Windows Defender - reluctant?

I know Windows Defender is not intended to be a primary form of defence, and, most of us probably have it disabled and are using stronger protection, but I've noticed that if you choose to rely on auto-updating, it usually waits 3 or 4 days before updating definitions.
Of course, if you visit the homepage you can download and manually install an update, but this shouldn't be necessary. This is the same on all my computers, and I wonder why Defender is always behind the times? Is there anything I can do to improve its performance?
Thanks.

 

.
I've noticed the slow updating as well. I don't know of a way to make WD update more frequently and reliably. Virtually all Antivirus programs now include antispyware modules though, so it doesn't really matter.

 

Thanks Victek123,
Yes, I suppose the point is that it's virtually useless, and I don't know why Microsoft still bother to offer it, and anyway, in recent times they've introduced
MSE, which has been received and reviewed fairly favourably.
Cheers.

 

I've read that defender is designed to focus on the major malware doing the rounds at any given time. I'm trying to find the link that shows the most popular malware this week for example, the #1 on the list has about 700,000 infections, #2 has like 250,000, etc.

By focusing on the most common malware, Defender actually has high statistics regarding the # of infections it has removed. It's important on machines for those who don't maintain security software/update it, scan with it. Its pretty automated and hits major malware, good thing for the average pc user. For most on this forum its probably worthless.

 

Thanks for this info, captainron, I believe your assessment is correct.

 

Maybe the real question would be is Windows Defender's HIPS capabilities reluctant.

I dunno this myself, but I'd gladly like to hear some up-to-date answers since it's been a while since I asked this.

 

I don't know how it is on Win 7 because I only had it enabled briefly. It for me is the same as MSE. Constant high CPU at boot, updating and various other in between times. I disabled it for good. On XP it's not that way. When selecting the advanced membership in XP, it alerted quite frequently.

 

For people having installed some additional protection for anything simular or stronger than a ' light' HIPS (could also be part of their FW), I think WindowsDefender (edit) is pretty redundant.

For real noobs, I allways install a free AntiVirus. On top of that I install Windows Defender and deselect the on execution protection (greatly reduces I/O and CPU usage) and services/driver protection agent (most malware directed at creating services/installing drivers cuts right through this agent anyway, so it is pretty useless in practise). I also choose to be a basic member of the Ms spynet community (or how its called).

So in this config Windows Defender focusses on registry changes performed by spy- and adware type of malware. Despite its faultu update and lacking intrusion protection abilities, it has been reported succesfull by a few of my friends. I reckon the explanaton of CaptainRon applies to this.

 

Say, Kees, if execution protection is disabled, and I run WD with advanced membership, is WD still able to protect me fully "HIPS"-wise while keeping a low footprint?

 

I believe WD also scans anything downloaded as well. It has some interesting tools with it & I like it as an extra layer of security. It was originally Giant AntiSpyware before being acquired by Microsoft. I don't know exactly what its efficacy is compared to SUPERAntiSpyware or MBAM though, I shouldn't imagine it was as good. I reckon in many ways it is every bit as good as Spybot S&D though.

 

Yes only reduce that HIPS to Intrusion Detction. When a really bad malware changes your services/driver configuration, WD will show a question mark and die soon afterwards. After reboot in 95% of the cases the warning will be skipped (so no second chance) with no traces in allowed/denied list.

Also Windows Defender seems to start another process for monitoring services and drivers, diaabling this makes it a little more efficient also. Since 9 out of 10 AV's allready scan downloaded files and most AV's have Anti Spyware included I deselect this option also.

Stopping programs to change registry settings (e.g. system settings) seems to have a higher success ration of WD.

Regards Kees

 

Exactly, and I believe that if I use WD, it's not when I execute a file that HIPS jumps in, but the changes that occur afterwards more likely. Seems very logical to me at least.

Just a little help here... which checks in the configuration am I supposed to uncheck exactly? Are you able to provide a screenshot? Thanks


EDIT: Just one more quick question... if I'm already running ThreatFire, how much is WD actually gonna do, except taking cycles? For example, now when I tested a fake av/rogue, TF comes up first and the files connected all get quarantined. I think I recall TF always being there first in all the setups I've used - it's fast at detection.

 

See Pic

Well, when Windows Defender does not pop-up it is no known ad and spyware. My guess is that TF is more gearded towards rootkits, trojans, worms than adware and spyware, although it does has a PUP blacklist

NB: Most Possibly Unwanted Programs ask for elevation and show behaviour of regular installation programs (like creating an own Programs Directory, Creating an own Registry hive). ThreatFire due to its behavioral blocking won't protect you for 'shoot in the foot' mistakes (installing a new AV, which turns out to be a malware).

Regards Kees

 

Thanks Kees. I guess IE downloads protection is not needed thanks to IE8's excellent protection on its own, right?