A
Andre Da Costa
Chat Topic: Windows Defender Chat
Date: Friday, January 20, 2006
Ron Franczyk (Expert):
Q: Which programming language is Windows Defender written in, is it still
VB, because a lot of people were moaning over this?
A: C++
Sam White (Moderator):
Hi I'm Sam White and I work on the Windows Beta Team and I will be
moderating today.
Sterling Reasor (Expert):
Hi, my name is Sterling Reasor and I am a Program Manager working on Windows
Defender. My main responsibilities are overall user experience.
Tareq Saade (Expert):
Hello everyone. I am a program manager at Microsoft working on Windows
Defender. Amongst other things, I support Microsoft SpyNet, documentation
and various infrastructure related items.
Jason Joyce (Expert):
Hello my name is Jason Joyce and I am a Program Manager working on Windows
Defender.
Jeff Williams [MSFT] (Expert):
I'm Jeff Williams and I've just joined the AntiSpyware team. My focus is on
community outreach (you guys!) so I expect we'll be talking a lot more in
the newsgroups. You may know me from some of the expert forums (CastleCops,
Spyware Warrior, etc.) as MisterX .
Andrew Newman (Expert):
Q: So is that Managed C++ or is it not .NET?
A: Native C++
Jason Joyce (Expert):
Q: Will BETA 2 of Windows Defender support Windows 2000?
A: Currently we plan to offer Windows Defender Beta 2 for Windows 2000,
Windows XP, Windows Server 2003 and of course Windows Vista.
Sterling Reasor (Expert):
Q: When can we expect new AntiSpayware (like Defender in Vista) for other
Windows versions?
A: We are currently working on a downlevel version of Windows Defender. We
hope to have release details available in the near future.
Tareq Saade (Expert):
Q: What role will Spynet continue to play since its not a pivotal part of
the product in terms of community and receiving updates?
A: Microsoft SpyNet is a pivotal part of the product. We will continue using
it to collect voting data and improve our definitions.
Jason Joyce (Expert):
Q: Are there any plans to include Windows Defender in Longhorn Server, since
it already includes a Firewall similar to the client?
A: Windows Defender will be included in all versions of Windows Vista
Ron Franczyk (Expert):
Hi, I'm Ron Franczyk, a founder of GIANT Company Software, and now doing
Security Incubation work at MS, including completing the transition of
Windows AntiSpyware into the new Defender technologies.
Sterling Reasor (Expert):
Q: What does the Windows Defender icon in Windows Vista mean? I don’t like
it, I would have preferred a shield or insect spray can.
A: The current circular red and blue icon is a placeholder icon. You'll see
the final Windows Defender icon in the next Vista CTP build.
Jason Joyce (Expert):
Q: Can this be used with other OS's? XP, 2000, 2003, R2 ?
A: Currently we plan to offer Windows Defender Beta 2 for Windows 2000,
Windows XP, Windows Server 2003 and of course Windows Vista.
Andrew Newman (Expert):
Hi, my name is Andrew Newman. I am also one of the founders of GIANT
Company. I currently work on AntiMalware technologies incubation work with
Ron Franczyk.
Sterling Reasor (Expert):
Q: The interface of Windows Defender lookes difficult for new computer
users... Wil it have more wizard functions soon?
A: Actually, usability feedback has shown that the redesigned UI of Windows
Defender is much easier for novice users to handle. You won't see separate
wizards to do Windows Defender functionality. In fact, this UI is built
using the Windows Vista user experience guidelines.
Ron Franczyk (Expert):
Q: Any specifics on when BETA 2 of Windows Defender will be released for
Windows XP?
A: Current discussions are to release Beta2 - 1st Quarter of 2006
Tareq Saade (Expert):
Q: Will defender also come available in other languages or English only
A: Localized versions of Windows Defender will be available in the future.
Jason Joyce (Expert):
Q: Will there be an mmc to manage the corporate settings, or will it be
something you have to do in an OU
?
A: Windows Defender will support remote configuration using Group Policy
Kalid Azad (Expert):
Hi, I'm Kalid Azad, a program manager on Windows Defender. I've been working
on the Definition Updates for Windows Defender.
Ron Franczyk (Expert):
Q: Are there chances that my own software would be rated spyware even though
they aren't? (If it's an automatic rating process...)
A: Its not an automatic rating process, so No.
Tareq Saade (Expert):
Q: How do you uninstall Windows Defender or is not suppose to be
uninstalled?
A: In Windows Vista, you will be able to disable Windows Defender.
Sterling Reasor (Expert):
Q: Does Windows Defender include cookie scanning?
A: No. Windows Defender is designed to scan and remove spyware and other
types of potentially unwanted software. Cookies don't fall into this as they
are innocuous files that can't compromise your computer.
Tareq Saade (Expert):
Q: Every time the Windows Vista start, the Windows Defender scans all disk
leaving the system slow. Can we modify this activity?
A: You can configure the time that Windows Defender scans your computer, or
you can turn scheduled scans off if you like.
Jeff Williams [MSFT] (Expert):
Q: Why did Microsoft choose GIANT over other vendors on the market such as
Adaware and Spybot that have proven to be very effective in their fight
against Spyware?
A: Microsoft chose Giant over other AntiSpyware products after a careful
review of many products in the market. Giant represented best of class
technology in many ways and as a result represented an excellent opportunity
for Microsoft to enter this market.
Andrew Newman (Expert):
Q: How often will Definitions be released for Windows Defender ?
A: There is no set schedule. With that said definitions can be released at
anytime, from multiple times daily to at a minimum weekly. This purely
depends on the nature of items being added to the signatures and the threat
they present to users.
Tareq Saade (Expert):
Q: Can it made be able to let Defender scan when turning off your system.
Like Microsoft Update?
A: That's a neat suggestion.
Jason Joyce (Expert):
Q: At the risk of asking a very banal question, can someone sketch what
components Windows Defender will include--and will it include Win One care
Live in some versions?
A: Windows Defender is a separate offering from Windows OneCare Live.
Windows Defender will be a part of Windows Vista where OneCare is a separate
product. OneCare also stuff like virus scanning, firewall settings,
tune-ups, and file backups. You can find more information about OneCare
here: http://www.windowsonecare.com/
Ron Franczyk (Expert):
Q: Will the version of Windows Defender made available for Windows XP be any
different in terms of features and functionality compared to the bundled one
in Vista?
A: They are very similar, with Vista's version taking advantage of User
Access Protection.
Sterling Reasor (Expert):
Q: Why has Windows reached the point where it needs to include an
AntiSpyware utility?
A: The computer ecosystem continues to change and when you look around
today, spyware, adware and other types of potentially unwanted software have
become a huge topic. The real problem with Windows today is that it does not
provide adequate visibility and control over the software running on your
computer. One of the main goals of Windows Defender is to improve visibility
and control. Thus, I think of Windows Defender as more than an 'AntiSpyware
Utility."
Jason Joyce (Expert):
Q: Are you planning to have corporate update servers rather than relying on
Microsoft update servers in the Internet?
A: Yes, a corporation can choose to use Windows Server Update Services
(WSUS) to federate and approve definition updates for Windows Defender in
their environment.
Sterling Reasor (Expert):
Q: How different will the bundled version of Windows Defender in Windows
Vista be to the commercial offering?
A: The standalone version of Windows Defender will be available at no
additional charge for licensed Windows customers. The feature set between
the Windows Vista version and the downlevel version are the same. However,
the version in Windows Vista does take advantage of Windows Vista features,
such as User Account Protection.
Jeff Williams [MSFT] (Expert):
Q: Why has Windows AntiSpyware for Windows XP/2000 been in BETA for over
year now, that’s a bit long for such an application?
A: The priority for development has been integration with Vista. Because
beta 1 was essentially a rebranding of Giant's very successful and useful
product development focus has been on inclusion with Vista and on the
upcoming beta 2 of Windows Defender.
Ron Franczyk (Expert):
Q: Will Windows Defender stay free? Or will Microsoft charge to for it
later?
