Contents tagged with Windows Defender

  • Anti-Spyware Rival Slams Microsoft's Windows Defender, Vista

    Posted by bink on January 26 2007, 4:16 AM. Posted in Windows Defender.

    Webroot says Windows Defender fails to block many of the security threats that are roaming around the Internet.

    A Microsoft security rival on Thursday blasted the anti-spyware technology that the Redmond, Wash., developer will include with Windows Vista as "ineffective," "slow," and "weak."

    "We applaud Microsoft for the substantive improvements in Vista," says Gerhard Eschelbeck, the chief technology officer of Webroot Software Inc. "However, we want to make sure that users understand the Vista operating system's limitations, and caution them that Microsoft's default malware blocking application and anti-virus programs may not fully protect them."

    Eschelbeck's Boulder, Colo.-based employer is best known for its Spy Sweeper anti-spyware line, which late last year was updated with anti-virus scanning capabilities. Spy Sweeper competes with the for-free Windows Defender, Microsoft's anti-spyware add-on to Windows XP that is also integrated with Windows Vista, the next-generation operating system that debuts in retail next Tuesday, Jan. 30.

    "If you look at the [Defender] data points, they speak for themselves," says Eschelbeck. "Defender didn't block 84% of the tested malware. That's not the kind of performance users are hoping for." Eschelbeck said that his firm's research team tested Defender against a suite of Trojan horses, adware, keyloggers, system monitors, and other unwanted programs, all of which were gathered from in-the-wild threats. Webroot's own Spy Sweeper blocked 100% of the threats.

    Eschelbeck also slammed Windows Defender, and by connection, Vista's security, for infrequent updates. Microsoft currently issues spyware definition updates every seven to 10 days, he said. Webroot, meanwhile, identifies approximately 3,000 new traces of spyware every month. "Users can't wait for a week or so to have their anti-spyware signatures updated," says Eschelbeck.

    Windows Vista also lacks built-in anti-virus protection, Eschelbeck continued. Windows Live OneCare, Microsoft's suite of security services that adds anti-virus scanning, backup, and tune-up tools, retails for $49.95 for a one-year, three-PC subscription. Webroot added anti-virus scanning to Spy Sweeper in late October, 2006, after licensing technology from Spanish security vendor Sophos. Spy Sweeper with AntiVirus costs $39.95 for a one-year license for one PC, $49.95 for three machines.

    Continue At Source
  • Microsoft Proposes Continued Innovation and Change in Face of Evolving Malicious Software Threats

    Posted by bink on October 25 2006, 3:49 AM. Posted in Windows Defender.

    At a gathering of European IT security professionals, Microsoft security executive asserts that the shift to 64-bit computing is an inflection point for PC security.

    In his keynote address at the RSA Conference Europe 2006, Microsoft Corp. Security Technology Unit Corporate Vice President Ben Fathi discussed the evolution of the computing ecosystem and malicious software landscape, and called on the IT security industry to team with Microsoft in investing in continued innovation to keep pace with ever-evolving threats. Fathi described Microsoft’s ongoing investments to enable a trust ecosystem, pointing to security advancements in the forthcoming release of Windows Vista™ as an important opportunity for the industry to become more proactive in its aim to provide users with a safer computing experience. Specifically, Fathi announced milestones toward this goal, including the availability of Microsoft® Certificate Lifecycle Manager beta 2, a digital certificate and smart cards management solution; the general availability of Windows® Defender, a free anti-spyware solution; and the availability of the Sender ID Framework specification for e-mail authentication under Microsoft’s Open Specification Promise (OSP).

    “As threats continue to evolve and computing advances, we need an environment that engenders trust and accountability,” Fathi said. “To help protect customers and ensure the long-term success of the computing ecosystem, the industry must embrace change and innovation.”

    An Evolving Threat Landscape, an Industry at a Crossroads

    Fathi opened by outlining how the evolving threat landscape requires new thinking about how to make operating systems more secure and reliable. To illustrate, he referred to the new “Microsoft Security Intelligence Report,” which found that threats against consumers and businesses are becoming more targeted and motivated by financial gain, with backdoor Trojans and bots continuing to make up a significant percentage of the malicious software detected by Microsoft anti-malware offerings. The report also found that social engineering continues to be a popular means of spreading malware, especially when sent over e-mail and peer-to-peer networks, and that rootkits are likely to continue to be popular for targeted, stealth intrusions. Data from several customer-focused Microsoft products and services were used to compile the information provided in this report, which is available at

    Fathi also made known that as part of the Microsoft Security Response Alliance, Microsoft plans to develop a malware sample sharing program for security ISVs. The program will further enable the industry to work closely together on the protection of mutual customers as the threat landscape continues to evolve.

