Defender Version 1593.0 installed at last: first impressions

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Well I stuck with beta 2 for quite a while, but now we're into December it
seemed I'd better take the plunge. (Fresh installations of important programs
are anxious times for people like me who don't really know what's going on.)

The short story is that I closed down all the bits of my AVG security suite,
switched Defender's RTP off, used Dave M's trick (Run 'net stop windefend')
and installed 1593.0 over the top of Beta 2. As far as I can tell so far, the
installation seems to have been successful. A manual update after
reconnecting to the internet seemed to go smoothly, and it scans OK. So far
so good. Even so, I can't help but observe the following:

1. It still doesn't recognise ATWPKT2.sys (the aol driver) as acceptable.
Worse than this, I noticed that already, in the History log, it had recorded
its 'suspicious' behaviour and ALLOWED it without asking me - this before I
had chance to change any settings. Despite having allowed it without asking
me, and despite my putting its file path into its 'don't scan' list, Defender
now goes on and on filling up my Event log with alerts to the behaviour of
ATWPKT2 just like it always did. What was the point of all the feedback I put
in this news group about these false alerts, if no one takes any notice?

2. The install procedure is a small nightmare for the uninitiated. The first
thing that met my gaze was a page of stuff about Genuine Windows. I was
baffled - I'd already gone through all this when I downloaded the program.
Did I have to do it again? Should I connect to the Internet? But if I did
that - I'd have to start up all my security software again, and I'd closed
that all down just for this installation .... In the end I just clicked on to
the next stage and it seemed to be ok. But what the heck was the point of all
that stuff, when all it does is confuse the user at a crucial moment?

3. I was presented with 3 choices, and warned (I forget the details) that if
I made the wrong choices I might mess the security up (or words to that
effect). I could not for the life of me see which of the three to choose, no
matter how many times I read them, nor could I see on what basis I was
supposed to know how to choose, nor how the alternatives were related to each
other. I decided in the end that since I didn't at this stage want to get
entangled in this thing called spynet which was included in option 1, and
option 3 looked positievely dangerous, I'd choose 2. But I didn't then, and
don't now, properly understand the consequences of my choice.

4. While it was updating its definitions I read the 'help', and I looked at
the 'options'. I still don't understand half of what's there (I never did),
and just left the settings on default, because when it really matters and you
have to decide on a setting, the 'help' is often no help at all..

My conclusion is that if this final version is supposed to be suitable for
the general user, then it isn't. It's way, way off target. It's only suitable
for people who have a pretty good idea about what they're doing, and I
suspect that it's very, very easy to set it up wrongly - and I mean
dangerously wrongly, so that things the user should be alerted about may be
missed, while perfectly innocuous things like aol drivers will go on
generating alerts in the event log even when you try to tell the program to
cool it. I'm not myself confident that I have this set up correctly, despite
having been using Defender and reading this newsgroup for months.

It's still basically a program for the technophile. 9 out of 10 users won't
have a clue what's going on when they try to set it up, look in the history
log, or get an alert.
 
Wow--excellent feedback, thanks!

Reading your final paragraph, I'm just chuckling about the breadth of user
experience I see--a great many folks who pride themselves as techies feel
exactly the opposite of your reading on this--that Defender has been dumbed
down and is too simplistic for their tastes. So--does this mean that
Microsoft has actually managed to hit a happy medium?

On #3, your choices with regard to Spynet don't impact the security of your
machine at all, I believe. They do allow you to choose a level of
participation in a community effort to share information about threats found
and actions taken on individual machines--and one of the results of that
information sharing can be seen at the report URL's that I posted yesterday
in the thread very near this one, involving Fwall4.

on #4, about all I can suggest is that when Microsoft sets a default, and
marks that as "recommended"--that's a setting they believe will be the best
for most users, so I'd stick with those settings and not change anything,
unless I felt sure about what I was doing. This includes the default 2 AM
scan time which seems counter-intuitive to most folks--sure, many machines
are off during this time, but there is a backup plan, and it does work.

(and I'm not meaning to be critical about your feedback at all--I hear
you--those are how you felt, and I've every respect for that--just trying to
offer additional information.)

------------------------------------------------

Finally, on a completely different note, I was dismayed yesterday to find
Windows Defender being removed from my main system on which I usually answer
posts about the product. OneCare has apparently released the 1.5 version
from beta status, and it was being installed on my system, and that
installation shut down Windows Defender.

So--now I'm forced to decide between keeping OneCare on this system and
being able to run Windows Defender and use it as first-hand reference when
answering questions!

I suspect it's time for a system upgrade (which is long overdue--the video
in this machine dates from a Windows 98 beta, as I recall) and having enough
space and CPU power to run Virtual Server or Virtual PC.
--
 
Bill... that final dumbing down feature even in the Beta put it over the
top... Adios OneCare, I've had enough.