A: Windows Defender will be provided at NO cost for all Validated Microsoft
Windows Users.
Sterling Reasor (Expert):
Q: Why not leave the name AntiSpyware? I found it very descriptive, and now
it's kind of like a TV show.
A: We switched the name because "AntiSpyware" is not exactly on target with
the functionality provided in Windows Defender. It goes after Spyware,
Adware, and other types of potentially unwanted software.
Kalid Azad (Expert):
Q: Kalid, I was notified that an update for the defs of WD was available on
a Toshiba 1800 laptop, XP Pro SP2. WD was uninstalled. Why the prompt for
the update ?
A: Hi, we have a known issue with our Beta setup where signatures remain
after uninstall, and thus updates are still offered. We are working updating
our setup to resolve the issue, and are revising our updates to detect this
condition.
Jeff Williams [MSFT] (Expert):
Q: Is the current user interface for Windows Defender final?
A: No. The beta process is an active one and we are making continuous
refinement to the UI.
Ron Franczyk (Expert):
Q: Windows Defender currently protects against malicious code coming through
the browser, is this defense also supported through e-mail clients such as
Outlook Express, Office Outlook and Windows Mail?
A: Windows Defender Beta 2 uses the IofficeAntivirus interface to intercept
file downloads through any application that leverages the Attachment
Manager. This includes IE and Outlook Express.
Kalid Azad (Expert):
Q: Is Windows Update always involved with Windows Defender, or does it get
it's own Updater?
A: Windows Defender uses the Windows Update infrastructure to get updates,
rather than its own update mechanism.
Tareq Saade (Expert):
Q: Will users be able to add or except adware?
A: Yes, Microsoft believes that administrators should always have the right
to decide what software runs on their machines.
Sterling Reasor (Expert):
Q: Could you tell me a little bit about integration between Internet
Explorer and Windows Defender?
A: Internet Explorer uses the Attachment Manager, which we introduced in XP
SP2. There is a public API that allows IE to call Windows Defender to scan
packages before it runs or saves them.
Adam Overton (Expert):
Q: Are there still features of Windows Defender that are on the table being
debated?
A: Improving products is always a balance of addressing specific customer
needs, and stabilizing what we have and shipping it. I can't really say the
debate is ever closed, it's often just a matter of choosing which release
will get a given feature.
Sam White (Moderator):
Q: Can we post this chat session on our blogs?
A: Yes, that would be fine as long as attribute it to the Windows Technical
Beta.
Andrew Newman (Expert):
Q: Will Defender be a free service?
A: Windows Defender will be available at no additional cost for computers
running a licensed version of Microsoft Windows.
Ron Franczyk (Expert):
Q: Does Windows Defender support third party browsers such as FireFox or
Netscape?
A: Windows Defender scans for and cleans any spyware that is detected on the
machine regardless of the browser used to download it, however there are no
protection integration points built for Firefox.
Adam Overton (Expert):
Q: Will Windows Defender scan quiker soon?
A: We've put significant effort in to our upcoming Beta 2 to improve scan
times.
Jason Joyce (Expert):
Q: Will the central management tool (to be included in Longhorn server,
hopefully) be able to also control the Antivirus product you'll be
beta-testing this year as well?
A: Unfortunately this is a bit out of scope for this chat, but you can read
more information about Microsoft Client Protection here:
http://www.microsoft.com/windowsserversystem/solutions/security/clientprotection/default.mspx
Jeff Williams [MSFT] (Expert):
Q: How will Microsoft determine what is malware? Will there be options to
screen products that are borderline malware products?
A: Microsoft uses a set of objective criteria to make determination on any
given piece of software. Based on the specific behaviors of the software in
areas such as notification, consent, use of data and technical
considerations such as install/uninstall experience a determination is made
for each piece of software reviewed. We regularly re-evaluate software as
the software changes or as the criteria change.
Adam Overton (Expert):
Q: Are there anymore features left to be implemented or are we seeing the
final product?
A: Our upcoming Beta 2 will have significant changes.
Andrew Newman (Expert):
Q: Will Defender be a Subscription based service??
A: Windows Defender will be available at no additional cost for users
running a licensed version of Microsoft Windows.
Adam Overton (Expert):
Q: Will Defender include Antivirus in the future?
A: We have no plans to include Antivirus in Windows Defender at this time.
Jason Joyce (Expert):
Q: Is the release of Windows Defender included in Windows Vista BETA 2 or an
interim release?
A: Windows Defender is part of Windows Vista and therefore will be in Vista
Beta 2
Ron Franczyk (Expert):
Q: Does Windows Defender run as a serviece so it works correctly when a non
privileged use is logged in?
A: Yes. Much work was done to ensure full protection is available for
standard users.
Adam Overton (Expert):
Q: Are there any plans to bundle the final version Windows Defender with
Internet Explorer 7 for Windows XP SP2?
A: Windows Defender will continue to be available at no additional charge to
licensed users of Windows XP SP2, but it's not tied to Internet Explorer 7.
Tareq Saade (Expert):
Q: Is it safe to stop the Windows Defender Services in build 5270?
Sometimes, MS software has dependencies (outside of service dependencies)
that make it unwise to disable a service.
A: You wont be safe from potentially unwanted software
but I don't think
we've noticed any problems with Windows Vista if you turn Windows Defender
off in build 5270.
Sterling Reasor (Expert):
Q: What are the top 5 features users should look forward to in Windows
Defender?
A: In no specific order, here are some of my favorite feature adds: The
ability to run scans and remove spyware and other potentially unwanted
software as a non-admin; definition updates can include engine updates as
well as new signatures - this means we can handle new 'threats' without
having to release a completely new build; localization & accessibility
support; completely re-designed and refreshed user interface; improved
software explorer views that classifies software as 'allowed', 'potentially
unwanted' or 'not yet classified.'
Kalid Azad (Expert):
Q: Will you adopt the Anti-spyware coalition's definition of Spyware,
Adware, and Potentially Unwanted software as your working model for defining
unwanted applications?
A: Microsoft has been an active participant in the Anti-Spyware Coalition
(ASC). Recently, the final version of a Risk Modeling document was released,
which lays the framework for identifying what behaviors are considered
potentially unwanted. As a member of the ASC, Microsoft's internal policies
are aligned with this risk modeling document.
Jason Joyce (Expert):
Q: Can we expect a central management point for a corporate environment?
A: Windows Defender will support remote configuration using Group Policy
Tareq Saade (Expert):
Q: Is it safe to assume that if WD doesn't scan Cookies, it also won't clean
out MRUs and other History lists?
A: That is correct. IE7 has a new feature to 'erase your tracks', which you
can use.
Ron Franczyk (Expert):
Q: Will defender be a component or will it install by default? much like
hyperterminal is a component
A: Defender is a built in technology for Vista.
Adam Overton (Expert):
Q: Does Windows Defender protect against other types of malicious code such
as Trojans and Viruses or a dedicated AntiVirus utility is still needed for
those?
A: Although there is sometimes overlap between the potentially unwanted
software that Windows Defender is designed to identify and the clearly
malicious software identified by AntiVirus products, we recommend you
install a specific AntiVirus product in addition to Windows Defender.
Sterling Reasor (Expert):
Q: Will new versions of Windows Defender be released over time for Windows
Vista or new versions will only be released with new versions of Windows?
A: we plan to have versions of Windows Defender available for both downlevel
and for the most recent release of Windows.
Adam Overton (Expert):
Q: Adam, Defender ought to include anti-virus (or integration with
anti-virus) only because from a marketing perspective, "Defender" sounds so
all inclusive.
A: You are so right about the inclusiveness of the name! One of the reasons
the Windows Defender name is great is because it allows us to continue to
innovate and broaden its protection. However, there's no assumption that the
broadening of the protection has to happen in the antivirus space.
Tareq Saade (Expert):
Q: will windows defender be created for x64 OS'es and when will these be
released?
A: There will be a future x64 CTP which will include a native 64-bit version
Windows Defender.
Sterling Reasor (Expert):
Q: Will Defender become smarter about not starting a scan and taking over a
machine when resources are low?
