Defender and Live OneCare

[Jim Higgins]

I read that Live Onecare wants me to uninstall all other firewalls and AV
products (I only use one of each-Zone Alarm Internet Security Suite).
Nothing was said about other anti-spyware but it noted that OneCare
integrates with Defender. To me this implies that other anti-spyware and
anti-adware products mayl have problems and/or OneCare will choke.

I just cannot see putting all my eggs in one (MS) anti-spyware basket,
*nobody* is so good that they can catch all the spyware/adware. OneCare
does not mention adware so I wonder if they lump it with spyware or if they
don't touch adware?

Does someone else see a reason to install Live OneCare as a one stop shop
for AV,

 

[Stephen Boots MVP-MSN Client]

I read that Live Onecare wants me to uninstall all other firewalls and AV
products (I only use one of each-Zone Alarm Internet Security Suite).
Nothing was said about other anti-spyware but it noted that OneCare
integrates with Defender. To me this implies that other anti-spyware and
anti-adware products mayl have problems and/or OneCare will choke.

I just cannot see putting all my eggs in one (MS) anti-spyware basket,
*nobody* is so good that they can catch all the spyware/adware. OneCare
does not mention adware so I wonder if they lump it with spyware or if they
don't touch adware?

Does someone else see a reason to install Live OneCare as a one stop shop
for AV,

You can run as many antispyware products as you would like with
Windows Live OneCare as long as none of the other ones are *active*
scanners like Defender, meaning that they are scanning every file on
access. Multiple always scanning applications/processes put a toll on
file access and will cause conflicts as the scanners fight to access
files for scanning while they load.
-steve

 

[Guest]

I am not with Microsoft, so interpret my answer as one from an indepedent
person. The plus for One Care seems to be that the components are supposed to
mesh without conflict. That is the goal of all "one stop" suites. Also, it
included licenses for multiple PC's for thoses who have that need (at a
reasonable cost). I believe the intention is that One Care will be available
in Vista by default, but it can be replaced by 3rd party programs by user
choice. That is an attempt to solve the problem of users getting new PC's and
letting the trial version of their anti-virus and firewall expire and also
not having anti-spyware.
The minus is that like all "one stop" suites, the anti-virus and
anti-spyware will probably share similar vulnerabilities or "blind spots." To
me, layered protection means not "putting all my eggs in one basket" but
using programs that complement each others weaknesses. Other programs provide
different criteria for adware and consumerware, as well as possibly better
detection/removal of malware.
I would say follow your instincts. You seem to already know the answer to
your question. In addition, I would not replace a proven product with a beta
product until it had proven itself. Everything I have seen indicates you
would still be able to use 3rd party anti-spyware programs alongside One
Care. Antivirus is different, because you should use only one anti-virus.

 

[Bill Sanderson MVP]

From the release notes for Windows Defender:

http://www.microsoft.com/athome/security/spyware/software/about/releasenotes.mspx
----------------
You do not need to remove other antispyware or antivirus programs to run
Windows Defender (Beta 2). Other programs or Windows Defender (Beta 2) might
prompt you to allow or block an action, but there are no other known
incompatibilities between Windows Defender (Beta 2) and other antispyware or
antivirus programs.

 

[Jim Higgins]

What I am currently doing is scanning as follows: Zone Alarm (AV and
spyware) @0100, Spysweeper @0300, Spybot 1.4 @0400, Defender @0500 and
Ad-Aware @0655. From what you say Bill I take it that I can maintain my
current level of paranoia and schedule Live OneCare to do its thing at
whatever time seems convenient?

Have not decided yet about getting the beta and $19.95 for the final yet.
Of course I don't have to use the beta, just get the discount price. I am
still flipping back and forth between IE7B2 and IE6 with a restore point
before I reinstall IE7 for another episode of "fun"

From the release notes for Windows Defender:

http://www.microsoft.com/athome/security/spyware/software/about/releasenotes.mspx
----------------
You do not need to remove other antispyware or antivirus programs to run
Windows Defender (Beta 2). Other programs or Windows Defender (Beta 2)
might prompt you to allow or block an action, but there are no other known
incompatibilities between Windows Defender (Beta 2) and other antispyware
or antivirus programs.

 

[Bill Sanderson MVP]

I'm not sure about the Zone Alarm--OneCare checks for other antivirus
software, and perhaps firewalls as well--and I believe won't continue the
install if they are still running.

As far as Antispyware, you're fine. OneCare actually does very little about
antispyware--it will alarm if your sigs are out of date, and allows you to
trigger a scan from OneCare's UI--but it doesn't add Spyware scanning to the
OneCare "tuneup" process, nor does it allow you to trigger updates from the
OneCare UI.

