200 comments

[ 3.2 ms ] story [ 258 ms ] thread
Microsoft need another expensive EU lawsuit. This is very similar to the things they have already paid a lot of fines for in the past. It seems that wasn't enough.
You based your business on a proprietary platform. No formal contract was covering your rights. What are you complaining about?
Illegal anti-competitive behavior, perhaps.
Legally you're correct, but where's the sense of fair play?
So you can't complain now? Microsoft is pushing its own (inferior) solution and making it harder for other vendors to compete. While we can debate whether it should be fine for them to do that, there are laws limiting monopolies from this kind of (maybe not this exact case) behavior.

Also, it works the other way around - you wouldn't need to complain if there was a formal contract.

You may not have any legal recourse, but you can certainly complain. It's reasonable to expect companies to adhere to standards of decency and respect. If they don't, complain or they'll never learn. Also, PR matters, so complaining loudly does impact policy.
I don't get the MS strategy. They became popular because they made it easy for developers to build staff for their platform. But then they started morphing their platform into some kafkaesque Labyrinth of new hip and then soon to be retired libs/frameworks. If a developer is brave enough to master this he will then be disappointed trying to monetize it. The Window store (or whatever the current name is) is like a combination of itunes and the play store, but only the downsides mixed together.
Because Grandma's computer is full of malware and antivirus programs that make it unusable and her grandkids are telling her to just buy a Mac next time.
> ...If a developer is brave enough to master this...

Knockout/Angular/React/Ember/Backbone devs are staring with amusement :).

Microsoft is creating walled garden and has all right to do that... for some sectors. The most problematic for me is public sector (gov) because they are forced to use Microsoft products by their own agenda, others are free to choose and I believe they do that...
Public sector can always go Linux, as it already happening everywhere. There's no need in great UX, just good enough one to perform their functions. For many even a thin client working with cloud-based apps is good enough.
I think that the unfortunate truth (well IMO) is that if you want security and/or privacy then Microsoft is not the company for you. They have shown many times to be in bed with the NSA (http://techrights.org/wiki/index.php/Microsoft_and_the_NSA) and I'm sure other spy agencies and are becoming less open and friendly towards developers and it's users. It is bad that these decisions are effecting businesses but we can all make the change by moving towards more open operating systems and companies that give users and businesses back their freedom, privacy and security.
Seriously. I don't need to add the Kremlin into the mix.
Please tell me again how this "new" Microsoft is so much better and more ethical than Ballmer's Micro$oft.
Well, you can run .net Core and MSSQL on Linux now and get more servers moved away from Windows, while still being trapped in Microsoft's walled garden. Yay?
Gates's Microsoft. This is a Bill Gates move all the way.
Microsoft has a problem - poor 3rd party software and drivers make Windows extremely unreliable. Microsoft takes the blame, and Windows looks unreliable. Apple takes a different tack, they simply lock down their APIs and ecosystem to avoid this. Is Microsoft trying to go the Apple route - but maintain some openness? Giving 3rd parties core low-level APIs is ripe for chaos.

I had to install Kaspersky on my main laptop since some VPN software imposed a policy that it installed and up-to-date to connect to a contractor's secured network. It was absolutely terrible. It killed my battery, slowed my machine, killed my TCP stack at one point, interfered all the time, and became generally unbearable. It frustrated me so much, I now do all network operations via a secured VM to avoid the Kaspersky curse on my main work machine.

>Is Microsoft trying to go the Apple route - but maintain some openness? Giving 3rd parties core low-level APIs is ripe for chaos.

Giving 3rd parties access to low-level APIs also gives your OS ability to be used in versatile and innovative ways across the board. Also gives the ability to 3rd party software companies to allow you to add tooling and customization to your OS so that it does exactly what the user wants. And making you grow into the largest dominant OS out there.

On the other hand, I need to download more and more applications outside MAS on macOS because the sandbox doesn't even let basic apps like a custom file explorer to function properly, making a platform really usable only for a few use-cases the original vendor thought of.

And you are an educated user. I'm sure millions of users have the same user experience, but don't know why their Windows works so poorly. This happened because a few years ago they downloaded some software from download.com to "fix" a computer issue and unknowingly installed 5 antivirus packages that now compete for computer resources (or worse) at the kernel level.

Microsoft is damned if they do, and damned if they don't fix this for their users. Maybe Kasperski is collateral damage in this effort, but I think Microsoft is right to use the Windows 10 upgrade as an opportunity to try and remove these mostly terrible software from users' pc's. Let Kasperski convince users how their software is better so people actively choose it over Microsoft's solution. I do this with Chrome too: as long as it's better I reinstall it every time no matter what Microsoft tells me about Edge.

A lot in here about Defender/Microsoft Security Essentials.

> [MSE] doesn’t have: parental control, built-in VPN, webcam protection, password manager, backups, exploit protection, protection for online banking and online shopping, proactive protection against future threats and dozens scores hundreds of other features which are all useful in providing maximum protection and a better user experience

That's exactly what I like about it. Stuff the "user experience": I don't want an AV product that tries to run my life for me. (I don't want Windows 10 to do it either, which is why I tried it for less than a week and went back to Windows 7.) AV products are bloated, difficult to use and always in your face when they should just silently remove viruses. Which is what MSE does for me.