A: We take machine performance very seriously and we intend to improve
Windows Defender performance in future CTP releases.
Jeff Williams [MSFT] (Expert):
Q: Why the spyware Claria have been allowed in the last Xp build ?
A: There is a more detailed answer to this at
http://www.microsoft.com/athome/security/spyware/software/claria_letter.mspx
but the essence of it is that Microsoft has a set of objective criteria
against which we review software. We also have a process for software
vendors to initiate a dispute of our rating. It is essential that we are
consistent with how we assess software. We do, however identify Claria
software as a Moderate threat. The default action is to keep the software
but, at the same time, we do allow the user to decide what action to take-
including remove or quarantine the software.
Sterling Reasor (Expert):
Q: Will Windows Defender have a different look when it will be released?
A: You will see some UI improvements in future CTP releases of Windows
Vista. But on the whole, the UI you see now is close to what you'll see in
the RTM release.
Ron Franczyk (Expert):
Q: Where can we get the Windows Defender downlevel beta?
A: Windows AntiSpyware Beta1 is available directly from the Microsoft Home
Page www.microsoft.com - Beta2 which is the Defender branding will be
available before Beta1 expires.
Adam Overton (Expert):
Q: Will windows Defender if it includes AV functionality also spell the
functionality of the MSFT Malicious software tool that is evolving?
http://www.microsoft.com/security/malwareremove/default.mspx
A: Windows Defender is not antivirus protection, and the Malicious Software
Removal Tool is a cleaner tool, and also not a replacement for a full
antivirus product. We plan to continue releasing MSRT on the second Tuesday
of each month.
Jeff Williams [MSFT] (Expert):
Q: If one noticed a wrong item detected as malware, will there be a easy way
to report this?
A: Yes. You can submit a false positive report at
http://www.microsoft.com/athome/security/spyware/software/isv/fpform.aspx
Tareq Saade (Expert):
Q: Can Defender be set to run in the background or only while a comptuer is
locked or screensaver is running?
A: Windows Defender should be able to always scan in the background. Windows
Defender can even scan prior to any user logging in.
Sterling Reasor (Expert):
Q: Is the windows defender related to or in control of the feature where
certain programs that call other files are prompted to "permit or deny"?
A: I think you are asking if Windows Defender communicates with the UAP
feature. Currently, Windows Defender does not.
Kalid Azad (Expert):
Q: How does Windows Defender rates a software as being spyware? Is it an
automatic process?
A: Microsoft's analysis team examines software against a number of factors
before making a determination about spyware, adware, or other potentially
unwanted software. Documents explaining the analysis process in more detail
are available here:
http://www.microsoft.com/athome/security/spyware/software/isv/analysis.mspx
http://www.antispywarecoalition.org/documents/index.htm
Adam Overton (Expert):
Q: How will Microsoft determine what is malware? Will there be options to
screen products that are borderline malware products?
A: Our team of analysts use an objective criteria, which you can read at
http://www.microsoft.com/athome/security/spyware/software/isv/analysis.mspx,
to determine the recommendation. This objective criteria continues to be a
discussion we have with the rest of the antispyware community.
Jason Joyce (Expert):
Q: Can I harden the defender to meet the needs of a computer in the home
with young children?
A: There is an option to configure Windows Defender to only allow an
administrator to launch a scan and remove potentially unwanted software.
Ron Franczyk (Expert):
Q: Will there be a function in Windows Defender that watches the TaskManager
for any suspicious running applications like known viruses/spywares ?
A: yes.
Adam Overton (Expert):
Q: Will Windows Defender become a fee service? Or a free product but pay
features involved for certain things?
A: We plan to continue to offer Windows Defender to licensed users of
Windows at no additional charge.
Jeff Williams [MSFT] (Expert):
Q: How does Windows Defender rates a software as being spyware? Is it an
automatic process?
A: We have a team of analysts who review individual pieces of software to
determine their behavior. In addition to the direct analysis the team can
use voting data submitted to Spyware to help prioritize which potential
threats should be examined first or examined in more detail.
Sterling Reasor (Expert):
Q: What differences will we see between the current beta and Defender?
A: I think you are asking what you'll see different between the current
Windows AntiSpyware Beta1 and standalone version of Windows Defender Beta2.
The standalone version of Windows Defender will be very similar to the
Windows Vista version.
Adam Overton (Expert):
Q: This is what we have hoped for in now we can adjust to meet our needs in
the work place or at home with children this is essential today, how will
this work in relation to a anti virus software?
A: You can use Windows Defender side by side with antivirus products.
Ron Franczyk (Expert):
Q: Are the known crashes in the Defender UI fixed in the next CTP?
A: yes
Jason Joyce (Expert):
Q: How far is defender coming along in the current vista builds. Is updates
to the program being updated by windows updates without bugging the user to
muhc.
A: Windows Defender will receive new definition updates via Windows Update.
If the Automatic Update client is configured to automatically download and
install new update then this will all happen in the background.
Kalid Azad (Expert):
Q: The WD icon still shows the exclamation point after installing the latest
def. How does one get rid of it ?
A: Thanks for the input, this is a known issue in the current build. You can
clear the exclamation mark by running a scan with the new definitions, or
closing the tray icon and re-opening Windows Defender.
Adam Overton (Expert):
Q: wat will be the effect of windows defender on system's performance, will
it make it more slow??
A: As we know customers are concerned with the performance of their
machines, we're always looking to make sure that Windows Defender has the
minimal performance impact while still providing the best protection.
Sterling Reasor (Expert):
Q: in the coming ctp or beta2 build of vista what can else can we exspect
windows defender to do/ features that are not in the current builds.
A: we are currently working on the final feature set
Ron Franczyk (Expert):
Q: When will WD be available for XP Pro x64?
A: Beta2 will support x64 on XP.
Jeff Williams [MSFT] (Expert):
Q: is Microsoft running a seprate beta for WIndows Defender or is it going
along with Vista?
A: There are multiple betas for the anti-spyware technology. The Vista CTP
includes Defender technology and Defender will be what is released in the
public beta 2. Microsoft also does internal betas of interim builds.
Jason Joyce (Expert):
Q: what are the final system requirements for Windows Defender
A: Windows Defender will have no additional requirements beyond what is
needed to run Windows Vista.
Tareq Saade (Expert):
Q: How can we vote for a software as being malware or not?
A: If you become a SpyNet advanced member, actions you take will be used to
help us prioritize action items.
Ron Franczyk (Expert):
Q: Can it made be possible to stop all internet activity with Defender?
A: No.
Adam Overton (Expert):
Q: How does Defender and OneCare compare?
A: Windows Defender represents protection from potentially unwanted software
where it is not always clear whether the software is actually malicious.
OneCare has a variety of capabilities, not just limited to antivirus, but
also providing system tune up through defrag, backup features and more.
Sam White (Moderator):
We have about 20 minutes left. If you have asked a few questions already we
ask that you hold off asking any more so we can have a chance to get to
finish what we hace.
Sterling Reasor (Expert):
Q: When can we expect more coordination between UAP dialogs, anti-spyware
dialogs, firewall dialogs, etc. There's a lot of stuff to block and allow
and it seems that the separation of the products and their prompts adds to
users' confusion about what's good.
A: This is an excellent question. We are having internal discussions to
improve the overall experience of using Windows Vista, and streamlining the
dialogs is very important to us.
Ron Franczyk (Expert):
Q: Re Q78: The question is: Is there any integration with Parental Control?
A: no
Adam Overton (Expert):
Q: Will Defender be offered in enterprise friendly-versions i.e., with
console control?
A: Our offering for protection in the enterprise is Microsoft Client
Protection:
http://www.microsoft.com/windowsserversystem/solutions/security/clientprotection/default.mspx.
Sterling Reasor (Expert):
Q: Will Defender have more options and advanced settings for warn windows?
A: Windows Defender's UI is designed to provide a simple UI on first
interaction. If you click the 'review' button or click to see details after
a scan is run. On this detailed page, you can choose specific actions for
each detected item. In the settings page, you can tweak several settings in
Windows Defender.
