After reading the comments, this video shouldn't be interpreted as "Everyone should delete Defender", but more for those that don't web browse and are obsessed with performance. Also, I'm tired of folks saying "Defender is good enough". Yes, its better than nothing, but if I were ever to "Break Bad" the first people I'd go after is the windows defender users. For Antivirus Recommendations: Free Alternative: BitDefender Free or Kaspersky Cloud (Not great for privacy though) Paid Alternative: ESET Antivirus ONLY (Affiliate Link: christitus.com/antivirus) With any Antivirus do NOT buy an internet security or anything BUT the Antivirus ONLY!
Too late, already erased defender alongside system32 ... Because I switched to Linux lol. Don't worry, I think some people just hear what they want to hear in order to be outraged, because this is the Internet. Some are just being tribalistic (someone said you said this just because you are a "Linux fanboy" lmao). Keep up with the good content and thanks for the clarification.
@@Peshyy No, I don't think so. You still have to use a YT account to post, which means that certain identifiers for your device will be collected by the website, in this case YT, which can then be matched with your account. In the end, there is NO privacy or true anonymity on the internet, if that is what you strive for. If security of your device is what is desired then install an internet security software (I use [paid for] Kaspersky Total Security) and be careful where you visit and what you click on and even then that is no guarantee of security. Unfortunately, that's the reality.
@@elbmw Joking aside, avoid Electron apps as those have access to your real device. If you are using a browser, use different browsers for different purposes. Tor Browser is best if you need privacy. Brave does enough to reduce cross site tracking. If you have an account then anything you do with that account is tied to you. You want them to have a good fingerprint of your browser so they can protect your account from fraudulent access.
I remember you said just the opposite in a previous video, something like "don't use anti-virus, it is not necessary, Windows Defender is already protecting you", or something down this line. I may remember wrong, or mix it up and it was yet another tech guru, but I remember someone argued for that. Now what? :)
What Chris says about Defender is true for ALL anti-virus software. Has everyone forgotten that Defender is a rename of the anti-virus software MicroSoft acquired? It's just one of many.
Microsoft Defender is original called Microsoft Spynet in 2004, because of conspicuous people Microsoft Spynet was renamed. Microsoft at that time took initiative for things Edward S would say in the early 2010's here are words of wisdom, it's an acronym. M.I.C.R.O.S.O.F.T. Murder Intimidation Corruption Rape Obfuscation Spyware Observation Fear Trauma i am sorry it's this way because what we tend to do is act on what they made us believe that way. I am sorry so sorry 😔
I used many AV programs in recent years. All of them (beside the price) have also one common disadvantage. They are intrusive. They show dialogs, windows, messages, alerts when IMO they shouldn't. Also, they have conflicts with other software. Various weird problems that magically disappeared when the AV got disabled. Always some performance hit. So - actually I find the Windows Defender as the least intrusive. I use it not because it's good (I guess it's probably not). I use it because it takes no effort. It's just preinstalled by default, preconfigured, not a single click from me is needed. Then - IT SITS QUIET. Yes, sometimes it causes some system slowdown - especially after downloading a big game from Steam or installing a big program. I can tolerate this. This suboptimal protection is still better than no protection at all. I'm a power user, I don't install just anything on my PC, I don't even open e-mails from unknown senders. Still, any small tool or even a document you download from even a trusted site can contain some malware and it actually happens from time to time. If not Defender then what? My requirement is the program must be FASTER (because the greatest flaw of Defender is slowness) and as QUIET / maintenance free as Defender. The only time I want to see any notification from AV is when a real threat is found.
Couldn't agree more. I have a fast CPU, 32GB of RAM and a fast SSD, so I have no problems with anything slowing down. And it doesn't annoy me. And I don't have viruses.
Same, i don't download crack's or open sus mails or weird stuff so defender is fine for me and it's not too intrusive like you said. Imo windows defender is as good as it's pc owner.
THIS. Also, every other antivirus I've ever tried have been absolute resource hogs. Even the so called "cloud" based ones that claim to be super lightweight.
Let's hope that people importing such a registy file from a random github are smart enough to notice or look for a RunOnce registry key to wget a malware file and auto run it. Registry key-files are not inherrently safer than a batch file that runs a script. They are just to easier enable/undo your changes. The code and files of defender are still on your system.
Would love to see this added as an option in The Ultimate Windows Utility. Maybe add a recommended, free, anti-virus to the programs in The Ultimate Windows Utility.
I certainly don't miss having to deal with registry hacks in Windows. I left that behind for Linux in 2005. In tech support we called "scorched earth" "Nuke and Pave"...lol
@@parkman29 What's the point of having a registry? All software store their stuff in it and once you uninstall them, they leave their junk there and it slows down Windows. CPUs have gotten faster so that hides that fact a bit. The registry is a single point of failure and it looks like Windows is not able to recover from it.
@@louistournas120 Programs on Linux also leave behind configuration files in /etc and in ~/.config after you uninstall them. Even when you tell your package manager to purge the program, it does not remove everything. While I like the point about Nix, Nix’s config file is very different from the Windows registry. Sure, both of them exist as files, but on Windows, everything uses the registry constantly. So yes, the system could get slower with more garbage to parse. That is why a tool like Revo Uninstaller is so useful, as it cleans of the registry after uninstalling a program. As for the single point of failure bit, that is just poor design of Windows. Microsoft seems to have no interest in shipping an actually filesystem to users. ReFS is a BTRFS and ZFS competitor that Microsoft created, but only enterprise users can make use of it, and only for plain data drives. I make no attempt to defend Microsoft or Windows-I don’t like this behavior either. However, things are a little more complicated and nuanced than we sometimes give them credit for. From my understanding, “nuke and pave” refers to reinstalling the operating system. I suppose it could refer to getting rid of an antivirus and replacing it with another. The key is to both nuke the thing that’s done and then pave it over with something else.
@@OcteractSG I see. I suppose what should be done with these naughty Linux programs that leave behind files in .config and such is that when you install them, they should inform the package manager that during uninstall, it should look for certain files in certain locations and if they are found, they should be deleted. These are always easy to solve if there is the will to solve them. It seems to me that most of the time, the programmers are lazy (The Windows world) or the programmers treat the end user as an administrator (Linux world).
For me Defender is all I need, I just boot to Windows so i can play Tarkov, 97% of the time I'm using Fedora, never had any problem with it besides one miner that destroyed it few years back.
Chris, App control and XDR are features of Windows Defender Enterprise, you can control cloud apps, application prevalence and have alert and custom actions trough Cloud App security (Recently renamed to Defender for cloud apps). Thats great that some people talk about these scripts, but in a fully managed Windows Defender Enterprise the registry keys will be locked down and changes will be ignored.
Thank you, I was about to say this. To elaborate on this, it will send security alerts back to your SIEM. I think this is an example of a sysadmin who may not know how powerful Defender has gotten over the years. Its not an insult towards him, he's on the otherside of the house and isn't focused on that area.
Yes, this is definitely true and it’s unfortunate Microsoft doesn’t give consumers this same ability. It still does not score as well as CrowdStrike, Cortex, and GZ in MITRE evaluations. And just overall from experience both of these are more effective solutions to stop ATP ransomware deployed by nation-state actors than Defender for Endpoint.
indeed, defender for endpoint gives red teams a run for their money these days. defender is now an umbrella of products, endpoint being 1 of them and cloud apps which you mentioned being another. would be nice if it wasn't locked behind the E5 flavor of M365 to get more people onboarded.
@@diabilliq Defender for endpoint P2 license, MS engineer said you can have up to 5 devices per license. However licenses are applied to AAD users.. they are not deducted when I onboard devices.. which is odd....
That's because it does nothing... Absolutely sits there giving you the illusion that it's doing something but it is not! I switched to Linux mint 4 years ago, no need to run antivirus always updates for security and I still game as usual.... Life is swell in mint land.
@@susantompkins8810 Linux is great. I too use Mint at home. Unfortunately a lot of us are tethered to Window$ for enterprise reasons. A lot of businesses run on Micro$oft. Hopefully - virtualization via the cloud will take care of a lot the desktop problems I see everyday.
This is another interesting update on your thoughts on Windows Defender, following your video from a month ago, “Why I HATE Windows Defender” Disabling Windows Defender and/ or Enabling it, featured in your early Debloat script utility things, but did not feature in more recent ones. It will be interesting to compare the PowerShell script in those early things with the info in this video and in the other places you referenced. A lot of good insights, heads-up, and learning potential here, IMO.