    In the face of evolving threats, Fathi asserted that the industry is at a crossroads where, due to processor innovations and the decreasing cost of 64-bit processors, 64-bit computing is on the horizon as the next significant PC computing architecture. He emphasized that Microsoft and the worldwide IT security industry — including platform providers, hardware manufacturers and security independent software vendors — needs to invest in continued innovation to keep pace with the threats.

    To fully support the evolving ecosystem, Fathi said the security industry must build more innovative security solutions than it did in the past to help protect customers. As a first step, he described how Microsoft has improved the security, reliability and integrity of the Windows kernel through innovative technologies such as Kernel Patch Protection in 64-bit environments, including Windows Vista, to provide greater stability, protection and defense against malicious threats. Kernel Patch Protection raises the bar for security and also provides a significant opportunity for the security industry to extend this work by designing next-generation security solutions.

    Fathi reaffirmed Microsoft’s commitment to continuing to work with security partners to provide the kernel functionality they need, beyond what is available today in Windows XP and Windows Vista, without bypassing Kernel Patch Protection.

    A white paper detailing Kernel Patch Protection in Windows Vista is available at Continue At Source

  • Microsoft Releases Windows Defender final to the Web!

    Posted by bink on October 24 2006, 2:06 PM. Posted in Windows Defender.

    Windows Defender features• New option to display Windows Defender system tray icon even when there are no pending actions needed. • Enhanced performance through a new scanning engine. • Streamlined, simplified user interface and alerts. • Improved control over programs on your computer with enhanced Software Explorer. • Multiple language support with globalization and localization features. • Protection features for all users, whether or not they have administrator rights on the computer. • Support for assistive technology for individuals who have physical or cognitive difficulties, impairments, and disabilities. • Support for Microsoft Windows XP Professional x64 Edition. • Automatic cleaning according to your settings during regularly scheduled scans.Microsoft encourages all Windows Defender (Beta 2) users to download and install Windows Defender.

    Known issues• By design, the system tray icon for Windows Defender does not appear if you do not need to take action.  • Windows Defender might prompt you to remove some peer-to-peer (P2P) file-sharing programs. If you choose to remove such a program, Windows Defender deletes all the contents of the Program Files folder associated with the P2P program. Because some P2P programs store downloaded files in a default folder under Program Files, this might remove all files you have downloaded through the file-sharing program. For example, KaZaA stores .exe and .dll files at C:\Program Files\Kazaa. Downloaded files are stored at C:\Program Files\Kazaa\My Shared Folder. If you use Windows Defender to remove KaZaA, all files and folders under C:\Program Files\Kazaa are removed. If you have installed any P2P file-sharing programs, it is a good idea to back up your downloaded files before you run Windows Defender. • You do not need to remove other antispyware or antivirus programs to run Windows Defender. Other programs or Windows Defender might prompt you to allow or block an action, but there are no other known incompatibilities between Windows Defender and other antispyware or antivirus programs. • By design, the final release of Windows Defender removes Windows Defender (Beta 2). • Windows Defender offers only limited Group Policy settings. The final version of Windows Defender will include administrator (.adm) files so that you can configure those limited settings in Windows Defender through Group Policy. 

    Download At SourceBETA 2 Expires December 21
  • Windows® Defender (Beta 2) build 1347

    Posted by bink on April 14 2006, 1:45 AM. Posted in Windows Defender.