Nice, so you are the MSE target audience... Problem is, they don't just target you, they also target others without informing them of the lesser level of protection MSE provides.
Yes, I believe developers are not the primary target audience of any AV. Common users will benefit from the additional features and better protection of 3rd party AV solutions more.
> proactive protection against future threats

Does this mean heuristic analysis? Because apparently MSE does that: http://answers.microsoft.com/en-us/protect/forum/mse-protect...

MSE does it, but its engine is among the slowest and worst on the market. It's really the only downside.
Moreover Windows has built-in-VPN and parental control stuff. Maybe not as advanced. And MSIE has SmartScreen that provides some protection for web.
Exactly. 99% of the "additional features" are pure, useless bloat and I don't want to pay for them.

If Kaspersky had an offering that combines their definitely superior scanning engine with Defender's/MSE's stupidly easy and unobstructive UX, I'd buy it in a heartbeat.

(Well, maybe not a heartbeat. Would be nice if their website worked without enabling JS and didn't ask me to download PDFs afterwards… seriously?)

But I think the point is the user should decide if they want this bloat not Microsoft. I agree I would never use kaspersky or norton or any other system like this, but there are people who do want to use them. It's the individuals choice to use these systems, not Microsofts. But this is the model Microsoft are going towards and if we don't like it, lets stop using and promoting them.
Sure, Windows 10 is a trainwreck. But that's no news, and antivirus solutions have been bloated shit for much longer than that.
> the user should decide if they want this bloat not Microsoft

The average windows user hasn't a clue whether a piece of software is bloat, or really important

One of the most common issues I come across when fixing PCs of friends or relatives is "my antivirus thingy says I need to buy it or I'll get viruses" and my solution is always the same: uninstall whatever version of Kaspersky, or Norton or AVG shipped with the machine and replace it with Defender/Essentials, which just works, and more importantly, is practically invisible while doing it. Frankly, the tactics used by AV companies to try and scare users into buying their software are downright immoral.

Microsoft is losing out to Apple, who have no qualms about deciding what you can and can't have on their platform (Flash anyone?). From a marketing point of view I can definitely understand why they would do this.

Yes

For every legitimate product/service on Windows platform MS has to fight a tsunami of crap, which reduces battery life, prevents shut down/sleep, increases startup time, etc, etc

Especially with sw breaking between versions (even from major vendors) because they never followed best practices

The fighting battle he mentions is also being fought by MS, against a lot of enemies as well

Many people do not really choose, but get these alternate AVs installed by sneaky opt-outs together with their mouse mat drivers (!).
I feel like the perfect compromise would be to separate the definition and engine/UI components and allow some interoperability between the two. So if I want to, I can use Kaspersky/McAfee's definitions (probably on some kind of paid subscription), but the engine/UI is Defender, so no bloatware or nag screens. Conversely, if I want to, I can install Kaspersky for whatever extra bits they do, but still fetch the latest definitions from Microsoft.
It also doesn't have: TLS MITM, adware, a bundled rebranded version of chromium with the same-origin policy turned off, privdog, a bundled password manager that has a bug allowing remote code execution through <img> tags and all the other things that came with many AV products over the past years.

I'm not completely devoid of sympathy for Microsoft here.

That's irrelevant to the main point, though: that Microsoft isn't giving users a fair choice between its product and the others. Instead it's causing users to switch to its own product in a misleading and anti-competitive way (is the point of the article).
Not exactly, we have all been dumping on Microsoft for having terrible security and they have what essentially boils down to a public health problem for their entire ecosystem. Then, no one knows what they are adding as AV, much like injecting unreviewed vaccines.

They are making decisions to scan anyway and enable their solutions whenever they can because I won't stop and ask users which crapware they installed to supposedly scan their system before telling them to give up on windows.

I find it very funny that Kaspersky claims Microsoft was a security leader when they were in a total downward spiral but is unhappy now that I have to think twice about whether my recommendation to switch to Linux is out of date advice.

I don't have a good solution for maintaining an add-on AV market and actual security.. But pushing them to just do the bundleware and not be the AV is a pretty good solution for Microsoft and their users that financially Microsoft pays for instead of profiting from. Still, it might be too late for them to retain a position on consumer devices of any sort.

Microsoft absolutely IS facilitating a fair choice, what they're doing is making it so that consumers are left "in a lurch" where they have to re-up their licenses or end up with a totally unprotected computer. Please read on, I will explain.

My experience just last month: you cannot run 2 anti-virus systems at once, they all aggressively lock out their competitors. McAfee causes Kaspersky to crash, and in the opposite case a lot of scary looking warnings go up. Imagine if insurance was done this way, or home security, or even physical security.

Most fields of personal security allow for overlapping coverage. Anti-virus products explicitly try and avoid this and then use that to their advantage to force you to re-up, paying for coverage. Defender is the default option that steps in so that consumers CAN take the time to make a rational and educated choice.

Because most consumers with anti-virus software didn't choose it! Anti-virus vendors compete much more at the level of securing hardware vendor contracts (or eking out an existence in counterpoint to them).

This is REALLY important and is a case where Microsoft is actually being very progressive and pro-consumer. Anti-virus software, of pivotal importance for windows users, is now on even footing with games and word processors. They must compete for consumer attention and affection and demonstrate value and cultivate consumer loyalty. Even if Kaspersky is one of the better actors in this space, it's a space fundamentally toxic to consumers.