Its wild to me that tech youtubers will say that Defender is great and totally fine to use by itself, and then other ones that say its a waste of space and to get it removed. Who am I supposed to listen to???
The tests I saw, it depends if Defender is working relying almost totally with online stuff or locally. If you allow all the online stuff, is powerful (less privacy of course), like other AVs, because it's using server databases and a sort of "defense net". If you use it only locally, well... That's when you are totally screwed. Other AVs, with local updates and other detection technologies, respond much better with only local usage than Defender. The tests that I saw was with the same trojans and malware in different AVs with online capabilities on and off, and the results.
Also the statement, "Defender will not catch as much Virusses as any other AV product, because it is more widely used" is utter hogwash. Defender reports directly into Microsoft's SOC environment in Azure, and Microsoft has invested probably more than all the other AV vendors combined in Machine Learning and Heuristics, knows their OS code better, and detects vulnerabilities quicker than anyone else on the planet currently. A typical strategy if you're looking to exploit a system / environment is to reverse engineer patches after Patch Tuesday, as reverse engineering a vulneability and attcking unpatched machines is easier trying to get to vulnearbilities by yourself. If I were to write a virus, I would rather target a smaller group / AV products and go undetected, than having to go up against all the compute in the defender backend and risk my code being flagged as suspicious and then shared with the smaller AV vendors. There are security individuals, that know alot more than Chris, that would tell you the same. If you dont want to beleive them, there is a reason why Microsoft has been in the Gartner Magic Quadrant with defender for the past 2 years.
I get why you would want to disable defender in a performance oriented pc, or some minimal single purpose pc with no internet connectivity... but i wouldnt advice disabling AV software for online gaming like you did, i know it can be annoying and defender is not the best but online games can ave security vulnerabilities, dark souls multiplayer and log4j in minecraft as very recent examples. So yeah, even if theres little reason to worry about an attack the probability is never zero, dont play online games without some level of protection, offline games is ok tho.
@@RTBGG Listen if you use any third party av it will be slower its just reality, i tried literally 10 of them, compared to built in even though defender can be annoying others are even worse they are just more a hog than defender.. and if you dont trust me try it by yourself.. best xp is your own xp
@@archpenguin6646 Just be sure to prevent your VM from getting to shared drives, of course. If you're like me, you use a component in the VM and then throw it away. I know some bad actors have actually coded to detect a VM and remain dormant (i.e., show zero malicious behavior).
@@hellhound320 Yep - allowing any third-party software to hook into your kernel is a bad idea. Organizations sell out during take overs and care zero-day about trusted relationships. Freemium options are the worst.
Kaspersky was at one time the elite, performance AV.. which is what defender is .. now over time there has been updates the issue comes to what our hours they work.. it used to be based on hashes now they all use heuristics. Nothing is perfect but from accuracy/performance trade offs.. none is perfect but I can't advocate any current third party offering over defender. It's also cloud based which means a more machines get infected, the more the system learns.. unfortunately some will systems will get infected below the radar but eventually every other system will be protected.
The question is why would you do that? Any modern security system does disable the Windows Defender (actually windows sees you’ve got another security system and let the other program to take the responsibility) and completely get rid of Windows Defender is actually not really smart even tho you only play Steam games on your machine.
@@AztekUR if we’re talking about newest versions of windows 10-11 I’m kinda sure it does not really run in background. They’re some tasks run in background these have almost no impact in performance of the machine in any way.
I was using other ways to disable it. In any case, it's not a bad antivirus for anyone who doesn't stray off the beaten path. In my case it was removing files from useful software, and Microsoft didn't even bother to properly implement the restore button for quarantined items detected as "threat", only through command line. For example it was removing IDA, which is an important code forensics tool.
@@seangraylin If an MSP has all of their users across their tenants licensed for M365 Business Premium, you get Defender for Business included with that. You can then use Microsoft Lighthouse to view all threats and risks and take many mitigation actions without having to switch between different M365 admin centers.
@@victorytechnology I personally haven't used lighthouse but a few of my colleagues have and I think the opinion at the moment is that it is still lacking for now. I'd need to ask why specifically this is as like I said I haven't looked at it myself.
Microsoft Lighthouse is definitely lacking! But it’s getting better every month. It now pretty much includes all the security data that you need across all of your tenants with eligible business premium subscriptions except for vulnerability monitoring and management. You still have to login to the individual tenants security center for that. I suspect that will be coming in future releases. You can even deploy Default security base lines across all of your tenants with it. Although they are not as beefy as the security defaults that you would find in Microsoft endpoint manager.
Today I disabled Defender's real-time protection in my Windows 11 22H2 VM and, to my surprise, it still flagged a certain file. How is that possible, Microsoft!? When I disable something, I want it disabled. 100% disabled!
Well not for nothing, a lot of the commands used to disable Defender could easily be turned into a security alert itself. At home, I can definitely see how dangerous this can be but when it comes to enterprise Defender is basically becoming a defacto standard in the industry and these kinds of tactics could easily be caught with proper monitoring or logging. Also, not for nothing but any other AV also could easily be targeted using similar techniques. It's certainly an issue though, especially for home users lacking any active monitoring, so thank you for raising awareness!
Personally I don't use defender anymore since a hacker bricked my PC. The virus turned off defender and deleted my backup points. The PC was in he shop for 2 days and all data and programs was recovered.
His advice with github and unknown code is why i use it in VMs. The host is to important for anything to get in. Github has useful projects and with VMs i can just make a virtual environment tailored to the project at hand. Windows Defender is useful as buying dozens if not hundreds of product keys is expensive the other way is to buy a bulk license key which most anti-malware providers don't sell unless you have an active contract with them. Most don't like VMs used in the way i use them in as it reverts back everything done to often.
I’m always very suspicious of videos like this. Who’s he being sponsored by .. kaspersky? I’ve never had problems with my PC since I junked Norton and Panda. There always seemed to be conflicts with windows when they were installed. I don’t appear to have any of those problems since I went back to basics and used windows defender ( the new name for windows essentials.) It IS after all written by Microsoft to work as part of windows.
All these free antivirus are great but since they are free why do they require an account, Bitdefender free won't let you do anything before you create an account so it got uninstalled....
I don't like Windows. Not sure why anybody does. But man your hate fest for Windows Defender is really idiotic. Seriously. Every single flaw you've pointed out here is applicable to any other legit anti-virus package you can install on Windows. Do better Chris.
The entire antivirus market is a scam, even more so than VPNs. The public as a whole isn't very knowledgeable about cybersecurity and will just get anything branded as 'secure'
It's much more complicated than that if you're using Windows 11. A lot of those group policies are ignored or just temporary, it's a matter of time before they just revert, or they just straight get ignored completely. It's possible to set those policies successfully and permanently in Windows Server, but not on any client system (yes, including Enterprise, which is absurd). You can still limit defender's CPU usage to 5% and set the default taken actions for detections, so that it ignores everything, and you can also disable certain features of it, like smartscreen, you can change its priority in Image File Execution Options as well (the policy to limit the priority is now ignored, but can still be set). You may think: "well, I'll just erase Windows Defender", and that's where you're wrong. Not only Windows Defender just reinstalls itself if you use Windows 11 but, if it can't reinstall itself, you won't be able to do certain things, like updating, because, apparently, a lot of stuff passes through Windows Defender's filters before "reaching" your computer. The same thing applies to Windows Firewall. There are certain things that needs the Firewall Service to be running, otherwise they'll just think that there's no internet connection. This doesn't mean you can't disable Windows Firewall, it just means that the service of it needs to be running for those things to work properly. A third party application that needs it is Call of Duty: Warzone.
@@SpartanGR77 If you want to remove it without tampering, you may try your luck by upgrading to IoT Enterprise and checking whether the "Disable Windows Defender" policy gets ignored. If it does, try installing ClamWin or any third party antivirus and run it once and reboot, then check whether it's still ignored. This trick works on IoT Enterprise LTSC 2021 (which is based on Windows 10 21H2, though). No idea if this will work on 11 IoT.
