I literally just cancelled my McAfee subscription because of annoying constant pop-ups like this. At least this one from Microsoft is a legal notice. McAfee constantly spams you to turn on unnecessary features, and even changes settings periodically to turn things on like “browser monitoring”. Literally worse than old school pop-up viruses.
More importantly, it also never caught a single thing. Windows Defender does fine. My buddy in cyber security suggested them for safety despite how bad they are, but I can honestly recommend you should never, ever, get it. Just keep backups and be prepared to nuke your system if needed, and save yourself a pop-up every other day.
He’s in the IC (and so is the other guy who recommended it), so less “sysadmin best practices” and more “stopping state actors” practices, so maybe that has something to do with it. I’ll tell him the Internet thinks he’s wrong and see what he says. He definitely wasn’t saying it was great at the time, just that it was needed in addition to Defender and was way safer than Kaspersky which is basically spyware.
McAfee is worse than a virus. Constant popups asking for money, and not useful at all. Microsoft defender is more than good enough and probably better than McAfee tbh.
The US intelligence community, or a subset thereof, apparently.
I have no idea his personal skill level or knowledge, but without putting him on blast I know his company has been involved in big stuff. He could theoretically focus more on a different aspect of security and have got this part wrong, I don’t know the details of his job very much by design.
Does your buddy in cybersecurity solve most of his problems by reinstalling Adobe Acrobat and restarting, and if that doesn’t work, muttering about hackers and walking away? Because John McAfee himself didn’t recommend using what the software bearing his name became and was more likely to put a bullet through his PC than install that shit.
While he was living, I don’t think his bullets were most likely to go through another human, but I do believe he was living on a boat because he had to flee Belize (I think?) because we was wanted for murder and couldn’t return to the US because he was wanted for various things there, too (probably including that murder because it was an American).
His advice is only relevant here because his name is on the software, not because he was a good role model. Fascinating guy, but not one to look up to.
Sounds like some people I’ve encountered who really don’t know shit, and have just survived on the ignorance and impressionability of others they con into paying/employing them. Then they just Google every problem they’re tasked with fixing.
Could be. I had the same objections, and brought up how I thought Norton and McAfee were supposed to be garbage. His take was that McAfee had cleaned their act up and was best in class in addition to Windows Defender. I mentioned elsewhere but he’s in the Intelligence Community so he may have reasons he can’t tell me, or just looking at different attack vectors than your average sysadmin. I’ll ask him.
Oh man I totally forgot about this, thanks for the ping.
He said:
“Reasoning? Sigs are only as good as their aperture. McAfee is on a lot of a boxes, catching stuff and creating new sigs. They also have a large staff of very talented people out there finding stuff and creating sigs.
The app does annoyingly keep trying to upsell you. Do they say why it sucks or is it just contempt for the company?”
Which is a valid question. I didn’t actually see anyone say why it sucks here. Literally everyone just said he’s dumb and outdated, when his original advice to me was:
“McAfee is an industry leader. Not bloatware anymore. Can buy for all your devices including phone (one purchase). Defender is excellent. No one solution is better than layered defense. I run defender, McAfee, and fireeye. Malwarebytes is good [this was in response to my earlier question], but you get what you pay for. Kaspersky is sus enough that it’s not permitted on usg or contractor machines. John is insane and may have killed someone. He’ll be found dead with a hooker and enough coke to take down an elephant.”
Then months later when I bitched about paying for it and asked if I really needed it, he said I had to get it because the signatures come out weekly.
So actually curious what other people think. I’ll link this comment to other people who pooh-poohed it and ask why.
I recently made the mistake of installing Avast, and it does the same annoying garbage. The actual settings are buried under a metric shit ton of “Did you know that…?” pop-ups that appear every single time no matter how often you select “do not show me this again”, and it constantly urges you to buy the “premium” version for extra features that are literally useless to me.
And it was a pain to uninstall as well. Some files survived the official Avast uninstall AND separate uninstall from the Task Manager, and messed with the Windows Defender, which was unable to recieve updates for a while until I found and nuked the hidden residue of Avast.
Shit like this is why I switched to OpenOffice and then LibreOffice all those years ago. LibreOffice is just as good for my personal purposes and I'm never going back to MS Office. Unless your work specifically requires something only Microsoft's product can do, I highly recommend LibreOffice, I use it every single day.
I switched to OpenOffice, and hated it. But it was free, so i used it. Then tried Libre, it was better… But it will was not Microsoft office. Then years later i had to use Microsoft office for work (it was Alli was allowed to install on the work computers) and realized how much i enjoyed using Libre over Microsoft.
I'll never forgive Microsoft for LOCKING me out of my own computer, during a recent update. I was FURIOUS. Something to do with Bitlocker or some bullshit.