I was about to post this quote; it's amusing to see it within the first 13 comments.

I am sympathetic to the author's UX arguments, but it has always seemed to me like the OS vendor was clearly the party whom I wanted to handle my virus protection, if any. I'm already obliged to trust them and they're in the best position to do the job (API access, etc.)

If you as a third party want to convince me you're better at protecting my computer, you've got an uphill battle considering the hacks necessary to do the job (and it never seemed like lots of AV API support is the answer, since you could just build first party AV functionality instead with better integration). Also not convincing: hundreds of non-AV features like a password manager.

"Better user experience" would not be the way I describe it.

I completely agree.

This and the introduction of hostile upgrades on Windows 7 was the reason I actually switched to a Linux based operating system (Xubuntu), with my old Windows 7 as occasional virtualized guest operating system for old applications.

I was never happy with Microsofts product policies and aggressive strategies, but I accepted them since they did not cross the lines too much. Also, I thought the barrier to switch was much higher.

It is not. There is no reason not to switch away from proprietary, closed OS such as Windows or Mac OS these days. Unless you are really a fan, of course. But then you are willing to pay the price.

As OSs go I agree, Linux is a viable and in many ways a better alternative to MacOS and Windows. But there are still quite a few thrid party apps that do not have good Linux equivalents.
Side question, off topic: I am seriously considering switching to Linux (Windows slow, auto-updates outside my control). I'd start with a dual boot and see whether i will miss some apps.

My sticking issue is mailbox. I like local email storage bc of responsiveness, offline use, as opposed to web ui. Is there an email/calendar client that can work on windows and linux, and update the same file? E.g if i sent an email on Windows, and now i am on Linux, i'd like to see it in my sent folder. Any tips?

All imap clients operate this way. They sync from the server so you have identical representation of you mailbox and its folders on all devices. Once the sync is done, they can operate in an offline fashion.
Agreed. I was going to say, on passwords, I have Lastpass for that. I'll stick with my non-bloated MSE thank you very much.
Anecdote time.

A couple of weeks ago, my neighbors asked me for some help with their printers. Their wifi printer had suddently stopped working, then they bought a new one (which of course costed less than a ink cartridge) which also didn't work.

After the initial shock of dealing with windows 10 (I hadn't used windows, especially a home version, for years), I found out, by plugging a cable, that the printer actually worked just fine. Checking the wifi router admin page showed that the printer was correctly connecting to the network.

At that point I suspected firewall issues. The Windows firewall control panel was disabled claiming to be managed by the antivirus. I looked at MSE, and it was also disabled. I asked my neighbors and they said that they had been using MSE but McAfee had somehow appeared recently on their computer (possibly sneakingly installed by some unrelated application).

And of course McAfee was there, already demanding protection money. I uninstalled it after clicking through dozen of scary popups warning that the computer would be overwhelmed by viruses, my bank account emptied and my identity stolen.

Immediately after that a popup appeared from Windows system tray telling me that my computer was unprotected and I should install Avast immediately. I quickly got rid of that only for yet another popup to appear (for some AV that I had never heard of).

Eventually I managed to get rid of all AVs, re-enabled MSE, and suddenly the printer started working again.

I think MSE should really just treat every other AV as malware, although I'm sure MS would get a lot of backlash.

This is part the AV/FW vendors fault, part Microsoft's fault. Yes, on Windows the security products are too often as nasty as the malware they claim to protect you from but Microsoft has failed to design a sane security experience that works with legit 3rd party vendors.

Currently on Windows 10, it's surprisingly difficult for "normal" users to know if av/fw are available by default and how they work. How the built-in security works with 3rd party solutions is more confusing, even for power users.

I've lived through and heard about this so many times that it stopped being an anecdote for me a long time ago; it's just how hostile most of the 3rd party AV applications are.

They, IMHO, should be given no system access and should only be allowed to implement something like IsHarmful(s DataStream) (bool, string) - maybe a little more and that's it.

The thing is, modern antiviruses rely on context to classify data as malware or not. It is fine if antivirus.exe is trying to remove itself; not so much if it is being removed by calc.exe.
It's much more useful to look for suspicious behavior than to try to classify streams of data as "harmful".
My parents Windows laptop came with a free copy of McAfee, which rendered it COMPLETELY useless. That is not an exaggeration. It wasn't a fast laptop but it should be able to browse mails and Internet. It couldn't. After Uninstalling the AV software it was like I had replaced the HDD with an SSD. I will never ever use any 3rd party AV software. It's just glorified bloatware as far as I'm concerned.
I'm upvoting because I agree that, in my experience, you get no more than what you pay for in relation to anti-virus.

Those free AVs and ones bundled by mega ISPs? Prepare to pay in computer resources, and even then your protection is probably only mostly adequate.

The only true anti-virus is awareness and user education. Risky behavior and unwise reactions to suspicious emails are the two infection vectors that secure software can't stop.

This has been my consistent experience with McAfee in particular. I worked for 4 years in low level tech support, fixing computers for people that were sold in retail. We were required to recommend Anti-Virus software to our customers, and the whole store consistently recommended Webroot (which we sold) not because it was particularly good, but because it was the only option we had that didn't slow the machine to a crawl. Replacing McAfee with almost anything else on the market felt like it doubled the machine's speed.

