This is my opinion on the matter, if you don't agree it's perfectly fine.

A message to Microsoft

First off, I want to ask Microsoft to please give more control to users when it comes to "security". Of course this request is not just as simple as "give us more control", so let me explain it in detail.

Trust me, I completely understand that a lot of users are not educated and yet they convince themselves and others around them that they are, which then leads to unexpected and catastrophic results.

Arrogant users will blame the OS for something that is their own fault, and I'm assuming that's why you, Microsoft, are enforcing certain security features.

Let's be real here, if an user is arrogant and uneducated, they will always think they know it better than other people. There is absolutely and undoubtedly no way around this, and I will show this more in detail later in other sections of this page.

This means that, even if you force security on them, they're going to get around it, get infected with viruses or get their account stolen, and then blame you or random companies.

While it's completely fine to have those security features enabled by default, you should give the user more freedom in choosing whether to enable them or not, because be it a knowledgeable user OR an uneducated arrogant, they WILL get around it.

The fact that uneducated arrogants tend to fail to comply to what's more well defined as "common sense", it means you also had to make security even harder to "tamper" with or to disable.

Security features mostly decrease performance and add useless overhead that us professionals don't need. I do artificial intelligence, I work as a coder and I'm educated about what to run and what to not run, what to do and what to not do. The fact that I have to use exploits to completely disable security really worries me and makes me think the user is not in charge of their operating system anymore.

How security is often useless

In this section, I want to discuss about how security is often useless.

We talked about how the user should have more control over security features, but what about when people actually want security and expect to be protected by it?

This section is named "How security is often useless", and I don't expect you to take my word for it.

False positives

Protection suites really often claim that something is malicious when it's not. This is an undeniable fact.

Example: Recently, Team Fortress 2 and Black Mesa were flagged as Malicious by Windows Defender and other antiviruses.

Steam Discussions: TF2 update malware

Steam Discussions: Regarding the Trojan/Malware/Virus...

There have also been more cases of games getting false-positive flags, and I won't post all of them here, but you can use the following link to potentially see some of them (and there are quite a lot of them!):

https://www.google.com/search?q=%22virus%22+site%3Asteamcommunity.com

What's even more worrying is that people trusted these false positive at some point, albeit, for example, virustotal was only showing 8/71 detections on Black Mesa (and most of them were AI detections), they uninstalled the game, slandered the developers and claimed they were distributing trojan.

Can you, in general, imagine being slandered for something you've never done and, although there's no proof against you, every single person still believes you're guilty? I think there is nothing else to be said about this.

Below, you will see a screenshot of Avast flagging Microsoft itself as malicious, this happened to a very close friend of mine (reports URL:Blacklist):

Popular tweaker Chris Titus Tech was also victim of this. All the details can be seen in the following video:

As the video also shows, many more things are affected and these are actively discussed in places such as GitHub. Stable Diffusion webui by AUTOMATIC1111, for instance, is an extremely popular webui for Stable Diffusion entirely written in Python. Other innocent projects are also getting false-positives.

As a final note, antiviruses are software, and it is an undeniable fact that all software has bugs and problems at some point. You can't expect antiviruses to be omniscient, they are not, and this brings us to the next section.

Antiviruses are not omniscient

"Antiviruses are not omniscient", what does this mean exactly? This means that you still get infected despite all the "security" measures they adopt.

It is not uncommon to see people getting infected or their accounts hacked while running multiple antiviruses.

Despite these security suites are blocking a lot of innocent stuff, they still often cannot block actual malware, which is extremely worrying.

You don't have to take my word for it, I have a whole Discord community proving this.

In my Discord server, there's quite a huge hidden channel in which all the automod and altdentifier logs go, and if I were to dare to open that channel, I would see this mess:

Malicious links, forbidden words and nicknames in the image have been censored.

What exactly are these? These, ladies and gentlemen, are hacked accounts. They're everywhere. If I were to scroll up in that channel I would have more and more and more, they never come to an end.

These accounts are from people who run random things and put their credentials in places they're not supposed to. You can make security as strict as possible, but you can't change the way these people think, not a chance, they will still get around it and do it. We have a "forever banned" policy when these things happen, because, in my experience, people who get infected because of their mindset will most likely get infected again. The best predictor of future behavior is past behavior.

For reference, the following video has been made by No Text To Speech:

You can easily assume that this also happens with other malware or malicious things, because antiviruses are not omniscient, and there have been multiple instances in which even some of my friends who are extremely obsessed by security have caught a malware by downloading and running things they were not supposed to run. Some of them essentially said: "antivirus didn't get triggered, so I assumed it was safe to run".

Security mitigations

I have seen plenty of people still successfully running malware and getting infected / hacked while using security mitigations, memory integrity and virtualization based security. It is obvious that they often don't protect you from dangerous user behavior such as opening random files. It is worth nothing that these mitigations also have a bigger impact on performance than you would expect, and they tend to cause a load of problems ranging from microstutters and other issues related to how smooth the system behaves.