Adam Overton (Expert):
Q: Will Defender support third party browser (like Firefox, Opera), or is it
only available for IE7?
A: Windows Defender offers protection independent of your browser choice.
Tareq Saade (Expert):
Q: what is required to become a SpyNet advanced member?
A: You need to select it from the SpyNet configuration page in Windows
Defender, and you need to have administrator privs.
Sam White (Moderator):
Q: BTW, I like the naming Windows Defender... Back in the late 70ies, early
80 I was a fan of "Defender" Arcade game ;-)
A: I'm a big William's fan myself.
Jason Joyce (Expert):
Q: Will it be possible to change the settings from defender to allow third
party's software to run side by side?
A: Yes you can disable Windows Defender in the current builds (and in future
builds). You can see this in the Options view
Ron Franczyk (Expert):
Q: Will windows Defender have a backup option incase it deletes certain
files, which werent meant to be removed?
A: All spyware files removed by Defender can be Quarantined which will allow
you to revrert the action.
Tareq Saade (Expert):
Q: How do we become a SpyNet advanced member
A: Please see QA199
Jeff Williams [MSFT] (Expert):
Q: What kind of data Windows Defender transfers to SpyNet?
A: Windows Defender allows for two different levels of participation in
Spynet. The basic level sends information about suspected files. The
advanced level captures memory on the process, file path and similar. With
the advanced level there is a possibility that some personally identifiable
information would be sent inadvertantly which is why we give users the
opportunity to choose what level of participation the prefer (none, basic,
or advanced).
Tareq Saade (Expert):
Q: How do we become a SpyNet advanced member
A: Sorry, I mean 119: You need to select it from the SpyNet configuration
page in Windows Defender, and you need to have administrator privs.
Kalid Azad (Expert):
Q: will windows defender updates be deemed as 'critical updates' so that
users with less bandwidth will still get the updates?
A: Updates for Windows Defender will be in a new classification called
"Definition Updates". We are working with the Windows Update team to ensure
these updates are prioritized appropriately.
Sterling Reasor (Expert):
Q: Will Defender contain all the features that are in the current Microsoft
Anti-Spyware beta1 release?
A: The goal of Windows Defender is to protect users from potentially
unwanted software. You'll see new features and capabilities to better detect
and remove items in our defintions. What you won't see is some of the
features that overlap with existing Windows Vista features. For example,
tracks erasers is not in Windows Defenders. This is because you can use IE7
to blow away your MFU, cookies, etc.
Ron Franczyk (Expert):
Q: Will Safe Mode be needed for the removal of spyware, like other programs
out there?
A: For most SPyware applications Safe mode will not be needed, however in
some instances it can not be avoided.
Sam White (Moderator):
Q: Will Windows Defender chat be posted for download
A: Yes to the Vista Techbeta website and we will post it to the Newsgroups
as well.
Sterling Reasor (Expert):
Q: Is the scan screen corruption fixed yet in Windows defender scan option?
A: I think you are referring to the font bug where 'objects' looks funny.
Yes, it's fixed in the next CTP.
Jason Joyce (Expert):
Q: Will Windows Defender in Windows Long Horn server as well ?
A: Windows Defender will be included in all versions of Windows Vista
Adam Overton (Expert):
Q: Windows Vista will be works well with antivirus and firewalls of
symantec, macfee and others?
A: These third parties are important partners for Microsoft and our shared
customers, we work with them to insure they can work with Windows Vista
through plugfests and the Microsoft Virus Initiative forum, etc.
Ron Franczyk (Expert):
I have to leave the chat early, thanks for all the great questions.
Andrew Newman (Expert):
Unfortunately I need to exit early as well. Thank you everyone for your
great questions.
Adam Overton (Expert):
Q: Why is it Defender is slow, compared to the SBC/Yahoo! anti-spyware?
A: It's difficult to answer without a lot more data: I'd love to claim it
was more complete protection, but realistically there could be a number of
factors, not the least of which is that it is still Beta software.
Jason Joyce (Expert):
Q: Will there be any form of centralized reporting available to corporate
administrators?
A: Windows Defender will include information about detections and/or
removals in the Event Log. A central administrator can review these events
for more information about activity on machines in their environment
Sterling Reasor (Expert):
Q: I get this all the time in Build 5270: Windows Defender encountered an
error:0x80078012. An unexpected problem caused the scan to fail. Try to Scan
your computer again.
A: Please file a bug on this. Please send the tracking number to
(e-mail address removed).
Adam Overton (Expert):
Q: will it be possible to 'slipstream' updates for the definitions into
Vista / Longhorn builds for dsitribution as we do with hotfixes?
A: Windows Defender has a mechanism for regular signature updates.
Tareq Saade (Expert):
Q: I can confirm Q83 with just 0x8007800d instead. Shall I file that as
well?
A: Please do.
Jeff Williams [MSFT] (Expert):
Q: Will Microsoft refuse to back down when a spyware/malware producer
threatens to sue if MS doesn't take them off the "bad" list? I should hope
not...
A: Microsoft has a set of objective criteria for analysis for exactly this
reason. It is important that we are able to have a strong position should
the scenario you suggest occur and being absolutely consistent in our
handling of all software is a key part of this. We have not removed a piece
of software which triggers our objective criteria from detection solely due
to threat of a lawsuit and have no plans to do so. Vendors who have
concerns that their software has been inappropriately flagged do have the
option of submitting either a false positive or vendor dispute.
Jason Joyce (Expert):
Q: Jason, Q5 == Q209 == still not answered as Longhorn Server is not Vista.
Please clarify. Thx.
A: Sorry for the confusion. You are correct in that "Vista" refers to the
client offerings. Longhorn Server doesn't have an official name yet. What I
meant was that Windows Defender is part of the new OS base so will be a part
of Vista and LH Server.
Adam Overton (Expert):
Q: When Defender asks if I want to allow an action, is the action done only
after authorization, or is it always done and Defender just undo the action
when I deny it?
A: There are cases for both.
Sterling Reasor (Expert):
Q: Lets say I have tuned Vista to be where I need it and allow a guest to
use the computer that in advertently surfs the web and picks up unwanted
malware, can I return it to previous known state of optimization?
A: As a guest, the user won't be able to affect the system, just his
sessions. Meaning, unless you give him your admin username and password, he
can't install a new ActiveX control, monkey with HKLM, etc. As far as
Windows Defender goes, when it does a full scan of your machine, it searchs
the whole file system. If it detects an item in our defintions that your
guest installed, you will be able to remove it from your profile.
Adam Overton (Expert):
Q: Will Windows Defender allow plugns from other vendors allowing full AV
Scanning as well as malware?
A: Windows Defender does include a plug in model for 3rd parties, however it
can coexist with 3rd party solutions side by side.
Jason Joyce (Expert):
Q: How will Defender protect against 'rootkits'
A: Yes
Sterling Reasor (Expert):
Q: How can we Beta test Windows Defender for windows 2000, XP, and Windows
2003?
A: a standalone version of Windows Defender will come out as a public beta
2. When this version is available, it would be great if you can try it out.
Release details should be out in near future.
Jason Joyce (Expert):
Q: Will we be able to control Defender settings through Group Policies?
A: Yes
Tareq Saade (Expert):
wow.. so many questions.
Sterling Reasor (Expert):
Q: will Defender also do full registry scans and BOT cleanup in an automated
process to repair attacks from "hijacker" software and adware?
A: Windows Defender comes configured to do a daily quick scan. If you
suspect that you have a BOT on your machine, you should do a full system
scan, and additionally, you should install an anti-virus solution and do a
full scan with it as well.
Jeff Williams [MSFT] (Expert):
Q: Are there any differences between the data transfered from Windows
AntiSpyware to SpyNet and those transferred from Windows Defender?
A: Yes. In Windows Defender there are two levels of participation- basic
and advanced. In the basic version we collect less information than we do
in beta 1 as we have implemented filters to strip out information we do not
require. The advanced level does collect more information than beta 1.
