Microsoft Windows Defender: still any good?

[Eagle Creek]

It's January 6, 2005. After the acquisition of GIANT AntiSpyware by Microsoft, Microsoft introduced "Microsoft Antispyware beta 1". Several builds have been released, and although it still was a beta product many people were enthusiastic about the product.

At the RSA Security Conference Microsoft announced the product would be named 'Windows Defender', and would be available freely for every user of a Windows NT product, starting with Windows 2000. The program entered now the beta 2 phase which meant it got a facelift and several improvements under the hood.
Several companies and schools installed it on their machines, despite the fact it was still in the beta stage.

In October 2006 the product was finished and would support Windows XP, Server 2003 and Vista (yes, they did drop Windows 2000 support). The product was going to be integrated in Windows Vista also, part of the basic system security.

What it does
---
Windows Defender is made to be an all-round system protection tool. It runs in the background and continually protects the user from the installation of malicious add-ons, drivers, auto run items, and other potentially unwanted changes. It also scans the computer now and then, looking for malicious programs. It also scans all the files a user downloads, but only when the downloads are with Internet Explorer.
http://upload.wikimedia.org/wikipedi...nderHotbar.png.

In Windows Vista it blocks, in cooperation with UAC, all start-up programs that require administrative permissions to run.

Although Microsoft made an antivirus program in the past (Microsoft Anti-Virus for MS DOS), Windows defender isn't. It's primary task is to indentify malicious software, known as malware, and protect the system from unwanted changes. Users that want to have a full system protection were encouraged to buy Windows Live OneCare.

However: both Windows Defender and Windows LiveOneCare are going to be replaced by "Morro". Maybe better known as Microsoft Security Essentials, this new product (which is going to be freeware!) is going to be a full "free antivirus software created by Microsoft that provides protection against viruses, spyware, rootkits, and trojans for Windows XP, Vista, and 7". Basically it's going to be capable of full system protection, when talking about malware, in the same way other AV supplies do.

For now, we still have Windows Defender. And what I'm wondering: does anyone still use it?
People were very enthusiastic about Microsoft Antispyware in the beginning, but nowadays people only seem to be shutting down Windows Defender. I manage quite a lot of computers (both profession and personal), but I never ever have seen Windows Defender catching something. Neither do I know about occasions where Windows Defender was capable of preventing a system from getting infected, or cleaning up a system afterwards.

It just seems to be “the little wall in the sys tray that sits there and sometimes gets a turning wheel”.

I disable it at the systems I’m working with: either because I don’t find it useful, or I use other protection, but keep it enabled at systems I manage for other people that don’t want to have all kinds of extra programs. Nevertheless, like I’ve said, I never saw the program doing something useful.

What about you? Do you still use Windows Defender? And did it actually defend your system? And when Microsoft Security Essentials will be released, will you install it?

OneCare will be discontinued by the end of June 2009 and Windows Defender will be discontinued by the end of summer 2009. Current users will continue to get the latest Malware definition files until the end of the summer.

[Zyrtec]

Hey,

I run Windows Vista Business with SP-2 [and all the latest MS security updates and patches] and I have kept Windows Defender installed [well, there is no way to remove it on Win Vista anyway, right? ].

I used to run KIS 2009 [paid version] on one of my PCs at home and when I first installed it [KIS, I mean] I used the default settings without any further tweakings. Even when KIS sort of recommended disabling WD during the installation I did not follow its advice and I kept it running.

Then, I visited EICAR.org to test KIS 2009 but using the SSL enabled protocol https tests.
Here, KIS successfully blocked the eicar.com and eicar.com.txt strings but it was WD and not KIS 2009 that blocked the next two tests [ eicar com.zip and eicarcom2.zip].

I know you will answer me that those two files are not really malicious but at least I was able to see WD in action on my PC. That made me change my mind regarding it and now I keep it running at all times. Now, I run it alongside Eset NOD32 v.4.0.437 on my laptop and with Avira Antivir Premium v. 9.0.0.446 on my desktop.

I used to run it with NIS 2009 but Symantec silently updated NIS to a newer build and disabled WD without notifying me [and any other users by the way] and I found that unacceptable so I removed NIS 2009 from my PC.

I don't think many people by themselves disabled or uninstalled WD since it really doesn't interfere with their PC usage. The real problem is certain AV vendors that seem NOT to like MS antispyware application and disable it or invite the user to disable it upon installing their AVs [examples: Symantec, McAfee, Kaspersky].

Regarding MSE, well I see it's still at early beta stages but it looks promising. Once it comes out of beta by the end of this year, I might give it a shot but by no means I would give up my paid AV's solutions [Eset and Avira] to use MSE full time.

