Jump to content

Fast Start/Hybrid Shutdown?


DarkSerge

Recommended Posts

Hello everyone!

 

I just recently put in a brand new SSD and did a clean install of Windows 10! Back in November my computer start having issues with random restarts and lock-ups. I was advised to replace the PSU. I also noticed the hard drive was failing various diagnostics. I replaced the PSU and everything was fine for 2 months, then after a time of peace the system started doing it again. I purchased a Solid-State Drive and have done a clean install.

 

I was just curious about the Windows 10 feature of Fast Startup (apparently also known as Hybrid Shutdown I think)

 

In the interest of hard drive and system life, would it be best to keep it enabled or disabled?

 

Startup speed is pretty good as it is, so speed isn't really my concern. I'm interested in longevity of the system.

 

If anybody's curious about the SSD - Western Digital Blue, 250 GB, SATA III 6.0 GB/s, 3D NAND (Ordered from Newegg.com)

Edited by DarkSerge
Link to comment
Share on other sites

Hello,

 

Basically, when a shutdown occurs it tells Windows to close all applications and then hibernates the core operating system (kernel+drivers). When the system is powered up again, it does a resume, loading the hibernation file into memory.

 

Generally, I find that systems with an SSD boot fast enough that I don't need to use it. Also, this can cause problems if you are installing software which needs a reboot to finish installing, as a suspend-and-resume operation isn't the same as actually turning off the computer--the pending changes will still be pending when you resume. It also requires the system to create a hibernation file which can be up to the size of your RAM (although usually smaller since it's just the operating system which is being hibernated and no apps). While this technically means more writing to the SSD, it's not going to be enough to shorten it's life appreciably.

 

Since this is meant to be a fast operation, the OS leaves the file system in a "dirty state," because it can skip the actions to close file handles, etc., since the operating system will resume in a deterministic way (well, hopefully). This cause problems on multi-boot systems, as they will see the NTFS partition containing Windows as having an error due to the "dirty shutdown."

 

Also., you can sometimes have problems with drivers for things like video and sound cards because they don't reinitialize correctly on the resume. That can be kind of a problem because Microsoft so frequently updates the operating system that device driver developer at times end up having to scramble to fix something that Microsoft changed in Windows 10 that affects their code.

 

Regards,

 

Aryeh Goretsky

  • Like 3
Link to comment
Share on other sites

Aryeh makes some excellent points and I have been bitten by this fast shutdown feature in the past with (in particular) security updates that didn't work. Norton Security was a major problem on Lillian's old machine since she never got the idea of restarting Windows.

That said I have had Windows on an SSD for a year now and I still use the fast startup without major issue. I have a 480 GB Sandisk SSD Plus.

  • Like 1
Link to comment
Share on other sites

Thank you for the input. Startup speed is not a factor for me. Started it up this morning and in about 15 seconds I'm typing my login password. It's fast enough I don't need the feature, I was just curious if enabling or disabling had significant effect on the life of the machine or drives. I only leave my computer during waking hours that I'm home to use it. So 5 days a week when I work, it might only be on 5-6 hours a day while on my nights off it might be 12-16 hours running. I've had friends and coworkers swear it's best to leave their computers on 24/7 but on average my system is off more than twice the hours it's running.

  • Like 1
Link to comment
Share on other sites

I use Fast Startup (previously called Fast Boot in W8) on all my systems (all of which now have SSDs) and have had no problems with any updates. I may not appreciate some of the marketing and executive policy decisions at Microsoft, but IMO, the developers at Microsoft are top notch. I trust if it would be better to disable this feature (it is enabled by default) with SSDs, they would code W10 to disable it when the SSD is detected. It would be simple to do so, but they didn't. So I don't either.

 

In the interest of hard drive and system life, would it be best to keep it enabled or disabled?

 

I don't see where this could affect system life. Nor do I see this having any effect with current generation SSDs (except faster boots - a good thing, IMO). For hard drives, however, I can see Fast Startup being easier on the drive. The drive would be tasked to load one big image file instead of many smaller system and program files, thus much less bouncing back and forth for the read/write head. Yes, this assumes the hard drive is not heavily fragmented (not a problem with SSDs), but again if users left the defaults alone, the hard drive would never get heavily fragmented in the first place.

 

The only time I personally can see some advantage to disabling this would be if critically low on free disk space. But in that scenario, the proper solution is to free up or buy more disk space.

  • Like 1
Link to comment
Share on other sites

Hello,

 

I can't think of any change in life of hardware for the scenario you described.

 

Regards,

 

Aryeh Goretsky

Link to comment
Share on other sites

Hello,

 

In my experience, problems tend to occur with third-party (non-Microsoft) components. While Microsoft has done a decent job of QA testing products prior to release, the current business model of more frequent iterative updates and the Windows Insiders a public beta program for testing means that new builds of the operating system appear all the time with changes to APIs and kernel memory structures. This can be problematic when device drivers that rely on Microsoft's public info about hose APIs and kernel structures. Case in point: In my industry, a lot of the companies which ship device drivers have had develop very strict version checking along with feature checking/probing to try and validate the operating system environment before enabling certain functionalities in their device drivers. This allows you to disable features which could cause performance issues, or otherwise impair or even crash the system.

 

Regards,

 

Aryeh Goretsky

 

I use Fast Startup (previously called Fast Boot in W8) on all my systems (all of which now have SSDs) and have had no problems with any updates. I may not appreciate some of the marketing and executive policy decisions at Microsoft, but IMO, the developers at Microsoft are top notch. I trust if it would be better to disable this feature (it is enabled by default) with SSDs, they would code W10 to disable it when the SSD is detected. It would be simple to do so, but they didn't. So I don't either.

