MS Defender vs MS AntiSpware

[Guest]

Since the very unfortunate demise of MS AntiSpyware we are now left with this
contraption called MS Defender, which represents an enormous system resource
hog with rather questionable effectiveness if it comes to internet security.
MS AntiSpyware was a highly capable Trojan/Spamware/Sdware protection – by
many tests the industry’s best! In contrast, MS Defender has proven itself
far less capable, is an enormous drain on system resources and forces the
user to use Automatic Updates, which for most of the time is annoying and at
best only offers minor fixes/patches.

As you can see, in my role as a system administrator of a major university,
I am plainly NOT in favour of MS Defender!

Why can’t Microsoft offer a better alternative?? Why not improve on what was
there and working already – in the form of MS AntiSpyware?

Now I read that I need to have System Restore enabled as well, in order to
run file/definition updates for MS Defender that are “beamed†to me via that
other system hog “Automatic Updates†which needs to be permanently enabled
together with its other associated services – more waste of system resources!

On all our machines we have these services, including Automatic Updates and
System Restore turned off. For starters, Automatic Updates is at best a
nuisance, at worst a pest. System Restore Points tend to gobble up hard drive
space in no time and consequently slowing down system performance. I have
seen hard drives where system restore had used 80+GB of space – what a joke!!
Besides the fact that System Restore uses hard disk drive as if there were no
tomorrows and in the process drastically increases hard drive fragmentation,
any half witted hacker knows how to put a copy of his/her worm/virus et all
into system restore. As a consequence, if one were to roll back to a previous
restore point, the hidden virus/Trojan is reactivated. Very smart, 99!!

Besides the use of a hardware firewall system, all of our servers, desktops
and notebooks use a software firewall such as Agnitum’s highly capable
Outpost, plus adequate antivirus protection such as NoD32 et al.

This not only eliminates the need for MS’s Automatic Updates, of which 99%
are security related, but also eliminates the need for this system hog MS
Defender.

So, please anyone out there:

WHY WOULD I WANT TO DEPLOY MS DEFENDER, IN BETA STILL AFTER ALMOST A YEAR,
UNPROVEN AND UNRELIEBLE AND WITH A HUGE ADDITIONAL SYSTEM RESOURCE DRAIN??

Any qualified help and advice would be very much appreciated.

And yes, I have read just about all the monthly and weekly MS white papers
crossing my desktop ...

 

[Guest]

Seeing as you command such a glorious enterprise, you might wish to
investigate ForeFront Client Security:
http://www.microsoft.com/forefront/clientsecurity/default.mspx

 

[Guest]

Akita,

Good Morning. It's 2:15 am in Chicago and I can't sleep. Let me address a
few of your concerns. Please forgive me if at this hour my response is a
little incoherent.

1. Many of us agree with you that MS Antispy was a better product.
Microsoft seems to want to abandon it. Whata Gonna Do??

2. Currently you DO NOT NEED to use Automatic Updates. They want you to,
but you don't have to. You can update thru the UI > Help-About-Check for
Updates.

3. You Do NOT NEED to have System Restore enabled. Defender has some
serious problems with making System Restore Points for any reason whatsoever.
This bothers us who do use System Restore. If you don't want to use it,
just turn it off.
Defender will continue to function and will NOT make restore points.
(n.b. There are many other things I could say about your comments about
System Restore but they would diverge from your current needs and concerns so
I end this point here.)

4. In Your role as a system administrator of a major university YOU WOULD
NOT WANT TO DEPLOY MS DEFENDER, IN BETA STILL AFTER ALMOST A YEAR. It is
"BETA". It should not be used in a production or critical enviorment. If
you want to Beta test that's fine. Don't make your users beta testers.

5. Sounds like you have some good security systems in effect. As long as
backups are being made regularly and you have some method of getting
nesscessary patchs you can continue as you are.

?
Tim
Geek w/o Portfolio

 

[Guest]

Hi Tim;

Thanks for the info. It's a real shame that MS is replacing MS AntiSpyware
with something as troublesome as its MS Defender!

And yes, we have full backups in place created daily for all systems
(Acronis software is our choice).

If, and that's a big if, MS ever gets MS Defender out of beta, I'll give it
another test run, but fear that it will simply continue to use up far too
many system resources, and in addition will continue to force users ever more
to become dependent on MS's update service, which quite frankly I find rather
disturbing.

