Windows/client AV tools have a who-watches-the-watchers problem. If you're trying to detect threats that exploit OS, you need to be even lower level. But if you're lower, then you're an even more inviting target.
Unfortunately, add on that no customer makes a profit off their IT security org. Which disincentivizes excellence and incentivizes feature check-boxing at the lowest price point.
Which ultimately produces a highly privileged piece of software developed on budget salaries.
One reason MS security was a game changer (once the company got off its butt and admitted security was an existential threat to their OS sales) -- they could afford to burn great magnitudes of money to deliver.
(No offense intended to any of the amazingly brilliant non-MS Windows AV folks out there)
Unfortunately, add on that no customer makes a profit off their IT security org. Which disincentivizes excellence and incentivizes feature check-boxing at the lowest price point.
Which ultimately produces a highly privileged piece of software developed on budget salaries.
One reason MS security was a game changer (once the company got off its butt and admitted security was an existential threat to their OS sales) -- they could afford to burn great magnitudes of money to deliver.
(No offense intended to any of the amazingly brilliant non-MS Windows AV folks out there)