 

Link to comment
Share on other sites

I think these days, those problems are the exceptions, and rare ones at that. Especially with Windows 10, which is really pretty darn smart. I think it best to just leave the defaults as is, and see if everything works. Only change those defaults if something does not work as expected. But if changing from the default does not resolve the problem, change it back to the default.

 

I think too many people think all Windows are the same. Not true! Windows 10 is NOT Windows XP (or even Windows 7). Changes from the defaults that used to be necessary with XP no longer are and, in fact, are often detrimental to optimal performance. Long time users need to stop treating W10 like they did XP. Odds are they are not smarter than those developers at Microsoft who have NOT been sitting on their thumbs for the last 10 - 20 years.

 

I hear you on the feature and function thing. This area has been a major headache, IMO, for years. In particular, the "so called" drivers for multifunction (all-in-one) printing devices (integrated printer, copier, fax, and scanner) are major offenders.

 

I never, as NEVER EVER install the driver package that comes with those devices. Most users don't need them because they are MUCH more than just drivers - they tend to be HUGE suites of utilities and other resource hogging (privacy stealing!) bloated junk we don't need foisted on our systems!

 

HP is notorious for this. If your AiO is "network ready", chances are it has HP's "embedded web server" built into the device (I make sure it does before buying). Then all you need is the basic printer driver and surprise, surprise, if the device is relatively new, chances are Windows 10 already has that basic printer driver built in. No need to manually install anything.

 

We don't need the software suite to copy. That is always done locally (standing in front of the printer). And to fax or scan, you just enter the printer's IP address in your browser's address bar and viola! You are in the printer's embedded web sever where you can easily fax, scan, check ink levels, print test pages, and more.

 

Fact, is, I never install drivers from any driver disk that comes with the hard ware. I see if Windows can sort it out first. And if not, then I visit the hardware maker's site and then I look for the basic drivers, not the whole suite.

 

Sorry, this is a bit OT from installing a SSD but it does still apply. For example, we don't need Samsung Magician - Samsung's SSD utility Samsung wants us to install. Windows already knows how to optimize SSD performance, and run the necessary TRIM and wear leveling routines on the SSD without any special software installed. In fact, some users (including yours truly) have reported sleep problems that went away after uninstalling Samsung Magician.

Link to comment
Share on other sites

Yep I agree with the comments about HP.

  1. See if you can just add the printer in control panel.
  2. If not get the driver only from the maker's site.

HP has a lot of crap you don't need on the full install image - often another photo storage app or ink ordering utility.

 

I also agree that Windows 10 is much better than earlier versions of Windows. The reset and repair facility alone is well worth the upgrade. I have older PCs that work just fine with Windows 10.

Link to comment
Share on other sites

Win 10 works well for what it is but I'd prefer it to respect user wishes and make a lot of its default functions optional. Cortana. Smart Screen, One Drive, telemetry are all things I don't use but have to dig deep to disable them. And it has some kind of torrent-like sharing system for updates where your internet data is used to upload to other Win 10 PCs. I didn't know about this until I took my PC to work to do a concert recording and had to hotspot my phone to download 30MB of software. Windows used over 15GB of mobile data which cost me an extra $100.

Even when disabled, services still seem to sneek through - https://winaero.com/blog/regardless-privacy-settings-windows-10-creators-update-phones-home/

And on topic, I think Fastboot should be optional too.

This lack of transparency about what goes on behind the pretty desktop is the main reason I primarily use Linux where it's easy to see what's happening in the background and it only connects to the internet when I tell it to.

Obviously I still use Win10 for games and some work software and it runs them well. But it's my secondary OS.

Link to comment
Share on other sites

I use Linux more than Windows but many people I help out in the neighborhood are Windows 10 users. I keep a copy of Win 10 running so I can figure things out when something happens to them.

I avoid many Windows 10 "pitfalls" by not using Microsoft apps or programs. I also switched off telemetry using Spybot Anti-Beacon. Eset is my security solution.

Link to comment
Share on other sites

Win 10 works well for what it is but I'd prefer it to respect user wishes and make a lot of its default functions optional. Cortana. Smart Screen, One Drive, telemetry are all things I don't use but have to dig deep to disable them
:( This has nothing to do with Fast Boot but the fact is, you don't really have to "dig deep" to disable any of those!

 

And even though too many people fail to understand the difference, or even accept there is a HUGE difference between privacy and security, Microsoft has listened and has made telemetry features much more manageable and way more transparent than you pose it to be - even since that Winaero article, for example with Fall Creators Update. And it will soon be even much more transparent.

 

FTR, Microsoft is NOT trying to steal our passwords, identities, contacts, bank accounts, or any other personally identifiable or sensitive information. Frankly, sunrat, you should be MUCH MORE concerned with your ISP and especially your cell phone carrier than you are with Microsoft as your carrier already knows your real name, your billing address, billing information, who you have called or texted, where you have been, where you are standing to within a few feet including the aisle of the store you are standing in! :wacko: And they know which direction you are heading and how fast you are traveling.

 

If you connect your PC to your local network via Ethernet, even with "Location" enabled, the closest Microsoft knows of your physical location is your PoP (point of presence) - where your ISP connects your computer to the Internet backbone - which in my case, is 10 miles away in the next town over!

 

And for sure, it is much more likely you have way less control over integrated features with your cell phone than you do with a Windows based PC.

 

And it has some kind of torrent-like sharing system for updates where your internet data is used to upload to other Win 10 PCs.