Hope this sees you well asleep - 2.15am is well and truly burning the
midnight oil....

Cheers - Akita

 

[Bill Sanderson MVP]

I completely fail to see how the software you have in place eliminates the
need to apply critical security updates issued via AutoUpdate.

Many network administrators made this mistake in the past--they depended on
edge protection only to be decimated when an infected laptop was plugged in
behind the firewall.

I see that you have good software in place, but none of that signature-based
sofware will protect against an exploit utilizing a Windows vulnerability
which uses unknown code--unless it happens to hit a heuristic block. Nod32
is good, but I wouldn't depend on it or it in combination with the firewall,
to protect against a future worm.

In fact, the real-time protection in Windows Defender would likely be of
more help--it is considerably more effective than Microsoft Antispyware was
in this respect.

--

 

[Guest]

Quite right. However, all our laptops and desktops have the same backup and
security software installed. To date, none have been infected - or at least
as far as we can tell.

Unfortunately no, and I repeat no, security software can protect against
unknown attack sources - this includes MS Defender as much as MS AntiSpyware
et al. Good heuristic blocks are fine, but even these are not always able to
offer 100% protection. The fact remains that there’s no such luxury as 100%
protection. But MS AntiSpyware was pretty dam close – by many reviewers’
opinion! And as far as I can glean from the various relevant and reputed
on-line resources, MS Defender is still deemed inferior to MS AntiSpyware.

It beats me why MS decided to put one of its best products (albeit bought
from Giant) out of service. It's a real shame. It worked beautifully, offered
an extremely high degree of protection, was user friendly and had a very
small system resource footprint to boot!

Besides the security and dependency issues I mentioned before, there still
remains the fact that MS Defender - even in its latest beta incarnation - is
one of the worst resource hogs I have encounter in a long time! That alone
makes it dubious, to say the least!

 

[Bill Sanderson MVP]

We can't point to reviews of Windows Defender yet, especially ones that look
at real-time protection, so I have to go by statements from the development
team (who know both beta1 and beta2 intimately)--that the real-time
protection in Windows Defender is greatly improved over Microsoft
Antispyware.

I'm concerned about your finding it a resource hog. I've seen some evidence
of resource issues during definition update on some systems, and many
customers find that a full scan is resource intensive. I strongly recommend
not doing routing scheduled full scans, but doing intelligent quickscans
instead, as recommended by the product help. The quickscan is intended to
catch malware active and in place--in ram, in startup locations. Yes, the
full scan will catch stuff sitting around downloaded but not run, but much
of the time that stuff isn't really a threat--it is never going to be run.
Do full scans when a technician is going to be looking at the results.

The other thing to know about scans is that if they are missed, they take
place at some time after the next login--perhaps 20 minutes. So--if a
scheduled fullscan is missed, it will happen 20 minutes (?) after the next
user login, and the user is likely to notice that impact. On office
machines I look at, quickscans take between two minutes and 10 minutes--with
pretty minimal impact on the user.

At various times in the beta, with both versions, we've seen individual
systems where the product really seemed to be a resource hog. Sometimes the
issue was an undesirable interaction between two real-time scanners
(antivirus and antispyware)--sometimes a reinstall seemed to clear this up.
I've had all versions of both betas installed on about 4 dozen machines from
PII 300's with 256 megs of ram, and on up, with almost no comment from the
users--so "resource hog" observations certainly aren't the norm.

--

 

[Guest]

The fact that MS Antispyware worked so well in your environment implies that
your users are running as Administrators, since that product wouldn't operate
effectively within Limited User Accounts. Along with your other statements
about disabling of key update and other OS components, it's clear that you
have chosen to operate your current PC base as if they were Windows 9x based
without any security, relying instead on firewall and antivirus to block
known malware.

It's also obvious from your anger that spyware must be an issue which you
were mitigating using MS Antispyware for free until its recent demise. Now
that the also free Windows Defender isn't operating effectively in this
archaic network design, this has left you without the protection you really
require, or with the choice of reversing major decisions within that design.
Since your existing network design is the equivalent of a large number of
individual home PCs attached together via a network, it's not surprising a
product designed for home use served it well.

Attacking Defender will gain you nothing except the chance to vent. It isn't
yet as polished as MS Antispyware, since that was simply a relabeled product
designed for home use and Defender has yet to complete its beta phase.
However, its base design is much more effective at protecting both itself and
the PC it is installed in. The issue at this point is fixing the known bugs
and releasing to make SpyNet, and thus updates more effective. Its resource
use may be somewhat more than MS Antispyware, but I never noticed on my PII
400MHz PC with Windows 2000 OS.