Both levels of SpyNet in Defender are different than what is collected in
beta 1 as we have refined the SpyNet data collection process.
Adam Overton (Expert):
Q: Do you expect corporations do use defender or is it only for the home
user/small business?
A: For fully managed capabilities, we recommend Microsoft Client Protection
http://www.microsoft.com/windowsserversystem/solutions/security/clientprotection/default.mspx
Sam White (Moderator):
Q: Will this discussion be online for a further reference?
A: Yes, in the usual places. Check the .announcements group.
Kalid Azad (Expert):
Q: regular signature updates like Windows Update downloads are useful but
not the complete answer in say a DMZ with no direct internet access, hence
the slipstream idea
A: Corporations can use Windows Server Update Services (WSUS) to federate
and approve Definition Updates for Windows Defender. WSUS supports offline
scenarios, and allows the exporting/importing of updates. More information
is available here:
http://www.microsoft.com/technet/pr...eTC/4696c613-66f3-483d-8ea9-66bcca74730e.mspx
Sam White (Moderator):
Q: Is this chat under NDA? I was interested in publishing it to my blog
(without any identifiable info. of course) later on today.
A: You can post it to your blogs, that is OK.
Jason Joyce (Expert):
Q: RE answer ro Q95 : Will this also be possible to use SMS to federate and
approve definition updates for Windows Defender in corporate environment
A: Yes. Definition updates will be available via Windows Update and can
therefore be synchronized to a WSUS server. You should be able to use the
SUS Feature Pack for SMS to synchronize and deploy definition updates.
Sterling Reasor (Expert):
Q: I will want modifyable definition sets that can be used based on age
group or user skill levels can this be possible?
A: You cannot modify the defintion package, but through WSUS, an admin can
choose which defintion package they can deploy. That said, Windows Defender
does offer a manual process to add items to your exception list. You can
either choose to always allow a detected item, or you can exclude by path.
Keep in mind you need to be an admin to do this.
Sterling Reasor (Expert):
Q: I think it's a good idea to scan during the shut down (or logoff?)
process. It should, however, be optional and mid process terminable.
A: Great suggestion. Please file a bug and send the tracking number to
(e-mail address removed)
Jason Joyce (Expert):
Q: Will Defender be in all shipping Vista SKUs with all features or will
have a Starter Edition Defender less than that of Ultimate Edition?
A: Windows Defender functionality will be the same in all versions of
Windows Vista.
Sterling Reasor (Expert):
Q: As with some current Antispyware will Defender clean better if ran in
safe mode?
A: In some instances, yes. But in general Windows Defender can clean much
more effectively than Windows AntiSpyware Beta1 because WD runs as a service
with system privilege.
Sam White (Moderator):
I would like to thank everone for coming to the chat today and if you have
any recomendations for future chats you can post them in the beta
newsgroups or send me email directly. (e-mail address removed)
Jason Joyce (Expert):
Thanks again everyone for you time and questions
Adam Overton (Expert):
Thanks everybody for joining us for the chat!
Kalid Azad (Expert):
Thanks for coming out and giving your feedback!
Tareq Saade (Expert):
Thanks for coming out everyone. We appreciated all the questions and
suggestions. Bye!
Sterling Reasor (Expert):
Thank you very much for attending this chat session. I enjoyed the questions
and feedback very much. Please continue to play with Windows Defender and I
want to encourage you all to file bugs on things you don't like, or if you
have feature suggestions.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
Date: Friday, January 20, 2006
Ron Franczyk (Expert):
Q: Which programming language is Windows Defender written in, is it still
VB, because a lot of people were moaning over this?
A: C++
Sam White (Moderator):
Hi I'm Sam White and I work on the Windows Beta Team and I will be
moderating today.
Sterling Reasor (Expert):
Hi, my name is Sterling Reasor and I am a Program Manager working on Windows
Defender. My main responsibilities are overall user experience.
Tareq Saade (Expert):
Hello everyone. I am a program manager at Microsoft working on Windows
Defender. Amongst other things, I support Microsoft SpyNet, documentation
and various infrastructure related items.
Jason Joyce (Expert):
Hello my name is Jason Joyce and I am a Program Manager working on Windows
Defender.
Jeff Williams [MSFT] (Expert):
I'm Jeff Williams and I've just joined the AntiSpyware team. My focus is on
community outreach (you guys!) so I expect we'll be talking a lot more in
the newsgroups. You may know me from some of the expert forums (CastleCops,
Spyware Warrior, etc.) as MisterX .
Andrew Newman (Expert):
Q: So is that Managed C++ or is it not .NET?
A: Native C++
Jason Joyce (Expert):
Q: Will BETA 2 of Windows Defender support Windows 2000?
A: Currently we plan to offer Windows Defender Beta 2 for Windows 2000,
Windows XP, Windows Server 2003 and of course Windows Vista.
Sterling Reasor (Expert):
Q: When can we expect new AntiSpayware (like Defender in Vista) for other
Windows versions?
A: We are currently working on a downlevel version of Windows Defender. We
hope to have release details available in the near future.
Tareq Saade (Expert):
Q: What role will Spynet continue to play since its not a pivotal part of
the product in terms of community and receiving updates?
A: Microsoft SpyNet is a pivotal part of the product. We will continue using
it to collect voting data and improve our definitions.
Jason Joyce (Expert):
Q: Are there any plans to include Windows Defender in Longhorn Server, since
it already includes a Firewall similar to the client?
A: Windows Defender will be included in all versions of Windows Vista
Ron Franczyk (Expert):
Hi, I'm Ron Franczyk, a founder of GIANT Company Software, and now doing
Security Incubation work at MS, including completing the transition of
Windows AntiSpyware into the new Defender technologies.
Sterling Reasor (Expert):
Q: What does the Windows Defender icon in Windows Vista mean? I don’t like
it, I would have preferred a shield or insect spray can.
A: The current circular red and blue icon is a placeholder icon. You'll see
the final Windows Defender icon in the next Vista CTP build.
Jason Joyce (Expert):
Q: Can this be used with other OS's? XP, 2000, 2003, R2 ?
A: Currently we plan to offer Windows Defender Beta 2 for Windows 2000,
Windows XP, Windows Server 2003 and of course Windows Vista.
Andrew Newman (Expert):
Hi, my name is Andrew Newman. I am also one of the founders of GIANT
Company. I currently work on AntiMalware technologies incubation work with
Ron Franczyk.
Sterling Reasor (Expert):
Q: The interface of Windows Defender lookes difficult for new computer
users... Wil it have more wizard functions soon?
A: Actually, usability feedback has shown that the redesigned UI of Windows
Defender is much easier for novice users to handle. You won't see separate
wizards to do Windows Defender functionality. In fact, this UI is built
using the Windows Vista user experience guidelines.
Ron Franczyk (Expert):
Q: Any specifics on when BETA 2 of Windows Defender will be released for
Windows XP?
A: Current discussions are to release Beta2 - 1st Quarter of 2006
Tareq Saade (Expert):
Q: Will defender also come available in other languages or English only
A: Localized versions of Windows Defender will be available in the future.
Jason Joyce (Expert):
Q: Will there be an mmc to manage the corporate settings, or will it be
something you have to do in an OU
?A: Windows Defender will support remote configuration using Group Policy
Kalid Azad (Expert):
Hi, I'm Kalid Azad, a program manager on Windows Defender. I've been working
on the Definition Updates for Windows Defender.
Ron Franczyk (Expert):
Q: Are there chances that my own software would be rated spyware even though
they aren't? (If it's an automatic rating process...)
A: Its not an automatic rating process, so No.
Tareq Saade (Expert):
Q: How do you uninstall Windows Defender or is not suppose to be
uninstalled?
A: In Windows Vista, you will be able to disable Windows Defender.
Sterling Reasor (Expert):
Q: Does Windows Defender include cookie scanning?
A: No. Windows Defender is designed to scan and remove spyware and other
types of potentially unwanted software. Cookies don't fall into this as they
are innocuous files that can't compromise your computer.