Microsoft should have built in sophisticated checks for changing security settings either by the user or by granting admin privileges and tell the user when those changes happen via another sophisticated change such as a modified BSOD that allows you to to try a revert changes or click “i know”…. Something like that
Windows defender is still the best anti virus software available for windows. You can do things to add to it, but if anything were your ONLY anti virus software, it's the best one and it's free.
@@Toon1810 Chris is becoming more and more of a paid shill unfortunately, whether intentionally or not. What can you expect from just a sys admin, he cannot be the end all for OS and user space related advice. PC Security Channel does some benchmarks but he’s not even remotely all encompassing
Microsoft quality control is unbelievably bad. One of the updates last year pushed out to the public (every win10 computer in the world!) had a memory leak in defender. Something about an older dotNET4.6 app would cause the defender executable to reliably and continually LOCK UP THE ENTIRE SYSTEM within hours. Unresponsive windows No known standard way to disable defender either, so I had to add an exception of the C drive, which they specifically say you should never do, and add the executable to defender ignorelist But if you can't trust microsoft not to blast this shit out in the future, what other option do you have than disable defender by any means possible?
IMO Windows Defender is good enough, it's better than other free well known free AVs because they don't try to shove their pro or internet security service down your throat. For families I always use Windows Defender because it's good enough and if something happens I'll download Malwarebytes and Hitman Pro to see what Windows Defender missed. For my Windows VM (I run Linux) even though I don't install random programs I still use Defender but I also have Malwarebytes Free just like I did when I ran Windows 10 and 11.
Question: Isn't running Malwarebytes or Hitman Pro *after* something happens pretty much "too late"? I mean, using those tools to see what Windows Defender missed means the system could possibly already be infected. The point of Windows Defender is to *protect* your system from infection. On all of the Windows systems I've worked on that have Windows Defender as the only anti-virus software, I've never seen it actually detect anything. The only times I've seen it detect anything is in Virus Total reports of some sample I upload for analysis. With that being stated, these days I tend to keep Windows Defender enabled on Windows systems I work on so I can enable Controlled Folder Access.
@@TheCocoaDaddy Malwarebytes I use to scan the full system to see what been missed and Hitman Pro would do a scan for if Malwarebytes missed anything, any tracking cookies, and a boot scan. For any serious scans I would use a bootable AV but I don't know any I used to use Kaspersky Rescue Disk
@@ianwakers Nope. Its all habit. Your AV isnt stopping squat lol And yes they sell certificates for developers to bypass Defender scans, Chris did an entire video on it bud. aw.. he deleted.
im not up to date. but a while back, there used to be a hacking forum how people hack into other people system and they have server out there that they want people to hack into. everytime a virus software get a new update of a virus detection, we simply just make a new one so it wont be undetected. it would be as easy as a program rewrite a new executable with the same function but a whole new code in different ways. there's really no way to protect yourself against a hacker if they focus on you. the best way is not to be connected to the internet.
watched a tech benchmark performance both before and after turning defender off and turning it off actually gave no real performance gain at all. with the exception of improving the speed at which files can be transferred fro your secondary drive to your primary drive. even then the performance gains wasn't big enough to make disabling defender worth it.
I fix "regular" peoples computers for a living. Don't claim to be an expert. In my real world experience over and over again the systems that are filled with the most malware and viruses and root kits are those where people installed 3rd party anti virus (and no not the fake malware antivirus software, though I see plenty of that as well). One of the biggest reasons I give to people to not install 3rd party anti virus is that they require a subscription to maintain their updates. Most of the systems I examine that are crawling with malware have a 3rd party anti virus with an expired license. I understand what Chris is saying and in the narrow use case scenario he describes I don't disagree, but I think he needs to point out that for the regular user it's not that Defender is, as he puts it is just, " good enough".. no it's actually better. For the reason that humans are well humans and Defender doesn't rely on keeping a subscription up to date. Also the biggest strength of Defender is when payloads do find their way past Defender Microsoft with it's vast array of installed Defender platforms stands a much better chance of realizing that's something is up and releasing an update to remove those payloads. Just my little myopic real world experience. YMMV.
I have been working on, and with, Windows-based computers since the mid-70s. Just when you think you are up to speed and know virtually everything - Poof! It all changes. Don't be trapped within your own skull. We all only knew everything yesterday. Today? A whole new game has been coded.
I've been disabling defender with Group Policy but also registry keys to be safe. It does indeed have too much of a performance impact for my liking. I don't need or want an anti-virus and if I did it wouldn't be defender.
Name any Antivirus on the face of the earth which can't be disabled by a program/script with *"Admin Privilege"(Which both of the Scripts that you showed on the screen also required)?* Because that would be a problem in itself for the most part. And if you have real time and heuristics enabled most programs and scripts incorporating these bypasses are detected and blocked. *Bitdefender, Kaspersky, Avast or maybe any other AV under the sun could be disabled in a very same way,* as they also work in the exact same way and require registry keys, policies and files to work instead of running on thin air. Antivirus only protects one from malicious programs through running its hash through a database and sandbox testing it for malicious behaviour beforehand, and stopping low privilege programs from making any crucial modifications (which is effective unless you have a habit of right click and run as admin), And before someone points out that these could be "bypassed", I'm very well aware of that myself, while they aren't exactly as easily bypassable as most people make it out to be, still if you disable those, you won't even be secure from the malicious programs that would get caught by those mechanisms, which is the vast majority. And any security is better than no security. And The "Admin Tools" you mentioned that are provided to "Administrators" are nothing more than fancy wording for Powershell scripts and Regedit scripts I suppose? And Scripts for disabling Defender and UAC aren't really some "forbidden knowledge" only available to the "l337 H4X0R5". Take a look at the source and it would become evident that all the script is doing is disabling those through Microsoft's own provided and well documented APIs, setting policies under GPE and on deleting some stuff on top of that, nothing there that a 7 year old skid with basic shell scripting knowledge can't comprehend. Those scripts have been there for decades with literally almost every other person remotely interested in Antivirus framework having their own iteration built from ground up. *Point being that these have been known for decades but the impact of this on the effectiveness of AVs has been near to none, simply because of its unrealistic prerequisite it requires known as Admin Privileges, if a "Virus Manufacturer" knows that their victim will run the program as admin, they could do much more than just disabling Defender. And these bypass techniques are limited and static and hence they get caught by heuristics anyway.* You can't compare AVs by whether they could be bypassed by a program with "Admin privileges". Because that's a constant which holds true for most if not all AVs out there, while I agree that defender certainly lacks in certain areas, still it is one of the best ones in the "Free" category. Paid ones are a different matter though, in that case Kaspersky is a better choice.
Okay, I get it that window defender is not a good anti-virus if some want to attack they can...but that still raise some other questions if not Window defender then which software or technique should I use to get some kind of protection.
Most of the protection can be handled by your browser. If you download shady stuff off of the internet you can use software like sandboxie to test it or use a VM. The only scenarios where I would install an antivirus would be there where I don't have control over the machines (be it a multi-user machine or at work).
@@TurntableTV The main thing I've been using is double or triple adblockers like Adblocker Ultimate + uBlock Origin + Adblock Plus. And I've never had any issues with viruses or random things pop up or whatever. I always go to shady websites and click on random things and try to find videos or files or anything I am looking for. Then I can using the Windows Defender and nothing shows up. So now I want to test with no Windows Defender to see how my computer holds up for the next month or so. But you are correct, most issues comes from the browser, and on what people click on. So why not secure the source instead of letting crap enter your pc and then have your defender do the hard work of trying to remove it? Better block all that crap at the source, in the browser!
Many people are not savvy with PC software like you. Windows Defender is fine as a 1st line of defence for the general populace. But anyone who wants additional protection free can consider Kaspersky Virus Removal Tool and scan manually.
Yes, virus writers can "get past the gates" and just test against AV. In fact, they can go as far as to use something like VirusTotal and "get past the gates" on most AVs. That's kinda missing the point, though - the effectiveness of a virus isn't really defined by whether or not a virus can be written to bypass AV in the first place, but rather how quickly it can spread before all of the AV vendors update.
one of the things I learnt through out the years is: programs that come built in with a system are the best for the good work of that system, maybe other 3ed party programs are much better, but I rely on the built in because they are programed by the same company behind the system. so, no i won't get rid of defender, I use it and every week I download Kaspersky removal tool and scan my system then delete it.
