The vast, barren wasteland of desktop security

I totally agree, PUA detection should be on be default. PUA's / greyware is more difficult to classify correctly than super bad malware (where do you draw the line), and everyone is worried about false positives in AV tests... so they simply disable this feature by default. The end result is that security products have less of the dreaded false positives in performance tests, and the end user is infected.

 

1 : You tried to pass a lie and then tried to prove it by linking to two false articles.

It didn't work for you. End of story. Okay. Enough of that.

This is exactly why it's so important that Windows 10 has been made so secure.
Because there's not many business' as rotten as the IT security industry has proven itself to be over the years.
The number of fake claims and articles paid by third-party security vendors in their war against each other over the years are massive.
And there's only one loser - end user, both enterprise and home users who end up paying tons of money for third-party IT security solutions that breaks more in the OS than the malware they claim to protect against would ever do.

Look around you everywhere in the industry and at every helpdesk, and you know it's true.

In your defense I will say that usually you are not a person or vendor that uses these dirty tactics much. But in this thread you did.
Please stop. Because this ongoing war between IT security vendors are nothing but a waste of money, time and testosterone.

This is why Windows 10 is such a game changer.
It's about getting away from that nonsense.
With Windows 10 a home user can install OS, be protected from the moment it's fresh out of the box and get on with enjoying their lives.
And with Windows 10 every enterprise can roll out with every enterprise security feature already activated in core of OS and be protected so they can concentrate on their core business - being productive.

You may not like this change. But I can guarantee you that every home user and every sys.admin will love this direction.

None of them enjoy scare tactics or bolt-on "solutions".
But both home and enterprise love and benefit from security by design implemented in core.

2 : As for the opening post.
I and others already gave our view on what was plausible and what was definitely not plausible in opening post.

The two of us just have different views on how to solve it, as I mentioned a little further up.

You would like the user to install your application.

I suggested that the user simply activated a feature already present in Windows 10, that are made exactly for situations like the one in opening post - to detect and block PUA/PUP and save the user from such troubles.

If user chooses one or the other suggestion must be up to the user, instead of the two of us continuing our little war on words.

 

@TonyW :

Windows 10 ships with a default set of settings activated that protects everybody without risks of conflicts with anything else on system.

And then there's a huge number of features that can be activated, but require an understanding of the impact they might have across system.

Windows has always been like that. It's a tremendous powertool and when you know your way around GPOs, registry, ACLs and settings in general, then you can lock it down so tight that even a mouse can't pass a wind through system.

I fully agrees with you that PUAs/PUPs are a pain in the rear and a very big problem in both home and enterprise.

But PUA/PUP detection will always require an active consent before activated, and therefore it's currently a setting in registry.

We can hope that one day it will be easier to give consent and activate it.

But in general I'm just glad that Windows Defender can also be made to cover this huge area of the threat landscape.

 

And i wonder why the OP knowing that "Edna" is a computer risky-user let her using an Admin account !!!! ah yes SUA was made for the dogs to play with Windows....

an IT guy not forcing someone to use an SUA is an incompetent that should be burned on a pillar !

So basically :

SUA + UAC Max + Smartscreen enabled + PUP enabled in WD + blocking execution of unsigned process registry tweak, would have made her safe at 90%, all the infections described would have been blocked.

Those tweaks are the first things i do after a clean install of Win10, then i fill the 9.99% left with all my security tools.

 

... And I'm surprised no-one has mentioned educating "Edna" about cyber-security and reading EULAs , not just clicking OK to every prompt.

 

@guest :

I agree with you on the setup.

The security setup you mention combined with Windows Firewall on Public setting when not on locked down LANs, are also the foundation of every setup I do.

The protection percentage with that setup on Windows 10 are in my view much closer to a perfect score.

But of course - a true 100% will never exist. That's only possible if system are shut down 24/7, which kind of defeats why we use computers

Enterprise adds Device Guard to compensate for added exposure.

It's all good

 

"Forcing"? It's not the responsibility of IT to force anyone to do anything. In my business I recommend what I believe to be good security solutions and try to educate people about best practices; the rest is up to them. Good luck trying to force people to do things...

 

You are the IT manager of your company = you "force" people to follow your policy.
You are the repair guy of your area = you explain then tell them that not letting you create an SUA will surely cost them more money than this time.

In both case you "force" the user; one is direct, the other is indirect. i don't know for you, but personally i always managed to make them use an SUA.