:( Torrent-like sharing? Wow. This is even more OT and is highly misleading. It is called Delivery Optimization and it is designed to speed up updates to all your computers and it actually saves money on metered connection. More importantly, it can be disabled from the Windows Update screen in 3 clicks (Advanced Options > Delivery Optimization > Allow downloads from other PCs to Off.

 

And on topic, I think Fastboot should be optional too.
:( It is - in 2 (okay, 3) simple clicks.

 

From the Power Option page:

  1. Click on, Choose what the power buttons do,
  2. Uncheck Turn on fast startup (recommended),
  3. Click on Save changes.

Done.

 

Sorry, but I think your post is little more than a big opportunistic, totally off-topic (and sadly, very inaccurate) bash at Microsoft. :(

  • Like 1
Link to comment
Share on other sites

I avoid many Windows 10 "pitfalls" by not using Microsoft apps or programs. I also switched off telemetry using Spybot Anti-Beacon. Eset is my security solution.
Pitfalls?

 

Curious? Not sure what pitfalls any of the integrated Microsoft apps may impose. While most are intended to be "basic" tools to meet the needs of most users' date=' many are excellent and actually excel over many 3rd party offerings - though users may think otherwise if they fail to do their own research and simply listen to MS bashers and critics - especially many bloggers and the IT Press with their attention seeking sensationalized (often exaggerated or totally misleading) headlines. :(

 

The Snipping Tool, for example is great. So is the Calculator/converter. Window Firewall is more than adequate. While I happen to like CCleaner, Windows Disk Cleanup works great too.

 

Even Windows Defender (which continues to improve and improve) is more than adequate to meet the needs of most users. If not, why are not the forums and repair shops (like mine) inundated with infected computers of WD users? And yet, sadly, many take every opportunity to bash WD as soon as anyone mentions it.

 

I note most WD bashers like to quickly point out how WD does not score as well as others in lab tests even though Microsoft has announced it does not code WD to score well in those "simulated" tests. Why? Because unlike [u']all[/u] other products, Microsoft does not need good scores in simulated tests to promote and sell their products. They just need WD to "perform" well in the "real world". And it does!

 

But since many seem put full faith and trust in "simulated" tests, make sure you check out the results of AV-Tests latest round of reviews for the The best antivirus software for Windows Home User. Click on the most important "Protection" column and note how Windows Defender beats out Panda, Norton, Trend Micro, VIPRE, Avira, BullGuard and even your ESET!

 

Then consider what "pitfalls" you might be introducing yourself by not sticking with the defaults.

Link to comment
Share on other sites

Hello,

 

Anti-malware software testing is a very interesting business. There are testers like AV-Comparatives, AV-Test, CheckVir (Veszprog), MRG Effitas, PC Security Labs, SE Labs (from the former Dennis Technology Labs), SKD Labs, Virus Bulletin, and so on who have been doing this for years, are well-known (at least within the industry) and reputable, and they'll take the same products, test them all using well-documented and repeatable methodology and… come out with completely different results.

 

Why is this? Well, there are lots of reasons. Test results can vary based on how product's are configured (default settings of the box, installed with manufacturer's recommended settings for testing, etc.), the test environment (hardware, software, network the test harness itself, etc.), and, of course, the types of threats that the products are tested against. Some tests are commissioned by magazines or websites, others by the companies being tested themselves (usually in order to test a feature or some functionality that's new in this release). Such tests may be very narrow in scope, and only meant to provide functionality verification. In other words, the sample size may be so limited that the test is actually statistically invalid.

 

Some testers might provide a list of malware, or even a feed, of the samples they will use in testing. In theory, that means every tested product should score 100% on detection, but they don't, for various reasons (care to make any guesses why?). I recall someone who used to do tests, but now does reviews (a slightly different animal, because everything in a review is subjective, not objective like a test is supposed to be) who used to ask his subjects for samples of hard-to-detect and hard-to-clean viruses. And he was obliged by everyone, because everyone wanted to be number one.

 

Another thing to keep in mind is that things like protection tests (blocking, cleaning, detecting, etc.) are providing you with a snapshot of how the program worked at a certain time for several hours, or perhaps even a few days. Anti-malware programs update several times a day, have cloud connections for even more frequent checks, etc. So what you're seeing is a picture of how it worked at a certain time. Testing a few days sooner, or few days later, would generate different results because the anti-malware software would have a different set of detection logic.

 

Of course, the testing itself is only one part of the equation. You also have to look at how the test results are weighted and measured. A tester might be focused on detection, so misses are penalized quite heavily. Or maybe it's false positives. If the test results across the board are very similar, the tester might weight some aspect strongly so that the results are more pronounced. After all, testers are subject to marketing pressure as well, and a test in which everything looks the same with little to no clear winner(s) may impact their ability to obtain commissions in the future.

 

And aside from all this variability, there's also the matter of cheating, which occurs by both testers and anti-malware companies. Yes, it happens--there's a lot of money and egos involved in this multi-billion dollar industry, and some folks will go to greater lengths than they should because of it. About six years ago I did a webinar about cheating on anti-malware tests, you can view it here. It's free to view, but requires an email address for access. I recommend using a disposable one.

 

A couple of years ago I wrote this about how to perform your own evaluation of anti-malware software. It's a little more geared towards businesses than consumers, but you may still find it of use/interest.

 

The point I'm trying to make is, you shouldn't rely on a single test, nor on a single tester. While anti-malware software isn't a huge expense for most individuals compared to, say, a computer or even a car, and it's available with all sorts of pricing models (free, freemium [what used to be called shareware back in the day] and commercial) it's kind of an important thing because it is an important layer of protection for your digital devices' defenses, and you don't really want something that's sub-standard there when there's financial risks, lost data risks, etc. involved.