Bruhhhh...you're kidding me right? I really just don't want anything to do with virus' etc. And now i need to research for 3rd party alternatives just to replace defender and make my system crap out more since its already a slow/weak system. I mean at this point you don't even need to go direct for the defender if you're gonna look at it. Just target slow weak ass systems like mine and done, that should spread chaos in the minds of people who just don't have the time not space to be able to sit and handle stuff on a system which consistently hangs every now and then.
I've got a virus trying to crack a program (I was dumb) and W Defender didn't really removed it. Malwarebytes did the job and later a full scan with Kaspersky found even more stuff, now it's my main AV and I wont ever pirate cheap stuff from YT videos
So given admin rights you can break stuff? What’s next? Rm -r /etc breaks stuff too? Come on…this is just clickbait/flame bait nonsense. Defender is a first line defense and fairly sufficient (and doesn’t shove scare-ware adds in your face) at that when compared to other ‘free’ stuff’. Switch to Linux if you want more freedom or Mac if you’re into that kind of lock-ins. If you’re worried about virus crud you’re in the wrong areas of the internet and it’s your own fault (or you should get more reliable sources for your illegal stuff) :) Windows is not the holy grail, it’s a tool like any OS but your brain is the biggest tool to use: don’t trust anything, don’t install/click random cool sound stuff. You’re not going to saw the handle of your hammer and then nag it’s difficult to hold, are you?
I keep thinking that at some point Microsoft had to downgrade the quality of some unreleased development version of Defender due to it flagging the advertisements being served to the user.
Windows defender doesn't let you install or run viruses anyway so, the odds for a virus to execute and disable the antivirus are very few I'm using window Defender since many years and never had a single issues whenever I downloaded a virus WD would just delete it instantly. Paid anti-viruses use too much system resources and don't do much more, how can a third party be harder to remove and more secure than an app integrated in the system! You will get the same issues with absolutely all anti-viruses, once it runs you're screwed no matter which one do you have. To stop viruses, you have to detect and delete them before they run.
I've had McAfee, Norton, etc., in years past, and since 2019 I've been using Defender only. Only had a virus once, ...back in '97...using Avast back then I think. Anyway, ...I thinks Defender is as good as any, and it's the actual browsing habits (no illegal downloads of movies, no opening attachments on emails from unknown senders, etc.) that keep you virus free more than anything else. For a user like me, defender seems good enough (and the price is right).
Today the question is what causes more problems, the antivirus or the virus? Most commercial antivirus programs pester the user non-stop with some questions, pop up dialogs and want to sell you more protection and so on, as if the user only has a computer to deal with the antivirus program. At the same time, they detect a lot of false positives for completely legitimate programs that have nothing to do with viruses. Of all the antivirus programs, I would say that Windows defender is still the most useful and no-nag, maybe not the best, but which antivirus is the best? I might also recommend NOD32.
Microsoft Defender does the same or better job than all the other anti-virus software for Windows. Because it's better integrated into the OS kernel an offering a much smaller attack surface than the other snake oil out there. Sadly I can't install it with "apt install microsoft-defender" on my system. Me not running MS Windows because you can only buy a usage license and not own the software, you are not allowed to look into the software to tell what it does and you are not allowed to change and fix it. It's not you controlling the software, but the software controlling you. But Microsoft has very skilled people working there and from the bits you can see from the outside they are doing a better job on anti-virus than the others, but it's still snake oil and you have to trust Microsoft blindly.
@@portman8909 lol, technically partly yes and no, but in summary even worse. Installing Anti-Virus is like installing a backdoor for the good guys (and bad guys knowing 0days). You already trust MS as good guys, otherwise you wouldn't have this OS, but trusting another company as good guys (espacially Kapersky) and letting them do hidden things on your PC is opening another chapter of the story.
I have a question, disabling windows defender,will it also disable our paid antivirus software like K7, Kaspersky etc... Or only the windows defender gets disabled while doing the gpedit or register ? Since I want my PC to run with paid antivirus program and not windows defender!
Hi Chris, wondering how much exposure you've had with EDR? It's hard to see any different AV as more than a lateral move, once seeing those in action. Pretty moot for a home user of course lol.
MS DEFENDER IS ONE OF THE BEST PRODUCTS LISTED IN THE GARTNER REPORT. OF COURSE, YOU CAN BYPASS IT, AND IF YOU LOOK THE OTHER SITES THAN GITHUB, THERE ARE TONS OF OTHERS AV PRODUCTS WHICH CAN BE BYPASSED... SO DON'T BLAME IT BUT DYOR ;)
The problem with videos like yours is that i have not find a well documented video of which is the best alternativ to WD. Everyone is promoting some affiliated antivirus... and most of them are bloatware.
Why would you turn off the protection? I am 45 seconds into this video, and i am going to guess by the time i get to the five minute mark, this video is going to morph into a commercial for a third party malware/virus product. Lets see if i am right. hitting "comment" right now at 3:53
After reading the comments, this video shouldn't be interpreted as "Everyone should delete Defender", but more for those that don't web browse and are obsessed with performance. Also, I'm tired of folks saying "Defender is good enough". Yes, its better than nothing, but if I were ever to "Break Bad" the first people I'd go after is the windows defender users.
For Antivirus Recommendations:
Free Alternative: BitDefender Free or Kaspersky Cloud (Not great for privacy though)
Paid Alternative: ESET Antivirus ONLY (Affiliate Link: christitus.com/antivirus)
With any Antivirus do NOT buy an internet security or anything BUT the Antivirus ONLY!
This is clear and sound advice.
How can you advise bitdefender its slower than defender?
Final Fantasy VI as a favorite!!!! You da man and that alone just got my sub!
Too late, already erased defender alongside system32 ... Because I switched to Linux lol.
Don't worry, I think some people just hear what they want to hear in order to be outraged, because this is the Internet. Some are just being tribalistic (someone said you said this just because you are a "Linux fanboy" lmao).
Keep up with the good content and thanks for the clarification.
@@moroc333 Linux still needs to "eat much more carbs" to compete with windows its on good direction but not there yet
Unplugging the PC and destroying the wifi component is the best firewall
But then you would not have been able to post that advice here...
@@elbmw degoogled Android phone with mobile network?
@@Peshyy No, I don't think so. You still have to use a YT account to post, which means that certain identifiers for your device will be collected by the website, in this case YT, which can then be matched with your account. In the end, there is NO privacy or true anonymity on the internet, if that is what you strive for. If security of your device is what is desired then install an internet security software (I use [paid for] Kaspersky Total Security) and be careful where you visit and what you click on and even then that is no guarantee of security. Unfortunately, that's the reality.
@@elbmw Joking aside, avoid Electron apps as those have access to your real device. If you are using a browser, use different browsers for different purposes. Tor Browser is best if you need privacy. Brave does enough to reduce cross site tracking. If you have an account then anything you do with that account is tied to you. You want them to have a good fingerprint of your browser so they can protect your account from fraudulent access.
My wifi chip is connected separately so I can just switch it off and use my computer on "no internet" mode.
I remember you said just the opposite in a previous video, something like "don't use anti-virus, it is not necessary, Windows Defender is already protecting you", or something down this line. I may remember wrong, or mix it up and it was yet another tech guru, but I remember someone argued for that. Now what? :)
I remember that too!!
Life of a programmer bro
What Chris says about Defender is true for ALL anti-virus software. Has everyone forgotten that Defender is a rename of the anti-virus software MicroSoft acquired? It's just one of many.
It's probably also one of the best if not the best. (Aside from Linux AVs obviously)
@@4cps777 You should never install an AV into Linux lol
@@AR15ORIGINAL you're much better off using encrypted file systems.
@@AR15ORIGINAL haha youre so funny, didnt even consider that it can be used to protect other computers on a network, not the host
Microsoft Defender is original called Microsoft Spynet in 2004, because of conspicuous people Microsoft Spynet was renamed. Microsoft at that time took initiative for things Edward S would say in the early 2010's here are words of wisdom, it's an acronym.
M.I.C.R.O.S.O.F.T.