The key requirements to make Defender useable in your enviroment you've
partially identified. The most important would be not only enabling Automatic
Update, but also bringing a WSUS server online to support and control updates
internally. My guess is that you'd probably need to upgrade large numbers of
systems to XP Service Pack 2 simply to install Defender, unless you did that
last summer.

You can choose to fight the direction that Microsoft is taking in regards to
security and the protection of the operating systems they sell. This,
however, means that more such issues will likely occur in the future, since
going in a different direction then the organization providing your OS is
simply counterproductive.

Bitman

 

[Guest]

I couldn't have said it better myself, Bitman. Your thoughtful analysis is
appreciated by those of us who hadn't the time. Thanks.

 

[Guest]

Hi Bitman;

Firstly, FYI, you guessed incorrectly; all machines are running XP Pro SP2,
in fact where driver/hardware issues don’t interfere, they all have the same
OS configuration installed via Acronis Admin.

Secondly, the machines in question range primarily from a few HP P4 3 GHz
systems with between 512Mb and 2GB RAM to a couple of Dell Precision M90
laptops with 2GB of RAM. There’s been a major hardware upgrade over the past
six months.

I yet have to see MS Defender using less than 595,000K of active RAM (using
Sysinternal's Process Explorer v10.2) – and that’s in system idle mode. One
reason we simply don’t bother with it at present. Granted, it IS a beta, and
therefore minor or even major teething issues have to be expected and are
quite understandable. After all, MS is asking users for help to refine such a
product, which hopefully in some distant or not so distant future will evolve
to become a far better product.

All the issues I mentioned before don’t really bother me – MS Defender is a
beta, a beta and still a beta …

What does bother me however (and going by various other newsgroups I’m not
all alone here), is why MS in its wisdom has decided to expire MS AntiSpyware
which was a reliable, resource efficient and security effective product.
Perhaps it would have been better to let MS AntiSpyware run until such time
that MS Defender comes out of beta and has proven its worth?!

The other criticism I have with MS Defender is that it appears at this
admittedly early (read: beta) stage, that MS would prefer users to have the
Automatic Update service permanently enabled, something I see little value
in. As pointed out to me in this thread, one can manually updated MS
Defender’s files and definitions, but it does appear MS would rather prefer
the user becoming dependent on the Automatic Update service.

It is exactly such forced dependency why more and more users are considering
switching to alternative OS’s.

Don’t get me wrong; I am all for the ability to update, but not an enforced
one!

On that note, I recently had a quick play with the latest public release of
MS Vista on one of the Dell M90’s, and feel that the above mentioned trend of
making the user more and more dependent on MS’s Automatic Update service is
continuing in leaps and bounds. Not a promising sign!

Lastly, I am not so much attacking MS Defender, as you imply, since it is
still in beta, but I am very much questioning the wisdom behind withdrawing
MS AntiSpyware before a reliable and proven alternative has been put in place.

On a last note, I fail to see how MS Defender whenever it comes out of beta,
or any other security product for that matter, would be able to detect &
eliminate unknown malware/threats, never mind heuristics et al. A good
hardware firewall, plus an effective software firewall still remain our best
hopes – or should I say bets?!

Thanks for all - Akita

 

[Guest]

Scott;

I refer you attention to:

Subject: Windows Defender (beta 1) wins an award as . . .

further above in this forum .... Then again, MS Defneder IS a beta, so....
But WHY remove MS AntiSpyware, a trusted, efficient and industry leading
secuirty package????? It really upset a lot of MS users. Sometimes the mind
boggles at MS's short sightedness ....

 

[Guest]

I agree with akita. I loved Antispyware, but not so with Defender. It is a
memory hog. I can't stop it from loading and can't turn it off. If I use
task manager to turn it off it just restarts. I am a home user with a loaded
gaming machine. To get maximum performance while playing games or doing
graphics intensive work, I often turn off background processes with task
manager. Antispyware was easy to turn on and off. Because of this
difficulty, I uninstalled Defender and will use other software (including
Windows Live Security scans). I hope Microsoft will change this soon. If
Vista is going to work like this, I will be sticking to XP Pro SP2. Being
able to easily make changes in how Windows works (and having the flexibility
to do so) is the big advantage that Microsoft has over Apple's operating
system, please keep that capability in all of the MS future products. I am
not "flaming" - I realize Defender is a beta product and Microsoft requested
feedback on it, so I am providing it. I love Windows! I have been a
Microsoft user since the early days of DOS and have enjoyed using the
improvements with each new upgrade in MS products.