--

Regards, Dave


Bill Sanderson MVP wrote:
~snip~
 
Although OneCare is not my favorite antimalware product (Microsoft Forefront
Client Security is-but it is not for home users!)--I do think that combining
these two kinds of protection under one umbrella, with one update process,
and one "flag" about user actions needed--is the right thing to do. So I'm
not going to fight it, but I do have to find a way to have an easily
available way to walk people through menu choices and wording in the product
while sitting at this machine!

--
 
Bill Sanderson MVP said:
does this mean that
Microsoft has actually managed to hit a happy medium?
Click to expand...

I think not. Let me put a different perspective on this. If I think of the
people I know personally pretty well - friends and family - who have
computers and use them reasonably often, I suppose I'd be talking about ...
maybe 20-30 people, from a fairly wide background (but many of them in
education, and pretty intelligent well-educated people). Out of these 20-30,
I'd say I was substantially more computer-savvy than any of them. Well, you
know, Bill, more than anyone (except maybe Robin and Bitman and Dave M), how
little I know, and how shaky is my grasp, and so you'll see the scale of the
problem.

To flesh out that picture a little, consider that one of these friends
recently asked me for help so that they could resize images. For this person,
it was a major problem downloading something like Irfanview and installing
it, and using it to resize pictures, even though it only takes a few clicks.
A lot of persuasion and encouragement was necessary.

For a couple of others, I felt that it was a major breakthrough when I
persuaded them to go to Steve Gibson's site and check their firewalls. They
can just about handle AdAware, and maybe Spybot, but they probably forget to
update them often. There is no way that Defender in its present form would be
of any use to them at all. They'd be so confused that they'd end up switching
it off or uninstalling it - even if they managed to install it properly in
the first place. I don't think I would think of recommending it to them, in
its present 1593.0 incarnation.

On the spynet issue, my decision on that wasn't final - I just think it's
not appropriate to be asked to make such a decision at that stage when you're
carefully trying to concentrate on doing the right things just to get the
thing installed. If I decide to say yes to spynet, I'll do it later when I
can handle the program - not at installation time when I still don't know
what's waiting for me round the corner. The worst of it was that the spynet
choice was all muddled up with other stuff in the same option - really
confusing.

On the default settings - yes, thanks - I have indeed left them as is,
except that I ticked the two notify boxes, and changed the scan time to 10.00
am which is where I've had it before and know to expect it.
and I'm not meaning to be critical about your feedback at all
Click to expand...

I know very well that you're not, Bill; and I know you understand exactly
the spirit in which I offered as precise an account of my experience of the
installation as I could.

Finally - it's not as if there aren't examples for Microsoft to follow, or
improve on. Remember, I'm only talking about the user interface here: I know
they're not perfect, but look at the elegance that was Ewido; at the simple,
thoughtful clarity of a-squared's responses when it finds something it needs
to tell you about. There are models already out there that show something of
the directions that the user interface could go, and Microsoft needs to take
a good long look at them.
 
I also feel Windows Defender is not for the beginner user.
It is not "user friendly". The wording in alot of the options are very
confusing and forget the "help". That is more confusing for a beginner.
Does microsoft feel everyone is not a novice user? Do they feel everyone is
on IT level? Well it seems so.
I teach beginners and believe me when loading WD on one of my client's
computers, I let them set it up to see for myself what he would do. Well he
was baffled on what to put for options. Of course once I explained it, he
digested it much better. The Help section goes around and around and
explains nothing.
Unless Micorosoft realizes that not everyone is an IT person most who will
have this on Vista will either shut it down, uninstall it, or just ignore
it.
robin
 
Robin said:
I teach beginners and believe me when loading WD on one of my client's
computers, I let them set it up to see for myself what he would do. Well he
was baffled on what to put for options. Of course once I explained it, he
digested it much better. The Help section goes around and around and
explains nothing.
Click to expand...

That's the problem, in a nutshell. 9 out of 10 computer users (among whom I
include myself) are like this client of Robin's, and they don't have Robin to
help them. And if you want to get a real grasp of the size of the gulf that
has to be crossed, consider this also: I've been following this newsgroup for
months, trying hard to get a grip on this program; I'm an intelligent,
rational, scientifically-trained individual. And I still can't understand
half of what Defender tries to tell me in the options it offers, and in its
popup messages and its logs. Imagine what those other 8 out of 10 who haven't
been haunting this message board are going to make it.

And the really frustrating thing is that hardly anything of significance has
been changed in this respect. What is needed on the part of the Defender team
is this: They need to invite a dozen people in from the street (whose only
necessary qualification is that they own a computer), sit them in front of a
computer, and ask them to install and set up Defender, and just watch - not
help - watch and listen.

(Of course I'm assuming that some of them manage to fight their way through
the Genuine Advantage test first.)
 
Back
Top