Murder
Intimidation
Corruption
Rape
Obfuscation
Spyware
Observation
Fear
Trauma
i am sorry it's this way because what we tend to do is act on what they made us believe that way. I am sorry so sorry 😔
I used many AV programs in recent years. All of them (beside the price) have also one common disadvantage. They are intrusive. They show dialogs, windows, messages, alerts when IMO they shouldn't. Also, they have conflicts with other software. Various weird problems that magically disappeared when the AV got disabled. Always some performance hit. So - actually I find the Windows Defender as the least intrusive. I use it not because it's good (I guess it's probably not). I use it because it takes no effort. It's just preinstalled by default, preconfigured, not a single click from me is needed. Then - IT SITS QUIET. Yes, sometimes it causes some system slowdown - especially after downloading a big game from Steam or installing a big program. I can tolerate this. This suboptimal protection is still better than no protection at all. I'm a power user, I don't install just anything on my PC, I don't even open e-mails from unknown senders. Still, any small tool or even a document you download from even a trusted site can contain some malware and it actually happens from time to time. If not Defender then what? My requirement is the program must be FASTER (because the greatest flaw of Defender is slowness) and as QUIET / maintenance free as Defender. The only time I want to see any notification from AV is when a real threat is found.
Funnily enough Defender is one of, if not THE best AV for windows. You're doing nothing wrong.
Couldn't agree more. I have a fast CPU, 32GB of RAM and a fast SSD, so I have no problems with anything slowing down. And it doesn't annoy me. And I don't have viruses.
@@MrSephirothJenova can you provide data to support that, please?
Same, i don't download crack's or open sus mails or weird stuff so defender is fine for me and it's not too intrusive like you said. Imo windows defender is as good as it's pc owner.
THIS. Also, every other antivirus I've ever tried have been absolute resource hogs. Even the so called "cloud" based ones that claim to be super lightweight.
Defender causes me no issues. So im fine with it.
Let's hope that people importing such a registy file from a random github are smart enough to notice or look for a RunOnce registry key to wget a malware file and auto run it. Registry key-files are not inherrently safer than a batch file that runs a script.
They are just to easier enable/undo your changes. The code and files of defender are still on your system.
I don't even know what you said, I just want to disable windows defender
Would love to see this added as an option in The Ultimate Windows Utility. Maybe add a recommended, free, anti-virus to the programs in The Ultimate Windows Utility.
I certainly don't miss having to deal with registry hacks in Windows. I left that behind for Linux in 2005. In tech support we called "scorched earth" "Nuke and Pave"...lol
@@parkman29 that would literally defeat the purpose of how linux is structured.
@@DaKingof It would not, and it's called nixos.
@@parkman29 What's the point of having a registry? All software store their stuff in it and once you uninstall them, they leave their junk there and it slows down Windows.
CPUs have gotten faster so that hides that fact a bit.
The registry is a single point of failure and it looks like Windows is not able to recover from it.
@@louistournas120 Programs on Linux also leave behind configuration files in /etc and in ~/.config after you uninstall them. Even when you tell your package manager to purge the program, it does not remove everything.
While I like the point about Nix, Nix’s config file is very different from the Windows registry. Sure, both of them exist as files, but on Windows, everything uses the registry constantly. So yes, the system could get slower with more garbage to parse. That is why a tool like Revo Uninstaller is so useful, as it cleans of the registry after uninstalling a program.
As for the single point of failure bit, that is just poor design of Windows. Microsoft seems to have no interest in shipping an actually filesystem to users. ReFS is a BTRFS and ZFS competitor that Microsoft created, but only enterprise users can make use of it, and only for plain data drives. I make no attempt to defend Microsoft or Windows-I don’t like this behavior either. However, things are a little more complicated and nuanced than we sometimes give them credit for.
From my understanding, “nuke and pave” refers to reinstalling the operating system. I suppose it could refer to getting rid of an antivirus and replacing it with another. The key is to both nuke the thing that’s done and then pave it over with something else.
@@OcteractSG I see.
I suppose what should be done with these naughty Linux programs that leave behind files in .config and such is that when you install them, they should inform the package manager that during uninstall, it should look for certain files in certain locations and if they are found, they should be deleted.
These are always easy to solve if there is the will to solve them.
It seems to me that most of the time, the programmers are lazy (The Windows world) or the programmers treat the end user as an administrator (Linux world).
For me Defender is all I need, I just boot to Windows so i can play Tarkov, 97% of the time I'm using Fedora, never had any problem with it besides one miner that destroyed it few years back.
It is fine, this video his misleading.
Chris, App control and XDR are features of Windows Defender Enterprise, you can control cloud apps, application prevalence and have alert and custom actions trough Cloud App security (Recently renamed to Defender for cloud apps). Thats great that some people talk about these scripts, but in a fully managed Windows Defender Enterprise the registry keys will be locked down and changes will be ignored.
Just rolled out MDE, really liking it so far. Moving over from S1.
Thank you, I was about to say this. To elaborate on this, it will send security alerts back to your SIEM. I think this is an example of a sysadmin who may not know how powerful Defender has gotten over the years. Its not an insult towards him, he's on the otherside of the house and isn't focused on that area.
Yes, this is definitely true and it’s unfortunate Microsoft doesn’t give consumers this same ability. It still does not score as well as CrowdStrike, Cortex, and GZ in MITRE evaluations. And just overall from experience both of these are more effective solutions to stop ATP ransomware deployed by nation-state actors than Defender for Endpoint.
indeed, defender for endpoint gives red teams a run for their money these days. defender is now an umbrella of products, endpoint being 1 of them and cloud apps which you mentioned being another. would be nice if it wasn't locked behind the E5 flavor of M365 to get more people onboarded.
@@diabilliq Defender for endpoint P2 license, MS engineer said you can have up to 5 devices per license. However licenses are applied to AAD users.. they are not deducted when I onboard devices.. which is odd....
It doesn't hurt anything Leave it alone.
I've had more issues installing third party anti virus software than going without it and using Windows Defender.
That's because it does nothing... Absolutely sits there giving you the illusion that it's doing something but it is not! I switched to Linux mint 4 years ago, no need to run antivirus always updates for security and I still game as usual.... Life is swell in mint land.
@@susantompkins8810 Linux is great. I too use Mint at home. Unfortunately a lot of us are tethered to Window$ for enterprise reasons. A lot of businesses run on Micro$oft. Hopefully - virtualization via the cloud will take care of a lot the desktop problems I see everyday.
@@susantompkins8810does Linux still have a power efficiency issue?
This is another interesting update on your thoughts on Windows Defender, following your video from a month ago, “Why I HATE Windows Defender”
Disabling Windows Defender and/ or Enabling it, featured in your early Debloat script utility things, but did not feature in more recent ones. It will be interesting to compare the PowerShell script in those early things with the info in this video and in the other places you referenced.
A lot of good insights, heads-up, and learning potential here, IMO.
Can you make some performance comparison with and without defender ? Just for curiosity sake.
I NEVER EVER HAD NO KIND OF THE PROBLEM WITH THE MICROSOFT WINDOWS DEFENDER AT ALL FOLKS.
Its wild to me that tech youtubers will say that Defender is great and totally fine to use by itself, and then other ones that say its a waste of space and to get it removed. Who am I supposed to listen to???
The tests I saw, it depends if Defender is working relying almost totally with online stuff or locally. If you allow all the online stuff, is powerful (less privacy of course), like other AVs, because it's using server databases and a sort of "defense net". If you use it only locally, well... That's when you are totally screwed. Other AVs, with local updates and other detection technologies, respond much better with only local usage than Defender. The tests that I saw was with the same trojans and malware in different AVs with online capabilities on and off, and the results.
Also the statement, "Defender will not catch as much Virusses as any other AV product, because it is more widely used" is utter hogwash. Defender reports directly into Microsoft's SOC environment in Azure, and Microsoft has invested probably more than all the other AV vendors combined in Machine Learning and Heuristics, knows their OS code better, and detects vulnerabilities quicker than anyone else on the planet currently. A typical strategy if you're looking to exploit a system / environment is to reverse engineer patches after Patch Tuesday, as reverse engineering a vulneability and attcking unpatched machines is easier trying to get to vulnearbilities by yourself. If I were to write a virus, I would rather target a smaller group / AV products and go undetected, than having to go up against all the compute in the defender backend and risk my code being flagged as suspicious and then shared with the smaller AV vendors. There are security individuals, that know alot more than Chris, that would tell you the same. If you dont want to beleive them, there is a reason why Microsoft has been in the Gartner Magic Quadrant with defender for the past 2 years.
