Jump to content


Windows Defender Antivirus Adding PUP Detection!


  • Please log in to reply
12 replies to this topic

#1 OFFLINE   Corrine

Corrine

    The Mystical Rose

  • Forum Admins
  • 4,247 posts

Posted 01 February 2018 - 11:18 AM

Although long overdue in my opinion, as announced in Protecting customers from being intimidated into making an unnecessary purchase, effective March 8, 2018, Windows Defender Antivirus and other Microsoft security products are adding detection for PUPs (Potentially Unwanted Programs) to detection and removal.

Coincidentally, this announcement follows the day after Pieter Arntz (Metallica)'s article, Stolen security logos used to falsely endorse PUPs.
Posted Image

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

#2 OFFLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 227 posts

Posted 01 February 2018 - 12:38 PM

This is great news and I applaud Microsoft for their continued, and ever-more aggressive assault on malware and malicious, deceptive and coercive marketing scams - especially considering Windows Defender is included in W10 and is totally free - without any nagging screens to pay for any "premium" version.

I note Microsoft seems to be taking this a step further than other companies and is not calling these programs "PUPs" or "potentially unwanted programs". Rather they are calling them specifically Unwanted software.

I am okay with that as long as false positives are kept to the absolute bare minimum, preferably none - ever! This has been a problem (albeit minor and temporary problem) with other legitimate programs in the past where "wanted" (and totally safe) programs were tagged as PUPs. Posted Image
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________

#3 OFFLINE   goretsky

goretsky

    Posting Prodigy

  • Forum Moderators
  • 2,001 posts

Posted 01 February 2018 - 11:08 PM

Hello,

Good to see that Microsoft is finally taking a stand.

I believe Google coined the term "unwanted software," I recall them using the term last year.

Regards,

Aryeh Goretsky
Dexter is a good dog.

Aryeh Goretsky
Microsoft MVP 2004.1-2018.6 [Cloud and Datacenter Management]

(previously Networking, Windows, Windows for Devices and IT)
FacebookGoogle+ personal blogpersonal websiteTwitter work blog

#4 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,723 posts

Posted 02 February 2018 - 10:16 AM

This is good news for most of the seniors I help out with Windows (most are now updated to Windows 10.) A lot of them run Windows Defender as their security and I always encourage them to at least add the free version of Malware Bytes.
Unfortunately they don't get MB real time protection and they often forget to scan for malware. I assume Windows Defender will have some sort of real time feature.
As for me I think I'll stick with Malware Bytes Premium and ESET as I've had good results with that combination - stays in the backgound and so far has kept me safe.
Of course there's no substitute for common sense - avoid dodgy websites, learn to recognise scareware, and don't open email attachments you can't trust.
Posted Image

Registered Linux User 445659

#5 OFFLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 227 posts

Posted 02 February 2018 - 12:18 PM

Quote

I believe Google coined the term "unwanted software," I recall them using the term last year.
I think it has been around forever - at least as long as program distributors started bundling extra junkware into their download packages to "foist" on users systems without their knowledge, permission, or option to deny. Google may have used it but they sure did not coin the term.

Quote

I assume Windows Defender will have some sort of real time feature.
??? Ummm, that has been one the key features and advantages of Windows Defender since it was first introduced as Microsoft Security Essentials in Windows 7 way back in 2009, and then as Windows Defender in Windows 8, and now in 10. Not only is it a capable real-time anti-malware solution, but unlike any other security program, it starts protecting the computer right out of the box the very first time Windows is booted. So Windows Defender is protecting users BEFORE they even have a chance to go out and download the latest version of their alternative security solution!

