Windows Defender no longer protects you from third party antivirus software

Subject: General Tech | August 10, 2017 - 03:09 PM |
Tagged: microsoft, Kaspersky Labs, windows defender

Microsoft have decided to remove the function in Windows Defender which disabled other antivirus software without notifying the user.  The decision comes after Kaspersky Labs brought an antitrust law suit against Microsoft for disabling products their customers had purchased and expected to work.  The resolution will not be immediate, it will be the Fall Creators Update which brings this change as well as changing the permissions of third party AV messages.  Drop by The Inquirer for more details on the changes to the messaging.

index.png

"Microsoft had poo-pooed the complaint but previously confessed that an update changed the way that Windows 10 deals with AV incompatibilities - by switching them off without warning the user."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Trust in Windows Defender Antivirus

Subject: General Tech | June 22, 2017 - 12:34 PM |
Tagged: microsoft, windows defender, antivirus, Kaspersky

You have likely heard of the spat between Kaspersky Labs and Microsoft, in which Kaspersky have filed a complaint with the European Commission stating that Microsoft is purposely disabling their antivirus program.  Microsoft replied with their view of this dispute, stating that they do indeed disable antivirus programs when there is a risk that a Windows update would stop the third party antivirus from running anyways.  The Inquirer and others were told that as a service to the user they ensure that Windows Defender is activated and on the job to protect them.

Many of us have had issues in which an update causes an antivirus program to lobotomize a valued program or operating system because of false positives, often leading to an eternal reboot loop until you can find the offending update or program.  This leads to a question of expectations; is it reasonable that Microsoft test the compatibility of their OS with antivirus vendors, either internally or by releasing an early version those vendors can test?  We are likely to see a court case to determine that in the near future, the EC previously ruled against Microsoft in 2004 regarding Windows Media Player as well as in 2009 regarding Internet Explorer (pdf) so we may indeed see another ruling which forces Microsoft to allow users to disable Windows Defender.

index.png

"The post goes on to admit that, yes, it does deactivate third party AV, if there is a risk of an update to Windows that stops the AV working anyway."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Inquirer

AI to the rescue? Microsoft assimilates the security company Hexadite

Subject: General Tech | June 8, 2017 - 12:42 PM |
Tagged: microsoft, hexadite, windows defender, security

If you have never heard of Hexadite you are not alone, the online security company was formed in 2014, headquartered in Boston but based in Tel-Aviv.  As it was just purchased by Microsoft for around $100 million so they can integrate Hexadite's Automated Incident Response Solution into their Windows Defender Advanced Threat Protection.  AIRS is not antivirus software, instead it is a tool that integrates with existing software and monitors for any alerts.  Once an alert is detected the tool automatically investigates that alert and searches for solutions, in theory saving your security teams sanity by vastly reducing the number of alerts they must deal with directly.  It will be interesting to see if this has an effect on the perception of companies and users as to the effectiveness of Windows Defender. 

More over at The Inquirer.

Capture.PNG

"Hexadite's technology and talent will augment our existing capabilities and enable our ability to add new tools and services to Microsoft's robust enterprise security offerings."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Inquirer

Microsoft to Reclassify Certain Ad-Injectors as Malware

Subject: General Tech | December 24, 2015 - 05:52 PM |
Tagged: microsoft, windows defender, adware, Malware, superfish

The Microsoft Malware Protection Center has announced that, on March 31st, 2016, certain types of advertisement-injection will be reclassified as malware. This does not include all forms of ad-injection, just ones which use confusing, difficult to remove, or insecure methods of displaying them. Specifically, adware must use the browser's default extension model, including their disable and remove functions. Recent adware has been known to modify DNS and proxy settings to force web traffic through a third party that injects ads, including secure websites using root certificates.

In other words, Superfish.

microsoft-2015-windowsdefender.jpg

An interesting side-story is that, while Microsoft requires that adware uses default browser extensions, Microsoft Edge does not yet have any. Enforcement doesn't start until March 31st, but we don't have a date for when extensions arrive in Microsoft. I seriously doubt that the company intends to give Edge a lead-time, but that might end up happening by chance. The lead time is probably to give OEMs and adware vendors a chance to update their software before it is targeted.

The post doesn't explicitly state the penalties of shipping adware that violates this blog post, but the criteria is used for antimalware tools. As such, violators will probably be removed by Windows Defender, but that might not be the only consequence.

Source: Microsoft