I get why you would want to disable defender in a performance oriented pc, or some minimal single purpose pc with no internet connectivity... but i wouldnt advice disabling AV software for online gaming like you did, i know it can be annoying and defender is not the best but online games can ave security vulnerabilities, dark souls multiplayer and log4j in minecraft as very recent examples. So yeah, even if theres little reason to worry about an attack the probability is never zero, dont play online games without some level of protection, offline games is ok tho.
This is true, but whenever you are online... there is always a way.
He's saying do this and install another better one. Not go without any.
@@andrewnorris5415 And be slower than defender, any third party just slows down pc even more than defender.. defender is necessary evil nothing more
@@utherlightbringer3868 is this true tho? Is there some current year benchmarking about this?
@@RTBGG Listen if you use any third party av it will be slower its just reality, i tried literally 10 of them, compared to built in even though defender can be annoying others are even worse they are just more a hog than defender.. and if you dont trust me try it by yourself.. best xp is your own xp
Registry could be argued as a stronger point of MS Windows.
just saying it's hard to imagine a 3rd party that knows more about windows vulnerabilities then Microsoft themselfs.
I’d always recommend anyone using defender to do so as part of a layered security setup.
Replacement suggestion for defender?
@@abellius66 Maybe malwarebytes but to be honest I wouldn't use any, either use defender or no AV at all, that's my opinion on it.
@@hellhound320 HAHa yeah! who needs AV in a clone of a VM..... just spin up the same instance over and over ... fresh windows for ever...LOL
@@archpenguin6646 Just be sure to prevent your VM from getting to shared drives, of course. If you're like me, you use a component in the VM and then throw it away. I know some bad actors have actually coded to detect a VM and remain dormant (i.e., show zero malicious behavior).
@@hellhound320 Yep - allowing any third-party software to hook into your kernel is a bad idea. Organizations sell out during take overs and care zero-day about trusted relationships. Freemium options are the worst.
For me, it's Goodby Microsoft -Defender-
For me, it's Goodby Microsoft Windows
yes goodbye microsoft, and good riddence..
Awesome video! The Twitter post of all the commands for PowerShell to disable the 13 parts of Windows Defender really helps with performance
if windows defender noticeably affects your pc you should probably upgrade your pc to something faster
Kaspersky was at one time the elite, performance AV.. which is what defender is .. now over time there has been updates the issue comes to what our hours they work.. it used to be based on hashes now they all use heuristics. Nothing is perfect but from accuracy/performance trade offs.. none is perfect but I can't advocate any current third party offering over defender.
It's also cloud based which means a more machines get infected, the more the system learns.. unfortunately some will systems will get infected below the radar but eventually every other system will be protected.
The question is why would you do that? Any modern security system does disable the Windows Defender (actually windows sees you’ve got another security system and let the other program to take the responsibility) and completely get rid of Windows Defender is actually not really smart even tho you only play Steam games on your machine.
Actually defender keeps running on background like a second layer of security
@@AztekUR if we’re talking about newest versions of windows 10-11 I’m kinda sure it does not really run in background. They’re some tasks run in background these have almost no impact in performance of the machine in any way.
I was using other ways to disable it. In any case, it's not a bad antivirus for anyone who doesn't stray off the beaten path. In my case it was removing files from useful software, and Microsoft didn't even bother to properly implement the restore button for quarantined items detected as "threat", only through command line. For example it was removing IDA, which is an important code forensics tool.
Also, 365 Microsoft Defender for Endpoint does have all the central management and IT alerting.
might be wrong but I think he works as an MSP and that doesn't have multi tenancy support.
@@seangraylin If an MSP has all of their users across their tenants licensed for M365 Business Premium, you get Defender for Business included with that. You can then use Microsoft Lighthouse to view all threats and risks and take many mitigation actions without having to switch between different M365 admin centers.
@@victorytechnology I personally haven't used lighthouse but a few of my colleagues have and I think the opinion at the moment is that it is still lacking for now. I'd need to ask why specifically this is as like I said I haven't looked at it myself.
Microsoft Lighthouse is definitely lacking! But it’s getting better every month. It now pretty much includes all the security data that you need across all of your tenants with eligible business premium subscriptions except for vulnerability monitoring and management. You still have to login to the individual tenants security center for that. I suspect that will be coming in future releases. You can even deploy Default security base lines across all of your tenants with it. Although they are not as beefy as the security defaults that you would find in Microsoft endpoint manager.
@@victorytechnology Good to hear that it is getting better, it's probably something to look in to a little later for us.
Today I disabled Defender's real-time protection in my Windows 11 22H2 VM and, to my surprise, it still flagged a certain file.
How is that possible, Microsoft!?
When I disable something, I want it disabled. 100% disabled!
I blocked it years ago
Who's using windows defender anyway? I have bitdefender and is the best one I used in years.
Without internet connection, windows defender is like piss in the wind.
Well not for nothing, a lot of the commands used to disable Defender could easily be turned into a security alert itself. At home, I can definitely see how dangerous this can be but when it comes to enterprise Defender is basically becoming a defacto standard in the industry and these kinds of tactics could easily be caught with proper monitoring or logging.
Also, not for nothing but any other AV also could easily be targeted using similar techniques. It's certainly an issue though, especially for home users lacking any active monitoring, so thank you for raising awareness!
Personally I don't use defender anymore since a hacker bricked my PC. The virus turned off defender and deleted my backup points. The PC was in he shop for 2 days and all data and programs was recovered.
His advice with github and unknown code is why i use it in VMs. The host is to important for anything to get in. Github has useful projects and with VMs i can just make a virtual environment tailored to the project at hand. Windows Defender is useful as buying dozens if not hundreds of product keys is expensive the other way is to buy a bulk license key which most anti-malware providers don't sell unless you have an active contract with them. Most don't like VMs used in the way i use them in as it reverts back everything done to often.
I’m always very suspicious of videos like this.
Who’s he being sponsored by .. kaspersky?
I’ve never had problems with my PC since I junked Norton and Panda.
There always seemed to be conflicts with windows when they were installed.
I don’t appear to have any of those problems since I went back to basics and used windows defender ( the new name for windows essentials.)
It IS after all written by Microsoft to work as part of windows.
All these free antivirus are great but since they are free why do they require an account, Bitdefender free won't let you do anything before you create an account so it got uninstalled....
I'm under the impression windows Group Policy Editor should be way more well known than it is atm.
I don't like Windows. Not sure why anybody does. But man your hate fest for Windows Defender is really idiotic. Seriously. Every single flaw you've pointed out here is applicable to any other legit anti-virus package you can install on Windows.
Do better Chris.
The entire antivirus market is a scam, even more so than VPNs. The public as a whole isn't very knowledgeable about cybersecurity and will just get anything branded as 'secure'
Defender is the only thing I can't get rid of in windows. But that's not the case anymore, thanks Chris.
Can you explain how to a noob please? Thanks
@@SpartanGR77 see description
It's much more complicated than that if you're using Windows 11. A lot of those group policies are ignored or just temporary, it's a matter of time before they just revert, or they just straight get ignored completely. It's possible to set those policies successfully and permanently in Windows Server, but not on any client system (yes, including Enterprise, which is absurd). You can still limit defender's CPU usage to 5% and set the default taken actions for detections, so that it ignores everything, and you can also disable certain features of it, like smartscreen, you can change its priority in Image File Execution Options as well (the policy to limit the priority is now ignored, but can still be set).
You may think: "well, I'll just erase Windows Defender", and that's where you're wrong. Not only Windows Defender just reinstalls itself if you use Windows 11 but, if it can't reinstall itself, you won't be able to do certain things, like updating, because, apparently, a lot of stuff passes through Windows Defender's filters before "reaching" your computer.
The same thing applies to Windows Firewall. There are certain things that needs the Firewall Service to be running, otherwise they'll just think that there's no internet connection. This doesn't mean you can't disable Windows Firewall, it just means that the service of it needs to be running for those things to work properly. A third party application that needs it is Call of Duty: Warzone.
Ive been trying to remove it, so are you saying on Windows 11 home its impossible?
@@SpartanGR77 If you want to remove it without tampering, you may try your luck by upgrading to IoT Enterprise and checking whether the "Disable Windows Defender" policy gets ignored. If it does, try installing ClamWin or any third party antivirus and run it once and reboot, then check whether it's still ignored.
This trick works on IoT Enterprise LTSC 2021 (which is based on Windows 10 21H2, though). No idea if this will work on 11 IoT.
