Toe Wet Time, Beta2?

[Frank Haber]

I see the problems here and have avoided changing from MSAS Beta1 so far. So,
some questions.

o If I don't run resident, and turn off the timed scans, will I avoid most of
the problems?

o Any hints of when Beta 1 will turn into a pumpkin?

o Using B2 as a manual scanner, what am I giving up to the apparent
dumbing-down of the worl^H^H software?

o Will user control of BHOs, homepage hijackers, etc. ever return?

 

[Guest]

My responses are within your questions below:

I see the problems here and have avoided changing from MSAS Beta1 so far. So,
some questions.

o If I don't run resident, and turn off the timed scans, will I avoid most of
the problems?

I don't know what you've been reading, but I've primariliy seen issues with
updates and a few deleted P2P programs and files, plus a few false positives.
I may have missed something, but I haven't seen significant or widespread
issues with the resident operations, nor do I even think it's possible to run
'non-resident' since Defender is now a service, not an executable.

o Any hints of when Beta 1 will turn into a pumpkin?

I believe it was July 31st, it's displayed on the GUI screen itself.

o Using B2 as a manual scanner, what am I giving up to the apparent
dumbing-down of the worl^H^H software?

You're giving up the real point behind its evolution to a service, real-time
protection, or better stated as 'prevention'. The archaic method of
'scanning' was performed at a time when there was no active method of
protecting in real-time and always gave the first round to the malware.

The attempt now is to stop the malware before it can corrupt and take
control, leaving scanning as a mere backup check for malware that entered
while it was either unknown and/or undetected by current techinques or
detections.

o Will user control of BHOs, homepage hijackers, etc. ever return?

Not likely, since these are moving into Internet Explorer 7, where they
really belong. These are browser issues, so security improvements in the
browser are being made to provide for the issue. IE 7 Beta 2 Preview was just
refreshed on Mar. 20th and is available for those willing to take the risk.

 

[Bill Sanderson]

Try it--most folks are not having any problems. I've got it installed on
the same 50 or so desktops that had Microsoft Antispyware, and I've yet to
get a single user query from someone even noticing the difference. (I had
the icon hidden with Microsoft Antispyware.)

See below:
--

I see the problems here and have avoided changing from MSAS Beta1 so far.
So, some questions.

o If I don't run resident, and turn off the timed scans, will I avoid most
of the problems?

I know of no reason to bother--what problems?

o Any hints of when Beta 1 will turn into a pumpkin?

By July 31, I suspect. Microsoft has committed to posting in
..Announcements, here, before turning on update notification to Microsoft
Antispyware users.

o Using B2 as a manual scanner, what am I giving up to the apparent
dumbing-down of the worl^H^H software?

Not sure what you mean here--I'm quite certain that B2 does a better job as
a scan and remove tool. I'm not certain that I know how to use it in the
way you are intending--the Windows Defender Service does both Real-time
scanning and considerable work as part of manual or scheduled scans. There
is a UI switch to turn it off--perhaps that will achieve what you want--not
certain--the switch is very nearly at the bottom of Tools, general settings.

o Will user control of BHOs, homepage hijackers, etc. ever return?

Look into IE7. A beta refresh for XP has just been posted:

http://www.microsoft.com/windows/IE/ie7/default.mspx

This beta can be safely installed, tested, and uninstalled back to the
current IE6 code without side effects that I've noticed.
It does include code to comply with the Eolas settlement, which will be
added to IE6 as well, in a future security update.

 

[Frank Haber]

Thank you, gentlemen. I have compromised. I installed B2 on one machine (g).
Seems fine, and one archaic, trogloditic, pre-Silurian scan went fine. I'l
turn the realtime protection on and off as I need amusement.

Bitman, what did you mean by detection having been improved? Simply by virtue
of its being an early-loading service? Is there anti-rootkit shimming and
lots of registry monitoring? I'd expect a speed hit from that.

Silent removal of thieved music I can agree with. Well, perhaps not the
silent part.

I'll try to get my head around this thing's being a user's tool - minimum
annoyance, minimum surprise, until necessary.

o The problems that most concerned me with realtime protection were several
reports of phantom disappearance of downloads. Is my memory playing tricks on
me?


Thanks,
Frank

 

[Bill Sanderson]

Downloads:

That one I can speak to--there's nothing phantom about it--there is a
circumstance which involves a hook to allow an antivirus or antispyware app
to examine the downloads "en route." Windows Defender uses this hook.
There are some circumstances in which apparently previously uninstalled
antivirus applications leave a registry entry in place which indicates that
they should still be a part of the chain of apps examining the
downloads--I'm getting beyond my knowledge here, but I think this is roughly
correct. At any rate, on such a machine, downloads will simply disappear at
the end of the download process. Additionally, already downloaded material
which is tagged as being Internet sourced, may also not be openable.

Microsoft knows a good deal about this issue. They have a tool to search
out the errant registry entries, which vary from one machine to another,
because they can relate to a number of different antivirus apps. I don't
know what the status of the problem is, but they can fix it--I know this
because it happened on my own machine--and it's fixed.

So--if you've downloaded anything since installing Windows Defender--you are
probably safe on this issue. If you do have a problem, I can refer you
directly to a Microsoft staffer who will be interested in getting this
resolved.

 

[Guest]

Frank, I didn't intend to imply that the detection itself was improved simply
by changing to a service, though I'd be surprised if this wasn't also a goal
with the development of Defender. I think maybe you felt I implied this when
I indicated a preference for real-time protection over scanning.

I only meant to indicate that scanning is now relagated to a 'backup'
function of detecting malware that may have entered the PC before it was
known as malware or could be detected by the then existing real-time
processes. This is all scanning has ever really done, find the malware after
it's already installed, which is often too late for anything but manual
removal.

I'm not personally aware of specific internal details such as rootkit
detection, though the Real-time protection options section contains a link to
a Help topic titled 'Understanding real-time spyware protection options',
which explains what each security agent does.

Bill covered the downloads issue.

I really think it's important that people such as yourself who have opinions
and some apparent understanding of the issues get into the Defender Beta now,
so you can have input. To sit back until it's completed and then find
yourself unhappy with the end result would be a loss.

With some caveats and an occasional fixable issue, the current Defender Beta
2 is workable for most. Those who sit back and expect Microsoft to change it
to what they wish, without using and discussing its pros and cons, will
simply be left out.

Thanks to you Frank for trying it, I look forward to your comments.
Bitman

 

[Bill Sanderson]

I'll make one more comment: I've seen it said by Microsoft staff here that
some rootkits are specifically targeted by Windows Defender. I don't know
more than that, but some ability to detect and clean root-kit like spyware
is included. As a case in point the root-kit portion of Sony's copy
protection scheme is both detected and removed by Microsoft Antispyware
beta1 and Windows Defender beta2.