 

[Dave M]

While Defender as a Beta certainly has some deficiencies, but I can't agree
that any of the items you mention are among them.

There are at least two places to turn off WD, both pretty easy...
1. Right clicking the WD taskbar icon if it's set to always shown, then
chose Exit
2. From the GUI, Click the Help Options (the little arrow right next to the
big ?) and chose Exit Windows Defender

Since it's a system service, you wouldn't turn WD off with task manager.
The same advice applies to preventing it from loading, it's a service, not
an application.

I don't see it as being a memory hog either. Were you looking at memory
usage during a full scan? The help files recommend you only run an
scheduled quick scan unless something abnormal is detected. I run a quick
scan once per week which lasts <3 minutes without boosting memory usage
that significantly. I also schedule a full scan monthly during which
memory is more taxed, but I'm at lunch so it's not material to any PC
usage.

Now if you want to talk about excessive restore points, and always allow,
or difficulties with installation and definition updates, those are valid
concerns. However, I don't think you should rely very heavily on Windows
Live Online Scans to satisfy your malware security, as far as I know
there's no Anti-Spyware coverage, and certainly no Real Time Protection in
any form. It's far better to prevent malware from installing to begin with
than trying to eliminate it with a scan after the fact.

 

[Guest]

akita,

Good, I'm glad to hear you are at least occasionally performing necessary
updates to the OS, even if the technique is the older image based method I'd
suspected.

I'm also glad you've reported the issue you've seen with memory usage,
though I've never seen such a huge amount myself, about 25-35MB is normal
when the GUI is open. I'd suggest investigating when (while scanning or
always?) and why (interaction with an application, AV, driver?) this might be
happening, the purpose of the beta. I can't say I've heard of this issue
before, maybe someone else will chime in if they have any ideas.

As for MS Antispyware, the product was dead the day it was acquired, which
was obvious to MS watchers. Unfortunately, they released it into the public
domain, albeit with clear and loud statements that it would die (time bomb)
at some future date, and extended this twice as I recall. Though they
initially did perform some minor work on the existing product, this ended
within the first several months, so the last version of MS Antispyware hadn't
been worked on for about a year.

That product had several deficiencies relating to operation with Limited
User Accounts and monolithic design which requred a ground-up rewrite to
resolve. Since the new product must perform on the higher security Vista OS,
it had to be both service based to work with User Account Control (Limited
Accounts) and able to update using the Automatic Update services.
http://www.microsoft.com/windowsvista/features/foreveryone/security.mspx

Though you recognize that Automatic Updates are required, you don't seem to
realize what a key technology and requirement this is. Since it is a [set of]
services, any authorized application may make use of it to perform its own
updates, thus removing the need for their own ability to download and choking
off the ability for malware to perform direct download themselves. You may
not like this, but again it's the direction your OS vendor is taking to
better protect you, so fighting it is foolish.

Heuristics are a mostly failed attempt by antivirus to detect 'malware like'
behaviour, mostly still file based, and stop it before it can 'infect' the
machine. Though the technology was a laudable attempt, it is even more highly
prone to false positives than antivirus itself and generally left little user
control in most implementations.

This question of protection from malware, including unknown, is exactly what
Defender attempts to address, though it's somewhat constricted within the
User Account Control and Limited Account environment it's designed for. The
Real-time agents watch the known entry points and 'hooks' that all malware
use to gain control of a portion of the OS and allow themselves to be
re-launched after a reboot. By warning the user of any questionable
activities within these areas, they perform a function similar to the
outbound traffic detection of a personal firewall, but much more tightly
integrated with the OS itself. Rather than just warning and blocking the
communication, they attempt to block the original installation of the
malware, before it can become embedded and 'phone home'. If you also have the
firewall, this will work as an additional layer of protection should the
Defender block fail.

The caveats with unknown malware blocking are that with Limited Accounts,
the user himself may not have the rights to block the action, so the Defender
Services must do it for him by proxy. Since this necessarily must wait for a
user action to Allow or Deny, there is a window of opportunity for the
malware which doesn't exist with known malware that can be blocked
immediately. And in the case of an unknowledgable user such as a child, the
block may not occur until a parent returns.