Quote

Unfortunately they don't get MB real time protection and they often forget to scan for malware.
You can always schedule a weekly reminder in Windows 10 calendar for them. Just double click on the clock in the system tray, Pick a day of the week and click the plus sign and create a weekly reminder.
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________

#6 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,723 posts

Posted 02 February 2018 - 02:37 PM

Of course I understand that WD gives real time antivirus protection but MB is useful to avoid browser hijackers, adware and crapware. In that capacity it's good to have it run in real time with the paid version. If WD is going to take over that function it would be good to offer it in real time. I assume it will.
Point taken about scheduling a reminder.
Posted Image

Registered Linux User 445659

#7 OFFLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 227 posts

Posted 02 February 2018 - 02:58 PM

Well, WD is a real-time scanner by default. And since it would be impossible to block unwanted software or PUPs from being installed if that feature was "on-demand" and not real-time, then yes, it has to be a real-time feature too.
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________

#8 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,723 posts

Posted 02 February 2018 - 03:07 PM

Makes sense. Do you still intend to run MB after these features are added to WD? Curious as to what I should continue to recommend to my "clients."
Posted Image

Registered Linux User 445659

#9 OFFLINE   goretsky

goretsky

    Posting Prodigy

  • Forum Moderators
  • 2,001 posts

Posted 02 February 2018 - 03:43 PM

Hello,

Well, the term potentially unwanted programs has been around for many years, with potentially unwanted applications being used to describe the same thing almost immediately.  The key verbiage there being potential, since it satisfies various business requirements in the legal spectrum.  Saying unwanted software (UwS) is perhaps a bit different in that it removes an amount of, well, probability, for lack of a better term.

By the way, as a little piece of trivia, whenever the vendor of a potentially unwanted application contacts an anti-malware company to request that their software be reclassified, they always refer to the detection of their software as a false positive, because, of course, it is completely outside their worldview that their application is a PUA.  Sometimes the demand letters include things like lists of other anti-malware programs which don't detect them, or references to membership in various marketing programs ("We're a Microsoft Gold Partner") or various badging programs meant to certify trust or that their website is secure.

Regards,

Aryeh Goretsky
Dexter is a good dog.

Aryeh Goretsky
Microsoft MVP 2004.1-2018.6 [Cloud and Datacenter Management]

(previously Networking, Windows, Windows for Devices and IT)
FacebookGoogle+ personal blogpersonal websiteTwitter work blog

#10 OFFLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 227 posts

Posted 02 February 2018 - 03:56 PM

Quote

Sometimes the demand letters include things like lists of other anti-malware programs which don't detect them, or references to membership in various marketing programs ("We're a Microsoft Gold Partner") or various badging programs meant to certify trust or that their website is secure.
Or threats from their shysters... err... legal departments.

Quote

Do you still intend to run MB after these features are added to WD?
Sure. I always recommend everyone have a secondary scanner on hand regardless their primary scanner of choice. I already have several lifetime licenses for MB on my main systems. Since MB plays well with WD, I see no reason to remove them.  On my other systems, I have MB Free (no real time component).

As far as your clients, I would not have a set rule. If they have careless, invincible ("it can never happen to me") teenagers in the house, then I would recommend the premium version of Malwarebytes. It the user is careful, keeps Windows updated, does not visit illegal pornography or gambling sites or participate in Torrents and the like, and they are not "click-happy" on every download, link, attachment, and popup they see, then the free version and periodic manual scans is most likely fine.
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________

#11 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,723 posts

Posted 02 February 2018 - 06:57 PM

I would prefer that certain of my "customers" actually buy Malware Bytes. One guy has already encrypted his data with WannaCry. We were able to restore about 70% from an old machine he kept in the basement. He never learns not to open phishing emails. I am sure a real time ransomware detector would save his butt however he doesn't want to pay. He uses WD so if there's hope for even better security that makes me happy.
As said previously I often come in after the breach to try and pick up the pieces. Stuff happens to illiterate users that I never see, so I'm at a loss to figure out the root cause. I always download and install the free version of MB since I can usually get into  Safe Mode and run a scan.
Posted Image

Registered Linux User 445659

#12 OFFLINE   Corrine

Corrine

    The Mystical Rose

  • Forum Admins
  • 4,247 posts

Posted 02 February 2018 - 10:24 PM

You might want to consider the free version of CryptoPrevent for that click-happy person:  

CryptoPrevent Malware Prevention Foolish IT
Posted Image

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

#13 OFFLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 227 posts

Posted 02 February 2018 - 10:35 PM

Well, WDs last major feature addition, Controlled folder access, appears to do the same thing as CryptoPrevent. Unfortunately, I found it to be too intrusive so I disable it on my personal systems.
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users