@jcook
I was involved with infosec at both msft and amzn, for couple decades. I’d stop short of broadly recommending everyone on earth to disable AV… But for reasonably tech savvy users, honestly, yeah it’s a reasonably close call.
The AV situation is grim. They use probabilistic detection filters (like https://en.wikipedia.org/wiki/Bloom_filter) to detect “signatures” of malware. But that means occasional false-positives, especially when scanning huge 4Gb+ payloads. And these bloom-filters run as part of the file system driver stack… so that means you burn a lot of CPU with every disk I/O operation, to wash every I/O buffer through the filter. The performance cost is real – have a look at “MsMpEng.exe” in taskmgr, on a stock Windows system… unless you’re mining crypto or doing AI stuff it is typically the highest cumulative CPU and RAM usage of any system service.
And the annoyance factor is real, as we see in these threads – over the longer term, false-positives create a “crying wolf” effect that is harmful to the cause.
Then, consider all this with the context that (most?) modern browsers have builtin malware scanning, for downloaded files… so, classic AV is (a) partially redundant, (b) moderately perf intensive, and (c) cries wolf, with false positives.
Reasons to keep AV: if you live or work in an untrusted network environment (college campus, small business etc) or if you regularly exchange files with others/strangers via email attachments or similar… or if you share a PC with someone in your house… or you’re a gamer downloading dodgy mods from dodgy sources… especially from sources like torrent that bypass browser-based layer of defense.
Ok that last example could be said to cover BMS 🙂 but like others here have said… there have been no problems in its ~20 year history.
I personally do still run Windows Defender, just with an exclusion-rule for ‘C:\Falcon BMS’.