Tareq Saade (Expert):
Q: Every time the Windows Vista start, the Windows Defender scans all disk
leaving the system slow. Can we modify this activity?
A: You can configure the time that Windows Defender scans your computer, or
you can turn scheduled scans off if you like.
Jeff Williams [MSFT] (Expert):
Q: Why did Microsoft choose GIANT over other vendors on the market such as
Adaware and Spybot that have proven to be very effective in their fight
against Spyware?
A: Microsoft chose Giant over other AntiSpyware products after a careful
review of many products in the market. Giant represented best of class
technology in many ways and as a result represented an excellent opportunity
for Microsoft to enter this market.
Andrew Newman (Expert):
Q: How often will Definitions be released for Windows Defender ?
A: There is no set schedule. With that said definitions can be released at
anytime, from multiple times daily to at a minimum weekly. This purely
depends on the nature of items being added to the signatures and the threat
they present to users.
Tareq Saade (Expert):
Q: Can it made be able to let Defender scan when turning off your system.
Like Microsoft Update?
A: That's a neat suggestion.
Jason Joyce (Expert):
Q: At the risk of asking a very banal question, can someone sketch what
components Windows Defender will include--and will it include Win One care
Live in some versions?
A: Windows Defender is a separate offering from Windows OneCare Live.
Windows Defender will be a part of Windows Vista where OneCare is a separate
product. OneCare also stuff like virus scanning, firewall settings,
tune-ups, and file backups. You can find more information about OneCare
here: http://www.windowsonecare.com/
Ron Franczyk (Expert):
Q: Will the version of Windows Defender made available for Windows XP be any
different in terms of features and functionality compared to the bundled one
in Vista?
A: They are very similar, with Vista's version taking advantage of User
Access Protection.
Sterling Reasor (Expert):
Q: Why has Windows reached the point where it needs to include an
AntiSpyware utility?
A: The computer ecosystem continues to change and when you look around
today, spyware, adware and other types of potentially unwanted software have
become a huge topic. The real problem with Windows today is that it does not
provide adequate visibility and control over the software running on your
computer. One of the main goals of Windows Defender is to improve visibility
and control. Thus, I think of Windows Defender as more than an 'AntiSpyware
Utility."
Jason Joyce (Expert):
Q: Are you planning to have corporate update servers rather than relying on
Microsoft update servers in the Internet?
A: Yes, a corporation can choose to use Windows Server Update Services
(WSUS) to federate and approve definition updates for Windows Defender in
their environment.
Sterling Reasor (Expert):
Q: How different will the bundled version of Windows Defender in Windows
Vista be to the commercial offering?
A: The standalone version of Windows Defender will be available at no
additional charge for licensed Windows customers. The feature set between
the Windows Vista version and the downlevel version are the same. However,
the version in Windows Vista does take advantage of Windows Vista features,
such as User Account Protection.
Jeff Williams [MSFT] (Expert):
Q: Why has Windows AntiSpyware for Windows XP/2000 been in BETA for over
year now, that’s a bit long for such an application?
A: The priority for development has been integration with Vista. Because
beta 1 was essentially a rebranding of Giant's very successful and useful
product development focus has been on inclusion with Vista and on the
upcoming beta 2 of Windows Defender.
Ron Franczyk (Expert):
Q: Will Windows Defender stay free? Or will Microsoft charge to for it
later?
A: Windows Defender will be provided at NO cost for all Validated Microsoft
Windows Users.
Sterling Reasor (Expert):
Q: Why not leave the name AntiSpyware? I found it very descriptive, and now
it's kind of like a TV show.
A: We switched the name because "AntiSpyware" is not exactly on target with
the functionality provided in Windows Defender. It goes after Spyware,
Adware, and other types of potentially unwanted software.
Kalid Azad (Expert):
Q: Kalid, I was notified that an update for the defs of WD was available on
a Toshiba 1800 laptop, XP Pro SP2. WD was uninstalled. Why the prompt for
the update ?
A: Hi, we have a known issue with our Beta setup where signatures remain
after uninstall, and thus updates are still offered. We are working updating
our setup to resolve the issue, and are revising our updates to detect this
condition.
Jeff Williams [MSFT] (Expert):
Q: Is the current user interface for Windows Defender final?
A: No. The beta process is an active one and we are making continuous
refinement to the UI.
Ron Franczyk (Expert):
Q: Windows Defender currently protects against malicious code coming through
the browser, is this defense also supported through e-mail clients such as
Outlook Express, Office Outlook and Windows Mail?
A: Windows Defender Beta 2 uses the IofficeAntivirus interface to intercept
file downloads through any application that leverages the Attachment
Manager. This includes IE and Outlook Express.
Kalid Azad (Expert):
Q: Is Windows Update always involved with Windows Defender, or does it get
it's own Updater?
A: Windows Defender uses the Windows Update infrastructure to get updates,
rather than its own update mechanism.
Tareq Saade (Expert):
Q: Will users be able to add or except adware?
A: Yes, Microsoft believes that administrators should always have the right
to decide what software runs on their machines.
Sterling Reasor (Expert):
Q: Could you tell me a little bit about integration between Internet
Explorer and Windows Defender?
A: Internet Explorer uses the Attachment Manager, which we introduced in XP
SP2. There is a public API that allows IE to call Windows Defender to scan
packages before it runs or saves them.
Adam Overton (Expert):
Q: Are there still features of Windows Defender that are on the table being
debated?
A: Improving products is always a balance of addressing specific customer
needs, and stabilizing what we have and shipping it. I can't really say the
debate is ever closed, it's often just a matter of choosing which release
will get a given feature.
Sam White (Moderator):
Q: Can we post this chat session on our blogs?
A: Yes, that would be fine as long as attribute it to the Windows Technical
Beta.
Andrew Newman (Expert):
Q: Will Defender be a free service?
A: Windows Defender will be available at no additional cost for computers
running a licensed version of Microsoft Windows.
Ron Franczyk (Expert):
Q: Does Windows Defender support third party browsers such as FireFox or
Netscape?
A: Windows Defender scans for and cleans any spyware that is detected on the
machine regardless of the browser used to download it, however there are no
protection integration points built for Firefox.
Adam Overton (Expert):
Q: Will Windows Defender scan quiker soon?
A: We've put significant effort in to our upcoming Beta 2 to improve scan
times.
Jason Joyce (Expert):
Q: Will the central management tool (to be included in Longhorn server,
hopefully) be able to also control the Antivirus product you'll be
beta-testing this year as well?
A: Unfortunately this is a bit out of scope for this chat, but you can read
more information about Microsoft Client Protection here:
http://www.microsoft.com/windowsserversystem/solutions/security/clientprotection/default.mspx
Jeff Williams [MSFT] (Expert):
Q: How will Microsoft determine what is malware? Will there be options to
screen products that are borderline malware products?
A: Microsoft uses a set of objective criteria to make determination on any
given piece of software. Based on the specific behaviors of the software in
areas such as notification, consent, use of data and technical
considerations such as install/uninstall experience a determination is made
for each piece of software reviewed. We regularly re-evaluate software as
the software changes or as the criteria change.
Adam Overton (Expert):
Q: Are there anymore features left to be implemented or are we seeing the
final product?
A: Our upcoming Beta 2 will have significant changes.
Andrew Newman (Expert):
Q: Will Defender be a Subscription based service??
A: Windows Defender will be available at no additional cost for users
running a licensed version of Microsoft Windows.
Adam Overton (Expert):
Q: Will Defender include Antivirus in the future?
A: We have no plans to include Antivirus in Windows Defender at this time.
Jason Joyce (Expert):
Q: Is the release of Windows Defender included in Windows Vista BETA 2 or an
interim release?
A: Windows Defender is part of Windows Vista and therefore will be in Vista
Beta 2
Ron Franczyk (Expert):
Q: Does Windows Defender run as a serviece so it works correctly when a non
privileged use is logged in?
A: Yes. Much work was done to ensure full protection is available for
standard users.
Adam Overton (Expert):
Q: Are there any plans to bundle the final version Windows Defender with
Internet Explorer 7 for Windows XP SP2?
