not sure if you’ve come across this: apparently Windows Defender has an issue that may create quite a bit of drain on your CPU, if you are running Intel CPUs (issue doesn’t seem to be manifesting on AMD).
See this article:
Apparently, this issue can cost you about 6% of CPU horsepower - quite a bit if you have a busy system.
The fix seems to be simple: using the (free) ThrottleStop utility, the relevant processor registers can be set in a way that prevents Defender from capturing the CPU. And the tool doesn’t need to be run continuously - simply start once after booting the PC, it will set the relevant registers in a way that will persist even when the tool is closed.
I’ll test this over the next couple of days and see if this creates any issues. If you feel adventurous, join me and share results here!
Hmmm, If you really do this air-gapping in a serious way, it may be a valid approach (albeit cumbersome). You still have the risk of infecting your air-gapped system with whatever way you use to get software on it, so I’m not 100% convinced.
I started out like that on my music machines, but over time, convenience (and connectivity in my studio setup) won, and my music PCs are now all connected. I am pretty systematic about updates and active malware protection, and haven’t gotten anything bad on these systems in over 15 years now. My main browsing machine is not one of the music PCs, of course, and I use a virtual machine sandbox for everything I find slightly suspicious…
I had a couple of true air-gapped systems in my IT estate when I was a CIO, and keeping them up-to-date in a safe and trusted way is not a mean task… And all of them had some sort of malware protection installed, in addition to being air-gapped - to make sure that nothing nasty creeps onto the system via other channels of infection (I’ve seen malware embedded in a USB keyboard…).
Well, as the thread title suggests, I usually stick with the Microsoft Defender built into Windows - it has generally proven itself to be “good enough” and sufficiently lightweight not to get in the way of the system too much - with just the exception of the CPU drain issue illustrated in the first post, which was identified recently.
If you want the very least of resource drain, you may want to look at alternatives and possibly spend some money - AV Comparatives is usually a good resource for up-to-date comparisons of malware protection. You can check their specific performance reports - but it makes sense to balance these results with their real-world protection tests.
Overall, McAfee and Bitdefender look like a good balance of protection and performance; if you focus on the performance angle, trying Panda antivirus could be an option (they offer a free AV solution without the “bells and whistles”).
So far, no issues detected, so I’ll leave it on my studio machine for now. I have set it to automatically start with Windows, starting in the background. No specific settings made inside Throttlestop except the “Defender Boost”.
I have been running this on my studio laptop. I have been manually starting it and then shutting it down per one of the suggestions I read. I haven’t seen issues and the performance impact of Defender seems lower, as advertised.