What would you like in Windows Defender 2.0?

[Guest]

I would like to see Defender have the ability to be used as an on demand
scanner. I don't have much use for an "always on" antispyware app.

But it has that ability already. All you need to do is switch off the real
time protection under 'options'. When the beta version had all those restore
point problems a few months ago, I used Defender in this way for a while.

But I can't think why you'd want to be without the real time protection,
unless you already had some other application that was protecting you. Surely
it's better to stop the malware at the outset, rather than discover it later,
by a scan?

 

[Guest]

I see some people want WD to be even more simple minded than it is already

Now you see, here is the crux of the problem. 'Even more simple
minded'??Defender only seems simple-minded to a tiny proportion of the people
who use it. For the overwhelming majority of users (see Robin's post above
for some hard evidence, based on experience, if you need any), Defender is
mainly incomprehensible. Heck, it's mainly incomprehensible to ME - and I
have behind me two scientific degrees, some (now out-of-date) computing
experience, and many months of paying close attention to the advice given on
this news group.

There is a really important communication problem that runs right the way
through Defender at every level; but over and over again, it just gets
ignored as if it doesn't matter. It's typified by the mystifying bubble that
pops up notifying users at every restart that Defender has made a
registration change for itself. Nine users out of ten will not have the
faintest idea what that means, nor whether they should worry about it. This
is just one of dozens of examples of the ways in which Defender's poor
communications defeat its object.

(Incidentally, it's not enough to suggest that they shouldn't have ticked
the 'notify' box in the first place, because most people, faced with the
choices presented under 'options', may well think it a good idea to be
notified of software changes. Yet the software change they are then most
likely to be notified about, day after day, is the totally unnecessary
information that Defender has made a change to itself!)

 

[Robin]

it can update daily as long as it doesn't set a restore point each time.
robin

 

[Robin]

hey Joe!
Get all these suggestions?
You should print them all out and show them to the WD team.
The ones who have posted here, most have been with WD from its early beta
time to now, I have been here for about 7 or eight months myself and all of
us have the knowledge to tell you since we have been beta testing it on many
different computers, what WD 2.0 should have in it, to make it more "user
friendly".
Hopefully Microsoft will listen to all our suggestions since we who have
been here all the time have the most knowledge on how WD "ticks" and works.


regards,
Robin

 

[Guest]

Thank you, Alan D, for saying what I have been trying to say in questions on
this message board. Your comments are much more graphic and coherent than
mine! Hope a VIP reads it and responds!

 

[Guest]

Amen

 

[Anonymous Bob]

already

Now you see, here is the crux of the problem. 'Even more simple
minded'??Defender only seems simple-minded to a tiny proportion of the people
who use it. For the overwhelming majority of users (see Robin's post above
for some hard evidence, based on experience, if you need any), Defender is
mainly incomprehensible. Heck, it's mainly incomprehensible to ME - and I
have behind me two scientific degrees, some (now out-of-date) computing
experience, and many months of paying close attention to the advice given on
this news group.

<snipped good stuff>

Well...perhaps this will help:
http://www.microsoft.com/emea/itsshowtime/sessionh.aspx?videoid=359
Perhaps not...

Bob Vanderveen

 

[Guest]

It would be nice if it were so simple. Using Defender as you suggest still
leaves msascui.exe running, which is the executable for the defender GUI.
This can be terminated but causes an error message when Defender is
restarted. This can be resolved by manually restarting msascui.exe. What a
PITA. And no, I don't see any benefit to using real time protection when it
uses about the same amount of resources as an actual malware infection and it
does not protect against nor can it remove any of the most onerous malware
like Winfixer or Virusburst.

 

[Joe Faulhaber[MSFT]]

Hi Tim,

Right, that's because Windows Update (which WinDefend is using) is creating
the restore point. Believe me, if we could allow you to avoid this (short
of using Engel's link) we would.

I would agree that a non-WU definition delivery channel is needed,
definitely.

Thanks for the feedback,
Joe

 

[Joe Faulhaber[MSFT]]

Thanks, Alan,

I'm not a VIP, but I do work on the product team, and I can't argue with
your feedback at all, and have given some of it myself. We do indeed have
focus groups just like you're recommending, but that's something we need to
be sure to repeat, and to carefully consider what we learn there.

Thanks, I'll be forwarding your equolent request around.

