"Windows Defender" is crap. Literally.

Posted By: BlackTiger | Dec 18th, 2006 @ 8:21 AM
page 1 of 2
Comments: 47 | Views: 15409
#Dec 18th, 2006 @ 8:21 AM
BlackTiger
BlackTiger
If you stumbled and fell down, it doesn't mean yet, that you're going in the wrong direction.
Windows Defender is piece of junk! It doesn't work at all.


I've made some experiment. There is another peice of junk called "BitGrabber" (or sort of). This is "cool" downloader.

After installation of this crap I've got classic ad-ware stuff:
1. "gram poll", located in "All Users\Application Data\signeggsdartview\"
2. "BibBallInside", located in "%USERPROFILE%\FASTWI~1"

Both are keeping bloody "iexplore.exe" process to randomly show some ad-crap.

I have: "Windows Defender", "CA eTrust Antovirus" and "Spybot S&D". Your bet who reacted first! "ZERO"! Nobody!

Only one way to clean out this - to QUICKLY kill all "iexplore.exe" instances and clean up "HKLU\Software\Windows\Run". Simple "end task" from TaskMan doesn't works because that two "iexplore.exe" processes controls each other.

Now, general question: WTF?

I'm uninstalling Windows Defender because it worthless and useless...

#Dec 18th, 2006 @ 8:56 AM
AdrianJMartin
AdrianJMartin

What was youre 'Test'?

As far as i can tell you installed a 'cool' app as Admin and themn complained that it left droppings....

 

 

#Dec 18th, 2006 @ 9:04 AM
Dr Herbie
Dr Herbie
Horses for courses
AdrianJMartin wrote:


What was youre 'Test'?

As far as i can tell you installed a 'cool' app as Admin and themn complained that it left droppings....



To be honest, I would have expected spyware detection software to have spotted this -- install an app and it 'secretly' installs spyware.
If defender didn't spot this, then what's the point in having it?

Herbie
#Dec 18th, 2006 @ 9:08 AM
JeremyJ
JeremyJ
The pioneers would be appalled!
I am confused.  None of the spyware checkers found it yet Defender is the only one that is crap?  Wouldn't that make them all crap?  I have Defender on all of my machines and I haven't had any spyware problems but then again I don't install "cool" apps that I find on the web.
#Dec 18th, 2006 @ 9:16 AM
Bas
Bas
It finds lightbulbs.
So, are you going to uninstall CA eTrust and SpyBot too, because they didn't respond either? Does this mean you're going to run without any protection at all?
#Dec 18th, 2006 @ 9:35 AM
Jorgie
Jorgie
Jorgie

Give me a break.

Defender is not crap, your expectations are crap.

Defender's job is not to stop software from being installed, it is Defenders job to stop software from being installed without your knowledge.

You CHOSE to install the software, it was not automatically installed without your knowledge.

You also need to look up the term 'Literally'. Defender may metaphorically be 'crap' in your opinion, but it is NOT 'literally' crap.

Jorgie

#Dec 18th, 2006 @ 9:36 AM
PaoloM
PaoloM
Hypermediocrity
So now we know the root of all your problems.

Next time, could you please verify that your system is not infected before spouting crap about Vista?

Thank you.
#Dec 18th, 2006 @ 9:42 AM
andokai
andokai
He didn't mention Vista?

I was wondering what type of drive accepts a piece of crap??? Tongue Out
#Dec 18th, 2006 @ 11:08 AM
littleguru
littleguru
<3 Seattle
OK. No program reacted, right? Why don't you uninstall all? Why only Defender? What makes Defender crap and the others not? *confused*

Could this be an unknown spyware?
#Dec 18th, 2006 @ 11:34 AM
eddwo
eddwo
Wheres my head at?
Well defender is supposed to perpetually watch various "sensitive" configuration settings. So it should flash up a warning when any program attempts to write into HCLM\Windows\CurrentVersion\Run or install a BHO. It should not be relying on signitures of known spyware apps.

If defender didn't provide these warnings then either it must not be functioning as designed, or the spyware app itself is now including code to counteract defenders methods.

You might want to check the "Software that has not yet been classified for risks" setting, if you think your spyware is something so new that it won't be included in defenders definitions.
#Dec 18th, 2006 @ 3:03 PM
PerfectPhase
PerfectPhase
"This is not war, this is pest control!" - Dalek to Cyberman
BlackTiger wrote:


I've made some experiment. There is another peice of junk called "BitGrabber" (or sort of). This is "cool" downloader.


