What's the advantage of Windows Defender?

Discussion in 'Windows Vista Security' started by Brian, Jun 30, 2007.

  1. Brian

    Brian Guest

    Is it necessary to keep Windows Defender running if you've already got a
    third-party antivirus and firewall running? Does Defender do anything
    extra?
     
    Brian, Jun 30, 2007
    #1
    1. Advertisements

  2. Brian

    Mr. Arnold Guest

    No not really but some like to use the layered protection approach, in case
    a solution can be taken down by malware you have some backup,
     
    Mr. Arnold, Jun 30, 2007
    #2
    1. Advertisements

  3. Richard G. Harper, Jun 30, 2007
    #3

  4. Windows Defender isn't an anti-virus application; it serves the
    entirely different purpose of detecting and blocking adware and spyware.
    You need both an anti-virus application and an anti-spyware
    application. If you prefer, you can install a 3rd-party anti-spyware
    program and then disable Windows Defender.


    --

    Bruce Chambers

    Help us help you:
    http://dts-l.org/goodpost.htm
    http://www.catb.org/~esr/faqs/smart-questions.html

    They that can give up essential liberty to obtain a little temporary
    safety deserve neither liberty nor safety. -Benjamin Franklin

    Many people would rather die than think; in fact, most do. -Bertrand Russell
     
    Bruce Chambers, Jun 30, 2007
    #4
  5. Windows Defender targets spyware/malware and without it (or a similar third
    party application) you are susceptible to an attack, therefore, if you don't
    have third party cover it is wise to keep Windows Defender enabled. My anti
    virus software, Sophos Enterprise, also scans for spyware/malware but
    Windows Defender is still enabled on my system.

    --
    John Barnett MVP
    Associate Expert
    Windows - Shell/User

    Web: http://xphelpandsupport.mvps.org
    Web: http://vistasupport.mvps.org

    The information in this mail/post is supplied "as is". No warranty of any
    kind, either expressed or implied, is made in relation to the accuracy,
    reliability or content of this mail/post. The Author shall not be liable for
    any direct, indirect, incidental or consequential damages arising out of the
    use of, or inability to use, information or opinions expressed in this
    mail/post..
     
    John Barnett MVP, Jun 30, 2007
    #5


  6. Yes, it does. You need three kinds of software to protect yourself
    adequately:

    1. Firewall
    2. Anti-virus program
    3. Anti-spyware program(s).

    Windows Defender is that last kind, and does not substantially overlap
    what your firewall and anti-virus programs do,

    So, yes, you need Windows Defender, or some other anti-spyware
    software. In fact, if the only anti-spyware you run is Defender, you
    need *more* protection, not less. A single anti-spyware product is
    *not* good enough. Note what Eric Howes, who has done extensive
    testing on Anti-Spyware products, states:

    "No single anti-spyware scanner removes everything. Even the
    best-performing anti-spyware scanner in these tests missed fully one
    quarter of the "critical" files and Registry entries" See
    http://spywarewarrior.com/asw-test-guide.htm
     
    Ken Blake, MVP, Jun 30, 2007
    #6
  7. Not quite true.
    Windows Defender is to help protect against spyware and neither anti
    virus or firewall do that.
    There are 4 things needed to help keep the computer secure.
    1. Antivirus
    2. Firewall
    3. Anti spyware
    4. Keep Windows up to date (Windows Update).
    While there is some overlap, all 4 are intended to protect the
    computer in different ways.
    Since they protect for different problems, this is not "layered
    protection"

    Layered protection is more like a router adding another layer of
    protection to the firewall.
     
    Jupiter Jones [MVP], Jun 30, 2007
    #7
  8. Brian

    Mr. Arnold Guest

    I agree with those two.
    I don't agree with that one, because all one has to do is not put his or
    herself and the machine in that position to have it happen. I haven't used
    any of it in years. All the stuff ever did was find cookies and the machine
    cannot be attacked by cookies.
    I'll agree with that.
    I look at as anything that can be put on the machine to protect it for what
    it's wroth.

    The 5th element you left out is below.

    But if he user doesn't have any common sense to practice safe hex, then
    every last bit of it equals no protection.

    The only thing that really protects against anything is the one sitting at
    the wheel and doing the driving and using the proper tools, looking around
    from time to time to see what's happening on the machine, because malware
    can go around every last bit of it.

    http://preview.tinyurl.com/klw1
     
    Mr. Arnold, Jun 30, 2007
    #8
  9. On Sat, 30 Jun 2007 14:27:39 -0400, "Mr. Arnold" <MR.


    Although I agree with your point, I'm a belt and suspenders kind of
    guy. Yes, you can largely avoid malware by practicing safe hex. But
    none of us is perfect, and if we are tired, upset, in a hurry, etc.
    it's very easy to let our guard down. My stance is that one should use
    all the software protection available, but not simply rely on it.

