What’s new in Windows Defender ATP Fall Creators Update

Discussion in 'other anti-malware software' started by ronjor, Jun 27, 2017.

  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,528
    Location:
    U.S.A. (South)
    That is totally OT remark and I have no idea what you are trying to imply by it, and with just a brief short line (and quoted post) without nothing more than pointing what could be considered a simple one letter typo obviously shows how non-serious you are in offering or adding anything pertinent to this discussion.
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,476
    Location:
    U.S.A.
    First, the cloud scanning feature by WD is definitely a "step in the right direction;" especially in that it is employing the new AI/Next Gen algorithms. The problem is:
    Malware is increasing employing sandboxing detection and evasion techniques. As such, unknown processes need to be continuously monitored locally for suspect behavior until sufficient reputational data can be had to determine that they are safe.
     
  3. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,823
    Location:
    Nebraska, USA
    :thumb:

    :argh: Oh come on! You rant in a totally OT tirade about Microsoft advertising how good Windows is and then complain shadek is being OT? :rolleyes:

    You clearly have not been following this thread, or just have your head stuck in the sand and not paying attention to reality.

    Yes it is true that Microsoft is an OS maker. But you are totally wrong about them never being concerned over security. Once again, they tried to put AV code in XP but that was shot down by Congress and EU after McAfee, Norton, CA, TrendMicro and others whined and cried "monopoly". Congress threatened to break up MS (like they did Ma Bell) if MS did not remove the AV code. So MS was forced to capitulate and then got blamed relentlessly by biased folks like you.

    So MS has indeed taken security very seriously because folks like you will blame them anyway.

    @itman - you are correct. The bad guys are very clever and always looking for ways to go undetected. It is like NYPD trying to protect NYC from terrorists. They have to be right 100% of the time. The badguys only have to be right once to wreck havoc. No security system will ever be perfect, but like the NYPD, WD and others are damn good, and getting smarter all the time - in spite of the bad reporting and biased misrepresentations presented by Easter and others.
     
  4. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,487
    Location:
    Sweden
    Fine by me, but if you want to have a serious discussion you have to be respectful of the companies involved. It's harder to take your points seriously if you aren't arguing objectively.

    I think Microsoft is going in the right direction with each new Windows 10 version. This is confirmed on the enterprise market and also in all synthetic tests. Like @Bill_Bright I think Microsoft is mainly doing the hard work with their anti malware because they know they will get blamed for security breaches. MS certainly doesn't want more companies/consumers leaving their products because their OS is not safe. So in a way MS are developing WD because they don't want to lose money from lost customers. The competing vendors on the other hand are trying to earn money by beating each other with superior protection. All in all, all vendors do this because of the money, but MS have slightly different motives which are more trustworthy to me.
     
    Last edited: Jul 22, 2017
  5. plat1098

    plat1098 Registered Member

    Joined:
    Jan 18, 2016
    Posts:
    1,097
    Location:
    Da mean streets of Brooklyn
    Microsoft is like Atlas, carrying over 90% of the global marketplace in operating system installations. I don't think there's a noble, heroic bone in its body but that reality is enough to make a mountain start crumbling. Its situation is dire; it HAS to step up, sometimes with too-obvious sneakiness and aggression to get users to safer ground. If you don't think Microsoft has a deep, abiding relationship with government agencies, including NSA, you be illin'. It has to.

    Good for the more powerful Defender coming up. Bring it on. Good for the third party security with cleaner hands and a more proactive approach. Bring it on. We need them.
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,528
    Location:
    U.S.A. (South)
    I'm not the only one with their head in the sand so allow a repeat if you will. In addition to better accommodate potential alphabet issues will spell out the word Microsoft to better meet that expectation too.

    @Bill_Bright -I was actually expecting that you may call out some of what was expressed as a check to or suggest exaggeration but you done far better than that.