I personally haven't run antivirus software for years on my own machines. I recommended that all of my customers learn basic security practice instead, and reminded them that the antivirus program they used is there as a tool to help them, and not a replacement for safe browsing.

To be fair, kaspersky is better than the others. It screws up hour machine much less than most av programs.
Mine too.

Mother-in-law called because she could connect to Internet.

Turned out McAfee was just demanding their protection fee.

So: McAfee bad. Cannot speak for Kaspersky, haven't used it for years. Defender is OKish.

But one that I sometimes recommend is Vipre from Sunbelt Software.

My builds are slightly faster with it and on one occasion it took down an infection that no other AV I tried managed.

(Of course this can just be because the malware writers didn't care to code in resistance to it but then again it supports Kasperskys claim that diversity is good.)

Do I sense a possible previous GS Agent? If not, I do remember those days well. Clients would constantly come into the store because the trial version of Norton/McAfee etc completely broke the machine's network stack.
Once an agent, always an agent. :)
I often hear people promoting common sense over antivirus solutions and while I do agree that some degree of common sense is required, there are still a lot of attacks that can bypass safe browsing.

In the past we've seen malware injected into ads that then load on legitimate sites. Hosts get hacked too and their sites can then be used to serve malware.

You're right to teach your customers safe browsing habits but they do still need an antivirus as well.

Disclaimer: antivirus solutions are not perfect either. Particularly with new attacks. So while I do advocate using them it's also good not to take them for granted (e.g. assuming you can get away with running any old binary you've downloaded from Limewire because you have an AV installed). The best approach is common sense with the AV as a safety net.

> In the past we've seen malware injected into ads that then load on legitimate sites

Just another reason to use an adblocker.

A major part of safe browsing (and safe computer usage in general) is an ad-blocker that defaults to requiring you to whitelist the content you want to let through.
Have you found a workable way of doing that?

I manually whitelist in uMatrix, but it's pretty inconvenient and does not stop attacks coming from domains previously whitelisted/deemed safe.

uMatrix is the best I have. I've accepted the inconvenience as minor in comparison; but previous whitelisting is a problem that I actually hadn't considered. I can't think of any reasonable way to prevent that - even catching changed/new scripts and requiring approval to run them won't help if all you can see are minimized scripts.
I guess you could have a kind of crowd-sourced de-minificarion project, combined with checking script hashes, but I think that would be considered a form of pirating and thus require a lot of piracy-related workarounds. Perhaps one could have a de-minification tool which only stores the steps to deminfy a script, and then you could apply it based on the script's hash.
Back in the 90s McAfee was the best AV around. By quite some margin as well from what I recall. But then around 1998/2000 - i forget the exact year - the AV went from being nimble and reliable to a slow and troublesome mess. It went from being a market leader to one of the worst solutions available. And it seem to happen in just one version number jump.

Ever since then, it's been consistently awful to the point of ridicule. But sometimes I have flashbacks to when even I would recommend it.

Same thing happened with AVG, and then Avast. Fortunately Microsoft Security Essentials came out about the same time every other simple AV became a bloated mess.

The problem now is that MSE doesn't seem to keep up with the latest viruses and hacks. My kids wrecked our Windows 7 computer twice by trying to download Minecraft addons. (First time it installed an ad-bot that was running hidden Firefox windows in the background and swamping our internet connection by loading pages and clicking ads. Second time it was a rootkit that added it's own "recovery" partition to the drive; which it used to reinfect the computer even after I wiped and reinstalled Windows 7.)

Now we have Windows 10 and they all have their own non-admin accounts, so hopefully they can't install anything super destructive.

Weren't you running non-admin accounts on Windows 7? That goes a long way to making sure that any damage can be undone.
Coming in to say the same thing. In my case it was Avast! which says its name through the speakers every 30 seconds while you're using the computer for some reason. I think it also tries to install toolbars in the browser, which is not really the role of antivirus software.

With Microsoft in the OEM hardware business, hopefully the end of this era is coming. Sure, Microsoft's own pushes towards Edge and Office 365 are annoying... but easily disabled without any scary warnings. Maybe Edge is better for people than Chrome, I dunno, I like Chrome and haven't bothered to try Edge.

I like anecdote time!

When I was very young I had this job where I would go to people's houses to repair their computers. What I would often find would be computers so slow to the point of being unusable. After a few months I'd realized there were only two scenarios here:

- Computer full of spyware. CleanUp / Restore and anti-spyware + anti-virus installation would often work wonders for the customers.

- Computer running Panda Antivirus. Uninstalling Panda and installing Avast would always work wonders for the customers. Best thing was when they've asked how I solved their problem so quickly and I replied "uninstalling Panda". "But I paid for it" would be their response, to which I would follow up with a "call them and get a refund".

Anti-virus, what an interesting industry!

The funny thing is that Avast which used to be my go to choice for the past 5-7 years has gotten quite bloated and intrusive as well.

They even bought/merged with AVG which was quite annoying 10 years ago.

So MSE it is for friends/relatives.

I miss the days when one could run the virus scanner once a month and not have it always be on.