You got a link to where you downloaded BitGrabber from, I want to drop it on a VM and see what happens...
#Dec 18th, 2006 @ 9:04 PM
rjdohnert
rjdohnert
You will never know success until you know failure
As always, when Microsoft cut support for Windows 2000, I moved to a different product.  Defender I found was good, but unless it supports all the Windows OS's I have in my network I wont use it.  Same thing with IE7.  I love it to death but since I dont get the same software on Windows 2000, I stick with Firefox 2.0.  Im thinking of going back to the Mac or BSD fulltime as both desktops and servers.  Leaning more to FreeBSD for servers and PC-BSD for desktop.
#Dec 18th, 2006 @ 10:40 PM
kettch
kettch
rjdohnert wrote:
As always, when Microsoft cut support for Windows 2000, I moved to a different product.  Defender I found was good, but unless it supports all the Windows OS's I have in my network I wont use it.  Same thing with IE7.  I love it to death but since I dont get the same software on Windows 2000, I stick with Firefox 2.0.  Im thinking of going back to the Mac or BSD fulltime as both desktops and servers.  Leaning more to FreeBSD for servers and PC-BSD for desktop.


I shudder to think what the cost of perpetually making sure that all software runs on every version of Windows would be. I'm sure that it resembles an exponential curve approaching infinity.

What would you say if I refused to use Firefox 2.0 because it doesn't run on Windows 95? Mozilla makes a good product, but because they don't support a 12 year old operating system, they have to go!Tongue Out

Microsoft might just have a better track record on backwards compatability than any other company, but at some point even they have to cut the cord.
#Dec 19th, 2006 @ 12:01 AM
BlackTiger
BlackTiger
If you stumbled and fell down, it doesn't mean yet, that you're going in the wrong direction.
PerfectPhase wrote:

BlackTiger wrote:

I've made some experiment. There is another peice of junk called "BitGrabber" (or sort of). This is "cool" downloader.


You got a link to where you downloaded BitGrabber from, I want to drop it on a VM and see what happens...


Ok. This piece of junk here. IT CONTAINS SPYWARE! I've experimented on WinXP SP2. Seems like on Vista it doesn't works properly because of internal bugs Smiley ("can't find ordinal in WSOCKxxx.DLL") Smiley.
#Dec 19th, 2006 @ 12:41 AM
ScanIAm
ScanIAm
On a scale of 1 to 10, people are stupid.
BlackTiger wrote:

PerfectPhase wrote: 
BlackTiger wrote:

I've made some experiment. There is another peice of junk called "BitGrabber" (or sort of). This is "cool" downloader.


You got a link to where you downloaded BitGrabber from, I want to drop it on a VM and see what happens...


Ok. This piece of junk here. IT CONTAINS SPYWARE! I've experimented on WinXP SP2. Seems like on Vista it doesn't works properly because of internal bugs ("can't find ordinal in WSOCKxxx.DLL") .


Um, here's an idea, don't click on something called bitgrabber that describes itself as....er...nothing? 

Every time I see you post, I want to kill a puppy.  I've tried to assume that it's because you have a language barrier, but this thread makes me want to buy a kennel first.

Grow up.

#Dec 19th, 2006 @ 1:09 AM
Another_Darren
Another_Darren
... than you can shake a stick at
littleguru wrote:
OK. No program reacted, right? Why don't you uninstall all? Why only Defender? What makes Defender crap and the others not? *confused*

Could this be an unknown spyware?


Interesting thing is that Spybot is more of a scanner than realtime detection.  I notice he never tried scanning with either of them.

Personally I have Defender and Spybot (the 80/20 rule) and I have no spyware on my machine.
#Dec 19th, 2006 @ 1:10 AM
Dr Herbie
Dr Herbie
Horses for courses
ScanIAm wrote:

BlackTiger wrote: 
PerfectPhase wrote: 
BlackTiger wrote:

I've made some experiment. There is another peice of junk called "BitGrabber" (or sort of). This is "cool" downloader.


You got a link to where you downloaded BitGrabber from, I want to drop it on a VM and see what happens...


Ok. This piece of junk here. IT CONTAINS SPYWARE! I've experimented on WinXP SP2. Seems like on Vista it doesn't works properly because of internal bugs ("can't find ordinal in WSOCKxxx.DLL") .


Um, here's an idea, don't click on something called bitgrabber that describes itself as....er...nothing? 

Every time I see you post, I want to kill a puppy.  I've tried to assume that it's because you have a language barrier, but this thread makes me want to buy a kennel first.

Grow up.



Oh for crying out loud, that the whole point of anti-spyware software:  when my grandmother/nephew makes a bad judjement call and downloads something, the anti-spyware is supposed to stop bad things from happening!