 

It might be better to spend a little bit more time doing a little bit more research to figure out what best protects your computer, instead of going by one tester or reviewer.

 

Regards,

 

Aryeh Goretsky

Edited by goretsky
fixed a broken URL
Link to comment
Share on other sites

I agree with all of the above. But it is still important to not that all lab testing is simulated. They can call it real-world all they want, it is still simulated. Users in the real world do not intentionally visit sites that expose them to 1000s of pieces of malware. It is not likely to be something someone could accidentally do either.

 

There is also much more to security than the anti-malware solution alone. While I sure don't recommend it, there are many who claim they stopped using anti-malware years ago and have not been infected. How is that? Well, they use a router, a firewall, they keep Windows updated (so there's nothing to exploit), they are not "click-happy" on unsolicited links, downloads, attachments, and popups - the same things people need to do regardless their solution of choice.

 

These tests remind me of the old browser wars - where every browser claimed to be the best one, then they would produce some award that sure enough, put their product at number 1. It was a big marketing ploy. Browser A was indeed best - at speed. Browser B was best - at resource consumption. Browser C was best - at add-on management. And on and on.

 

...there's a lot of money and egos involved in this multi-billion dollar industry
This point is HUGE!!!! Even without any cheating. But it is critical to remember that Microsoft does not make a single cent from Windows Defender. They make $0.00 from Windows Defender sales. It includes no advertising and it does not nag users to upgrade to some pro version. Therefore, Microsoft does not need to score well on any of those simulated tests! They don't need the advertising fodder to make WD stand apart from ESET, Avira, etc. It's not going to increase sales for Microsoft.

 

So why does Microsoft bother with an antimalware solution then? Because they are going to get blamed by the MS bashers anyway! Just as they did relentlessly for years after XP.

 

A couple points in history to remember. Microsoft wanted to put antivirus code in XP. But Norton, McAfee, Trend Micro and the others whined and cried to Congress and the EU that Microsoft was trying to rule the world. They were, but not the point. Norton and the others cried "monopoly"; that Microsoft was trying to put them out of business and that it was their job to rid the world of malware (we see how well that went! :(). Congress and the EU ordered Microsoft to remove the antivirus code (as well as to include support for alternative browsers) or risk a forced breakup of Microsoft.

 

So they did and what happened?

 

The explosive growth of broadband to the home that NO ONE predicted happened.

The explosive growth and proliferation of the bad guy that NO ONE predicted happened.

The demand by the corporate user base (Microsoft's biggest customers) demanded legacy support for less secure legacy hardware and software happened.

 

The result? Malware flourished! But who got blamed? Did Norton, McAfee etc. get blamed for failing to do what they themselves claimed was their job? Nope!

Did users get blamed for failing to keep their systems updated and away from risky Internet practices? Nope!

Did the bad guys get blamed for perpetrating all those offenses? Nope!

 

Microsoft got blamed - relentlessly.

 

So Microsoft bought Giant Antispyware, rebranded it as (the original) Windows Defender and gave it away for free.

They greatly enhanced security in Windows 7 and put security ahead of legacy support (and received, and still receive, a lot of criticism for that lack of legacy support too.

They developed MSE and gave it away for free.

They improved MSE, rebranded it as (the new) Windows Defender and included it for free in W8.

They improved security in Windows 10 and continued to improve Windows Defender to where it is today (with more and more enhancements coming).

 

Now ask yourselves this. Why aren't Norton, McAfee, TrendMicro, Avira, ESET and the others crying and whining to Congress and the EU that Microsoft is trying to rule the world again? Why are Congress and especially the EU (which has been much harder on MS in terms of monopoly issues) allowing Microsoft to include WD in W8 and W10?

 

The answer is simple - because Norton and the others know they failed at their own stated mission. And Congress and the EU know they blew it by not letting MS put AV code in XP when there was a chance to at least partially mitigate the severity of the security state we are in today.

 

Another question to ask yourselves. What financial incentive do Norton, ESET, Bit-Defender, and all the others (except Microsoft) have to defeat and rid the world of malware? The answer is obvious; NONE!!!! If malware went away, all those companies would go out of business. They need malware and the bad guys to thrive in order for their companies to continue to exist and make money!

 

Now what incentive does Microsoft have for malware to go away? That answer is simple too - they will stopped getting blamed for a security mess they did NOT create!

 

For all those reasons Microsoft has no need to code Windows Defender to score well on those "simulated" tests. So it doesn't. It codes Windows Defender to protects its users from today's "real-world" (not simulated, but actual real-world) threats.

 

And it works. Because if it didn't, forums like Sysnative, Bleeping Computer and other sites that provide malware removal services would be inundated every day with new WD users who just became infected - at least if we are to believe what the MS/WD bashers, some of those questionable test sites, many in the IT Press, and many alternative solutions fans want us to believe.

 

Windows Defender is probably not for you if any of the following apply:

  • If you don't keep Windows updated,
  • If you don't keep your security solution updated,
  • If you are "click-happy" on every unsolicited download, link, popup, and attachment you see,
  • If you visit illegal pornography or gambling sites,
  • If you participate in illegal filesharing via Torrents and P2P sites,
  • If you connect to public "hotspots" with admin level accounts,
  • If you let undisciplined users use your computer with admin level accounts.

But if those scenarios don't apply to you, then Windows Defender is just fine. I like to say we don't need an Abrams Tank to be safe while driving around. We just need a recent model car that is properly maintained to current standards, and most importantly, we need to drive defensively - the same things required regardless our solution of choice.