In fact some of my Win7 computers behind NAT I run without any active anti-virus.

Same deal with my wifes machine. We just backed up her documents and gave it the ol' nuke-n-pave treatment.

I can't be arsed dealing with that crap.

> Anecdote time

This isn't an anecdote. This is life for many, many users.

I really think desktop computers are too complicated for the average user, and MS should move to a managed application model like apple is doing. Only apps approved by MS will be allowed to install UNLESS you disable this in the control panel somewhere with ample warnings. MS Could then force these companies to clean up their acts.
I had a similar issue with my dad a year ago or so. Solved with a chromebook.
Exactly. Defender is non-invasive and good enough. It's my opinion that most anti-virus software should be classified as a virus - it screws with your computer in ways you don't understand and don't like, and it's usually very hard to get rid of.

Somebody at work went and managed to get themselves infected with some type of bitlocker-type virus a few months back, and so the decision was made to push AVG to all machines. What a PITA. I might as well have gone back to using spinning-rust instead of SSDs for compiling in Visual Studio, until I figured out how to eradicate the AVG tentacles scanning and intercepting everything. And AVG is supposed to be one of the better ones.

If you're able to make a choice (and you consciously choose MSE) that's great. The complaint is that Win10 doesn't give that to most/all users.
Why should system security, of all things, be an opt-in "choice" that people can accidentally not make rather than an in-box concern for the operating system?
Windows has: parental control, password manager, backups, webcam protection (on UWP Apps; hardware-based solutions are available for $0.00003)

Chrome, Firefox and Edge have: exploit protection, protection for online banking and online shopping

There is no such thing as "proactive protection against future threats"

Besides the VPN, why should I pay money for any of this crap even if I do want it?

Windows has a VPN client, too, don't forget.
There are plenty of free VPN clients for every platform. I think the parent was referring to the server.
Kaspersky has no VPN server feature. Its only VPN feature is a client[0] that will auto-connect to one of their servers. So the only thing it really has on the built-in Windows VPN client is the supply of servers.

[0]: https://support.kaspersky.com/12726

>> [MSE] doesn’t have: parental control

Thank the heavens. I mean, seriously, using parental controls as a parent is equal to failure at being a parent in my opinion. They're useless at best (because you can circumvent ANY of them), and instill false confidence in incompetent parents.

Possibly they are useful if your goal is to raise computer-savvy children, however. I never would have learned as much about computers if my school hadn't had ridiculous filtering and blocking software on their networks.

Kind of hard to study for the AP CS test when Bess is blocking the Sun JavaDocs because "hacking"...

"Leave it to Beaver" families are not the only type, nor do children only exist in family contexts. It's rather conceited to make assumptions that assume only the best-case scenarios, or that problems only come from incompetence.

A more recent example I've personally seen is with a foster parent where several abused children were homed together. Their birth parent would consistently break visit rules, and attempt to establish side channel communications (facebook, email) with the kids so she could coach them on what to say in court. They agreed to do so, despite being extremely unhappy about the situation. They were happier in their new foster home than they'd ever been before, and yet they were overwhelmingly complicit with the demands of their schizophrenic birth mother.

Parental controls are useful in such scenarios where the children don't have normal baselines. Not only that, but when given unfettered access to a computer, kids will literally download anything they perceive as fun. Many games, game mods and the sites that host them include malware. Yes, parents should talk with them about safe browsing and downloading, but being a good parent and yet not understanding computers is entirely possible. Simple free software for controlling usage schedules and quantities should be baked into the system.

Pretty much all of the Windows 10's "product that tries to run my life for me" can be disabled and function like any other version of Windows.
More anecdote time! In fact, more like Ask HN time.

My brand new laptop becomes impossibly slow when Defender is on. Is this just me or is it supposed to be expected Defender behavior? When I code, every character appears half a second after I type it. Turn off Defender, and everything is blazing fast.

This thread is full of people claiming how 3rd party AV makes their computer slow and Defender doesn't, but, well, Defender does. Anyone have a clue? I don't mind the idea of running an AV like Defender but I do mind an unusable computer.

My first two thoughts:

(1) Might have a problem! (malware / something)

(2) Might need to let it run and do it's scanning thing for a while 'til it's initialization and/or setup is finished. I've never heard of anyone turning it off and on repeatedly.

Defender can do this if its in the midst of scanning, and occasionally if you are using it while it is scanning this seems to stop it for finish it keep it perpectually scanning (depends what you are doing). My advice, shut everything down, pop up defender and let it run all the way through.

Also ensure all windows updates are done and installed - the background update manager can kill laptops in my experience, so again its best to let it get its job out of the way before using the laptop.

Sort of makes me root for the increasing irrelevance of the desktop.
You're missing the point. It may happen with mobile as well. Actually already started. Remember last news regarding Apple kicking off some apps?
Apple's just downright done this many times in the past. Flux -> "iOS Night mode", for instance. If anything, mobile devices make it easier for google/apple to push options out.
I uttered the same words when, after not booting up my machine for a month due to a move, I got the lovely, lovely message...

"A component of the operating system has expired."

and I was unable to boot any further. still am not. had to turn back my BIOS clock a month in order to "unlock it".

needless to say, a planned install of linux is on the way. I've had enough.

