What’s new in Windows Defender ATP Fall Creators Update

Discussion in 'other anti-malware software' started by ronjor, Jun 27, 2017.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    162,658
    Location:
    Texas
    msft-mmpcJune 27, 2017
     
  2. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,870
    Too many to list, an anti-exploit module, an anti-execution module, a software policy restriction module and a zero day threat anti-malware module. It transforms Windows Defender into an Internet security suite.

    WD will be more focused on preventing malware attacks than on intercepting them after the fact. We'll see it introduced into Windows 10 this fall in the forthcoming Creators' Update.
     
  3. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    Very interesting read, Windows native security will become very strong after this update; I bet many players will follow Kaspersky and cry unfair practices.
     
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Possibly so.

    I just wonder if systems that employ it (you, me and everyone else, will be able to support all those security modules without burping or throwing unwarranted interruptions or at worse taxing the system resources like in times past.

    You do have to motion a thumbs up on their ambition to reign in more aggressively windows defender components and strengthened the entire complex, and complex it will be under the hood.
     
  5. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    The concern of Kaspersky isn't about new WD features, they just don't like that WD sets itself as the only security solution and disables any other 3rd party AVs.
    I think Microsoft can just make a screen (as it did for the browser selection) where the user can choose to use either WD or a 3rd party AVs (if installed on the PC)
     
  6. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,500
    Location:
    .
  7. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,870
    Biggest drawback of Windows ATP is Microsoft requires you allow them to collect information from you AKA telemetry - as part of running the new service.

    Not for me.
     
  8. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    This is what I was told:

     
  9. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    This isnt true, anyone can verify it. You are an advanced user, you should know whats behind Kaspersky Antitruste claims and what is reality.

    If you install a 3rd party AV, Windows Defender will disable itself, but it will re-enable only if the 3rd party AV reports to be expired, incompatible or to have very old databases (I have seen this many many times with OEM antivirus solutions), so this behavior of WD will save the bacon of many users around the globe.

    Kaspersky Labs are just afraid that Windows native security will become a powerful and true contender, it is just a question of revenue, it isnt about users choice, it is all about to protect their market.
     
  10. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,040
    Location:
    Nebraska, USA
    This is more tinfoil hat stuff! :( All security program makers use telemetry to gather information about malicious activity. This is how they learn about new potential threats.

    Contrary to what some here want everyone to believe, telemetry is NOT a threat to our "security". Microsoft is NOT trying to steal our passwords, contacts, real names, home addresses, bank accounts, social security or insurance numbers.

    The reason Kaspersky is whining is because they fear Windows Defender will cut into their profits; they know their product does not ensure users are better off than with WD.

    Nightwalker is exactly right. WD will automatically disable itself if another solution is installed. And it will re-enable if that product is uninstalled or disabled. And that is how it should be! Since Microsoft will get blamed regardless by the Microsoft bashers, they would much rather be blamed for protecting users than leaving them vulnerable.

    And by the way, it up to that 3rd party solution to register itself with Windows Action Center. If it fails to do that, it is not Windows Defenders fault it stays active. Note this is exactly how users of Malwarebytes, for example, can run Malwarebytes in real time along side Windows Defender. In the Malwarebytes control panel, they configure Malwarebytes to "Never register Malwarebytes in the Windows Action Center". Piece of cake.

    Nightwalker is also exactly right when he says it is just a question of revenue. But remember, Microsoft has absolutely no financial incentive for malware to succeed. But Kaspersky, Norton, McAfee, AVG, AVIRA and ALL the others need malware to succeed or they will all go out of business.
     
  11. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Exactly! When people say "M$ are greedy so I hope Kaspersky wins the lawsuit" they forget exactly what you point out!
     
  12. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Please see clubhouse post in # 53 of this new thread he created on the cyber attack from yesterday. Kaspersky says. Their telemetry saw 2000 infections.
     