    It was never the intent of any replies to suggest Microsoft is never been concerned over security as though they enjoy being a patsy to malware. By contrast, it was the exact opposite but not so much as they themselves addressing it, since they initially fashioned and designed windows (once again), as a framework, not with any solid security/privacy, and where that was left up to the security software industry to take up the mantle against and integrate their various own protection solutions into the O/S . And they have done that very well to date if I might say so.

    So that was then, right?

    Now, more ON TOPIC, Windows Defender APT for fall Creator's Update is evidence of a bolder initiative from Microsoft to finally begin to also integrate a more determined project "themselves" (instead of the opposite) to help identify and stop/eliminate (as much as it can) intrusion techniques/malwares targeted at the current code structure that makes up a Windows 10 O/S.

    Are they to be congratulated on that? Of course. A long time Windows user would welcome new security innovation Built-In one would think.

    From that perspective there should be ample room to expect a safer O/S and less dependency on cramming dozens of additional alternatives to do that same job for you right?. But then to spill milk on an otherwise clean table Microsoft has to introduce telemetry and now all of the sudden we have users with new privacy concerns right out of the box. I don't know where you draw the line on that but plenty of others already have and will continue to. So where is the balance? And why should you care?

    I am perhaps one of the strongest critics of the Windows Operating System where Microsoft often appeared incapable either directly or indirectly of doing much more than the routine patch jobs (that endlessly still continue) whenever a new series of potential security risks surfaced, but not for the reasons that you think.

    Constructive criticism if taken seriously enough and then acted on with decisive action to improve matters is productive and just plain makes sense don't you think? This is been sorely lacking from Microsoft up until only recently after all the dumps and exposure of exploits, leaks etc.

    Take it for what it is, but if Windows Defender APT is to live up expectations and even become something of a staple in security protection for Microsoft in this current series of Windows 10, why create even the appearance of privacy concerns to dampen what might could be a new turnaround for that company?

    Devoted Windows user's will exercise their choice one way or another. If telemetry becomes too burdensome of a trust issue for those then that wave can spread like wildfire as much as ransomware but not as easily contained or stopped. Does Microsoft really want that when they are so close to finally hitting paydirt with Windows 10? You tell me.
     
    Last edited: Jul 22, 2017
  7. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,823
    Location:
    Nebraska, USA
    Once again, it was not Microsoft's choice to leave it up to the security software industry. Once again they tried to put AV in XP and was forced to remove it in the exact same way they were forced to provide an IE-less version of Windows in Europe and allow alternative browsers in versions sold in the US and elsewhere.

    All Congress and the EU heard was "monopoly" and they turned blind to everything else. Microsoft was trying to rule the world, but not the point! NOBODY predicted the explosive growth of broadband to the home or the explosive manner in which bad guys would capitalize on it. Not MS, not Law Enforcement, not Norton/McAfee, not the IT press - NOBODY. But Microsoft did foresee the need for anti-malware code in the OS, but was forced to leave it out. And what happened? The bad guys moved in, unhindered by Norton and McAfee but did they get blamed for failing to stop the badguys? No! MS got the blame!

    Fast forward 11 years and Windows 8 comes out with Windows Defender integrated into Windows. Why didn't Congress, the EU, Norton, McAfee and the others go back and whine and cry monopoly again? Because they all knew they blew it last time and had they allowed MS to include AV code in XP, there's a really good chance malware would not have near the hold on us as it does today.

    For the record, I don't care which anti-malware solution anybody uses. Just use a decent one and keep it current. But don't discount WD because of your demonstrated biases against Microsoft. And you have clearly demonstrated them. If WD didn't have the Microsoft brand on it, most of the arguments you made above would be missing from this thread. :gack:
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,476
    Location:
    U.S.A.
    I will make this comment about WD ATP new protections against atom bombing and process hollowing. Is this something that should be provided by the OS by default; at least as far as Win 10 goes?