Are you running Insider builds? Because I believe there is a warning when you first enable them that they do expire, and in this case, it did. I've only had an expiration BSOD when my Insider build expired; regular builds shouldn't exhibit this behaviour.
it's funny, I switched to insider builds, then switched _back_ to the regular builds on a stock install of 10, and this still happened.
Oh yeah, FSB agent is talking again.
This is the world people predicted way back when Windows XP product activation first became a thing, and we sleepwalked right into it.
Geez, Microsoft keep shooting themselves in the foot. I feel done with Apple and I'm so ready to switch after the MacBook Pro 2016 dongle debacle & the glorious Surface Studio... but then I read things like this and see Windows uninstalling software without the user's permission (SmartFTP is the Windows FTP client I would use!) and realize that I just can't switch to Windows even if I want to.

Yesterday I fired up Windows 10 in a VM on my MacBook to get some development work done, only to find Windows go straight into installing updates while I'm on battery in a cafe & without my power cord. (But it insists "Don't Turn Off Your PC".) 90 minutes later (!) Windows finally launched... just as I had to run for my train home. I literally couldn't do my work that afternoon, all because of Windows.

What type of drive does your MacBook have?
It's an old school 1TB HDD, because I really need the storage. The drive is full of VMs of every version of Windows for cross platform testing - I actually use my Mac to mostly write Windows software!

Good point though, maybe I'll be happier if I just fork out for a 2TB SSD. But at the time Apple wanted $800 for a 1TB SSD and I wasn't prepared to pay Apple's inflated prices.

You do not just have one choice to go with if you want to switch away from mac.

If you do not like mac nor windows, maybe give Linux a shot? If you care about the mac UI you can make Linux look like it.

For software development and normal usage I do not feel like I am missing out on something by using Debian on the desktop and Ubuntu on my laptop.

If you use some specialised software for design you might want to check compatibility though

I actually quite enjoyed running Windows 10, but have linux installed on all my machines.

Having said that, battery life on my laptops are terrible with linux out of the box.

I'm seriously considering it now. I'm a consumer desktop software developer (making Photoshop plugins) so I'll have to use Windows & Mac at least in VMs, but maybe I can run Linux on the metal.

I haven't given Ubuntu a proper try, except the one time I tried to make my plugins work with GIMP & Wine. Elementary looks interesting as well - their website mentions some of the Apple attention to design detail that I appreciate.

After years of thinking and consideration, I switched recently. And behold... it is great. Just do it - there is so much choice that I am sure you will find your sweet spot.

My suggestions: Xubuntu or Ubuntu w/o all the nasties, Elementary OS, Debian, Arch Linux or a BSD flavour.

Only if you don't have AMD hardware. I bought a laptop with some AMD A10 APU, integrated R7 graphics and a 1366x768 display. Installed Ubuntu to use it instead of Windows 10 because Windows 7 doesn't want to install on a UEFI machine where the HDD is somehow invisible to it and you can't use a USB 3 port because the installer fails to boot and all other nasties.

So I install Ubuntu and am greeted by a broken screen, where 2/3 of the screen are on the right and 1/3 is on the left, like somebody cut a piece of film badly so it's the previous frame and the current frame together.

I asked around and apparently Ubuntu 16.10 doesn't do AMD anymore because AMD didn't write a proper GPU driver, and the old driver for Ubuntu 12.04 (that's from April 2012 haha) is broken totally for new hardware.

So here am I using Windows 7 Pro in a virtual machine on Windows 10 home which constantly bugs me with notifications, is very slow, eats battery and is generally horrible.

Meanwhile my MacBook Air (which only has 4GB of RAM because I bought it with my own money and I'm freelancing and am 16 years old) is laughing in the background...

So, no, Linux is not the solution... :/

This seems to be a problem with the APUs then. I have a Linux-based home server with an AMD CPU that works just fine, and a dual-boot gaming PC with Intel CPU and dedicated AMD GPU that also works wonderfully. (With the open-source drivers. Don't even bother with the Catalyst shit and go straight for Mesa.)
I was literally thinking exactly the same. Apple alienating us, and then when you look back at Microsoft, they're still really haven't changed.

So I'm going to give Linux a real shot, and improve my knowledge of it, as added benefit along the way. I'm investigating now which distro to start with.

For all web dev coding work, there should be no problem.

One of the things MS announced recently was differential updates, so essential updates like this will be a lot smaller and take a lot less time. I still think they shouldn't force them on us though.
Why does Microsoft even allow trial installations of all of these sorts of things? It’s cut-and-dried user-hostile behaviour, as are bundled installers as a class. Microsoft has the power to kill these pieces of software. I wish they would.
How do you determine that a piece of installed software is a trial version, so you can police it based on that attribute ?
The sort of trial installations we’re talking about are ones ones that are bundled with other software or preinstalled on a new computer. Microsoft should be forbidding both.
I've felt like AV software is often worse than the viruses: intrusive, slow, ineffective, getting in the way, and not once detecting anything.

Pretty much all of my "family tech support" is related to the AV doing something stupid like auto-deleting cookies or flashing up big scary messages for something trivial.

