Jump to content

Windows Defender Antivirus Adding PUP Detection!


Corrine

Recommended Posts

Although long overdue in my opinion, as announced in Protecting customers from being intimidated into making an unnecessary purchase, effective March 8, 2018, Windows Defender Antivirus and other Microsoft security products are adding detection for PUPs (Potentially Unwanted Programs) to detection and removal.

 

Coincidentally, this announcement follows the day after Pieter Arntz (Metallica)'s article, Stolen security logos used to falsely endorse PUPs.

  • Like 1
Link to comment
Share on other sites

This is great news and I applaud Microsoft for their continued, and ever-more aggressive assault on malware and malicious, deceptive and coercive marketing scams - especially considering Windows Defender is included in W10 and is totally free - without any nagging screens to pay for any "premium" version.

 

I note Microsoft seems to be taking this a step further than other companies and is not calling these programs "PUPs" or "potentially unwanted programs". Rather they are calling them specifically Unwanted software.

 

I am okay with that as long as false positives are kept to the absolute bare minimum, preferably none - ever! This has been a problem (albeit minor and temporary problem) with other legitimate programs in the past where "wanted" (and totally safe) programs were tagged as PUPs. frown.png

  • Like 3
Link to comment
Share on other sites

Hello,

 

Good to see that Microsoft is finally taking a stand.

 

I believe Google coined the term "unwanted software," I recall them using the term last year.

 

Regards,

 

Aryeh Goretsky

  • Like 1
Link to comment
Share on other sites

This is good news for most of the seniors I help out with Windows (most are now updated to Windows 10.) A lot of them run Windows Defender as their security and I always encourage them to at least add the free version of Malware Bytes.

Unfortunately they don't get MB real time protection and they often forget to scan for malware. I assume Windows Defender will have some sort of real time feature.

As for me I think I'll stick with Malware Bytes Premium and ESET as I've had good results with that combination - stays in the backgound and so far has kept me safe.

Of course there's no substitute for common sense - avoid dodgy websites, learn to recognise scareware, and don't open email attachments you can't trust.

  • Like 1
Link to comment
Share on other sites

I believe Google coined the term "unwanted software," I recall them using the term last year.
I think it has been around forever - at least as long as program distributors started bundling extra junkware into their download packages to "foist" on users systems without their knowledge, permission, or option to deny. Google may have used it but they sure did not coin the term.

 

I assume Windows Defender will have some sort of real time feature.
??? Ummm, that has been one the key features and advantages of Windows Defender since it was first introduced as Microsoft Security Essentials in Windows 7 way back in 2009, and then as Windows Defender in Windows 8, and now in 10. Not only is it a capable real-time anti-malware solution, but unlike any other security program, it starts protecting the computer right out of the box the very first time Windows is booted. So Windows Defender is protecting users BEFORE they even have a chance to go out and download the latest version of their alternative security solution!

 

Unfortunately they don't get MB real time protection and they often forget to scan for malware.
You can always schedule a weekly reminder in Windows 10 calendar for them. Just double click on the clock in the system tray, Pick a day of the week and click the plus sign and create a weekly reminder.
Link to comment
Share on other sites

Of course I understand that WD gives real time antivirus protection but MB is useful to avoid browser hijackers, adware and crapware. In that capacity it's good to have it run in real time with the paid version. If WD is going to take over that function it would be good to offer it in real time. I assume it will.

Point taken about scheduling a reminder.

Link to comment
Share on other sites

Well, WD is a real-time scanner by default. And since it would be impossible to block unwanted software or PUPs from being installed if that feature was "on-demand" and not real-time, then yes, it has to be a real-time feature too.

Link to comment
Share on other sites

Hello,

 

Well, the term potentially unwanted programs has been around for many years, with potentially unwanted applications being used to describe the same thing almost immediately. The key verbiage there being potential, since it satisfies various business requirements in the legal spectrum. Saying unwanted software (UwS) is perhaps a bit different in that it removes an amount of, well, probability, for lack of a better term.

 

By the way, as a little piece of trivia, whenever the vendor of a potentially unwanted application contacts an anti-malware company to request that their software be reclassified, they always refer to the detection of their software as a false positive, because, of course, it is completely outside their worldview that their application is a PUA. Sometimes the demand letters include things like lists of other anti-malware programs which don't detect them, or references to membership in various marketing programs ("We're a Microsoft Gold Partner") or various badging programs meant to certify trust or that their website is secure.

 

Regards,

 

Aryeh Goretsky

Link to comment
Share on other sites

Sometimes the demand letters include things like lists of other anti-malware programs which don't detect them' date=' or references to membership in various marketing programs ("We're a Microsoft Gold Partner") or various badging programs meant to certify trust or that their website is secure.[/quote']Or threats from their shysters... err... legal departments.

 

Do you still intend to run MB after these features are added to WD?
Sure. I always recommend everyone have a secondary scanner on hand regardless their primary scanner of choice. I already have several lifetime licenses for MB on my main systems. Since MB plays well with WD, I see no reason to remove them. On my other systems, I have MB Free (no real time component).

 

As far as your clients, I would not have a set rule. If they have careless, invincible ("it can never happen to me") teenagers in the house, then I would recommend the premium version of Malwarebytes. It the user is careful, keeps Windows updated, does not visit illegal pornography or gambling sites or participate in Torrents and the like, and they are not "click-happy" on every download, link, attachment, and popup they see, then the free version and periodic manual scans is most likely fine.

Link to comment
Share on other sites

I would prefer that certain of my "customers" actually buy Malware Bytes. One guy has already encrypted his data with WannaCry. We were able to restore about 70% from an old machine he kept in the basement. He never learns not to open phishing emails. I am sure a real time ransomware detector would save his butt however he doesn't want to pay. He uses WD so if there's hope for even better security that makes me happy.

As said previously I often come in after the breach to try and pick up the pieces. Stuff happens to illiterate users that I never see, so I'm at a loss to figure out the root cause. I always download and install the free version of MB since I can usually get into Safe Mode and run a scan.

Link to comment
Share on other sites

Well, WDs last major feature addition, Controlled folder access, appears to do the same thing as CryptoPrevent. Unfortunately, I found it to be too intrusive so I disable it on my personal systems.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...