    Such tactics "speak volumes" about Microsoft's new attitude to security enhancements. That is, we now very much care about security but only if you are willing to pay extra for something that should have been built into the OS in the first place.:mad:

    -EDIT- Also attorneys take note. I see basis for legal action here. Microsoft has publically admitted to OS security issues but will only fix the issue by charging you extra to so.
     
    Last edited: Jul 23, 2017
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,528
    Location:
    U.S.A. (South)
    Points taken FWIW, but must beg to differ on the demonstrated biases against Microsoft if that was directed this way.

    I surely by now would have long been a happy go lucky Linux User with far more skills in their unique blend of shell commands etc. if I had harbored that much demonstrated biased against Microsoft or more specifically, Windows.

    Didn't really have to rely on it after Win XP but made a conscious decision to continue with some expectations that Bill Gate's brainchild could only become more useful and productive and to tell you the truth, I felt let down when he left the helm of control, and perhaps that is more of what you're reading into then what it actually is on that.

    Be that as it may @Bill_Bright, your intense defense and confidence in the current trend and direction that Microsoft is taken regarding privacy concerns is very noteworthy :)

    You can issue the usual criticisms and on this end we'll continue to call things as they really are.
     
  10. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    500
    It doesn't seem like that is always the case
    http://news.softpedia.com/news/supe...s-zero-days-even-without-patches-511901.shtml

    I would like to read more news like this of Microsoft being very proactive in terms of protecting its users.
     
  11. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,823
    Location:
    Nebraska, USA
    Should have been? Nah. The purpose of an operating system is to facilitate communications between all the hardware components, and to run compatible software. All this security stuff was thrust upon the OS makers because nobody wanted to stop the uploading of malware at the source.

    Nobody wanted to stop malware carrying spam at the source either - instead the big carriers wanted to sell you (with greater profits for them) bigger pipes to support your data along with the spam. ISPs didn't care about stopping malware at the source. Why not?
    You can deny it all you want but your posts clearly say otherwise as I and others have pointed out.
    Well, thanks but once again you miss the point. I will defend anybody falsely accused. That means I spend a lot of time defending Microsoft. I say bash where due and I will defend your right to do that. And Microsoft sure has done plenty worth bashing and I have done my fair share of it with vigor. But I will defend them with the same vigor when falsely accused or bashed.

    And it seems clear you still don't understand, or chose to ignore the difference between privacy and security. This thread is about security.

    Frankly, I'm worn out and so is this thread.
     
  12. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,528
    Location:
    U.S.A. (South)
    You're not the only one.

    There's nothing worse than having work, education or business efforts forcefully interrupted and then to burn hours, a whole day, or in some cases weeks for network tied systems, tracking and clearing things up or even if handy dandy for you, run an image restore to get back up and on track where you left off.

    If Microsoft finally manages to refine WD to a point where it becomes more proactive and can shut off outside interference more aggressively then it's good news.
     
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,516
    Location:
    Slovenia
    Well MS is a company and companies try to make profit. They try to get a piece of big AV market, which is flourishing mainly because of their (insecure) OS.
    Security and privacy have become commodity and don't expect to get them for free.
     
  14. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,528
    Location:
    U.S.A. (South)
    :argh:

    That's the whole ideal with them right?

    Now that they have us all swimming in this thing deep over our heads while scrambling to find a way back to calmer waters, wherever that may be, they continue to do their part to make sure we never reach there again.


    Well don't tire out on that account. Let's keep it about security as intended. It was only made mention of (privacy concerns) for a good reason @Bill_Bright.

    How many posts have you read lately where another new tool is been developed and released to disable Windows Defender? You already know the answer to that and the why so we'll leave that one alone, or at least I will.

    I think you might agree that whatever the security solution an end user's chooses, they may be in for a surprise just how far along Microsoft is making strides with the New Windows Defender and that there are some useful expectations to be realized when they finish sewing up the loose ends before long.