  13. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,040
    Location:
    Nebraska, USA
    Most don't forget. They just refuse to admit it due to bias against anything Microsoft. There's no way they will win anyway. Norton, McAfee, CA, TrendMicro tried that before when Microsoft wanted to put AV code in XP. They whined and cried to Congress and the EU that it was their job to rid the world of malware (we see how well that went! :rolleyes:) and that Microsoft was trying to rule the world. They were, but not the point. All Congress and the EU heard was "monopoly" and that was it. They ordered MS to remove the code, and the badguys moved in unabated. But who got blamed? The badguys? Nope. Users who failed to keep XP updated and secured? Nope. Norton, McAfee, AVG, ZoneAlarm, etc.? Nope. Microsoft did - relentlessly for the next 10 plus years!

    But today, Congress and the EU know they were wrong. They should have let Microsoft go ahead with adding AV code in XP. It probably would not have stopped malware completely, but it sure would have slowed down the explosive growth and damage from it.

    Why hasn't Congress and the EU (and all the 3rd party app makers) complained about Windows Defender in W8/W10? Because they all know they blew it before. Plus, Microsoft does allow 3rd apps to take over for WD.

    Do note that Microsoft released a patch to block that cyber attack back in April. So it only affects those users who failed to keep their systems current. But no doubt the biased MS bashers and headline-seeking wannabe journalist and bloggers in the IT press will blame MS again.
     
  14. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    I for one am happy with what MS is doing with WD. Even if people want to use third party software for protection, they can still do manual scans with WD.
    Instead of people trying to find bugs in third party apps they can find them in WD. I know some here make money as beta testing bug finders.
     
  15. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,040
    Location:
    Nebraska, USA
    Me too. I've been happy with since it was MSE and W7 with I migrated all my XP systems over to W7. That was in 2009 and not one of my systems, or the many more I am responsible for, has been compromised. Keeping in mind the user is ALWAYS the weakest link in security, I spend a lot of time preaching to my kids & grandkids, friends, and clients about "good user discipline" and "practicing safe computing" (keep systems updated; don't be "click-happy" on unsolicited links, downloads, attachments and popups), it is still a decent testament to MSE/WD that none of those systems have ever been compromised.
    That's fine. I do a lot of beta testing for different products too. But being a beta tester does not suggest, nor should it imply blind loyalty to that product, or disdain for a competing product just because it has this or that brand name on it.
     
  16. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Looks like they have changed it's name.

    Windows Defender is now Windows Defender Antivirus, featuring built-in virus and threat protection, as well as family options to help keep you safe online. Visit the Windows Defender Security Center to see how Windows is helping protect your PC.
     
  17. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Expect as usual that foulware makers are going to try to pick it apart piece by piece in an effort (just like they try to do against commercial AV's) to disrupt detections etc. but with WDA being built-in to the O/S itself do you believe that makes it more difficult for them? And how well will third party security solutions play into this?
     
  18. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    I am pretty sure the foul ware makers have been picking away at it for some time now. Being integrated into the OS has to give it an advantage. I don't know for sure but think this new technology is only going to be for Win 10 and not 8 or 7. And we know how many users even on this forum who refuse to migrate to 10, mostly because of privacy reasons. This means the majority of users that will be staying on older windows version will still be small and big business and home users.
     
  19. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,040
    Location:
    Nebraska, USA
    They changed the name a couple months ago when Creators Update came out, but if you look here, they still say just Windows Defender too.

    From what I understand, they did this to appease those who refuse to accept that malware includes viruses. If you look on that page, it says WD provides:

    Virus protection and removal
    Malware protection and removal
    Spyware protection and removal​

    Yet the fact is, malware includes viruses, as well as Trojans, worms, rootkits, ransomware, spyware, adware and any malicious software.
    With it built in, it helps in the very early stages of the boot process. And it especially helps during brand new Windows installations because in both of those scenarios, WD is up and running right away. And with new installation, it is the only solution.
    Play into what? If you mean trying to pick apart WD, I am sure they will - if for no other reason than to try to make them look better. Note this plays into how AV/AM solutions score in lab tests. Because Microsoft is not trying to compete for your security solution dollars, they don't code WD to score well in those "synthetic" tests. Instead, they code WD to protect us from the "real-world" scenarios we face each day.