Despite these limitations, the ability to not only warn, but allow the user
to attempt to block the installation of malware is still much more powerful
than anything that's existed before. Since it empowers the user, it really
gives them much more control over their own PC, which was a primary intent in
its design.

Finally, this really is Microsoft's view of how security should be performed
and provided, so you do have the ability to go use something else. It just
may not be free or as effective in some ways, but that's your decision. If
you had been here earlier this year while decisions about Defender were still
being made, you might have had more input, though most major design criteria
like Automatic Updates have existed from the beginning.

If you aren't aware what WSUS is, it allows you to control which updates,
including Defender program and definition, are done when. It of course uses
the Automatic Updates system, but places it entirely in your local control,
so you decide when a particular update occurs on your network. I'm guessing
you might already know this, but add it for others who might not.

Bitman

 

[Guest]

Kindly read my terse reply in that thread, then the link. "StevenFromTexas"
has a reading comprehension problem or a chip on his shoulder.

If you do not like Defender, you have the option to use something else --
anything else. That's how free markets work. Unfortuantely, it should be
noted that most pay-for-play anti-threat tools perform less admirably than a
few of the freebies.

Then read the "Final Caveat" at the base of the Internet Security link
below. It has been known to stimulate a great deal of soul-searching.

 

[StevenFromTexas]

Scott D, I'd suggest you'd better go back and read the topic I started in a
little more detail. Sometimes the quick, witty insults are more a
reflection on the person who wrote them (you) than they are on the person
who was supposed to be insulted (me).

-- StevenFromTexas

 

[Guest]

Thank you Bitman and Dave M. I guess I will try Defender again. While I
appreciate the idea behind automatic updates, it is still a concern to me.
It seems more and more software and hardware vendors are using automatic
updates. Even my DVD ROM runs an automatic firmware update! If enough of
these are installed then there is significant performance loss. If it was
only Microsoft running the updates it wouldn't be such a big problem, but
unfortunately, this is not the case. As far as scheduling scans when I am
not using my computer, this is impractical. With the current energy
problems, my computer is only running while I use it. I may not be able to
play games during scans and updates, but I can still do many other tasks. I
guess I can't fight the future (I guess I will just buy more memory), but I
do appreciate the opportunity to express my opinions in these forums.

And: to Dave, yes, I do use more than just Live Center, although I do find
it extremely effective.

Again, tank you both.

to bitman: Thanks for explaining the history on Antispyware. I hadn't
known about some of the history.

akita,

Good, I'm glad to hear you are at least occasionally performing necessary
updates to the OS, even if the technique is the older image based method I'd
suspected.

I'm also glad you've reported the issue you've seen with memory usage,
though I've never seen such a huge amount myself, about 25-35MB is normal
when the GUI is open. I'd suggest investigating when (while scanning or
always?) and why (interaction with an application, AV, driver?) this might be
happening, the purpose of the beta. I can't say I've heard of this issue
before, maybe someone else will chime in if they have any ideas.

As for MS Antispyware, the product was dead the day it was acquired, which
was obvious to MS watchers. Unfortunately, they released it into the public
domain, albeit with clear and loud statements that it would die (time bomb)
at some future date, and extended this twice as I recall. Though they
initially did perform some minor work on the existing product, this ended
within the first several months, so the last version of MS Antispyware hadn't
been worked on for about a year.

That product had several deficiencies relating to operation with Limited
User Accounts and monolithic design which requred a ground-up rewrite to
resolve. Since the new product must perform on the higher security Vista OS,
it had to be both service based to work with User Account Control (Limited
Accounts) and able to update using the Automatic Update services.
http://www.microsoft.com/windowsvista/features/foreveryone/security.mspx

Though you recognize that Automatic Updates are required, you don't seem to
realize what a key technology and requirement this is. Since it is a [set of]
services, any authorized application may make use of it to perform its own
updates, thus removing the need for their own ability to download and choking
off the ability for malware to perform direct download themselves. You may
not like this, but again it's the direction your OS vendor is taking to
better protect you, so fighting it is foolish.

Heuristics are a mostly failed attempt by antivirus to detect 'malware like'
behaviour, mostly still file based, and stop it before it can 'infect' the
machine. Though the technology was a laudable attempt, it is even more highly
prone to false positives than antivirus itself and generally left little user
control in most implementations.