    This release includes enhanced features that reflect ongoing input from customers, as well as Microsoft’s growing understanding of the spyware landscape. To download the x64 version of Windows Defender Beta 2, click here. Specific features of Windows Defender Beta 2 include:
    • A redesigned and simplified user interface – Incorporating feedback from our customers, the Windows Defender UI has been redesigned to make common tasks easier to accomplish with a warning system that adapts alert levels according to the severity of a threat so that it is less intrusive overall, but still ensures the user does not miss the most urgent alerts.
    • Improved detection and removal – Based on a new engine, Windows Defender is able to detect and remove more threats posed by spyware and other potentially unwanted software. Real Time Protection has also been enhanced to better monitor key points in the operating system for changes.
    • Protection for all users – Windows Defender can be run by all users on a computer with or without administrative privileges. This ensures that all users on a computer are protected by Windows Defender.
    • Support for 64-bit platforms, accessibility and localization - Windows Defender Beta 2 also adds support for accessibility and 64-bit platforms. Microsoft also plans to release German and Japanese localized versions of Windows Defender Beta 2 soon after the availability of the English versions. Use WindowsDefenderX64.msi for 64-bit platforms.
  • Microsoft Says Recovery from Malware Becoming Impossible

    Posted by bink on April 6 2006, 12:51 AM. Posted in Windows Defender.

    In a rare discussion about the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation.

    "When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here.

    Offensive rootkits, which are used hide malware programs and maintain an undetectable presence on an infected machine, have become the <!-- start ziffarticle //-->weapon of choice<!-- end ziffarticle //--> for virus and spyware writers and, because they often use kernel hooks to avoid detection, Danseglio said IT administrators may never know if all traces of a rootkit have been successfully removed.

    He cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. "In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast," Danseglio added.

    Danseglio, who delivered two separate presentations at the conference—one on threats and countermeasures to defend against malware infestations in Windows, and the other on the frightening world on Windows rootkits—said anti-virus software is getting better at detecting and removing the latest threats, but for some sophisticated forms of malware, he conceded that the cleanup process is "just way too hard."

    Continue at source
  • Microsoft Releases Windows Defender Beta 2

    Posted by bink on February 14 2006, 5:06 PM. Posted in Windows Defender.

    The long awaited beta 2 of Windows Defender, formerly Windows AntiSpyware has now been released.
    The new versions sports a new user interface similar to what is found in Windows Vista. The UI has been redesigned to make normal tasks easy, a better warning system and to be less intrusive.
    Real time protection and monitoring has been enhanced to monitor more points of weakness in the Windows operating system.
    The latest version now supports x64 operating systems and will run on users machines with or without administrator rights, something that was always an issue with Beta 1.
    Microsoft's Windows Defender is one of if not the best solution against spyware and adware on Windows machines to date.
  • Microsoft Anti-Spyware Removes Norton Anti-Virus

    Posted by bink on February 12 2006, 2:28 PM. Posted in Windows Defender.

    According to a story over at, the latest definitions file for Microsoft's Anti-Spyware beta flags Symantec's Norton Antivirus products as a password-stealing trojan and prompts users to delete portions of the program. Users who follow the instructions hose their installation of Norton, requiring delicate Windows registry edits and a complete removal/reinstall of Norton. Microsoft's support forum is quickly filling up with complaints about this problem, many from businesses that have been pretty hard hit. This should be a cautionary tale about deploying beta products in production environments."
  • Microsoft will make Windows Defender Beta 2 available for Windows 2000, XP, 2003, R2, Vista

    Posted by bink on January 25 2006, 10:34 PM. Posted in Windows Defender.

    Microsoft will make Windows Defender Beta 2 available for Windows 2000, XP, 2003, R2, Vista and LH server. Beta 2 will be released in February / March. 64 bit versions will be included in Vista / LH Server x64 editions and for XP and 2003 x64 editions.Windows Defender will be configurable via Group Policies, and defender updates will appear on WSUS. Defender updates will be released as needed, from few times a day to minimum once a week through (automatic) Windows Update infrastructure.Beta 2 will have significant changes according to the chat transcript held by the Windows Defender team. Full Chat At Source
  • Windows Defender Gets WSUS Updates

    Posted by bink on January 17 2006, 7:21 PM. Posted in Windows Defender.

    Today you will see a new product category and update classification in your WSUS Synchronization Options dialog.  Windows Defender, formerly Microsoft Windows AntiSpyware (Beta), will as of today’s synchronization show up as a new Windows product category.  A new update classification will also come on line called “Definition Updates”.   Currently Windows Defender is only released as part of a VISTA beta release.  Definition Updates will only be available to beta participants from the Microsoft Update site, with Vista Windows Defender Beta installed.....Continue At Source
  • Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes

    Posted by bink on December 7 2005, 10:53 PM. Posted in Windows Defender.