    Long overdue I would think.
     
    Last edited: Jul 22, 2017
  15. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Wow EASTER I haven't seen you this verbal in the past. At least not these long posts. I knew Bill posted long posts. I use both Linux and Windows.
    I know that Linux Mint is super fast. Other then that I do not know much about there gathering of customers data. You are on a mission my old friend.
    Cheers.
    controler
     
  16. plat1098

    plat1098 Registered Member

    Joined:
    Jan 18, 2016
    Posts:
    1,097
    Location:
    Da mean streets of Brooklyn
    If you suddenly go out to someplace like the supermarket in the midst of one of these intensely cerebral discussions, you get a brain-reset. "Hey, how ya doin', God it's hot, right? Oh ****, I forgot the eggs." Refreshing. :cool:
     
  17. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,528
    Location:
    U.S.A. (South)
    It can be a fine line to walk sometimes trying to express your own point of view of real world experience without crossing a different user's experience or minimizing it's importance to them.

    So, it's well worth engaging to see what shakes out and why right? :)
     
  18. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    306
    Location:
    USA
    +1 :thumb: ditto & ditto
     
  19. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,476
    Location:
    U.S.A.
    Amen, bro.:thumb:
     
  20. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,528
    Location:
    U.S.A. (South)
    Add to that to the Enterprise Only protections of AppLocker unless it's also included what that refers to.

    It is quite an attractive proposition IF IT WORKS AS SUGGESTED.

    https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp
     
  21. Turing Doenitz

    Turing Doenitz Registered Member

    Joined:
    Oct 23, 2013
    Posts:
    27
    Location:
    Australia
    I like this thread but have noticed a few respected participants having a whingefest amongst each other, so time to settle down kids and get back on point please.
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,869
    Location:
    The Netherlands
    What I'm basically saying is that, instead of alerting about this behavior, why not block it. Now it looks like Win Def ATP is actually letting the malicious behavior occur, and then alerts about it, while the goal should be to block it. The thing is, methods like process hollowing and atom bombing are never being used by legitimate apps, so when some process triggers this, you already know it's malicious.
     
  23. JohnBurns

    JohnBurns Registered Member

    Joined:
    Jul 4, 2004
    Posts:
    628
    Location:
    Oklahoma City
    I wish this and all threads would refrain from political or partisan comments and stick with the pros and cons of the thread item being discussed. I don't enjoy the back and forth banter - that's not why I use this forum.
     
  24. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,476
    Location:
    U.S.A.
    Actually, both are used legitimately.

    Atom bombing memory injection is a mainstay of many OS system processes. As such, Microsoft won't touch its functionality at that level. Hence the WD ATP API monitoring modification which many third party security solutions have already made the necessary modifications to do so.

    Process hollowing in the form of spawning a child process and injecting code into it is done by many apps such as Internet Explorer and the like. The key to detecting malicious process hollowing activities is when an unknown process is doing like above activities against another legit existing process. As simple as this sounds, it is extremely difficult for security software to do so. First, most do not monitor suspended processes which is how process hollowing would start the child process for memory injection activities . Next comes the difficulty of determining if the startup of the child process itself is malicious activity. The final determination of malicious intent is a combination of the two aforementioned factors which BTW is a best guess approximation. Case in point would be the development of a new low level monitoring utility app to check device parameters that might use an existing system provided monitoring process, etc..

    -EDIT- Additionally, the way correct way to monitor process hollowing memory injection is actually not to trigger an alert at that point but to capture the code being injected and to examine it via heuristic pattern recognition and the like, and only trigger an alert if malicious content is discovered. This capability is beyond most AV advanced memory scanners that I am aware of. The problem being AMS scanners work against active processes and in the case of process hollowing, the process being injected is suspended.
     
    Last edited: Jul 23, 2017
  25. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,823
    Location:
    Nebraska, USA
    It will.
     
Loading...