 

And note Microsoft does not really care which solution you use. Again, they are not in it to compete for your anti-malware solution dollars. If they were, why would Microsoft provide this list of "reputable security companies" who provide Windows compatible security products? Again, they are not in it for the money! They just want happy (and secure) Windows users so they don't keep getting blamed for a security mess they did not create!

 

And for the record, regardless our security solution of choice, we all should have a secondary scanner on hand for on-demand scanning just to verify our primary scanner (or we, as users and ALWAYS weakest links in security) didn't let anything slip by. I generally recommend Malwarebytes for that.

 

And for the record, I don't care which solution people use either. If you don't want to use WD, that's fine. Just don't buy into the inaccurate excuse that it is not good enough.

  • Like 1
Link to comment
Share on other sites

Just a thought about your comment that we should not put all our faith in one test or one review, I agree. But a little research should be included too to make sure (1) the test or review is current (very important!), and (2) it is independent.

 

The most recent test from CheckVir, for example is from February 2016 and does not include Windows Defender.

 

MRG Effitas partners with AV-Comparatives - so is that two reviews, or just one? Regardless, did WD fail in the AV-Comparatives review? Nope. In fact, it tied for 3rd best, receiving a Bronze Award in the important category of False Positives.

 

The most recent Virus Bulletin for Windows Defender is from 2012! :(

 

And SE Labs most recent December 2017 report is using Microsoft Security Essentials, not Windows Defender. What good is that? MSE only runs on W7 and mainstream support for W7 ended over 2 years ago!

 

While Windows Defender for W10 has roots in MSE, they are no longer the same product. WD (in W10) is much more advanced than MSE. And WD in W10 is considerably more capable than WD with W8. Windows Defender in 2018 has had several enhancements since Windows defender in 2017.

 

So where are current tests with the current version of Windows Defender with the most recent version of Windows, Windows 10? There are over 600 million W10 systems out there now, with W10 market share exceeding even W7, as seen here.

 

So in reality, AV-Comparatives and AV-Test are [currently] the only recent tests using the most recent versions of both Windows Defender and Windows with both showing passing scores. So if lab test scores matter to you, they should not be dismissed. In fact, they should be used as validations for what we are actually seeing in the field and in the malware removal sections of tech support forums - that is, that users of Windows Defender are NOT getting infected in greater proportions than users of other products.

 

***

 

What I have found interesting is in the past, many in their justification for dismissing Windows Defender would specifically cite the AV-Test results as proof WD was a poor choice. But since that most resent AV-Test came out that puts many favorites below WD in the important area of protection, I have seen (not here, but on other forums) those same people suddenly dismiss AV-Test as one that does not know what they are doing.

 

In other words, the lab is only good if the results match their own beliefs - which sadly, often are beliefs based solely on biases because they hate the brand, not because the product is actually bad. That's just not sound logic - nor the bases for good advice when offering advice in tech forums.

 

I think as advisers, it is important we keep open minds and accept (1) things change, and (2) regardless our feelings about Microsoft, the company, and some of their truly lousy marketing tactics and executive decisions, the development teams in Redmond really are a bunch of dedicated people doing a great job pushing out some great products. We must not let our biases against Microsoft, the company, influence our opinions about their products.

Link to comment
Share on other sites

Hello,

 

You make some excellent points.

 

When talking about users in the aggregate, they actually do dumb things like intentionally visit sites that expose them to malware, usually for reasons like (1) they don't believe it; or (2) they want to test their anti-malware software, and believe this is the way to do it. Usually without any backups, but that's another topic.

 

Oh, anti-malware software is only a small part of the security stack. It's an important part, but I'd argue that keeping the operating system up-to-date and developing some defensive computing skills (being suspicious of social engineering attacks, etc.) is equally as important.

 

Microsoft actually makes, well, I'm not sure, but I'd have to guess in the low hundreds of millions of dollars from Windows Defender. While the consumer and small business (1-10 PCs) version is free, businesses have to license it if they are going to use it on more than ten PCs, where, if memory serves, it is licensed as System Center Endpoint Protection (it has had several names over the years). It's the same engine and detections as the consumer version, just with a different UI and some additional management features. I'm guessing probably somewhere between $100-300M, but that's just a guess on my part; I really don't know the financials on it. That's enough to put them into the top ten vendors in the endpoint security space, and I would imagine that there is some marketing around it commensurate with that, but it's probably mostly geared at existing enterprise customers who use other parts of Microsoft's system management stack, so it's not the kind of thing you'd see advertised in, say, a computer magazine or general technology website.

 

Microsoft's reasons for having an anti-malware program are many-fold, and the definition of why has changed a few times over the years. One of the reasons they do, and one I happen to agree with, is ecosystem protection and clean-up. A large amount of Microsoft's value is in the Windows brand, and having malware affecting Windows diminishes equity in the brand. At the same time, Microsoft has had to take a very nuanced approach to deal with the download ecosystem (bundlers, potentially unwanted applications, potentially unsafe applications, unwanted software, deceptors, toolbars, registry cleaners and all the companies which are involved in that chain of downloading and monetizing software). Because those people are Microsoft's business partners, too, and they have a large number of customers. For years, the anti-malware ecosystem has had to deal with them without much explicit support, although there's always been a kind of tacit understanding about dealing with the bottom-feeders in that space. It's the reason Microsoft started the Clean Software Alliance and it's also the reason Microsoft has finally been taking a more aggressive stance against things like PUAs. As best as I can figure it, someone over in Redmond finally decided the reputation damage to the Windows brand from those wasn't worth it.