    More than 20 percent of all malware removed from Windows XP SP2 (Service Pack 2) systems are stealth rootkits, according to senior official in Microsoft Corp.'s security unit.

    Jason Garms, architect and group program manager in Microsoft's Anti-Malware Technology Team, said the open-source FU rootkit ranks high on the list of malicious software programs deleted by the free Windows worm zapping utility.

    "I can tell you that FU is the fifth most removed piece of malware. We're finding the FU rootkit in many different versions of Rbot," Garms said, referring to the IRC controlled backdoor used to illegally infect Windows PCs with spyware.

    In addition to the FU rootkit, Garms said the WinNT/Ispro family of kernel mode rootkits features in the top-five list every month.

    WinNT/Ispro, like FU, is often bundled with illegally installed spyware to allow an attacker to modify certain files and registry keys to avoid detection on an infected machine.

    "Hacker Defender," another rootkit program that is available for sale on the Internet, has also been detected and deleted regularly.

    Garms shared statistics culled from the worm cleansing tool in an interview with Ziff Davis Internet News and warned that the high rate of rootkit infections confirm fears that virus writers are using the most sophisticated techniques to hide malicious programs.

    Continue At Source

  • Microsoft Windows AntiSpyware (beta) new update (Build 1.0.701).

    Posted by bink on November 22 2005, 4:34 AM. Posted in Windows Defender.

    Why not Beta 2? we have Beta1 nearly a year now... Beta 1 VersionsSince releasing Windows AntiSpyware (Beta) on January 6, 2005 (Build 1.0.501), we have continued to receive feedback from customers. We introduced a beta refresh on February 16, 2005 (Build 1.0.509) which enhanced some of the real-time protection agents, added new threat categories, and improved stability and performance. An updated beta refresh released on June 23, 2005 (Build 1.0.613), introduced enhancements to the detection and removal capabilities, including improved Winsock LSP removal capabilities and support for long descriptions of categorized software. In addition, we have also extended the Windows AntiSpyware beta expiration date to December 31, 2005. An updated beta refresh released on July 18, 2005 (Build 1.0.615), addresses issues pertaining to how Windows AntiSpyware (Beta) provides information to the user about processes running on a PC, solves an issue regarding the delivery of new anti-spyware signatures for some customers. The latest beta refresh, build 1.0.701, extends the Windows AntiSpyware beta expiration date to July 31, 2006 and provides new signature updates to help protect against recently identified spyware. Existing users of the beta (Build 1.0.615) will receive a software update that includes the new beta refresh. The latest beta refresh is also available for download through this site. Microsoft would like to encourage all Windows AntiSpyware (beta) users to download and install the new update (Build 1.0.701). Download At Source
  • Microsoft AntiSpy program will remove Sony's DRM Rootkit

    Posted by spy on November 13 2005, 3:09 PM. Posted in Windows Defender.

    The following was found on the Microsoft Anti-Malware team blog today.  It clearly state that the Sony DRM Rootkit will be wiped by Microsoft's Antispyware Beta program.  This is great and I for one am very happy to see Microsoft move quickly on this.

    I've been getting a lot of questions in the last week about Microsoft's position on the Sony DRM and rootkit discussions, so I thought I'd share a little info on what we're doing here. We are concerned about any malware and its impact on our customers' machines. Rootkits have a clearly negative impact on not only the security, but also the reliability and performance of their systems.

    We use a set of objective criteria for both Windows Defender and the Malicious Software Removal Tool to determine what software will be classified for detection and removal by our anti-malware technology. We have analyzed this software, and have determined that in order to help protect our customers we will add a detection and removal signature for the rootkit component of the XCP software to the Windows AntiSpyware beta, which is currently used by millions of users. This signature will be available to current beta users through the normal Windows AntiSpyware beta signature update process, which has been providing weekly signature updates for almost a year now. Detection and removal of this rootkit component will also appear in Windows Defender when its first public beta is available. We also plan to include this signature in the December monthly update to the Malicious Software Removal Tool. It will also be included in the signature set for the online scanner on Windows Live Safety Center.