's hard to get a baseline on how Comodo compares to others since one of the major independent testing authorities, Virus Bulletin, and Comodo had a well publicized spat many years back, so Comodo refuses to allow them to test their software.
- It's also extremely misleading to consumers when they see brand recognition, such as Mcafee, as default options on OEM PCs, since Mcafee is horrendous and has been for at least a decade.
- Additionally, HIPS is employed differently by different products and some are easier and more convenient to utilize, whereas others are more in depth and require greater knowledge of the end user.
- Some products have extremely overly complex and confusing firewalls built into their internet security suites, however what many users don't know is Windows Firewall is extremely powerful, but not in it's default state. It would take ~3 days to properly configure Windows Firewall to be secure, at which point it would be more convenient for users to manage than a third party firewall since it's so intertwined with the OS (for example, even if you use a third party firewall, the Windows Firewall service still must run as it controls networking functions like sharing printers]