 

I believe the issue you are referring to is when Microsoft announced that 64-bit versions of Windows Vista would be implementing a kernel patch protection solution called PatchGuard, which would prevent drivers from modifying kernel memory structures. Modifying kernel memory generated a stop error (aka BSOD). This was done to prevent a difficult kind of malware that was seen in XP at the time called rootkits, which were difficult to detect, difficult to remove and were often involved in causing financial losses to Microsoft's enterprise customers. From what I recollect, the three companies that you mentioned did start a PR campaign about it, and did things like take out full page ads in the WSJ. It didn't really go anywhere, as I recollect, and eventually they all came around eventually. What Microsoft did here was to improve the security of their operating system to protect their customers, which is something I (and my employer) are on-board with. There were probably 50-60 (or maybe a few more, even) anti-malware companies out there when this occurred, and for most of them this was a non-issue, since the number of companies which performed direct kernel object manipulation was around, oh, three or so. Might have even been double that (six?) but I don't think it was a major issue for the others that did. Like most anti-malware companies at that time, my employer didn't do any DKOM, and I recall us generally being quite supportive of Microsoft's efforts in the press.

 

As far as I know, Microsoft never had any plans for a bundled anti-malware solution on Windows XP. They had an anti-spyware program, which addressed a lot of consumers' concerns, and there was even a commercial anti-malware offering to consumers (Windows Live OneCare) for a while. But, there certainly weren't things like versions of Windows with and without Microsoft anti-malware on them, like the Windows N and K versions (no Media Center, no Media Center + Messenger). See https://support.micr...-professional-n for details.

 

The main reason malware flourished through XP's lifetime was because criminals monetized it. With low risk and high reward, it became a great way from criminals to make a dishonest living.

 

Microsoft has done a lot of things to improve the security of its products and services, and that's good. It improves the overall state of security, and that's a net Good Thing®. At the same time, Microsoft has occasionally made some very poor decisions about certain things. In quite a few of these cases, the things did not come to fruition, so they never affected the public, but there were some things that did, or came about in some weaker, debased form that did not do anything to improve the operating systems' security posture. I can't get into specifics, but you might want to take a look at Kaspersky Labs complaints to the EU and FAS.

 

The issue with bundling anti-malware software with the operating system is a very complex one, and involves a lot of discussion using terms like "level playing field, "OEM preload market" and so forth. I can't really get into specifics here, but I can at least state it has historically not been an issue for my employer. Keep in mind that there are perhaps six or seven dozen anti-malware companies out there, as well as hundreds of companies in related areas, so it's really hard to say "they all did this," "they all reacted this way," and so forth. There's at least one company which had contractual obligations that prescribed their ability to do anything legally, so things like that happen as well.

 

The time when malware could possibly has been dealt with has been long gone... for about 25-30 years or more. So, the idea that Microsoft or anyone else could somehow stop it is analagous to saying the police can stop all crime. If a company--Microsoft or otherwise--were able to "stop all malware" then they would in an instant because they'd become multi-multi-billionaires. But no one, not even Microsoft, can do that. That's why all the companies work together with each other and law enforcement. If you look up some of Microsoft's Coordinated Malware Eradication programs, you'll see how close these "competitors" work together to go after the real problem: the bad guys.

 

Microsoft does care a great deal about which anti-malware programs their customers use, and they increasingly like it to be theirs, if for no other reason than because they make money selling those products. At the same time, they also have to work within a large ecosystem of companies who compete as well as cooperate with them and each other. As you might imagine, that generates lots and lots of emails and conference calls with each other.

 

Anyways, to kind of bring this thread back on track, I wasn't really meaning to get into a discussion of anti-malware device drivers or business practices.

 

Most of the time when I am seeing problems with device drivers under Windows 10, it is with video, sound or USB support, not anti-malware. I had mainly used the latter because that was something I had some first had experience with since I worked at a company which developed those kinds of drivers.

 

One of the biggest challenges for device driver vendors is making it through Microsoft's compatibility tests. Specifically, how to handle suspend and resume issues (deep sleep, power management, hibernation, waking up, etc.). It's hard to know exactly what a device driver is going to be processing when it gets the signal that the operating system is changing state, so that's where a lot of the testing gets focused. Anti-malware software has this comparatively easy because the cues for what to do with the file system when a state change occurs are understood quite well. It get's a little messier with network drivers, though, as that's a bit more on the non-deterministic side of things.

 

Regards,

 

Aryeh Goretsky

 

I agree with all of the above. But it is still important to not that all lab testing is simulated. They can call it real-world all they want, it is still simulated. Users in the real world do not intentionally visit sites that expose them to 1000s of pieces of malware. It is not likely to be something someone could accidentally do either.

 

There is also much more to security than the anti-malware solution alone. While I sure don't recommend it, there are many who claim they stopped using anti-malware years ago and have not been infected. How is that? Well, they use a router, a firewall, they keep Windows updated (so there's nothing to exploit), they are not "click-happy" on unsolicited links, downloads, attachments, and popups - the same things people need to do regardless their solution of choice.

 

These tests remind me of the old browser wars - where every browser claimed to be the best one, then they would produce some award that sure enough, put their product at number 1. It was a big marketing ploy. Browser A was indeed best - at speed. Browser B was best - at resource consumption. Browser C was best - at add-on management. And on and on.

 

...there's a lot of money and egos involved in this multi-billion dollar industry
This point is HUGE!!!! Even without any cheating. But it is critical to remember that Microsoft does not make a single cent from Windows Defender. They make $0.00 from Windows Defender sales. It includes no advertising and it does not nag users to upgrade to some pro version. Therefore, Microsoft does not need to score well on any of those simulated tests! They don't need the advertising fodder to make WD stand apart from ESET, Avira, etc. It's not going to increase sales for Microsoft.

