Weaknesses in vista malware protection

  • Thread starter Thread starter Guest
  • Start date Start date
An interesting read, but Webroot is hardly in a position to cast this
stone. Seems to me that they need to get their own house in order first.
I particularly enjoyed reading this Scot's reference to SpySweeper 5.0+ as
being a grotty wee product... It would be funny, if I didn't have a two
year subscription already:

http://www.castlecops.com/f163-Spysweeper.html
 
Which only goes to reinforce the philosophy that users should not rely on
only one AS program. I have six on my machine but some would suggest I have
become paranoid or maybe wiser in my elder years? What concerns me most about
Defender is that it doesn`t reassure the user by conveying what part of your
system is being scanned at any one time. One only sees a fleeting glimpse of
directories and reg entries being scanned as it goes about its task with no
def database the user can relate to. I much prefer Spybot S&D in this respect
which, at least, tells you what it is supposed to protect you from and will
let you know what it is scanning for during a run. Some, I know, will argue
this as a false sense of security but right now I have more confidence in S&D
than Defender. The former has saved my butt twice now - tried and tested.
While I accept there was no comparison available with Defender at the time I
have seen too many doubts raised on here as to its ability to detect and
eradicate - enter Benoit`s article.

Having said that. I have always had a great deal of respect for Microsoft
products which is why I `go along` with WD but do wish they would be a little
more `transparent` with their users. In short, I see us as one very large
pool of beta testers even though WD is supposedly in final version. I don`t
think so. It has a long way to go if it is to become a major player in the AS
market.

Stu
 
Strong reading. I do notice that he reports the problem exprienced is with
IE6. I wonder if IE7 would be any different? Hopefully, your two year
subscription has not been `ill spent`.

Stu
 
Hardly an objective review. The statements about Vista being susceptable to
some common viruses when running as administrator seems hardly worth
making--Vista doesn't include an antivirus--Webroot probably would have been
one of the parties suing Microsoft had they included that coverage. They've
done their level best to get users not to run as administrator. So--that
statement seems rather strained.

I have to say that the published reviews I've seen of Windows Defender
haven't been anything to brag about, of late--but I'd sure take this one
with a healthy dose of skepticism.

This page has a little more detail:

http://www.webroot.com/land/Windows-Vista-Ready.php#faq1

What I think I get from it, though is that you need competent antivirus
protection on Vista--which Microsoft certainly advocates. That page
compares a product incorporating both antispyware and antivirus protection,
with one providing only antispyware. This is not a valid comparison.
 
I'm not siding with Webroot, but I have serious doubts about how competent
the antisyware component of One Care will be on Vista or XP, now that it
disables Defender's realtime protective shields. Since a Vista user with One
Care would have a combined AS/AV scan, the comparison might be more
appropriate than Defender alone. Time will tell *if* Microsoft allows One
Care to be independently tested in comparison with other security suites.
Personally, I had to revert back to KIS 6.0, because after WLOC upgraded to
version 1.5, I could'nt get the darn thing to even Activate using my
subscription, so I'm disinclined to consider WLOC as "competent."
 
One of the disappointments of OneCare for me has been the relative
difficulty of "repairing" it (and the need to do so in the first place!) I
found that removal and reinstallation was the most time-effective fix, and
had some difficulty getting the reinstall accepted as validly licensed even
with a paid subscription.

That said, I do believe the the antimalware team is dedicated to seriously
impacting the problem--so I trust the protection. I'm not clear that the
real-time protections in Defender are not available within OneCare--I do see
that the UI is further reduced, but my expectation is that the protection is
still there.

--
 
The *disappointments* and repairs are even more disheartening IF you have to
use dial up. WLOC 1.1 with separate Defender worked reasonably well on XP
with dialup. WLOC 1.5 is extremely problematic for us dialuppers. If the
Defender real time protections are there, they are either definition based
only OR use an extensive whitelist or digital signatures. Seems to lack a
certain behavioral blocking that might catch unknown malware, if the alledged
weakiness in detecting trojans is true. All that being said, IF I couild have
activated my One Care subscription normally with 1.5, it would be installed
on my PC today instead of KIS, because of ease of use plus the handy backup
feature.
 
Hi Paul,

Actually, OneCare's realtime protection is far better than WinDefend's.
OneCare uses a file system filter to scan files before applications can
access them - and believe me, I was far better protected testing against
malicious sites by that filter (plus the virus sigs that OneCare contains)
than by just WD.

Forefront Client Security actually has both the Windows Defender RTP and the
file filter, but the WD-style RTP stuff rarely has a chance to catch
anything there.

Regards,
Joe
 
Sorry for comming in so late but I just read the post and the article (been
busy and sick all week).

The following is an out and out lie,

"Microsoft currently issues spyware definition updates for its Windows®
Defender product every week to ten days. "

as those of use who find ourselves waiting for Engels link "twice a week"
know.

?:-(
Tim
 
Back
Top