--

What I am currently doing is scanning as follows: Zone Alarm (AV and
spyware) @0100, Spysweeper @0300, Spybot 1.4 @0400, Defender @0500 and
Ad-Aware @0655. From what you say Bill I take it that I can maintain my
current level of paranoia and schedule Live OneCare to do its thing at
whatever time seems convenient?

Have not decided yet about getting the beta and $19.95 for the final yet.
Of course I don't have to use the beta, just get the discount price. I am
still flipping back and forth between IE7B2 and IE6 with a restore point
before I reinstall IE7 for another episode of "fun"

 

[Guest]

All the major anti-virus vendors, OS vendors, and ISP's warn against using
more than one installed anti-virus. I don't understand why folks keep trying
to find a way to use 2 of them when the risks are so much higher than the
benefits. i think paranoia has gotten out of hand. How can anyone do anything
else with their system is they are scanning for malware all day long? It
would seem more beneficial to have software and/or hardware to bakup your
system and then relax a little. There are plenty of free online scanners
available to do additional scans if necessasry. Good grief! The worst threats
might not be detected by any of these scanners anyway, from what I have read
lately.

 

[Bill Sanderson MVP]

I noted to plun in another message that I finally cleaned a machine I've
known for months was infected with spyware--it was popping up ads anytime
you opened the browser, but Symantec, Windows Defender, and Ewido all
declared it clean.
Additionally, both RootkitRevealer and Blacklight had declared it clean the
last time I looked at it--a few weeks back.

This time around, however, Symanted, Windows Defender and Ewido still agreed
that it was clean, but BlackLight found 1,840 hidden files and executables,
and was able to get things to a point where I could restart in safe mode and
find and clean the rest by hand.

I suspect that critter could have been caught by a signature-based scanner
when the original download happened, but once it was in place, none of the
"standard" scanners were even aware of its presence.

--

 

[Guest]

I saw that threat and found it very interesting. I have run RootkitRevealer
and Blacklight in regular mode and understood that they cannot be run in safe
mode. Is that correct? I am pretty much a novice at all this, and have a
real lack of knowledge about safe mode with command prompt. I only know a few
basic commands to use on XP Home Edition and certainly not enough to work
comfortably in safe mode. I need to study that soon! One of my concerns
about the first post in this thread was the possible confusion about using
One Care plus another installed anti-virus. There are folks, for example, on
AOL who don't understand that they can't use One Care and the AOL Safety and
Security Center together with both firewalls and anti-virus programs enabled.
I don't know how many make this mistake, but enough to make me wonder how on
earth to make it crystal clear that this is not advisable. Or course, if
folks don't read, then, well - - - - -!

 

[Bill Sanderson MVP]

I wasn't clear--I didn't even try to run the rootkit-finding software in
safe mode--I ran in regular mode, and then, once blacklight had both
identified the names and locations of the objects involved, I restarted in
safe mode, and was then able to find the stuff and get rid of it.

A competent rootkit is likely to avoid discovery even in safe mode--I
suspect I was only able to get rid of this because BlackLight's renames were
effective, and I went directly from having done those renames to safe mode.

One detail about that experience still isn't clear to me--the stuff must
start via registry entries somewhere, and I never got any errors on startup
or reports of missing files--so there's a piece I don't understand--or,
perhaps--a piece of code still present, which wouldn't be good.

--

 

[Guest]

I think I just lost my reply due to my error. I will repeat it. I saw that
thread and found it very interesting. I need to learn more about using safe
mode with command prompt. I am quite a novice and only know a few basic
commands, not enough to clean an infected computer. I am concered about folks
trying to use One Care plus another installed anti-virus. For example, I have
seen folks trying to use One Care and the AOL Safety and Security Center,
with both firewalls and anti-virus programs enabled. Quite a mess. I don't
know how to make correct use crystal clear if folks just don't read!!!
Paranoia is driving some to run several real time anti-spyware programs, and
that is just counterproductive in most cases. So far I have managed to make
Defender and Spysweeper play well together, but I do not take it for granted
and keep looking for hidden conflicts not apparent to me yet. Trial and error
has been my best teacher, but some things should clearly be avoided.

 

[Guest]

I see now that my replies both got there! Thanks for the clarification about
the rootkit process. I had read something similar in regards to Ewido.
Apparently it cannot clean rootkits, but if you make them visable and rename
them using Blacklight, then Ewido can clean them out in safe mode afterwards.

 

[plun]

Old Rebel: Old, but not too old to learn new tricks!

Hi Old Rebel

It´s really important to not be scared about this "mess".