 

So why does Microsoft bother with an antimalware solution then? Because they are going to get blamed by the MS bashers anyway! Just as they did relentlessly for years after XP.

 

A couple points in history to remember. Microsoft wanted to put antivirus code in XP. But Norton, McAfee, Trend Micro and the others whined and cried to Congress and the EU that Microsoft was trying to rule the world. They were, but not the point. Norton and the others cried "monopoly"; that Microsoft was trying to put them out of business and that it was their job to rid the world of malware (we see how well that went! :(). Congress and the EU ordered Microsoft to remove the antivirus code (as well as to include support for alternative browsers) or risk a forced breakup of Microsoft.

 

So they did and what happened?

 

The explosive growth of broadband to the home that NO ONE predicted happened.

The explosive growth and proliferation of the bad guy that NO ONE predicted happened.

The demand by the corporate user base (Microsoft's biggest customers) demanded legacy support for less secure legacy hardware and software happened.

 

The result? Malware flourished! But who got blamed? Did Norton, McAfee etc. get blamed for failing to do what they themselves claimed was their job? Nope!

Did users get blamed for failing to keep their systems updated and away from risky Internet practices? Nope!

Did the bad guys get blamed for perpetrating all those offenses? Nope!

 

Microsoft got blamed - relentlessly.

 

So Microsoft bought Giant Antispyware, rebranded it as (the original) Windows Defender and gave it away for free.

They greatly enhanced security in Windows 7 and put security ahead of legacy support (and received, and still receive, a lot of criticism for that lack of legacy support too.

They developed MSE and gave it away for free.

They improved MSE, rebranded it as (the new) Windows Defender and included it for free in W8.

They improved security in Windows 10 and continued to improve Windows Defender to where it is today (with more and more enhancements coming).

 

Now ask yourselves this. Why aren't Norton, McAfee, TrendMicro, Avira, ESET and the others crying and whining to Congress and the EU that Microsoft is trying to rule the world again? Why are Congress and especially the EU (which has been much harder on MS in terms of monopoly issues) allowing Microsoft to include WD in W8 and W10?

 

The answer is simple - because Norton and the others know they failed at their own stated mission. And Congress and the EU know they blew it by not letting MS put AV code in XP when there was a chance to at least partially mitigate the severity of the security state we are in today.

 

Another question to ask yourselves. What financial incentive do Norton, ESET, Bit-Defender, and all the others (except Microsoft) have to defeat and rid the world of malware? The answer is obvious; NONE!!!! If malware went away, all those companies would go out of business. They need malware and the bad guys to thrive in order for their companies to continue to exist and make money!

 

Now what incentive does Microsoft have for malware to go away? That answer is simple too - they will stopped getting blamed for a security mess they did NOT create!

 

For all those reasons Microsoft has no need to code Windows Defender to score well on those "simulated" tests. So it doesn't. It codes Windows Defender to protects its users from today's "real-world" (not simulated, but actual real-world) threats.

 

And it works. Because if it didn't, forums like Sysnative, Bleeping Computer and other sites that provide malware removal services would be inundated every day with new WD users who just became infected - at least if we are to believe what the MS/WD bashers, some of those questionable test sites, many in the IT Press, and many alternative solutions fans want us to believe.

 

Windows Defender is probably not for you if any of the following apply:

  • If you don't keep Windows updated,
  • If you don't keep your security solution updated,
  • If you are "click-happy" on every unsolicited download, link, popup, and attachment you see,
  • If you visit illegal pornography or gambling sites,
  • If you participate in illegal filesharing via Torrents and P2P sites,
  • If you connect to public "hotspots" with admin level accounts,
  • If you let undisciplined users use your computer with admin level accounts.

But if those scenarios don't apply to you, then Windows Defender is just fine. I like to say we don't need an Abrams Tank to be safe while driving around. We just need a recent model car that is properly maintained to current standards, and most importantly, we need to drive defensively - the same things required regardless our solution of choice.

 

And note Microsoft does not really care which solution you use. Again, they are not in it to compete for your anti-malware solution dollars. If they were, why would Microsoft provide this list of "reputable security companies" who provide Windows compatible security products? Again, they are not in it for the money! They just want happy (and secure) Windows users so they don't keep getting blamed for a security mess they did not create!

 

And for the record, regardless our security solution of choice, we all should have a secondary scanner on hand for on-demand scanning just to verify our primary scanner (or we, as users and ALWAYS weakest links in security) didn't let anything slip by. I generally recommend Malwarebytes for that.

 

And for the record, I don't care which solution people use either. If you don't want to use WD, that's fine. Just don't buy into the inaccurate excuse that it is not good enough.

Link to comment
Share on other sites

When talking about users in the aggregate, they actually do dumb things like intentionally visit sites that expose them to malware, usually for reasons like (1) they don't believe it; or (2) they want to test their anti-malware software, and believe this is the way to do it. Usually without any backups, but that's another topic.
Please note I said users don't intentionally visit sites that expose them to 1000s of pieces of malware. I go by the rule that "exceptions" don't make the rule. A "normal" user may visit a site because they don't believe it is a threat, but a "normal" user would not intentionally do it just to test their security solution.

 

Lots of people buy fancy sports cars, for example, but only a very few ever take it to a race track, push it to its limits just to see if the engine will blow up or not.

 

Even the best security in the world cannot stop a bad guy if the user opens the door and lets him in.

 

And speaking of "normal" users - I don't consider users of company computers, computers managed by IT people, "normal" users either.