    Moreover, not everyone knows enough to protect himself without
    software. Especially for people like that (and that's probably the
    great majority of people) such software is essential.
     
    Ken Blake, MVP, Jun 30, 2007
    #9
  10. I'm begining to agree with this less and less, as the line between
    "nice" commercial malware and "nasty" traditional malware gets
    blurred. Traditional av still often ignores commercial malware, which
    is often no longer pretending to be "legit" (and thus easy to avoid or
    remove), so the risk is increasing.

    I still don't like to add an active "underfootware" scanner that does
    what av does, but I would retain Defender, and to that I would add
    Spyware Blaster. The latter does not run all the time, but confers
    "static" protection by populating Restricted Zone, cookie kill-lists
    etc. with entries for known "bad guys".

    Note 1: There are 200+ fake "antispyware" apps out there, avoid them
    all! Free "legit" ones include AdAware, Spybot, A-Squared and AVG
    Antispyware (what used to be Ewido).

    Note 2: At some point, and maybe still, some MS email apps would work
    very slowly if there were "too many" entries in Restricted Zone, as
    there would be if you actually USED this to block the large number of
    malicious sites and banner URLs etc. that are out there.
    Safe hex helps, but is undermined by unsafe UI (e.g. an Explorer that
    hides file name .ext by default) and is bypassed by clickless attacks.

    Most of the latter rely on exploitable code defects, hence the advice
    to keep patched and use a firewall. But sometimes bad guys find and
    use exploits before the good guys find and fix them, and sometimes a
    yawning defect is left open because it "works as designed".

    It can take YEARS to get a design defect fixed - just look at the age
    of MS Office macro malware, starting before VBA and ending only quite
    recently (well, becoming less common, at least).

    Safe hex is like all these other tips; an essential part of defense,
    but no substitute for a lack of any or all of the others.
    Nice article :)
     
    cquirke (MVP Windows shell/user), Jul 1, 2007
    #10
  11. Brian

    Mr. Arnold Guest

    But the machine has to be put at risk. If the machine is never put into a
    risk position and one is aware of the risks, then running of those solutions
    have no value, IMHO. But of course, one has to know what he or she is doing
    in this area and know what those risks are to avoid the risks.

    I am very aware, as I could turn bad guy with ease, since I have been
    programming professionally since 1980. But I am a nice guy.
    I think if you posted this into a Security and Firewall NG you may get a lot
    of opposition about solutions like Ad-Aware, Spybot, WD, etc, etc.

    If one knows how to protect and not to put the machine at risk, then for
    someone like that, the solutions are of no value.
     
    Mr. Arnold, Jul 1, 2007
    #11
  12. There was a bug fixed by MS once, where scripts within cookies could
    have been executed in the anything-goes My Computer zone.

    The "fix" changed things so these scripts ran "correctly" in the
    Internet Zone. IOW, MS considers it to be by-design to have scripts
    hidden within cookies, and doesn't block them totally.

    When I read that, I kinda got a lot less relaxed about cookies.

    So far, the sky is still up there where we last saw it, though :)
    I agree with you; where we disagree, is on what constitutes "putting
    the PC at risk". I'd say any Internet connectivity and any
    installaton of software will expose one to this surface.
    What's changed is that we rarely find sites by entering URLs these
    days - we are more likely to follow a link found by a search, or found
    in a forum post, or from within a software installer.

    When we get to the site, we reach not only what the webmaster put up
    there, but also any hacker defacements (uncommon), banner ads (very
    common) and other ads and fake links that could have been added by
    commercial malware within the PC, and even by some ISPs.

    In practice, a pattern I often see is a PC with no "viruses", a
    functioning and up-to-date resident av (usually "Norton"), and a
    metric spitload of commercial malware.

    Malware begats malware, as settings and other "fences" get trampled
    down, and some malware actively pulls down other malware. Defender
    has value in that it can alert and block some settings changes.


    Recently, I downloaded and installed Adobe Acrobat 8.1, and as usual,
    I was obliged to use their "special" downloader. There was a checkbox
    to opt in for their Photoshop Album freebie, which I wanted to check
    out, so I checked that.

    I noticed the download process pulled down the Google Toolbar, which I
    didn't see mentioned anywhere in the site. WTF?

    Then I noted this toolbar was active in IE, even though I specifically
    UNcheck the setting to allow 3rd-party browser intrusions. Er,
    "enhancements". Yup, the state of that checkbox had been silently
    flipped by Adobe'Google's shovelware, and was now open to anything
    else that can find its way in. And so, the system begins to rot.

    Cases like these make me extend caution to software installs from CDs,
    CDRs, USB sticks etc. even when off line. Unless you really trust
    your av to take as active an interest in commercial malware as the
    trad stuff, you may not be protected against this sort of thing.
    Yep, me2. I'm often more amazed at what the bad guys DON'T do.
    The thing is, what is lumped together as "antispyware" is actually
    quite a disparate bunch of technologies.

