He is saying that many programs are written to use "free RAM", ergo unless defender is still using 2GB ram when your PC is at your RAM limit you don't have a problem. Every OS does it, let your OS manage RAM.
Unlike linux[1], windows task manager correctly shows "cached" ram as "free" ram. Therefore it's highly unlikely that the memory usage is from the OS caching mechanism.
As for the actual behavior of using free ram, what happens if there are two apps that try to use the same behavior? ie. you have windows defender and a DBMS installed, both of them try to use up all the free ram. In this situation, what makes you think the behavior of "using all the available free RAM" behavior of windows defender wouldn't push out the "using all the available free RAM" behavior of the DMBS", leading to worse performance?
Task Manager does not report memory use by the OS I/O cache, but there's no general way for it to know what portion of process memory is "necessary" versus "nice to have," so many processes have some type of internal caching (web browsers for example!) that they are able to dump but will be included in their reported memory consumption. Windows has several different layers of caching which makes this a bit complicated to generalize about, but that's sort of the point... Task Manager is not clairvoyant, and so if a process has allocated memory other than specifically through an OS caching infrastructure it reports it as memory in use. The OS caching infrastructure is not so general that it covers every need to hold some memory for performance optimization.
Windows has an infrastructure to prioritize memory availability by process, and to notify processes when there is physical memory pressure so that they can act accordingly. I'm not sure, but as a first-party component I would assume that Windows Defender uses these appropriately.
That said, like most real-time antivirus Defender does feel that it is important to complete real-time protection scans and will sometimes do so at the cost of performance. The logic here is that it is important to complete these scans even under conditions of resource pressure, otherwise malware could just do things like cause high system load before downloading a second stage in order to avoid Defender completing a real-time scan.
Unfortunately this does sometimes cause headaches, for example I saw a situation recently where someone ran a tool that opened a huge number of media files on a NAS in order to read their metadata. This resulted in Defender queuing up a real-time scan of probably over a TB over the network since it saw all of these 10GB+ files being touched, with a definite negative impact on performance. I still wouldn't give "exclude network mounts" as general advice as some people do, but that's an example of sort of a pathological case for real-time scanning where you probably want to exclude it.
The problem with this shortsightedness is that if everyone is trying to grab free ram and then drop it as soon as anyone else asks for it, you'll end up in some sort of merry-go-round of applications allocating and deallocating between each other. Or, as per Chrome, swallowing up everything and you have to figure out which tab needs to be closed.
Only the kernel should be grabbing "free" ram and allocating it for cache.
AFAIK the OS file cache doesn't get counted towards the process's memory usage, so if windows defender is showing up as using 2GB of memory, it really is using 2GB of memory for the app itself.
I have a DBMS, a browser, and an antivirus - all of which would love to have "free ram" that's not currently in use by other programs in order to speed up its own work.
How do I tell the system which of them I prefer (or some rank), instead of letting them fight it out, each of them thinking that they are the process entitled to all the perks of the currently unused memory?
Either they need the memory or they don't. If they feel like they need to store something to save on network costs then they should store it, and the OS will page it if it isn't used often.
The AV doesn't need to take "free ram" except when it tries to guess what the OS will do with disk cache. But by putting it in the AV cache it then prevents other software from using the cache.
Nothing is "fighting it out", there are internal heuristics to understand what applications need that RAM.
This is an internal OS feature of modern operating systems. If you are not capped out on RAM usage, this point is moot. If you are truly running at the RAM cap, to where the OS is paging out memory to disk and you have contention, you need more RAM.
Yes, but the context of this discussion was Q:"why is Windows Defender using 2GB of ram!?!?" A:"It only does that if no other process needs the memory". Which works fine only if there is only one distinguished process.
My point was that there isn't one distinguished process, and that thus -- as you described -- it should be left to the OS to decide and not to Windows Defender.
If there was one, it would be fine.