In addition to the binary injections that eat up way too much of Schuh's time, what is incredibly frustrating is that they have teams planning out these important security features. In reality, they can expect a year for any new significant mitigation.
Followers on Twitter will also find Schuh tweeting about the reality that third-party capabilities are invasive and fundamentally unsafe. "We are trying to work around these problems, but there's no way that AV provider X is investing as much in securing themselves," Schuh said.
The solution? It's not clear that there is one, but Schuh said, "They need to stop doing this. If it doesn't start soon, we will have to take creative measures to stop."
Of course that begged the question from an audience member, "What creative measures?"
"That's where it gets really interesting. Windows 10 added mitigations for blocking third party AV injection. Edge is currently using some of those, and crash rates have dramatically dropped," Schuh said.
There is also aggressive stuff, like going all the way down into the kernel, Schuh added."As much as I complain about AVs, we haven't had significant issues with Windows Defender. It's quite robust. It's interesting because it's one you don't have to pay for."
Because Microsoft isn't trying to rush it's product to market, they can care more about the features in their products. "If I were a CISO deploying an AV program, I'd go with Microsoft Defender," Schuh said.
But as a security engineer, he is trying to work with antivirus to find ways to work together that benefit the entire ecosystem.
Sign up for Computerworld eNewsletters.