 

At the enterprise level it's a different story. Employees have to follow company policy and the network can be locked down. The inconvenience of limited user accounts (and other restrictions) is compensated for by having a "help desk" that employees can call, etc. None of that infrastructure exists for home users.

 

If the IT repair guy has a bit of professionalism, he (at worst) will do the support by phone or (at best) he would install Teamviewer or other remote desktop so he can intervene rapidly.

 

Gullible Jones, I'm not sure if it's possible to assume the mechanism of infection here. It's not necessarily an exploit, and when the user isn't tech savvy then they won't be able to match their behaviour to the source of an infection.

For example, it could have been a double extension trojan. If she thought she was downloading an mp3 (instead of a .mp3.exe file), then she wouldn't have connected the infection to that action. Then again, you would have been able to find that file unless the trojan was designed to delete itself.

 

You do know I was being sarcastic, when I suggested that Windows Defender was adequate protection, right?

I certainly did not lie about anything or use dirty tactics of any kind... if you feel that I did, please feel free to clearly point them out.

It is all there in black and white... ""In an interview with Dennis Protection Labs, Holly Stewart, the senior program manager of the Microsoft Malware Protection Center, said that Microsoft Security Essentials was just a “baseline” that’s designed to “always be on the bottom” of antivirus tests. She said Microsoft sees MSE as a first layer of protection and advises Windows users to use a third-party antivirus instead."

What do you suppose Holly meant in that quote? If I misunderstood the quote, please help me understand it.

The problem is that you do not see this stuff first hand like I do... if you did, you would understand.

In an ironic twist of events (this just happened yesterday), a client of mine used to run VS on their home computer, then they bought a Mac a couple of years ago. His wife would call me ever 6 months or so to see if the OSX version of VS is ready. I went to their place about 10 days ago to help them with their Mac, and she asked about VS, and how the company was doing. I explained to her, that the patent was issued and the software was almost ready, so we are going to raise some money and start on the marketing and build the company. She immediately said "are you looking for investors, because we would be interested in investing." I told her that was a possibility, so all three of us talked about it for a little while, and they decided to present the idea of investing in VS to their financial advisor. Their financial advisor was not a tech person, but he supposedly asked his tech people to look in to VS, to see if it was a promising new technology. They simply looked at our website and did not even install VS... so they reported back to the financial advisor that they did not find anything interesting about VS, and so they let me know that they were not interested in investing in VS. The day after the financial advisor recommended that they not invest in VS, the husband's brand new office computer, which was protected by Windows Defender along with one of the top security products (that often times scores 100% in efficacy tests), was badly infected. The husband called me yesterday and asked how much it would cost to install VS on the office computer and how to download and install it. I thought he was simply trying to figure out how he was ever going to make money as an investor, being that we offer VS for free. But no, it turned out that his brand new office computer, running Windows 10, defender, and another top security software was infected.

Also, I used to date a girl who worked at the local 911 emergency call center. I live in an area that has a seemingly very low crime rate... we hear various statistics about how there are only 2 murders a year, stuff like that. Anyway, she would always tell me how there was massive crime all over, and that no one ever knows about it... I was extremely shocked.

My point is... just because you do not witness these infections first hand, does not mean that they do not happen. I see it for myself, so I know the truth. Windows 10 Defender is pretty good, and it will be pretty good for another 6-12 months, but after malware authors have their way with it, it will go back to its usual somewhat useless state. It happens every single time.

If you want to ignore the data the various AV test labs, and keep your head buried in the sand, that is your choice.

Besides, you will never convince the vast majority of security enthusiasts or pros that additional protection is not necessary. Never.

 

Good point... But in all fairness, I did propose the following question: "I know there is a lot of great security software on the market. If Edna wanted to play it safe and add 1-2 more layers of protection, what would you recommend in addition to what you have already recommended?" in post #9. Either way, Edna obviously needs better protection, otherwise she would have never been infected in the first place. If she wants to run VS, that is totally cool, but if there is another software that would work better for Edna, that is totally cool too. I merely suggested that since she is a novice, she try VS, so that Gullible Jones (who I have not had any contact with), can install it on her machine and spend 2 minutes explaining how it works. Then ask her 2-3 weeks later what she thought of VS. I would say that the probability of her using the word "love" when describing VS after 2-3 weeks of using it, is extremely high. Who knows, she might be one of the small percentage of people who simply do not like it. I thought it would be a great test... and it would at least keep her protected until we figured out which security software works best for Edna.