However Windows Defender seems to be good for me on Win10 - it just sits there out of the way, I don't even know its running. I LIKE the fact it doesn't have "online protection" or password managers or parental controls or whatever. It feels lightweight and does not cause everything to become 3x or 4x (or worse!) slower like every other AV software I've encountered

Whenever I go to perform family tech support I remove any random AV software they've been tricked into installing and just leave Windows Defender and that usually solves the issues (obviously making sure they are up-to-date on patches & still using 2FA)

Agree, most AV's get in the way of doing their job and are intrusive. As a developer we from time to time have problems with false positives or clashes with some AV's, so the customer gets annoyed and we have to contact the AV to get the false positive removed. Most seem to have a lot of bloat, but in the end get in the way.
Although i agree with most of what you said, Windows Defender is not as lightweight as you think it is.

https://www.av-comparatives.org/wp-content/uploads/2016/11/a...

It certainly feels lightweight though and that is the important metric.
Some might argue it's the only real metric that matters for user perception. That said, if it's hitting your battery that will be hard for user to perceive.
The only AV I have love for is MBAM, not the real-time protection but the plain old system scan.
I just wanna point out Windows Defender DOES have online protection, and it's gotten in my way pretty frequently. Whenever a new steam game is released it interferes with the download (goes from nearly a Gb/s to zero) while it scans the files being downloaded. And then when you start the game up loading times are in the 10 minute+ range because it's analyzing the binary.

You can disable these features though by turning off real time protection (which I had to do).

The greed is getting the better of them. They are so desperately trying to duplicate the success of others that they forget what success is all about.

Fun fact: If you bought one share of MSFT the 23.Dec 1999, you would be down 2 cent today.

Including dividends?
> Fun fact: If you bought one share of MSFT the 23.Dec 1999, you would be down 2 cent today.

They've had at least 2, that i can think of, 2for1 stock splits since 1999.

So that's wrong. If you had invested $10k in 1999 you'd likely have > $35k now including dividents.

Thanks, I forgot about the splits. What if you bought Apple for $10K?

Update: As far as I can see they have had two 2 for 1 splits and one 7 for 1 split. Meanwhile the price of the stock has gone from $3.696 to $107.79. Meaning that you would have over $400K today + dividends.

What if you invested 1 year ago? You'd be down ~10% on Apple and up ~10% on MSFT. Anyone can pick an arbitrary timeframe to suit their argument.
I get their point and Kaspersky is pretty good. However Antivirus products have typically been utter and complete crap, slowing down computers a ridiculous amount and to non technical people it's just "their computer is slow, oh look how fast this mac is".

My father has three freaking antivirus/antimalware solutions installed. Maybe defender could be better, but if it reduces the market share of the nortons, comodos etc then I'm all for it.

Security fixes and improvements should be made at the OS level. And it is: Microsoft, Apple and Linux receive fixes very quickly. No software editor will be able to do better than the OS to fix and stop threats.

I stopped using AV softwares a long time ago for the following reasons:

- It slows down your device (memory, cpu, disk access, etc.).

- It annoys you a lot more than it stops or solves any security concern. I've yet to hear from someone telling me their AV software saved them from an actual real virus... If this ever happens it's probably a damn advanced attack that even the AV software doesn't know about.

- It's extremely hard to remove, especially when pre-installed as a bloatware on a PC. Sometimes it's also installed as an extension of other software (browser, etc.).

- It usually takes wrong decisions (false positive) that lead to broken web pages, legitimate software that stops working, etc. And unfortunately the "standard" user has no way to figure out it's due to the AV. I can't count the number of times I had to work with my customers on figuring out what was making my website or software not run (or even not to install) on their machine. One time I had to write to an AV editor in order for my browser extension to be whitelisted. Never got any answer...

AV softwares can be easily replaced with common sense and a set of very simple rules.

- Have a hardware/software firewall that blocks everything expect what's required (allowing only web when initiated from the machine is enough in 99% of the cases). Every major OS now comes pre-configured with a software firewall which removes 90% of the threats.

- Use a strong email service or software (gmail, etc.). This way you reduce the likelihood that a virus, spam, or fishing email passes through.

- Don't open email attachments coming from unknown or non trusted senders. Even when the sender seems legitimate, double check that the email makes sense (not an unusual behavior), pay close attention to URLs, written language and words. Don't click links without knowing where it goes (domain name, https, etc.). Email remains the most simple way to install a virus or a trojan on someone's computer so be very very attentive when acting upon an email. If you use an email provider (like gmail), report the spam or phishing attack very quickly so that 1/it can be stopped quickly for others and 2/it teaches the Machine learning to do better next time.

15 years I've been applying these rules and I never got any virus without using any AV software. My devices run like a charm (PC or Mac).

While I'm a big defender of freedom and open source, I can easily understand and forgive proprietary OS providers choices with regard to the AV editors.

The thing with the "don't open email attachments" type advice, is that somehow it's not enough (I think it's more complicated actually. You need another bullet point for "keep your browser up-to-date" and/or avoid certain typos of website and certain links. There's several types of traps beyond email attachments) I despair at teaching my old parents how to not get malware infections. They may last a couple of months, but it's only a matter of time before something they do leaves me spending the weekend trying to run virus cleanups. I'm sure my parents' experience is indicative of many other less tech-savvy folk.

But anti-virus isn't the solution either. This happens with anti-virus eating half their CPU. I don't really know a sensible way to let my parents have a windows laptop these days. They use an iPad now, and that's the end of it.

