Windows Defender - reluctant?

Discussion in 'other anti-malware software' started by Dermot7, Feb 1, 2010.

Thread Status:
Not open for further replies.
  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    I know Windows Defender is not intended to be a primary form of defence, and, most of us probably have it disabled and are using stronger protection, but I've noticed that if you choose to rely on auto-updating, it usually waits 3 or 4 days before updating definitions.
    Of course, if you visit the homepage you can download and manually install an update, but this shouldn't be necessary. This is the same on all my computers, and I wonder why Defender is always behind the times? Is there anything I can do to improve its performance?
    Thanks.
     
  2. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    .
    I've noticed the slow updating as well. I don't know of a way to make WD update more frequently and reliably. Virtually all Antivirus programs now include antispyware modules though, so it doesn't really matter.
     
  3. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    Thanks Victek123,
    Yes, I suppose the point is that it's virtually useless, and I don't know why Microsoft still bother to offer it, and anyway, in recent times they've introduced
    MSE, which has been received and reviewed fairly favourably.
    Cheers.
     
  4. captainron

    captainron Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    77
    I've read that defender is designed to focus on the major malware doing the rounds at any given time. I'm trying to find the link that shows the most popular malware this week for example, the #1 on the list has about 700,000 infections, #2 has like 250,000, etc.

    By focusing on the most common malware, Defender actually has high statistics regarding the # of infections it has removed. It's important on machines for those who don't maintain security software/update it, scan with it. Its pretty automated and hits major malware, good thing for the average pc user. For most on this forum its probably worthless.
     
  5. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    Thanks for this info, captainron, I believe your assessment is correct.
     
  6. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Maybe the real question would be is Windows Defender's HIPS capabilities reluctant. :thumb: :)

    I dunno this myself, but I'd gladly like to hear some up-to-date answers since it's been a while since I asked this. :)
     
  7. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    I don't know how it is on Win 7 because I only had it enabled briefly. It for me is the same as MSE. Constant high CPU at boot, updating and various other in between times. I disabled it for good. On XP it's not that way. When selecting the advanced membership in XP, it alerted quite frequently.
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    For people having installed some additional protection for anything simular or stronger than a ' light' HIPS (could also be part of their FW), I think WindowsDefender (edit) is pretty redundant.

    For real noobs, I allways install a free AntiVirus. On top of that I install Windows Defender and deselect the on execution protection (greatly reduces I/O and CPU usage) and services/driver protection agent (most malware directed at creating services/installing drivers cuts right through this agent anyway, so it is pretty useless in practise). I also choose to be a basic member of the Ms spynet community (or how its called).

    So in this config Windows Defender focusses on registry changes performed by spy- and adware type of malware. Despite its faultu update and lacking intrusion protection abilities, it has been reported succesfull by a few of my friends. I reckon the explanaton of CaptainRon applies to this.
     
    Last edited: Feb 3, 2010
  9. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Say, Kees, if execution protection is disabled, and I run WD with advanced membership, is WD still able to protect me fully "HIPS"-wise while keeping a low footprint?
     
  10. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    I believe WD also scans anything downloaded as well. It has some interesting tools with it & I like it as an extra layer of security. It was originally Giant AntiSpyware before being acquired by Microsoft. I don't know exactly what its efficacy is compared to SUPERAntiSpyware or MBAM though, I shouldn't imagine it was as good. I reckon in many ways it is every bit as good as Spybot S&D though.
     
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yes only reduce that HIPS to Intrusion Detction. When a really bad malware changes your services/driver configuration, WD will show a question mark and die soon afterwards. After reboot in 95% of the cases the warning will be skipped (so no second chance) with no traces in allowed/denied list.

    Also Windows Defender seems to start another process for monitoring services and drivers, diaabling this makes it a little more efficient also. Since 9 out of 10 AV's allready scan downloaded files and most AV's have Anti Spyware included I deselect this option also.

    Stopping programs to change registry settings (e.g. system settings) seems to have a higher success ration of WD.

    Regards Kees
     
  12. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Exactly, and I believe that if I use WD, it's not when I execute a file that HIPS jumps in, but the changes that occur afterwards more likely. Seems very logical to me at least. :)

    Just a little help here... which checks in the configuration am I supposed to uncheck exactly? Are you able to provide a screenshot? Thanks ;)


    EDIT: Just one more quick question... if I'm already running ThreatFire, how much is WD actually gonna do, except taking cycles? For example, now when I tested a fake av/rogue, TF comes up first and the files connected all get quarantined. I think I recall TF always being there first in all the setups I've used - it's fast at detection. :D
     
    Last edited: Feb 3, 2010
  13. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    See Pic

    Well, when Windows Defender does not pop-up it is no known ad and spyware. My guess is that TF is more gearded towards rootkits, trojans, worms than adware and spyware, although it does has a PUP blacklist

    NB: Most Possibly Unwanted Programs ask for elevation and show behaviour of regular installation programs (like creating an own Programs Directory, Creating an own Registry hive). ThreatFire due to its behavioral blocking won't protect you for 'shoot in the foot' mistakes (installing a new AV, which turns out to be a malware).

    Regards Kees
     

    Attached Files:

  14. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Thanks Kees. I guess IE downloads protection is not needed thanks to IE8's excellent protection on its own, right?
     
Loading...
Thread Status:
Not open for further replies.