This question of protection from malware, including unknown, is exactly what
Defender attempts to address, though it's somewhat constricted within the
User Account Control and Limited Account environment it's designed for. The
Real-time agents watch the known entry points and 'hooks' that all malware
use to gain control of a portion of the OS and allow themselves to be
re-launched after a reboot. By warning the user of any questionable
activities within these areas, they perform a function similar to the
outbound traffic detection of a personal firewall, but much more tightly
integrated with the OS itself. Rather than just warning and blocking the
communication, they attempt to block the original installation of the
malware, before it can become embedded and 'phone home'. If you also have the
firewall, this will work as an additional layer of protection should the
Defender block fail.

The caveats with unknown malware blocking are that with Limited Accounts,
the user himself may not have the rights to block the action, so the Defender
Services must do it for him by proxy. Since this necessarily must wait for a
user action to Allow or Deny, there is a window of opportunity for the
malware which doesn't exist with known malware that can be blocked
immediately. And in the case of an unknowledgable user such as a child, the
block may not occur until a parent returns.

Despite these limitations, the ability to not only warn, but allow the user
to attempt to block the installation of malware is still much more powerful
than anything that's existed before. Since it empowers the user, it really
gives them much more control over their own PC, which was a primary intent in
its design.

Finally, this really is Microsoft's view of how security should be performed
and provided, so you do have the ability to go use something else. It just
may not be free or as effective in some ways, but that's your decision. If
you had been here earlier this year while decisions about Defender were still
being made, you might have had more input, though most major design criteria
like Automatic Updates have existed from the beginning.

If you aren't aware what WSUS is, it allows you to control which updates,
including Defender program and definition, are done when. It of course uses
the Automatic Updates system, but places it entirely in your local control,
so you decide when a particular update occurs on your network. I'm guessing
you might already know this, but add it for others who might not.

Bitman

Hi Bitman;

Firstly, FYI, you guessed incorrectly; all machines are running XP Pro SP2,
in fact where driver/hardware issues don’t interfere, they all have the same
OS configuration installed via Acronis Admin.

Secondly, the machines in question range primarily from a few HP P4 3 GHz
systems with between 512Mb and 2GB RAM to a couple of Dell Precision M90
laptops with 2GB of RAM. There’s been a major hardware upgrade over the past
six months.

I yet have to see MS Defender using less than 595,000K of active RAM (using
Sysinternal's Process Explorer v10.2) – and that’s in system idle mode. One
reason we simply don’t bother with it at present. Granted, it IS a beta, and
therefore minor or even major teething issues have to be expected and are
quite understandable. After all, MS is asking users for help to refine such a
product, which hopefully in some distant or not so distant future will evolve
to become a far better product.

All the issues I mentioned before don’t really bother me – MS Defender is a
beta, a beta and still a beta …

What does bother me however (and going by various other newsgroups I’m not
all alone here), is why MS in its wisdom has decided to expire MS AntiSpyware
which was a reliable, resource efficient and security effective product.
Perhaps it would have been better to let MS AntiSpyware run until such time
that MS Defender comes out of beta and has proven its worth?!

The other criticism I have with MS Defender is that it appears at this
admittedly early (read: beta) stage, that MS would prefer users to have the
Automatic Update service permanently enabled, something I see little value
in. As pointed out to me in this thread, one can manually updated MS
Defender’s files and definitions, but it does appear MS would rather prefer
the user becoming dependent on the Automatic Update service.

It is exactly such forced dependency why more and more users are considering
switching to alternative OS’s.

Don’t get me wrong; I am all for the ability to update, but not an enforced
one!

On that note, I recently had a quick play with the latest public release of
MS Vista on one of the Dell M90’s, and feel that the above mentioned trend of
making the user more and more dependent on MS’s Automatic Update service is
continuing in leaps and bounds. Not a promising sign!

Lastly, I am not so much attacking MS Defender, as you imply, since it is
still in beta, but I am very much questioning the wisdom behind withdrawing
MS AntiSpyware before a reliable and proven alternative has been put in place.

On a last note, I fail to see how MS Defender whenever it comes out of beta,
or any other security product for that matter, would be able to detect &
eliminate unknown malware/threats, never mind heuristics et al. A good
hardware firewall, plus an effective software firewall still remain our best
hopes – or should I say bets?!

Thanks for all - Akita