Headline! - Defender Defends Against PC Defenses & Destroys LAN

[Guest]

Just instaled MS Defender 2 and it immediately destroyed significant
components of the PCs system.

Specifically, Defender 2 cleaned out my \windows\system32\drivers\etc\hosts
file.

I run a local network at home with fixed assigned IP addresses hard coded
into the PC hosts file.

In addition, I add to the hosts file the list of ad servers form

# http://pgl.yoyo.org/adservers/

Also, I instruct ZoneAlarm to protect the hosts file from being overwritten
or modified.

Defender 2, in one bold stroke of assertive malevolence:

Identifies the hosts file as a "program" and "Spyware"
and that "This program has potentially unwanted behavior".

Says to "Review the alert details to see why the software was detected."
But no such information exists and there is no explanation of what in
the
hosts file is offending or why.

Has a link to "View more information about this item online".
A completely irrelevant link which provides no useful information of
any kind
that is relevant to this particular issue.

Deletes hosts and requires a system roboot.

Removes my list of local system IP address, which turns off access to
other local systems.

Deactivates a prevention system that keeps me from accessing
known ad servers.

Defeats the ZoneAlarm prevention of the hosts file being modified.

Keeps issuing this bogus alert even after I try to turn in off.


Good work MS!!!!!



Additonally,

Defender has a dumbed-down interface that provide little useful
information.

Defender provides no information on the status of the Defender
definitions.

Provides no way to update Defender definitions other than to do a scan.

Shows no indication in the Notification area that Defender 2 is running.

Gosh! - is this an improvement over AntiSpyware Beta 1??????

 

[Dan Koerner]

I'd have to allow that you are very POed... 8>)) I have to agree that you are right on most counts... not every one, just most.

I can add some to your list:

No link, evidence, or statement of malware items on the watch list. Without this, MS can make claims with no way to refute.

No history, or evidence, of things allowed/disallowed.

Haven't quaranteened anything, so comment withheld.

It uses the Event Viewer as its Activity Log, which I routinely dump. (I thought that was what History was for, guess I'm not allowed to think.)

Anyway, it's just a BETA!

 

[Guest]

Dan:

Did't mean to sound POed. This was an easily recoverable situation.

But I am amazed that MS considers any change to hosts to be a problem which
cannot be tolerated. Did they hire some newbie programmer out of a
mail-order school of computer creationism that believes Microsoft is the
creator off all things good and that the hosts file is an evil artifact from
earlier systems that must be supressed? Could this be an script concept for
a new computer-sci thriller movie?

BTW, thanks for pointing out that Defender is trashing the System log with
Defender events.

MS - if you are going to populate the events log with numerous Defender
messages please create a new event log category "Defender" so that the System
event log is not overwhelmed with Defender trivia.

Thankfully, you are right - it is just Beta software.