A user which only visits "normal" well known sites is not in anyway
in danger. A user which also have knowledge about spyware/malware I
would say makes it nearly impossible for a severe infest.

Then we also have phising within mail and I hope that with IE7 and new
security certificates it will be much safer.

And about rootkits I would say that all security vendors seems to
control it. We have Sonys "harakiri" and then we also have the new
Vundo
as a real risk and a few others.

Hopefully it stays so...........


regards
plun

 

[Bill Sanderson MVP]

I left the machine doing a fullscan with Windows Defender. If I get in
there again on Monday, I'll run a full Ewido scan too--good idea.

--

 

[Guest]

Hi,plun! I understand and I am not afraid, although others are and maybe
should be if using p2p, prOn, and gambling. Of course, there's always the
problems with programs like Messenger Plus that so many fall for. I am
equally concerned about the problems that can be caused by misuse of multiple
anti-virus softwares. Back to the original subject that started all this: As
far as One Care is concerned, I am theoretically interested in it, but I am
waiting to see some results from AV Comparatives, if that ever happens. I'll
be open minded toward making an anti-virus vendor change near the end of this
year, and I will study my alternatives.

 

[plun]

Hi

Well, I don´t like One Care...... to much "ink"

Indeed a complicated situation today with one group which knows about
malware some of them "staples" protection and another which knows
nearly nothing.

One Care maybe suits the last group... IMHO

regards
plun

 

[Guest]

Agreed. Cheers and have a good weekend!

 

[Guest]

Plun,
The problem really isn't 'knowing' about malware, it's maintaining the apps.
As Old Rebel and others here state, many who 'know' about malware have a bit
of paranoia which drives them to maintain several anti-malware applications
on their PC including updates. Whether this is good or bad depends on the
knowledge and skill of the user to some extent.

Then there's the other group who, though they've no doubt heard of malware,
have no interest and thus often do nothing about maintaining their security,
at least until they get hit by an attack which causes them to temporarily
update everything, and then forget about it again.

The funny part is this ignorant group are actually the 'normal' people, with
better things to do then maintain their computer and frequent forums like
this one. This is the group that OneCare is targeting, giving them a self
maintaining, updating, complete security solution for an annual fee. Evolving
as the threats do without them needing to learn much other then keeping
'green' and being able to read and respond to occasional potential threat
warnings.

The 'geeks' and 'techies' (us) don't tend to like or agree with this posture
since it's not techie or complex enough, but it's actually exactly what's
required to solve the problem. Taking the 'mystery' out of malware and
removing the overhead of maintaining the programs required to provide
detection is the only thing that will work in the 'real' world of the average
person. Techies like lots of tools and information, most others simply 'want
it to work' without the pain.

OneCare isn't the 'perfect' suite, but it's the first one approaching the
problem from the right direction. Instead of selling software packages and
tools, it's supplying a protection system that will grow and evolve over
time, designed specifically to complement the OS it protects and its other
components.

Some techies will resist, but as the other major antimalware ISVs produce
competing products (they already are), most will realize they're wasting
their lives maintaining the machines that were supposed to reduce their
workload. The other software available will include more tools and toys to
draw interest, so techies will still have blinking lights to play with.
Eventually the major malware disruptions of the past will be distant
memories. This is, of course, after most major software and the other major
OS versions go through the same, but smaller versions of the same thing
Windows already has.

Bitman

 

[plun]

Hi Bitman

So called "normal users" often ends up within a HijackThis forum.

It´s interessting to watch all of these logs and also notice that users
installs every application they can find and also the bad guys stuff.

Often with no or negative result.

It´s also a problem when a OS manufacturer as MS writes within official
MS blogs thats users running One Care is protected against security
holes as with the WMF exploit.......and also mainatin really bad kb:s
about different threats. (singing in the rain maybe)

One Care is good beacuse it drives the competition so we will have
better protection but it´s for sure also really negative when it´s
comes from MS.

I believe it was a mistake that MS started with security applications.

Nevertheless I am more and more sure about the need for a TPM chip.

This is a mess and it will be worse.

regards
plun

 

[Stephen Boots MVP-MSN Client]

What I am currently doing is scanning as follows: Zone Alarm (AV and
spyware) @0100, Spysweeper @0300, Spybot 1.4 @0400, Defender @0500 and
Ad-Aware @0655. From what you say Bill I take it that I can maintain my
current level of paranoia and schedule Live OneCare to do its thing at
whatever time seems convenient?

Zone Alarm AV may conflict with Windows Live OneCare as it is an
always on. resident AV scanner. I don't see any problems with the
others, except that their schedules could overlap. Note also that
Windows Live OneCare tuneup can only be scheduled to run weekly and
not at a specific time.
-steve