P
plun
Hi Steve
Thanks for the question !
Everything is about RTP and when new updates arrives.....
I can not see any reasons for daily scans if RTP works, the challenge
also is that a lot of users change this to full scans beacuse of
Spyware
paranoia.......
So RTP must be much better explained how it works.
But... some users are "scanners" and maybe it´s impossible to
explain about RTP and keep them feeling safe. Especially US users
seems to be learned that they MUST scan daily.....
Most important for a user nowadays is a daily antivirus scan and with
todays large disks a antivirus scan takes at least 1 hour.........
Nearly all of todays ad/spyware are "harmless" and only causing
irritated users with many popups and traffic to an adserver.
There is no real security problem with mostly all of them.
We also have a more dangerous group with Vundo, Smitfraud, CWS and
these
must be RTP detected much better with WD. The problem is the trojan
which are carrier for these infest. Nevertheless if mostly all of these
infests comes when a user search cracks for example MS programs, prOn
or dirty gambling sites.......maybe it´s time to educate users about
this... cold facts and maybe ambarrasing for some users...
I don´t know where I got it from.....
I also saw that the famous Zlob was within the MRT tool (after
nearly 3 months... ;( )
Personally I will block all scans and only scan after that new defs
arrives.
regards
plun
Thanks for the question !
Everything is about RTP and when new updates arrives.....
I can not see any reasons for daily scans if RTP works, the challenge
also is that a lot of users change this to full scans beacuse of
Spyware
paranoia.......
So RTP must be much better explained how it works.
But... some users are "scanners" and maybe it´s impossible to
explain about RTP and keep them feeling safe. Especially US users
seems to be learned that they MUST scan daily.....
Most important for a user nowadays is a daily antivirus scan and with
todays large disks a antivirus scan takes at least 1 hour.........
Nearly all of todays ad/spyware are "harmless" and only causing
irritated users with many popups and traffic to an adserver.
There is no real security problem with mostly all of them.
We also have a more dangerous group with Vundo, Smitfraud, CWS and
these
must be RTP detected much better with WD. The problem is the trojan
which are carrier for these infest. Nevertheless if mostly all of these
infests comes when a user search cracks for example MS programs, prOn
or dirty gambling sites.......maybe it´s time to educate users about
this... cold facts and maybe ambarrasing for some users...
I don´t know where I got it from.....
I also saw that the famous Zlob was within the MRT tool
(afternearly 3 months... ;( )
Personally I will block all scans and only scan after that new defs
arrives.
regards
plun
Plun,
What would you propose for the quick scan interval? I think we chose once a
day because we want users to always be protected if a new threat comes out.
If the scan is intrusive, maybe we can do something to help.
--
-steve
Steve Dodson [MSFT]
Windows Defender Beta Lead
MCSE, CISSP
http://blogs.technet.com/stevedod
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
plun said:Hi Bill
Well, I would say that a Quick scan takes about 5-10 minutes.
A lot of users probably change this to a full scan beacuse of spyware
paranoia
I can not see any reason to make all of these scans and the highest
priority has antivirus/trojans scans.
So one full scan after new defs arrived should be enough...........
Otherwise the RTP is out of order.........
But I wanted this clarified from Mr Dodson if the RTP functionality
have some holes ???
It seems also be totally clear form this mess with updates that a lot of
users have missed Windows update and to keep their PC dated.... ;(
Maybe it´s better to put energy to Windowsupdate, antivirus/trojans then
to make WD working and make a daily scan
regards
plun
So how do you feel about the speed of a quickscan? On office machines,
with relatively low startup loads--not much "in the tray" I see times in
the 1-3 minute range--haven't really checked a broad selection
carefully--but it seems fast enough that I don't see it as an obstacle.
--
Hi Steve
-Can you please explain why default scan period is 1/day ?
- Don´t you trusth RTP functionality within Windows Defender ?
- Is it holes that can make malware passing through and only
be detected with a scan ?
- Is it beacuse of users "feel safe" with a daily scan ?
Users leaves their PCs switched on 24/7 beacuse of meaningless
scans, it must be clarified that a PC is switched off after work and
no need for a daily/nightly scan.
And antivirus/trojan scans are much more important than a WD scan
with also beacuse of several more definition updates.
Of course it might be a good idea to scan after new WD defs......
IMHO
regards
plun
As far as the scan time goes, we would expect it to take longer since we
actually scan more, and have protections in place to make sure we are
removing the correct file. Beta 1 was not able to scan all compressed
files, unicode files, etc. Therefore the scan times were faster. It was
a balance we needed to make, one which gives us high performance, but
also finds and removes malware (and not a valid program). It is a hard
balance, but one I think we have done well.
--
-steve
Steve Dodson [MSFT]
Windows Defender Beta Lead
MCSE, CISSP
http://blogs.technet.com/stevedod
--
This posting is provided "AS IS" with no warranties, and confers no
rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
"Steve" <[email protected]>
wrote in message
My biggest disappointment in not having a separate source for download
of
update signature file is in cases where multiple machines are networked
and
share a relatively slow internet connection. The updates are sometimes
very
large and take so long that "normal" internet usage is not available
for a
considerable period of time while updates are being downloaded.
Same complaint for [non-MS] anti-virus software - updates are way too
large
and take too long on slow connection. Multiple parallel updates often
result
in FTP server timeout, and the update is not "smart" enough to resume
at
point of loss.
If a manual download was available, we could get 1 and then install on
each
machine. That would save the server some bandwidth, too.
As for "not being exposed"... in a scenario where children are involved
as
users, they sometimes exchange files via CD-ROM, or USB devices. So
there is
still the potential of being exposed that way. But I do understand the
comment.
All this aside, after a great deal of experimenting and observing, I
think
Defender is not as good as previous "Giant AntiSpyware", in particular
that
Defender is much slower to scan the machines (we have 6 - it takes
twice the
time on each of them), and we now see random periods of 100% CPU
utilization
by a process identified as "MsMpEng.exe", which last from 3 to 15
minutes,
during which the machines are virtually unusable. Can not open/close
existing
windows, windows do not get repainted, no internet or network activity
is
possible. When the task releases CPU, everything returns to "normal".
This
has been observed on all 6 computers, 3 of which run Win2000 pro, two
run XP
pro and 1 runs XP home. I find this behavior extremely annoying and
frustrating.
-- ST
:
i fear not.....read that manual updates are not possible as in: cannot
download manually. I dont think it fits in the concept....if not
connected to
the internet, you're not exposed, so why use WinDefender is my
simplified
take on this.
-- The Dutch Italian
Coelum Non Animum Mutant Qui Trans Mare Currunt
:
Hi,
Is there any possibility to keep ap to date a computer having
Windows
defender (beta2) that is not connected to the internet?
Thanks
-- Razvan