 

I agree Microsoft makes money from WD from the business sector - perhaps I should have been more clear there. My point was, they do not use the general consumer version as a source of revenue with WD, or even as a venue to advertise. That is, they don't use the general home user ("normal") to promote WD (or a paid version) to other users, or even to promote WD for business use.

 

As you noted, even the consumer version of WD is free for small businesses up to 10 users. That's a pretty big (and generous!) deal that would certainly blow up in Microsoft's face if Windows Defender was failing to protect them - and more importantly, their customer's information. Especially when there are 1000s of attention seeking bloggers, forum Microsoft bashers, and "faux" journalists (true journalist seek the truth) exaggerating, amplifying, and parroting (at super viral rates) those stories with sensationalized headlines! :(

 

although there's always been a kind of tacit understanding about dealing with the bottom-feeders in that space.
LOL This is so true. These "bottom feeders" are their customers too. I think the difference is those bottom feeders don't have all those attention seeking bloggers, forum bashers, and "faux" journalists behind them.

 

Look at all the horror stories we hear about Windows Update breaking Windows. Yet the "truth" is Windows Update works exceptionally well and rarely causes any problems for any user. The problem is, with 600 million Windows 10 users out there, even if just 1/2 of 1% have problems, that's still 3,000,000 unhappy computer users and 3,000,000 unhappy people can make a LOT of noise - again, especially when amplified by the all the parroting bloggers, forum bashers, and faux journalists out there. But a 99.5% success rate in any industry (except terrorists attacks and school shootings :( :() would be considered exceptional.

 

Microsoft does care a great deal about which anti-malware programs their customers use, and they increasingly like it to be theirs, if for no other reason than because they make money selling those products.
"If for no other reason" is a bit misleading because that is not the only reason by any means.

 

Public opinion and perception is a major driving factor. If Microsoft totally embraced Norton, ESET, etc. and Windows still got infected, it would be Microsoft who got the blame, just as they did all those years after XP came out! With Windows Defender, and Microsoft's ability to keep it current through WU, Microsoft has total control and responsibility - and Microsoft is willing to accept that - that's a big deal too.

 

Business 101 says if you give someone "responsibility", they must have the "authority" to get it done. Microsoft does not have both the responsibility and the authority with 3rd party apps, yet they still get blamed when something goes wrong. That's a big reason they want users to stick with the defaults, including WD.

 

I was not talking about Vista. I was talking about during the development stages of XP, Microsoft wanted AV code in it - but was blocked. But most of the attention at the time was on Microsoft integrating Windows Media Player and IE (and other embedded apps) and blocking alternatives. This is exactly why Microsoft was forced to ship a version of W7 to EU without IE.

 

If you look up some of Microsoft's Coordinated Malware Eradication programs, you'll see how close these "competitors" work together to go after the real problem: the bad guys.
RIGHT!!!! And yet so many assume Microsoft is totally in the dark when it comes to security. :rolleyes:

 

The time when malware could possibly has been dealt with has been long gone... for about 25-30 years or more. So, the idea that Microsoft or anyone else could somehow stop it is analagous to saying the police can stop all crime.
WHOA!!!! I NEVER EVER posed the idea that malware could be or could have been stopped! I was very deliberate in choosing my words carefully and specifically said,
a chance to at least partially mitigate the severity of the security state we are in today.
It was because of the whining and crying to Congress and the EU by the security industry at the time' date=' claiming it was their job to rid the world of malware, that Microsoft was not even allowed to try way back then.

 

You said, (I would quote but this forum limits the number of quotes! :() "[i']One of the biggest challenges for device driver vendors is making it through Microsoft's compatibility tests.[/i]"

 

I agree. But it is still the responsibility of the hardware makers to develop compatible hardware drivers. It is not Microsoft's. Yet who gets blamed if there are no compatible Windows 10 drivers for someone's 10 year old laser printer? Microsoft.

 

There are over 1.5 billion Windows computers out there. And virtually every single one became unique within the first couple minutes after it was booted for the very first time. Users configured their network settings, user accounts, security, desktop customizations, and favorite apps. All this on motherboards from dozens of makers, using RAM, processors, graphics cards, and peripherals from 100s and 1000s of makers. And yet some how, Windows typically makes it all happen without problems. I think they should be applauded for that type and extensive amount of flexibility. Yet one of the biggest complaints about W10 is its lack of flexibility. :ermm: :(

 

I see one of Windows greatest strengths is its flexibility. And I see one of its greatest weaknesses is its flexibility. Too often, Windows has problems because users dinked with the defaults. :(

 

My issue is, Microsoft has done lots of things deserving of our wrath and ire over the years - especially when it comes to marketing. And I will support (and likely be right there with them - with vigor!) anyone's Right to bash and criticize Microsoft on those points. But I will defend anyone, including Microsoft, when falsely accused of something they did not do, or are not responsible for. Unfortunately, Microsoft is a HUGE and widely hated target. So I end up defending them a lot - often getting accused of being a shill in the process. If only those people knew how many times I have jeopardized my MS MVP status through my own criticisms of Microsoft that were deserving of such criticisms! :rolleyes: Oh well.

Link to comment
Share on other sites

I am afraid I cannot go into detail of what I know or how I know it but if you follow the link in my signature, note the dates and my job titles and do the math. From there, you can get an idea what I was doing back when XP was in development. Sorry, I am not trying to be coy - I just am not in a position anymore (being retired from those jobs) to know what is appropriate (or legal!) to say.

 

See the November 2001 article, Settlement reached in Microsoft antitrust case. It explains a lot of what was going on at the time. While the article does not specifically mention anti-viral code in XP, it does say (my bold underline added) "...Internet Explorer, Media Player and other software Microsoft chooses to integrate into the system."

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...