 

You do realize that the end result was that Edna was infected?

 

I have probably worked on 10,000+ computers, and not one was running as SUA, simply because it is not usable.

If Microsoft made SUA usable, we would be much better off.

 

One last thing Martin... calling someone a liar, to me, is a dirty tactic. I do not think either one of us is lying... I just think that since you have not seen these infections first hand, you simply do not know better.

So I am going to hold you to this... please point out clearly where I lied.

 

Apparently it went completely over your head that the two articles you continue to post links to are frauds.

I posted links for you twice with the correct story.

All of this has been discussed to death here at Wilders and every other major forum, back in 2013 and thousands of times since then.

Holly Stewart never said what you claim.

For the last time - that article you love so much twisted her words into the opposite of what was actually said.

You must have been living in a bubble at the time if it went over your head.

Maybe you still live in that bubble, because IT security has moved on.

 

Agreed; what is needed is for home users to contract with legitimate remote support IT companies. That's a model that needs to be promoted IMHO.

 

https://askleo.com/do-i-need-to-stop-using-microsoft-security-essentials/

Something that Leo talks about in the above post is the conflict between Microsoft making the best possible security product and the need to not undercut third party security companies. That seems true to me, but what do you think? I don't believe that Microsoft intentionally makes Windows Defender (in Windows 10) less capable, but it is certainly a lot less feature rich than many third party solutions. There is also the matter of PUP detection. Microsoft intentionally did not unmask that feature in the Windows Defender UI in non-enterprise versions of Windows 10 (yes, it can be enabled through the registry, but that essentially makes it unavailable to the majority of home users). Users need to understand these issues and choose accordingly. As noted in my sig I use Windows Defender, but not alone.

 

No, you posted a brief description of Microsoft's Anti-Malware solution, entitled "Our commitment to Microsoft antimalware", that does not suggest either way whether the end user should use additional protection or not (I could not find it anyway, if it is there, please let me know). You also posted one guys OPINION on the subject, that has absolutely no data to back up his findings, and is ironically linked to the Microsoft link that you supplied.

We need to find the original quote. If we can find the original quote, and it is accurate and it is indeed something that Holly said, would you agree with her / me / the vast majority of security pros?

As I said, you will never convince people who actually work in the field that additional protection is not required.

BTW, you told Gullible Jones "I highly doubt this story."... does this mean that he is lying as well? Are you the only person telling the truth on this thread?

 

I will be back later... I have to go check a server real quick and remove some malware for a new client named Roger, who was a referral from another client. And I am not kidding.

 

Therein lies the problem. Many home users are not even aware of the issues. If they're only using Windows Defender and they're the sort of person who is click-happy, it is hardly surprising there are stories about infections relating to PUA.

In the article quoted even Leo says MalwareBytes is worth adding as an extra layer of security even though he infrequently uses it. Note though that was in 2013 so I don't know if his views have changed. We at Wilders know about layers of security but not the average home user who probably doesn't read forums like this.

I think we can all agree Microsoft has made improvements to security and Windows Defender in particular and will continue to do so. The problem is how best to educate users on keeping themselves safe from the perils of the 'net.

 

@Victek :

I will say detection/protection wise Windows 10 are on par with everything it's typically tested up against, if considered as a whole.
Testing organizations will disable SmartScreen and use non-UWP internet facing applications, and then they find Windows Defender blocking 99.8% of prevalent malware and between 90-98% on zero-days (the latest test said 97.7% on zero-days)

Now add SmartScreen and the benefits of the locked down UWP applications.

You are then without a doubt on par with everything else out there detection/blocking wise.

Usability wise the native security in Windows 10 are far ahead of the competition, because with the native security the entire OS actually works as intended.

Feature wise I will say that with the Anniversary update for Windows 10 on the horizon, end users will have all they need during daily interaction with their security.

In my opinion this is the best outcome possible.
I have never heard of a end user, home or enterprise, who enjoyed being tossed around in the security circus we have witnessed for the last 20-25 years.

 

As mentioned before and considering that the only places those false articles that you love was used and linked repeatedly, was when vendors tried to make the native security look bad in an attempt to make themselves look better.

Seeing you repeat it now, feels like living 2013 again.

You have fun back there.