Kind regards,

Carlos

[dell boy]

i had my occurances with it a while back, when my brother decided he would go out and get infected and burden me with cleaning it, sigh. norton on the computer wasnt catching anything, so i tried mbam and nothing. kaspersky online scanner told me which folder it was located in, so i thought scanning with WD would do no harm, and to my surprise it got it. however i installed spyware terminator just for a bit or reassurance, and it removed a further so many reg keys, but WD actually caught the threat.
however it didnt stop it in the first place, and because of that i have it turned off on my computer....
i will install mse when it comes out i think, i want to see it perform in tests though.

[Osaban]

As I'm browsing most of he time virtualized, with Avira first and now Anti-Executable, I think WD is unnecessary on my system. I do think however that it is good for MS to provide it for those users who are not interested in the security of their machine, statistically speaking Vista seems to have a better record than XP so far in terms of infections.

[Eagle Creek]

Quote:

[well, there is no way to remove it on Win Vista anyway, right? ].

You can kill it prety much by opening the program, going to the options and disable the scheduled scan, update, en the option "enable Windows Defender". Then you can disable the service also, which pretty much silences the application.

Well, I don't think the majority of people will disable it, but a lot of power users I know do.

Quote:

I know you will answer me that those two files are not really malicious but at least I was able to see WD in action on my PC. That made me change my mind regarding it and now I keep it running at all times.

Well, that's a good thing. However, I think if it wasn't able to catch Eicar we should be really worried . I don't say it's a useless application, but I rarely hear any good from it. Maybe because it does it's job and people don't come aware of it, or maybe because it simply doesn't do anything. I know about several occasions where the AV catched the bad guys, and Defender didn't. But maybe it wasn't simply in Defenders scope.

It's just people use to say you had to download MS AS to keep your pc protected, and nowadays nobody says that about Defender.

It still keeps me wondering though what will happen with MSE: will it automatically upgrade Defender, or will all Vista end up with a program that has been rendered completely useless by Microsoft.

[lodore]

I manually update windows defender every so often.
I dont know if its anygood because I dont encounter malware.

[Mem]

MSE v 1.0.1500.0 will disable Windows Defender on install as MSE incorporates it into its' scanning ability. Those not using MSE still have the option to use Windows Defender but it may not be around later since it duplicates part of MSE.

[Victek123]

Quote:

Originally Posted by Eagle Creek

What about you? Do you still use Windows Defender? And did it actually defend your system? And when Microsoft Security Essentials will be released, will you install it?
[/size]

.
FWIW, I've used Windows Defender on and off since it was released and I've seen it on the computers of friends and customers. It has never once caught anything on any computer using any Windows OS in my experience. I realize that's pretty harsh and also anecdotal, but there it is. Hopefully this isn't true more generally. Regarding MSE, I'll definitely have a look at it when it's released. I tried the beta and had some issues with it, but that's to be expected.

[NormanF]

MSIE uses the set and forget it approach. It updates through Windows Update so for most users its a fool-proof solution to computer security. If its not in Windows 7, it should be.

[Eagle Creek]

Quote:

If its not in Windows 7, it should be.

It won't. The RTM has been built, but MSIE is still in bèta. Besides that, the European Commission doesn't really like MS bundling anything anymore.

[Zyrtec]

Quote:

Originally Posted by Eagle Creek

Well, that's a good thing. However, I think if it wasn't able to catch Eicar we should be really worried . I don't say it's a useless application, but I rarely hear any good from it. Maybe because it does it's job and people don't come aware of it, or maybe because it simply doesn't do anything. I know about several occasions where the AV catched the bad guys, and Defender didn't. But maybe it wasn't simply in Defenders scope.

Hi, Eagle Creek

Thank you for replying.

I just wanted to clarify for you that Windows Defender did CATCH the Eicar.org virus test [at least the last two tests, archived as .zip files].

I was running Kaspersky Internet Security suite 2009 on my PC at that time but just at DEFAULT settings.
It looks that at default settings, KIS 2009 doesn't stop .zip, .rar files from being downloaded from the Internet to your hard drive unless you try to execute their contents.
That explains why KIS allowed both .zip files to be downloaded.

What I found interesting is that MS Windows Defender [running on my Vista PC] CAUGHT both .zip downloads before they finished being downloaded and that's quite remarkable for just an antispyware application.

Had I set KIS to maximum settings it probably would've taken care of both .zip downloads without giving time to WD to wipe them out but KIS was at default settings which means is good to have a second layer of defense when your first one misses something either because a bad configuration or a poor detection rate.

Kind regards,

Carlos

[Eagle Creek]

Quote:

and that's quite remarkable for just an antispyware application.

I'm not sure about that, to be honest.
At this moment I'm still running KAV 7. As soon as I click an infected link (like Eicar), the download will be terminated and I'm notified.
I use ESS 3.0 at a different pc of mine. Same behaviour.

When you say KIS 2009 doesn't scan the downloads on default, I think this is a well considered decision by Kaspersky Labs, and not a "bug" or imperfection.

If you agree with the latter it or not is a different story. I do, however, like the 'block on download'-behaviour. The early you catch it, the better.