I don't trust them not to turn it back on (as happens to all sorts of features after a Windows update), and continue to install garbage I don't need or even wanted. I'm happy on POP_OS! and I'm not going back. Been on POP since January 18th of this year. I gave up on Microsoft when I realized Windows Defender will send over files to Microsoft it thinks are suspicious, and there's 0 audit trail for the files. For all I know it could be just about anything personal or even proprietary company files.
I had other reasons, but that one set me off as the final straw. The other one was not being able to make offline accounts by default from installation, without using hacks.
I was with you right up until you said you didn't like Windows Defender sending a file to Microsoft.
I want my file system to have metadata that (along with things like name, last edited, checksum, etc...) puts all files into one of three buckets:
1. Pre-installed
2. User generated
3. External sources (e.g. Downloaded, transferred from network, transferred from device)
If a file from an external source becomes executable then starts affecting my pre-installed/user-generated files and it's checksum isn't already on microsoft's whitelist, then I want microsoft to quarantine that executable and look inside it to figure out what the heck it's doing to my computer.
Consider this:
No one is uploading your personal files, they don't do anything and trying to look into them wouldn't help anyone avoid viruses.
Only executables are worth looking at.
Every single executable that was generated from an external source has been checked by microsoft. That is how microsoft, apple, google, and every anti-virus provider out there gets new virus definitions added to their virus lists.
If those executables weren't sent, then every single virus definition would be empty.
> If a file from an external source becomes executable then starts affecting my pre-installed/user-generated files and it's checksum isn't already on microsoft's whitelist, then I want microsoft to quarantine that executable and look inside it to figure out what the heck it's doing to my computer.
Yes, but I want an audit log of it all. I doubt they'll ever add this, so I'm not going to blindly trust Microsoft. In my case most files are probably not whitelisted anyway. I download some really huge files sometimes, do those get uploaded too? Do they throttle the uploads and if they don't are they just killing my personal network bandwidth? Like there's too many questions that set me off.
> I download some really huge files sometimes, do those get uploaded too?
Again, they're not uploading all files, they're only uploading suspicious executables, which by their very nature of needing to be fully loaded before they can be executed tend to be fairly small.
> Yes, but I want an audit log of it all. I doubt they'll ever add this [...]
Microsoft already has audit logs to the point where you can even see who's trying to turn off microsoft defender in your organisation and on which devices.
Just remember, they're catering to big businesses who are actually getting attacked on the regular, and big businesses need crazy levels of auditing.
They're going to have more than you can handle.
> so I'm not going to blindly trust Microsoft.
All security is based on trust and nothing about what you've said so far is specific to Microsoft.
Thats not always true. Just today my team was investigating why windows updates didnt install on server 2016 despite deadlines and specific updates GPO's set.
We did have some tweaks as an outcome. But overall these policies have been in place for years. And since 2012R2 and later there have been multiple instances where windows updates policies wont apply in lieu of say... "maintenance windows" features being added to windows, so it ignores policies centered around deadlines etc.
That is fair, I did not know that, I thought this was only respected if you were an enterprise licensed user, but that might be my misunderstanding. Even so, I've gotten so used to Linux, I can't go back. Whenever I use Windows I wind up missing Linux. The only thing holding me on Windows was games, but Steam's Proton has gotten insanely well.
Group Policy is available in any version of Windows from Professional and up and doesn't require joining into a domain or a special license. A standalone Windows Professional install can effect Group Policy for itself and the policies thereof will be respected.
Home also technically has Group Policy, but it's not supposed to and most workarounds to that effect are very janky.
I had other reasons, but that one set me off as the final straw. The other one was not being able to make offline accounts by default from installation, without using hacks.