A: Windows Defender will continue to be available at no additional charge to
licensed users of Windows XP SP2, but it's not tied to Internet Explorer 7.
Tareq Saade (Expert):
Q: Is it safe to stop the Windows Defender Services in build 5270?
Sometimes, MS software has dependencies (outside of service dependencies)
that make it unwise to disable a service.
A: You wont be safe from potentially unwanted software
but I don't thinkwe've noticed any problems with Windows Vista if you turn Windows Defender
off in build 5270.
Sterling Reasor (Expert):
Q: What are the top 5 features users should look forward to in Windows
Defender?
A: In no specific order, here are some of my favorite feature adds: The
ability to run scans and remove spyware and other potentially unwanted
software as a non-admin; definition updates can include engine updates as
well as new signatures - this means we can handle new 'threats' without
having to release a completely new build; localization & accessibility
support; completely re-designed and refreshed user interface; improved
software explorer views that classifies software as 'allowed', 'potentially
unwanted' or 'not yet classified.'
Kalid Azad (Expert):
Q: Will you adopt the Anti-spyware coalition's definition of Spyware,
Adware, and Potentially Unwanted software as your working model for defining
unwanted applications?
A: Microsoft has been an active participant in the Anti-Spyware Coalition
(ASC). Recently, the final version of a Risk Modeling document was released,
which lays the framework for identifying what behaviors are considered
potentially unwanted. As a member of the ASC, Microsoft's internal policies
are aligned with this risk modeling document.
Jason Joyce (Expert):
Q: Can we expect a central management point for a corporate environment?
A: Windows Defender will support remote configuration using Group Policy
Tareq Saade (Expert):
Q: Is it safe to assume that if WD doesn't scan Cookies, it also won't clean
out MRUs and other History lists?
A: That is correct. IE7 has a new feature to 'erase your tracks', which you
can use.
Ron Franczyk (Expert):
Q: Will defender be a component or will it install by default? much like
hyperterminal is a component
A: Defender is a built in technology for Vista.
Adam Overton (Expert):
Q: Does Windows Defender protect against other types of malicious code such
as Trojans and Viruses or a dedicated AntiVirus utility is still needed for
those?
A: Although there is sometimes overlap between the potentially unwanted
software that Windows Defender is designed to identify and the clearly
malicious software identified by AntiVirus products, we recommend you
install a specific AntiVirus product in addition to Windows Defender.
Sterling Reasor (Expert):
Q: Will new versions of Windows Defender be released over time for Windows
Vista or new versions will only be released with new versions of Windows?
A: we plan to have versions of Windows Defender available for both downlevel
and for the most recent release of Windows.
Adam Overton (Expert):
Q: Adam, Defender ought to include anti-virus (or integration with
anti-virus) only because from a marketing perspective, "Defender" sounds so
all inclusive.
A: You are so right about the inclusiveness of the name! One of the reasons
the Windows Defender name is great is because it allows us to continue to
innovate and broaden its protection. However, there's no assumption that the
broadening of the protection has to happen in the antivirus space.
Tareq Saade (Expert):
Q: will windows defender be created for x64 OS'es and when will these be
released?
A: There will be a future x64 CTP which will include a native 64-bit version
Windows Defender.
Sterling Reasor (Expert):
Q: Will Defender become smarter about not starting a scan and taking over a
machine when resources are low?
A: We take machine performance very seriously and we intend to improve
Windows Defender performance in future CTP releases.
Jeff Williams [MSFT] (Expert):
Q: Why the spyware Claria have been allowed in the last Xp build ?
A: There is a more detailed answer to this at
http://www.microsoft.com/athome/security/spyware/software/claria_letter.mspx
but the essence of it is that Microsoft has a set of objective criteria
against which we review software. We also have a process for software
vendors to initiate a dispute of our rating. It is essential that we are
consistent with how we assess software. We do, however identify Claria
software as a Moderate threat. The default action is to keep the software
but, at the same time, we do allow the user to decide what action to take-
including remove or quarantine the software.
Sterling Reasor (Expert):
Q: Will Windows Defender have a different look when it will be released?
A: You will see some UI improvements in future CTP releases of Windows
Vista. But on the whole, the UI you see now is close to what you'll see in
the RTM release.
Ron Franczyk (Expert):
Q: Where can we get the Windows Defender downlevel beta?
A: Windows AntiSpyware Beta1 is available directly from the Microsoft Home
Page www.microsoft.com - Beta2 which is the Defender branding will be
available before Beta1 expires.
Adam Overton (Expert):
Q: Will windows Defender if it includes AV functionality also spell the
functionality of the MSFT Malicious software tool that is evolving?
http://www.microsoft.com/security/malwareremove/default.mspx
A: Windows Defender is not antivirus protection, and the Malicious Software
Removal Tool is a cleaner tool, and also not a replacement for a full
antivirus product. We plan to continue releasing MSRT on the second Tuesday
of each month.
Jeff Williams [MSFT] (Expert):
Q: If one noticed a wrong item detected as malware, will there be a easy way
to report this?
A: Yes. You can submit a false positive report at
http://www.microsoft.com/athome/security/spyware/software/isv/fpform.aspx
Tareq Saade (Expert):
Q: Can Defender be set to run in the background or only while a comptuer is
locked or screensaver is running?
A: Windows Defender should be able to always scan in the background. Windows
Defender can even scan prior to any user logging in.
Sterling Reasor (Expert):
Q: Is the windows defender related to or in control of the feature where
certain programs that call other files are prompted to "permit or deny"?
A: I think you are asking if Windows Defender communicates with the UAP
feature. Currently, Windows Defender does not.
Kalid Azad (Expert):
Q: How does Windows Defender rates a software as being spyware? Is it an
automatic process?
A: Microsoft's analysis team examines software against a number of factors
before making a determination about spyware, adware, or other potentially
unwanted software. Documents explaining the analysis process in more detail
are available here:
http://www.microsoft.com/athome/security/spyware/software/isv/analysis.mspx
http://www.antispywarecoalition.org/documents/index.htm
Adam Overton (Expert):
Q: How will Microsoft determine what is malware? Will there be options to
screen products that are borderline malware products?
A: Our team of analysts use an objective criteria, which you can read at
http://www.microsoft.com/athome/security/spyware/software/isv/analysis.mspx,
to determine the recommendation. This objective criteria continues to be a
discussion we have with the rest of the antispyware community.
Jason Joyce (Expert):
Q: Can I harden the defender to meet the needs of a computer in the home
with young children?
A: There is an option to configure Windows Defender to only allow an
administrator to launch a scan and remove potentially unwanted software.
Ron Franczyk (Expert):
Q: Will there be a function in Windows Defender that watches the TaskManager
for any suspicious running applications like known viruses/spywares ?
A: yes.
Adam Overton (Expert):
Q: Will Windows Defender become a fee service? Or a free product but pay
features involved for certain things?
A: We plan to continue to offer Windows Defender to licensed users of
Windows at no additional charge.
Jeff Williams [MSFT] (Expert):
Q: How does Windows Defender rates a software as being spyware? Is it an
automatic process?
A: We have a team of analysts who review individual pieces of software to
determine their behavior. In addition to the direct analysis the team can
use voting data submitted to Spyware to help prioritize which potential
threats should be examined first or examined in more detail.
Sterling Reasor (Expert):
Q: What differences will we see between the current beta and Defender?
A: I think you are asking what you'll see different between the current
Windows AntiSpyware Beta1 and standalone version of Windows Defender Beta2.
The standalone version of Windows Defender will be very similar to the
Windows Vista version.
Adam Overton (Expert):
Q: This is what we have hoped for in now we can adjust to meet our needs in
the work place or at home with children this is essential today, how will
this work in relation to a anti virus software?
A: You can use Windows Defender side by side with antivirus products.
Ron Franczyk (Expert):
Q: Are the known crashes in the Defender UI fixed in the next CTP?