    If you exclude passive protections like Spyware Blaster and some
    aspects of Spybot, and exclude behavior alerters that operate like
    "internal firewalls" like PrevX, All-Seeing-Eye and aspects of
    Defender, you look at scanners on their own.

    Even there, these work differently. Some run resident, others only on
    demand, and some scan from the registry outwards, while others scan
    files and then backtrack to registry, others do both. Some scan each
    item for multiple baddies at a time, as av usually does; others scan
    everything for a particular baddie at a time, as Spybot does.
    I like to have scanners for commercial malware on hand, but generally
    dislike having them running resident. Defender's built in and on that
    basis, I generally leave it there. Passive defenders like Spyware
    Blaster are essentially free (as long as you aren't using a brain-dead
    email app that is incompatible with the OS's feature set).

    So at this point, I'm wondering if we really disagree at all ;-)


    What I normally do, is use the old faithfuls AdAware and Spybot, along
    with Spyware Blaster, as these don't impose any underfootware baggage
    (I'm selective of what I use in Spybot; no Tea Timer etc.).

    Then, if I have to check the system for malware, as part of the
    process I will re-assert these three, and add A-Squared and AVG
    Antispyware. These do run resident in a sense; A-Squared integrates
    as a rt-click option, and AVG AS sits in the SysTray to update itself
    and runs resident protection for a trial period.

    My thinking is this; by needing a cleanup, these particular PCs are
    higher-risk, and therefore may warrant extra care, and the trail
    period of AVG AS's resident protection may catch things that are still
    active, or that missed malware may try to pull dowm., etc.

    Follow-up on such systems generally doesn't find first-month
    re-infection, so the above may be "overkill". Or maybe I don't see
    those re-infections because, lame as it may be, so far it works?


    On the 'net, *everyone* can hear you scream
     
    cquirke (MVP Windows shell/user), Jul 1, 2007
    #12
  13. Brian

    Spirit Guest

    Spirit, Jul 2, 2007
    #13
  14. Brian

    vanilla Guest

    One of the extras that I like about Defender is Software Explorer. It gives
    good detailed info on stuff that is running on my machine. Even though I use
    other antispyware products, I keep Defender running also. And they all get
    along with each other. To find Software Explorer, click on Tools at the top
    .... vanilla
     
    vanilla, Jul 3, 2007
    #14
  15. Hi all - I have Windows Defender currently installed on my laptop as well as
    numerous other spyware defence programs. It is a Acer Vista Home Premium, and
    I also have SpyBot Search and Destroy and Norton Internet Security 2006 as
    well as an early edition of Internet Cleanup. I was told one week when
    Windows Defender was doing a scan that it nothing at all was found. My
    Windows Defender is of course updated, but when i ran SpyBot Search and
    Destory after it, that signalled up around 10 things which Defender didnt
    find. In my opinion, the only thing defender is any good at is blocking
    start-up programs, and if RAM is short on your PC i wouldn't really bother
    keeping it running.
     
    Spikeys-World, Jul 13, 2007
    #15
  16. Brian

    wildrex Guest

    yes defender is useless they should have left it alone when it was giant
    spyware program it was alot better just another useless service such as aero
    glass ect microsoft never gets it
     
    wildrex, Jul 14, 2007
    #16
  17. Exactly what was missed?
    You never said.
    Windows Defender does not detect cookies unlike many other anti
    spyware programs.
    Internet Explorer and other browsers already give the user wide
    control over cookies.
    Since the browser takes care of cookies, there is no reason for a
    malware program to also do the same thing but less efficiently.

    As far as other programs detecting cookies?
    Largely marketing, nothing more.
    Some spyware detectors rely on detection of cookies to spike their
    numbers.
    And the numbers is what they use to convince people to use their
    products.
     
    Jupiter Jones [MVP], Jul 14, 2007
    #17
  18.  
    Claytonian Modal Man, Jul 14, 2007
    #18
  19. Spyware such as ActiveX were found. On XP Defender functions well - I have
    another XP Home computer which recently became infected with a virus.
    Defender found the Virus which helped me to find a soloution. Defender didn't
    repair it but that isn't what it was made for. I got Windows Live One Care,
    from the Microsoft Website, which repaired the problem as far as i know.
    Defender has it's advantages but as i said previously, if you don't have a
    lot of RAM theres probably not much point keeping it on.
     
    Spikeys-World, Jul 14, 2007
    #19
  20. Did you notify them exactly what the spyware was?
    "ActiveX" is not necessarily spyware.
    Whatever the specific description was is what they need to know.
     
    Jupiter Jones [MVP], Jul 14, 2007
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.