If anti-spyware doesn't do this, then what's the point in installing it?

We can't just bleat that 'you shouldn't download stuff if you don't know what it is';  the average user doesn't know about this stuff and the software is supposed to make it easier and safer!

But hey, hey not worry about that, lets just argue because we have decided we don't like the original poster. Mad
 
Herbie
#Dec 19th, 2006 @ 2:01 AM
Massif
Massif
aim stupidly high, expect to fail often.
What I want to know, is if you then allow Defender to run an automatic scan - as it will do. Does it pick up your spyware and warn you?

Just because it allows spyware to install, doesn't mean it actually gets to run automatically and gets its way.

I've never seen an anti-spyware app pop up and block an installation (presumably because it'd block the installation of the dependant app and so you'd get users just freaking out over why defender / adaware stops their programs installing.)
#Dec 19th, 2006 @ 2:03 AM
cheong
cheong
Dr Herbie wrote:


If anti-spyware doesn't do this, then what's the point in installing it?

We can't just bleat that 'you shouldn't download stuff if you don't know what it is';  the average user doesn't know about this stuff and the software is supposed to make it easier and safer!


Antivirus/Antispyware/antiadware/whatever protective measure is no replacement for secure websurfing practice if you give the users root/administrative access. You don't expect their "unwanted programs" definations be updated the second a new virus/trojan/spyware/adware is created right?

If they're incapable of learning what is safe/unsafe to do on web, it's best to make use of VM technologies - create a VPC image with undo disk and ask them to surf the web in it. If they find any "cool" programs to try out, feel free to try them out then. Just rememeber to discard the changes when closing VM. That'd save you a lot of troubles.

(Remembering that days when computers in the lab. have reborn card installed... VMs are much safer than that.)
#Dec 19th, 2006 @ 5:23 AM
BlackTiger
BlackTiger
If you stumbled and fell down, it doesn't mean yet, that you're going in the wrong direction.
Another_Darren wrote:

littleguru wrote:OK. No program reacted, right? Why don't you uninstall all? Why only Defender? What makes Defender crap and the others not? *confused*

Could this be an unknown spyware?


Interesting thing is that Spybot is more of a scanner than realtime detection.  I notice he never tried scanning with either of them.


Yes, S&D is a scanner. I've scanned my system after spyware installation. There was no results.

Another_Darren wrote:

Personally I have Defender and Spybot (the 80/20 rule) and I have no spyware on my machine.


Are you sure? Cool

Anti-malware protection MUST prevent any installation of malware, not just "warn". How about just create some kind of "execution allowed" attribute for folders (especially outside "Program Files")? Without any public API, on system level? And perform monitoring asking user some sort of "process placed exe/dll/ocx in folder without 'allow execution' attribute. do you accept this action?"
 Look where spyware trying to hide own executables! Mostly in some "wrong" folders such as "All Users" or "Application Data". Also, why only IE (including "7") allows to use own executables to host and cover spyware processes?
#Dec 19th, 2006 @ 5:42 AM
littleguru
littleguru
<3 Seattle
BlackTiger wrote:
Anti-malware protection MUST prevent any installation of malware, not just "warn".


How would you achieve that? I could write a spyware that nobody knows yet... Spyware is only a program. Like a virus. It's the same for me. I don't difference. Virus = spyware. All crappy programs that ruin my daily experience and kill my nervs.

But anyway: how should a program detect a malicious spyware program if not known as spyware?
#Dec 19th, 2006 @ 5:45 AM
BlackTiger
BlackTiger
If you stumbled and fell down, it doesn't mean yet, that you're going in the wrong direction.
Quite interesting...


I've reinstalled WD and changed default settings to more paranoic.


During next installation of stupid BitGrabber I've got a lot of reports from WD. I've DENIED everything. Spyware still is active.
#Dec 19th, 2006 @ 5:45 AM
PerfectPhase
PerfectPhase
"This is not war, this is pest control!" - Dalek to Cyberman
BlackTiger wrote:

How about just create some kind of "execution allowed" attribute for folders (especially outside "Program Files")?


You mean like the 'Read & Execute' permission?
#Dec 19th, 2006 @ 6:07 AM
BlackTiger
BlackTiger
If you stumbled and fell down, it doesn't mean yet, that you're going in the wrong direction.
PerfectPhase wrote:

BlackTiger wrote:
How about just create some kind of "execution allowed" attribute for folders (especially outside "Program Files")?


You mean like the 'Read & Execute' permission?


No, "Execute" alone.
page 1 of 2
Comments: 47 | Views: 15409
Microsoft Communities