Wait... didn't you make a video a while ago where you said that Windows Defender is good enough and you don't really need a third party AV?
Microsoft should have built in sophisticated checks for changing security settings either by the user or by granting admin privileges and tell the user when those changes happen via another sophisticated change such as a modified BSOD that allows you to to try a revert changes or click “i know”…. Something like that
What do you think, is the best firewall and anti-virus?
All or most of this stuff requires Admin creds. With those creds, the game is over anyway. So the points here are moot.
Windows defender is still the best anti virus software available for windows. You can do things to add to it, but if anything were your ONLY anti virus software, it's the best one and it's free.
I agree.... What are the options Chris...???
@@Toon1810 Chris is becoming more and more of a paid shill unfortunately, whether intentionally or not. What can you expect from just a sys admin, he cannot be the end all for OS and user space related advice. PC Security Channel does some benchmarks but he’s not even remotely all encompassing
I agree too, sits in the background, doesn't slow your machine down, doesn't miss a hell of a lot either, not sure why it has such a bad rap.
Microsoft quality control is unbelievably bad.
One of the updates last year pushed out to the public (every win10 computer in the world!) had a memory leak in defender.
Something about an older dotNET4.6 app would cause the defender executable to reliably and continually LOCK UP THE ENTIRE SYSTEM within hours. Unresponsive windows
No known standard way to disable defender either, so I had to add an exception of the C drive, which they specifically say you should never do, and add the executable to defender ignorelist
But if you can't trust microsoft not to blast this shit out in the future, what other option do you have than disable defender by any means possible?
IMO Windows Defender is good enough, it's better than other free well known free AVs because they don't try to shove their pro or internet security service down your throat.
For families I always use Windows Defender because it's good enough and if something happens I'll download Malwarebytes and Hitman Pro to see what Windows Defender missed. For my Windows VM (I run Linux) even though I don't install random programs I still use Defender but I also have Malwarebytes Free just like I did when I ran Windows 10 and 11.
I totally agree!
Question: Isn't running Malwarebytes or Hitman Pro *after* something happens pretty much "too late"? I mean, using those tools to see what Windows Defender missed means the system could possibly already be infected. The point of Windows Defender is to *protect* your system from infection. On all of the Windows systems I've worked on that have Windows Defender as the only anti-virus software, I've never seen it actually detect anything. The only times I've seen it detect anything is in Virus Total reports of some sample I upload for analysis. With that being stated, these days I tend to keep Windows Defender enabled on Windows systems I work on so I can enable Controlled Folder Access.
@@TheCocoaDaddy Malwarebytes I use to scan the full system to see what been missed and Hitman Pro would do a scan for if Malwarebytes missed anything, any tracking cookies, and a boot scan. For any serious scans I would use a bootable AV but I don't know any I used to use Kaspersky Rescue Disk
But the question is "Should you really do this?"
Why not? Essentially all antivirus is worthless and defender is just an extortion racket.
@@ianwakers Nope. Its all habit. Your AV isnt stopping squat lol
And yes they sell certificates for developers to bypass Defender scans, Chris did an entire video on it bud.
aw.. he deleted.
If you aren't a crayon, it's a good idea
For me, yes.
I did. But I deleted (renamed to bak) the wd system folders using linux xD. Same result :D
Thanks for this, I have a few windows machines that just do a single task (no network connection). Videos like this helps get that performance back.
im not up to date. but a while back, there used to be a hacking forum how people hack into other people system and they have server out there that they want people to hack into. everytime a virus software get a new update of a virus detection, we simply just make a new one so it wont be undetected. it would be as easy as a program rewrite a new executable with the same function but a whole new code in different ways. there's really no way to protect yourself against a hacker if they focus on you. the best way is not to be connected to the internet.
watched a tech benchmark performance both before and after turning defender off and turning it off actually gave no real performance gain at all. with the exception of improving the speed at which files can be transferred fro your secondary drive to your primary drive. even then the performance gains wasn't big enough to make disabling defender worth it.
I fix "regular" peoples computers for a living. Don't claim to be an expert. In my real world experience over and over again the systems that are filled with the most malware and viruses and root kits are those where people installed 3rd party anti virus (and no not the fake malware antivirus software, though I see plenty of that as well).
One of the biggest reasons I give to people to not install 3rd party anti virus is that they require a subscription to maintain their updates. Most of the systems I examine that are crawling with malware have a 3rd party anti virus with an expired license.
I understand what Chris is saying and in the narrow use case scenario he describes I don't disagree, but I think he needs to point out that for the regular user it's not that Defender is, as he puts it is just, " good enough".. no it's actually better. For the reason that humans are well humans and Defender doesn't rely on keeping a subscription up to date.
Also the biggest strength of Defender is when payloads do find their way past Defender Microsoft with it's vast array of installed Defender platforms stands a much better chance of realizing that's something is up and releasing an update to remove those payloads.
Just my little myopic real world experience. YMMV.
Objectively speaking, Windows Defender is good enough. The only way you can get better is switch to Linux or MacOS
I have been working on, and with, Windows-based computers since the mid-70s. Just when you think you are up to speed and know virtually everything - Poof! It all changes. Don't be trapped within your own skull. We all only knew everything yesterday. Today? A whole new game has been coded.
I've been disabling defender with Group Policy but also registry keys to be safe. It does indeed have too much of a performance impact for my liking. I don't need or want an anti-virus and if I did it wouldn't be defender.
Defender is original called Microsoft Spynet in 2004, but marketing insisted renaming it.
Is there a guide on how to disable it and keep the registry keys?
@@zSwoof install another antivirus program. Then defender won't interfere as much.
@@zSwoof For GPEdit I did it myself but the registry keys I found on a random TH-cam video and then verified them.
Name any Antivirus on the face of the earth which can't be disabled by a program/script with *"Admin Privilege"(Which both of the Scripts that you showed on the screen also required)?* Because that would be a problem in itself for the most part.
And if you have real time and heuristics enabled most programs and scripts incorporating these bypasses are detected and blocked.
*Bitdefender, Kaspersky, Avast or maybe any other AV under the sun could be disabled in a very same way,* as they also work in the exact same way and require registry keys, policies and files to work instead of running on thin air.
Antivirus only protects one from malicious programs through running its hash through a database and sandbox testing it for malicious behaviour beforehand, and stopping low privilege programs from making any crucial modifications (which is effective unless you have a habit of right click and run as admin), And before someone points out that these could be "bypassed", I'm very well aware of that myself, while they aren't exactly as easily bypassable as most people make it out to be, still if you disable those, you won't even be secure from the malicious programs that would get caught by those mechanisms, which is the vast majority. And any security is better than no security.
And The "Admin Tools" you mentioned that are provided to "Administrators" are nothing more than fancy wording for Powershell scripts and Regedit scripts I suppose?
And Scripts for disabling Defender and UAC aren't really some "forbidden knowledge" only available to the "l337 H4X0R5". Take a look at the source and it would become evident that all the script is doing is disabling those through Microsoft's own provided and well documented APIs, setting policies under GPE and on deleting some stuff on top of that, nothing there that a 7 year old skid with basic shell scripting knowledge can't comprehend. Those scripts have been there for decades with literally almost every other person remotely interested in Antivirus framework having their own iteration built from ground up.
*Point being that these have been known for decades but the impact of this on the effectiveness of AVs has been near to none, simply because of its unrealistic prerequisite it requires known as Admin Privileges, if a "Virus Manufacturer" knows that their victim will run the program as admin, they could do much more than just disabling Defender. And these bypass techniques are limited and static and hence they get caught by heuristics anyway.*
You can't compare AVs by whether they could be bypassed by a program with "Admin privileges". Because that's a constant which holds true for most if not all AVs out there, while I agree that defender certainly lacks in certain areas, still it is one of the best ones in the "Free" category. Paid ones are a different matter though, in that case Kaspersky is a better choice.
Bravo, on the thumbnail!
Who killed Hannibal???
Okay, I get it that window defender is not a good anti-virus if some want to attack they can...but that still raise some other questions if not Window defender then which software or technique should I use to get some kind of protection.
havent used anti virus for years on windows, but if you insist on running suspicious stuff then anything would be better than defender
Most of the protection can be handled by your browser. If you download shady stuff off of the internet you can use software like sandboxie to test it or use a VM. The only scenarios where I would install an antivirus would be there where I don't have control over the machines (be it a multi-user machine or at work).