I certainly agree with your top and bottom sentence there. AV software is basically an industry which shouldn't exist (or at least shouldn't be anywhere near as well-known and lucrative as it is). The reason it has existed, is because Microsoft have in been poor on security in general. I think more specifically we can say that earlier versions of windows took an approach of being way too permissive with things like file permissions. It seems to me they've been gradually phasing in more sensible limits ever since, and if they're also phasing out 3rd party AV software, I can see that might be a sensible rationalisation too.

Might be. I'm not 100% sure because, while they are improving general security, the other challenge microsoft has always faced is that hackers target windows first because it's most popular. Previously hackers had a mish-mash of several different AV softwares to stay ahead of. By making every windows machine a highly regularised defender-running target, this might make life easier for hackers.

Funny thing is that I installed ubuntu on my parents very old laptop (from 2001) that lost Windows XP support and it works really well. No virus until now.

I replaced the Graphical User Interface with a lighter one though to maintain decent performances.

It's the dirty speaking of the "poorly washed". Kaspersky is said to faked malware to harm rivals (http://www.reuters.com/article/us-kaspersky-rivals-idUSKCN0Q...). TrendMicro allowed remote command execution on the user machine (https://bugs.chromium.org/p/project-zero/issues/detail?id=69...). Probably Microsoft is right, your PC may be better protected without a AV, using an AD block instead for example. Probably not (I'm not a specialist in the low level stuff anyways). But the point is that MS is fighting with tools it has (in an ugly way). But it's widespread. Apple enforces Safari on iPhones for example. Amazon explores bias in its marketplace (http://dealnews.com/features/Are-You-Really-Seeing-the-Best-...). Kind complicated, but that's how the world is. Doing all for a higher profit. Because of that I'm sure that Kaspersky would do the same if they were in their position. Perhaps a little different, but taking advantage of its size to increase their profit for sure.
After decades of providing us insecure software, are we supposed to blame Microsoft for doing the right thing & getting things _almost_ right?

I have not yet found an Antivirus software which can truly educates the user - there are wonderful opportunities in there for the right kind of company/product. Proactive solutions beat reactive solutions hands down. Like they say "Stitch in time saves nine"

Antivirus and firewall are two apps that I expect come with Windows, so as a consumer who actually paid for Windows 10 I don't care if Kaspersky is whining about this.

As messy as av/fw are on Windows 10, let's not forget how things were before in the bad old days; security products were sometimes as bad as the malware they claimed to protect you from. Remember when you helped family and friends and how Norton was so difficult to remove it required a dedicated removal tool? Remember the countless of cleaners that used all kinds of scummy advertising techniques to trick users into installing them, often decreasing performance and safety?

As the "computer guy" for a lot of people, I'm glad that AV+FW are included in Windows 10. I am, however, disappointed how sub par they perform and how user hostile they are.

On Windows 10, the firewall is completely opaque and Microsoft decided to remove the firewall icon from the tray. So users naturally don't know if it's installed or not or what it's doing. Also, it's buggy as hell because on more than one computer I've had to keep resetting it to defaults simply because it would regularly stop ALL outgoing connections. Took some time to figure that one out and for most casual users that would have been impossible to solve, especially since there is no freaking firewall icon to click on anymore.

The antivirus has a more visible and sane presence but performs poorly in the independent AV tests. For some reason it changes names more often than a porn star, further confusing users. The blog post fails to mention Microsoft Defender, the fifth incarnation of the AV on Windows 10, so there are five different AV that Microsoft offers/has offered.

Microsoft needs to improve the quality of their built-in security products, both how successful they are at protecting users but also the overall usability experience.

this is why i don't trust microsoft azure. I recently had to watch a marketing guy trying to sell me on azure, every second slide had a big, bold OPEN sign on the upper right. An truly open company does not have the need to stress every second slide that they are truly open. I tried using the service-bus (it was not my choice) and stumbled up on https://github.com/Azure/azure-sdk-for-java/issues/465, it is open since february! Node.js and the Rest-API were not working either and i could not use the c# library from my mac since important DLLs were missing.

It was a scary experience and it will take some time until azure will gain my trust. What would help is entangling microsoft and azure into a s structure like google has done with alphabet. With the current structure clashes of interests are inevitable.

It's interesting to know that even 'large' companies like Kaspersky Labs are affected by this centralization of software.

In startup land this is common - I've seen so many bootstrapped startups fail because they were out-spent or their market was monopolized by big companies or big VC money.

Sometimes it feels like we're going to end up with one giant tech giga-corporation that will just own everything and everyone will be employees of it.

> Microsoft has even limited the possibility of independent developers to warn users about their licenses expiring in the first three days after expiration ... this is the crucial period during which a significant number of users seek extensions of their security software licenses.

So it's about profit, because the AV companies lose out in their historically most lucrative period to keep paying users.

From my experience AV software makes life of small developers targeting Windows platform harder, so an argument can be made that Microsoft is actually helping independent developers by improving installation and update experience.

We often need to deal with user problems because the installation or update process was blocked by AV software without any user visible message. Also often an application is incredibly slow for some period after the installation because AV is doing some additional scanning/blocking (again the user is not informed about this and blames the application).