Regards,
Joe

 

[Guest]

I don't see any benefit to using real time protection when it
uses about the same amount of resources as an actual malware infection and it
does not protect against nor can it remove any of the most onerous malware
like Winfixer or Virusburst.

Well, I confess I don't know enough to be able to argue the point, Jim. But
this seems to be diametrically opposed to the great majority of views
expressed in this newsgroup - indeed, during the period when I did switch
Defender's rtp off, I was frequently advised to switch it back on (and put up
with the multitude of restore points it created) because the rtp was such a
Good Thing. So ... there is great scope for confusion here!

 

[Guest]

We do indeed have
focus groups just like you're recommending, but that's something we need to
be sure to repeat, and to carefully consider what we learn there.

Thanks for replying Joe - it's reassuring to be heard and understood!

There's one related point that I'd like to make, because it worries me that
many techies assume that they know best about what the rest of us need (as
indeed they do, as long as we're talking about technical stuff, but when it
comes to the user interface, they nearly always don't). When user tests are
run with my suggested dozen folk picked randomly off the street, if the
guinea pigs don't understand something that Defender tells them, then it's
important to adopt the attitude that the fault lies, NOT with them, but with
Defender's failure to communicate. It's no use falling back on the idea that
Defender's communications are accurate and therefore basically OK, but that
the folk in the test group are too stupid to understand. That would just be a
sterile exercise. True, you could tick the box that says 'tested by focus
group' to satisfy the marketing department, but you'd have achieved nothing.

When the student puts his hand up in class and says that he's tried to
understand what the teacher said about simultaneous equations, but he just
can't, then it's the teacher's job to find another way of explaining that he
CAN follow. It's no use insisting that the original explanation was a
perfectly good one.

 

[Joe Faulhaber[MSFT]]

Sweet, a question I have a slam-dunk answer for.

We've had EICAR in our definitions for about two months now, which also
means we're not communicating the content of the definitions very well, but
that's another issue.

For those of you who want to know what we're talking about, the EICAR group
came up with a harmless file detected by antivirus products so you can
safely verify the product's working. If you haven't seen Windows Defender
detect something, visit http://eicar.org, download the 68 byte file
eicar.com.txt, and copy it to your startup folder. Your AV solution (that
you should be running in addition to Windows Defender) will also pick it up.

Good question, Engel.

Regards,
Joe

 

[Robin]

oh Joe- what about mine?
robin

Thanks, Alan,

I'm not a VIP, but I do work on the product team, and I can't argue with
your feedback at all, and have given some of it myself. We do indeed have
focus groups just like you're recommending, but that's something we need
to be sure to repeat, and to carefully consider what we learn there.

Thanks, I'll be forwarding your equolent request around.

Regards,
Joe

 

[Guest]

Joe, can you hear me laughing? I used your link to go to EICAR and tried to
download the file; LiveOneCare flashed the message that the file had a virus,
and the file was going to quarantine. I tried a second time and got the same
message.
Glad to know LOC is working - first time I've ever seen the warning - but I
have to laugh that it chose the EICAR download to act on.

 

[Guest]

A better explanation of SpyNet. I have read the documentation and I am still
clueless. I don't know when SpyNet is influencing the scanning process or
Software Explorer.

 

[Guest]

Thanks, I wish that we could vote on this. It would save a lot of time and
hassle if it was sorted out.

Fingers crossed!!

 

[Guest]

I use Defender quick scan once a day and full system scan once a week. The
full scan is usually the last thing I do on Saturdays before going to bed.
What I would like to see is the ability to shut the computer down after the
scan runs if nothing is found. Right now the full scan takes about 50 minutes
with all the programs I have on my computer. Thats a long time to wait just
to shut off the computer. It would be nice if the program could do it by
itself, as long as no threats are found.

 

[Joe Faulhaber[MSFT]]

Hi Robin,

We're getting them all - I'm sending some posts out in email verbatim, and
we do talk about this feedback. And acutally, I'm happy to say we've been
working on many of these issues already, but more feedback is definitely
good.

Thanks much!

Joe

 

[Joe Faulhaber[MSFT]]

Hi Mr Cat,

Getting the app name doing changes is kinda tough - you pretty much need to
have doe in kernel mode to figure it out. But that's been high on our list
for quite some time, and I think we'll get it done.

Deny of unknowns does quarantine today - could you elaborate on what you're
looking for?

The safe mode thing we've talked about alot, I'll make sure it's on the
list.

Thanks for the feedback!

Joe