@@TurntableTV The main thing I've been using is double or triple adblockers like Adblocker Ultimate + uBlock Origin + Adblock Plus. And I've never had any issues with viruses or random things pop up or whatever. I always go to shady websites and click on random things and try to find videos or files or anything I am looking for. Then I can using the Windows Defender and nothing shows up. So now I want to test with no Windows Defender to see how my computer holds up for the next month or so.
But you are correct, most issues comes from the browser, and on what people click on. So why not secure the source instead of letting crap enter your pc and then have your defender do the hard work of trying to remove it? Better block all that crap at the source, in the browser!
Many people are not savvy with PC software like you. Windows Defender is fine as a 1st line of defence for the general populace. But anyone who wants additional protection free can consider Kaspersky Virus Removal Tool and scan manually.
I do not run basic antivirus. I have Cylance Protect, Infocyte Hunt and Threatlocker. Both Cylance and Infocyte are monitored by a 3rd party 24/7 SOC.
Yes, virus writers can "get past the gates" and just test against AV. In fact, they can go as far as to use something like VirusTotal and "get past the gates" on most AVs. That's kinda missing the point, though - the effectiveness of a virus isn't really defined by whether or not a virus can be written to bypass AV in the first place, but rather how quickly it can spread before all of the AV vendors update.
True, I think all viruses are effective on the zero day.
one of the things I learnt through out the years is: programs that come built in with a system are the best for the good work of that system, maybe other 3ed party programs are much better, but I rely on the built in because they are programed by the same company behind the system.
so, no i won't get rid of defender, I use it and every week I download Kaspersky removal tool and scan my system then delete it.
It deleted some things I had
on a USB..no warning except
"Virus found"
and then it was empty
lost everything on the USB
Bruhhhh...you're kidding me right?
I really just don't want anything to do with virus' etc.
And now i need to research for 3rd party alternatives just to replace defender and make my system crap out more since its already a slow/weak system.
I mean at this point you don't even need to go direct for the defender if you're gonna look at it. Just target slow weak ass systems like mine and done, that should spread chaos in the minds of people who just don't have the time not space to be able to sit and handle stuff on a system which consistently hangs every now and then.
If you install another antivirus doesnt Windows Defender automatically go away? (Stop actively running)
Top 10 CTT thumbnails
I've got a virus trying to crack a program (I was dumb) and W Defender didn't really removed it. Malwarebytes did the job and later a full scan with Kaspersky found even more stuff, now it's my main AV and I wont ever pirate cheap stuff from YT videos
Just use a linux live usb, and delete the defender folder.
So given admin rights you can break stuff? What’s next? Rm -r /etc breaks stuff too? Come on…this is just clickbait/flame bait nonsense. Defender is a first line defense and fairly sufficient (and doesn’t shove scare-ware adds in your face) at that when compared to other ‘free’ stuff’. Switch to Linux if you want more freedom or Mac if you’re into that kind of lock-ins.
If you’re worried about virus crud you’re in the wrong areas of the internet and it’s your own fault (or you should get more reliable sources for your illegal stuff) :) Windows is not the holy grail, it’s a tool like any OS but your brain is the biggest tool to use: don’t trust anything, don’t install/click random cool sound stuff. You’re not going to saw the handle of your hammer and then nag it’s difficult to hold, are you?
I keep thinking that at some point Microsoft had to downgrade the quality of some unreleased development version of Defender due to it flagging the advertisements being served to the user.
I just bareback the internet. I've never kept an install long enough to notice a slowdown from virus.
If not window defender then which one should we use? (Open source)
Great work 🥳🥳🥳 Thank you 💜💜💜
I use malwarebytes and windows defender. I also scan EVERY file I download with virus total. Even if you are cautious you still need an antivirus.
I'm so happy I do not have to actively deal with all the Windows bloat...
What's the point of that "malicious software removal tool" that they insist on installing every month?
Been in IT for years. And ya know? I'm not nearly as skilled as Mr. Titus. I perform better because of Chris. I hate him out of spite, however. =]
Good! Let the hate flow through you!
Windows Defender is OUTSTANDING at detecting "hacktools" that are meant to register Microsoft software with "yoink" KMS servers, lol
Can testify, its INCREDIBLE at that job
@@chiefdenis Oh, "those" viruses they will NEVER let slip ;-)
Windows defender doesn't let you install or run viruses anyway so, the odds for a virus to execute and disable the antivirus are very few
I'm using window Defender since many years and never had a single issues whenever I downloaded a virus WD would just delete it instantly.
Paid anti-viruses use too much system resources and don't do much more, how can a third party be harder to remove and more secure than an app integrated in the system!
You will get the same issues with absolutely all anti-viruses, once it runs you're screwed no matter which one do you have.
To stop viruses, you have to detect and delete them before they run.
But you told me to use defender..
I've had McAfee, Norton, etc., in years past, and since 2019 I've been using Defender only. Only had a virus once, ...back in '97...using Avast back then I think. Anyway, ...I thinks Defender is as good as any, and it's the actual browsing habits (no illegal downloads of movies, no opening attachments on emails from unknown senders, etc.) that keep you virus free more than anything else. For a user like me, defender seems good enough (and the price is right).
Today the question is what causes more problems, the antivirus or the virus? Most commercial antivirus programs pester the user non-stop with some questions, pop up dialogs and want to sell you more protection and so on, as if the user only has a computer to deal with the antivirus program. At the same time, they detect a lot of false positives for completely legitimate programs that have nothing to do with viruses. Of all the antivirus programs, I would say that Windows defender is still the most useful and no-nag, maybe not the best, but which antivirus is the best? I might also recommend NOD32.
This is nonsense.. if Tamper Protection is on (99 percent of Enterprise Environment it is) none of these would work.
Microsoft Defender does the same or better job than all the other anti-virus software for Windows. Because it's better integrated into the OS kernel an offering a much smaller attack surface than the other snake oil out there. Sadly I can't install it with "apt install microsoft-defender" on my system. Me not running MS Windows because you can only buy a usage license and not own the software, you are not allowed to look into the software to tell what it does and you are not allowed to change and fix it. It's not you controlling the software, but the software controlling you. But Microsoft has very skilled people working there and from the bits you can see from the outside they are doing a better job on anti-virus than the others, but it's still snake oil and you have to trust Microsoft blindly.
Kaspersky is superior to Defender.
@@portman8909 lol, technically partly yes and no, but in summary even worse. Installing Anti-Virus is like installing a backdoor for the good guys (and bad guys knowing 0days). You already trust MS as good guys, otherwise you wouldn't have this OS, but trusting another company as good guys (espacially Kapersky) and letting them do hidden things on your PC is opening another chapter of the story.
I have a question, disabling windows defender,will it also disable our paid antivirus software like K7, Kaspersky etc...
Or only the windows defender gets disabled while doing the gpedit or register ?
Since I want my PC to run with paid antivirus program and not windows defender!
Didn't they discontinue bitdefender free for windows at the end of 2021?
So... What do i replace MS defender with?
DOES THIS also disable windows DEFENDER FIREWALL PROTECTION ?
Hi Chris, wondering how much exposure you've had with EDR? It's hard to see any different AV as more than a lateral move, once seeing those in action. Pretty moot for a home user of course lol.
Win 11 still has it
What do you think about Malwarebytes??? is it a good antivirus for you??
My win10 won't let me run the script, it says it needs permissions. How do I do it?
Ok... So Defender is not good then which one ? Which one we use.?
MS DEFENDER IS ONE OF THE BEST PRODUCTS LISTED IN THE GARTNER REPORT. OF COURSE, YOU CAN BYPASS IT, AND IF YOU LOOK THE OTHER SITES THAN GITHUB, THERE ARE TONS OF OTHERS AV PRODUCTS WHICH CAN BE BYPASSED... SO DON'T BLAME IT BUT DYOR ;)
The problem with videos like yours is that i have not find a well documented video of which is the best alternativ to WD. Everyone is promoting some affiliated antivirus... and most of them are bloatware.
Why would you turn off the protection? I am 45 seconds into this video, and i am going to guess by the time i get to the five minute mark, this video is going to morph into a commercial for a third party malware/virus product. Lets see if i am right. hitting "comment" right now at 3:53
If you install Avast that will disable Defender, and then Avast can be turned off.