Also, the whole point of the TPM (when I looked it up) was to not tell anyone, including Microsoft your decryption key. It’s so the user has ten chances to enter a short PIN or password and then it unlocks the device. That way not even Microsoft or the police can unlock the device without a tunnelling electron microscope with which to crack the TPM.
That way, you see, getting into a device is expensive and something law enforcement would not be tempted to do without an ironclad warrant and maybe a national security reason.
That Microsoft can ask TPMs to break their T makes them not T-worthy enough to be called a TPM. More like a Microsoft Obedience Chip.
TPM is meant to enforce DRM, not protect your data. They advertise it as a feature to protect users because it wouldn’t be very popular if they outright said that the whole point was so that your computer could process data without giving you access to it.
And now Google wants to use it to remove user control of browsers because users like to block ads.
You don’t have to give Microsoft the key (unless you want the “backup” option) but the OS has to have the key locally while it’s running in order to be able to read the data on the drive (and also write new data).
In typical usage The TPM holds the key, but it’s the OS that generated the key and encrypted the drive in the first place. I don’t know the technical details but the TPM recognises the OS install that programmed it and will only automatically unlock and provide the key for that. If you change it by swapping the drive or booting to a different device it remains locked and any alternative OS requires the key to be entered manually.
it happened to me, the computer had a firmware (BIOS) update and it reset the TPM holding the decryption key was wiped.
But anyway you had a backup of the decryption key, right? Right?
(The reason microsoft insists so much on having everyone login with microsoft accounts is that bitlocker encryption keys are uploaded in the cloud so you if you follow the link on the boot error message, you can unlock your drive)
(a “side effect” of this automatic encryption key upload on the cloud is that your drive is not encrypted for law enforcement)
Yeah I think so, like it ask you where you can to store the key and if you want to upload a copy or something like that it has been a while since I did setup the encryption.
That said OMG there should be a nicer way to introduce the damn key on boot… with a USB or something I had to type it so many times when I was fixing a booting issue.
On Windows 11 when you sign in with a Microsoft account and the device fully supports bitlocker, it starts encrypting the drive without any user consent or acknowledgement. It did so on my laptop
Only with a local account you’re prompted to save a backup somewhere else, and it’s picky, doesn’t let you save it on the drive that’s going to be encrypted
Idk man… maybe is a recent change or something but on my three devices I installed Win 11, I activated Bitlocker after a while, it was not activated on my install/login. So my experience is completely different it didn’t start encrypting without consent. And to be clear I have used Microsoft accounts on all of them.
On my Lenovo laptop my drive was encrypted without my consent, I was very pissed (due to a bug that wiped the tpm during a firmware update, I had 20 minutes of panic because I had no idea what was the bitlocker decryption key)
It seems to be a behaviour particular to portable devices. I’d argue encryption by default is a good thing on a device that’s more likely to be stolen (and the identity theft implications that brings) but clearly it needs to be better communicated to the end user.
I reinstalled windows 11 recently and had to manually re-encrypt the boot drive, which also prompted me to save a copy of the key. I had the option of backing up to my MS account, saving a txt file (which it refuses to let you place on any encrypted drive, even if it’s a different one to the one you’re encrypting at the time), or print it (which can be to a PDF you can save anywhere). It’s possible to access the backup options at any time after that as well. I usually take the last option, save the pdf to the same drive then copy paste the key into my password manager then delete the file.
Yes, you have to opt in.
I use a Microsoft account for my user profile, and recently reinstalled windows. I didn’t choose the account backup and so despite signing back into the same account, the encrypted partitions on my non-boot drives could only be unlocked by pasting the key in directly, there wasn’t an option to restore it.
The main issue here might not be the application including its own updater, but the operating system not including a common updater so each application needs to provide one for itself
I can’t speak for everyone but I rely heavily on VBA scripts, dozens of macros, PowerQuery for ETL, connection to azure SQL data, etc. If you work with big data excel is basically a must.
Microsoft threatened me with $140 to reactivate windows because I changed my motherboard, and since this is my 2nd time doing so without reinstalling windows, I can no longer do so for free. I just typed 2 lines into powershell and then it became activated.
At risk of sounding like an insufferable individual, I’ve completely had my fill of Microsoft. I’ll have to still use it at work, but I’m transitioning everything into Linux.
What finally made me make this decision is when I read about Microsoft’s vision to make the Windows OS completely cloud-based.
I’ve also had to fight with Windows 10 so much just not to be redirected into Edge, show me unwanted promotions, or, worst of all, restart my machine without my deliberate consent and in spite of making registry edits (If I leave my computer on overnight, there’s a reason, I don’t care if it’s “inactive hours” or whatever they want to call it.)
Whatever I miss out on by using Linux just isn’t worth the hassle anymore.
The first device I installed Linux on is an old gaming laptop that was so slow that I almost disposed of it. It’s like a new machine now. I’m not sure why, but it just never ran well with Windows for some reason.
Add comment