    The 3rd party solution makers, however, need fodder to make them look good. So they code their products to score well on those tests - even though they are not scenarios users will encounter in the real world. In other words, for 3rd party makers, it is all about marketing. :(
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Same over here, but this is a global problem in the AV industry, others are doing it also. So no AV for me at all.
     
  21. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,040
    Location:
    Nebraska, USA
    :( That's just a silly and misguided excuse! These companies are not doing it so they can then target ads at you. The security industry is collecting telemetry so they can proactively detect malicious behavior and develop code to stop it before it becomes a major threat to everyone else.

    It's a good thing, people! Wake up! Allowing this telemetry helps fight the badguys. Believing otherwise just plays into the hands of the bad guys and tinfoil hat wearers. You are helping their cause, not yours.
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    This may be the case, but I really don't think AV's should be collecting so much data, they can protect the system perfectly fine with less data. Why not only connect out when a file needs to be scanned in the cloud? For example Emsisoft always scored good in AV privacy tests.
     
  23. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,040
    Location:
    Nebraska, USA
    Huh? Because the cloud is used mostly for "data" files. Those are not the ones typically infected.
    Yeah, in blocking Google Analytics, AOL, Yahoo, Amazon and others from trying to track your computing habits.

    The telemetry collected by Windows Defender and other "legitimate" security software is totally different. That telemetry data is used to track malicious and suspicious activity on your computer, and the conditions they operate in in order to learn how to detect and stop malicious behavior before it can become real threats.

    Again, they are not trying to collect your passwords, real name, real address, contacts, bank account information, or other "personally identifiable" information to then use against you. In fact, the information collected is anonymous information. Do you sign into to Windows with your real name? Not likely.

    So regardless, not using an AV because you are afraid "anonymous" information about your computer, no about you, but about your computer is being sent out is just being paranoid. The bad guys love you for it.
     
  24. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Who can be certain any such program isn't sifting through other files as they conduct scans :argh:

    With all due respect, that sort of answer will fall flat on it's face the moment it's made. I mean that only constructively!

    A much better argument can be formed then the usual "you are afraid" (of whatever discovery) which rings out loud as a proponent for privacy invasive techniques. But to be fair, many different software applications not even of a security nature can probe inside windows and fish out whatever. It's up to the end user to select and test for this, nothing more, nothing less IMO. Customer's/User's choice as usual.

    I'm neither here nor there on the subject (yet I do too have my own limits) but sometimes the exposure potential (that you also might argue can and does raise certain questions to that end) in these type programs have a very clear privacy concern for some which is a really important matter to them, and especially plenty of members that choose to take it to that extreme.

    With that in mind there will always be alternatives. Those choices ARE available.

    Now to more on topic, Windows Defender should finally prove stronger and better suited to handle from common threats all the way to what we see developing in today's world and you have to give WDA team an A+ for effort anyway.

    My concern isn't any different then with the previous versions of Windows. Performance and error-free operation without too much activity taxing my HDD or Memory Modules :)
     
  25. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,040
    Location:
    Nebraska, USA
    With all due respect, it is my message that matters, not the manner in which it was given. Whether you are afraid of Microsoft, or just don't like them, that is no reason not to use a good security program - or to bash them based on rumors and downright falsehoods.

    But more importantly, it is simply irrational to avoid Windows Defender simply because of its telemetry. It is not used to spy on us or to collect personal information on us, but to improve Windows Defender to make us safer.
    Taking things to extremes is rarely ever a good thing - except maybe in sports. But its fine to be concerned IF the concerns are based on fact and not rumors or falsehoods. Again, privacy and security are two different things. And collection of telemetry does not imply an invasion of "personal" privacy.

    Yes, to include using Linux and avoiding MS altogether. But it must be noted that not even Linux is immune to malware - regardless how careful one is, or how much common sense they have.

    The fact is, we should be concerned or even afraid of the bad guys. There is nothing wrong being afraid of evil. Paranoid and misinformed is another matter.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.