A: yes
Jason Joyce (Expert):
Q: How far is defender coming along in the current vista builds. Is updates
to the program being updated by windows updates without bugging the user to
muhc.
A: Windows Defender will receive new definition updates via Windows Update.
If the Automatic Update client is configured to automatically download and
install new update then this will all happen in the background.
Kalid Azad (Expert):
Q: The WD icon still shows the exclamation point after installing the latest
def. How does one get rid of it ?
A: Thanks for the input, this is a known issue in the current build. You can
clear the exclamation mark by running a scan with the new definitions, or
closing the tray icon and re-opening Windows Defender.
Adam Overton (Expert):
Q: wat will be the effect of windows defender on system's performance, will
it make it more slow??
A: As we know customers are concerned with the performance of their
machines, we're always looking to make sure that Windows Defender has the
minimal performance impact while still providing the best protection.
Sterling Reasor (Expert):
Q: in the coming ctp or beta2 build of vista what can else can we exspect
windows defender to do/ features that are not in the current builds.
A: we are currently working on the final feature set
Ron Franczyk (Expert):
Q: When will WD be available for XP Pro x64?
A: Beta2 will support x64 on XP.
Jeff Williams [MSFT] (Expert):
Q: is Microsoft running a seprate beta for WIndows Defender or is it going
along with Vista?
A: There are multiple betas for the anti-spyware technology. The Vista CTP
includes Defender technology and Defender will be what is released in the
public beta 2. Microsoft also does internal betas of interim builds.
Jason Joyce (Expert):
Q: what are the final system requirements for Windows Defender
A: Windows Defender will have no additional requirements beyond what is
needed to run Windows Vista.
Tareq Saade (Expert):
Q: How can we vote for a software as being malware or not?
A: If you become a SpyNet advanced member, actions you take will be used to
help us prioritize action items.
Ron Franczyk (Expert):
Q: Can it made be possible to stop all internet activity with Defender?
A: No.
Adam Overton (Expert):
Q: How does Defender and OneCare compare?
A: Windows Defender represents protection from potentially unwanted software
where it is not always clear whether the software is actually malicious.
OneCare has a variety of capabilities, not just limited to antivirus, but
also providing system tune up through defrag, backup features and more.
Sam White (Moderator):
We have about 20 minutes left. If you have asked a few questions already we
ask that you hold off asking any more so we can have a chance to get to
finish what we hace.
Sterling Reasor (Expert):
Q: When can we expect more coordination between UAP dialogs, anti-spyware
dialogs, firewall dialogs, etc. There's a lot of stuff to block and allow
and it seems that the separation of the products and their prompts adds to
users' confusion about what's good.
A: This is an excellent question. We are having internal discussions to
improve the overall experience of using Windows Vista, and streamlining the
dialogs is very important to us.
Ron Franczyk (Expert):
Q: Re Q78: The question is: Is there any integration with Parental Control?
A: no
Adam Overton (Expert):
Q: Will Defender be offered in enterprise friendly-versions i.e., with
console control?
A: Our offering for protection in the enterprise is Microsoft Client
Protection:
http://www.microsoft.com/windowsserversystem/solutions/security/clientprotection/default.mspx.
Sterling Reasor (Expert):
Q: Will Defender have more options and advanced settings for warn windows?
A: Windows Defender's UI is designed to provide a simple UI on first
interaction. If you click the 'review' button or click to see details after
a scan is run. On this detailed page, you can choose specific actions for
each detected item. In the settings page, you can tweak several settings in
Windows Defender.
Adam Overton (Expert):
Q: Will Defender support third party browser (like Firefox, Opera), or is it
only available for IE7?
A: Windows Defender offers protection independent of your browser choice.
Tareq Saade (Expert):
Q: what is required to become a SpyNet advanced member?
A: You need to select it from the SpyNet configuration page in Windows
Defender, and you need to have administrator privs.
Sam White (Moderator):
Q: BTW, I like the naming Windows Defender... Back in the late 70ies, early
80 I was a fan of "Defender" Arcade game ;-)
A: I'm a big William's fan myself.
Jason Joyce (Expert):
Q: Will it be possible to change the settings from defender to allow third
party's software to run side by side?
A: Yes you can disable Windows Defender in the current builds (and in future
builds). You can see this in the Options view
Ron Franczyk (Expert):
Q: Will windows Defender have a backup option incase it deletes certain
files, which werent meant to be removed?
A: All spyware files removed by Defender can be Quarantined which will allow
you to revrert the action.
Tareq Saade (Expert):
Q: How do we become a SpyNet advanced member
A: Please see QA199
Jeff Williams [MSFT] (Expert):
Q: What kind of data Windows Defender transfers to SpyNet?
A: Windows Defender allows for two different levels of participation in
Spynet. The basic level sends information about suspected files. The
advanced level captures memory on the process, file path and similar. With
the advanced level there is a possibility that some personally identifiable
information would be sent inadvertantly which is why we give users the
opportunity to choose what level of participation the prefer (none, basic,
or advanced).
Tareq Saade (Expert):
Q: How do we become a SpyNet advanced member
A: Sorry, I mean 119: You need to select it from the SpyNet configuration
page in Windows Defender, and you need to have administrator privs.
Kalid Azad (Expert):
Q: will windows defender updates be deemed as 'critical updates' so that
users with less bandwidth will still get the updates?
A: Updates for Windows Defender will be in a new classification called
"Definition Updates". We are working with the Windows Update team to ensure
these updates are prioritized appropriately.
Sterling Reasor (Expert):
Q: Will Defender contain all the features that are in the current Microsoft
Anti-Spyware beta1 release?
A: The goal of Windows Defender is to protect users from potentially
unwanted software. You'll see new features and capabilities to better detect
and remove items in our defintions. What you won't see is some of the
features that overlap with existing Windows Vista features. For example,
tracks erasers is not in Windows Defenders. This is because you can use IE7
to blow away your MFU, cookies, etc.
Ron Franczyk (Expert):
Q: Will Safe Mode be needed for the removal of spyware, like other programs
out there?
A: For most SPyware applications Safe mode will not be needed, however in
some instances it can not be avoided.
Sam White (Moderator):
Q: Will Windows Defender chat be posted for download
A: Yes to the Vista Techbeta website and we will post it to the Newsgroups
as well.
Sterling Reasor (Expert):
Q: Is the scan screen corruption fixed yet in Windows defender scan option?
A: I think you are referring to the font bug where 'objects' looks funny.
Yes, it's fixed in the next CTP.
Jason Joyce (Expert):
Q: Will Windows Defender in Windows Long Horn server as well ?
A: Windows Defender will be included in all versions of Windows Vista
Adam Overton (Expert):
Q: Windows Vista will be works well with antivirus and firewalls of
symantec, macfee and others?
A: These third parties are important partners for Microsoft and our shared
customers, we work with them to insure they can work with Windows Vista
through plugfests and the Microsoft Virus Initiative forum, etc.
Ron Franczyk (Expert):
I have to leave the chat early, thanks for all the great questions.
Andrew Newman (Expert):
Unfortunately I need to exit early as well. Thank you everyone for your
great questions.
Adam Overton (Expert):
Q: Why is it Defender is slow, compared to the SBC/Yahoo! anti-spyware?
A: It's difficult to answer without a lot more data: I'd love to claim it
was more complete protection, but realistically there could be a number of
factors, not the least of which is that it is still Beta software.
Jason Joyce (Expert):
Q: Will there be any form of centralized reporting available to corporate
administrators?
A: Windows Defender will include information about detections and/or
removals in the Event Log. A central administrator can review these events
for more information about activity on machines in their environment
Sterling Reasor (Expert):
Q: I get this all the time in Build 5270: Windows Defender encountered an
error:0x80078012. An unexpected problem caused the scan to fail. Try to Scan
your computer again.
A: Please file a bug on this. Please send the tracking number to
(e-mail address removed).
Adam Overton (Expert):
Q: will it be possible to 'slipstream' updates for the definitions into
Vista / Longhorn builds for dsitribution as we do with hotfixes?
A: Windows Defender has a mechanism for regular signature updates.
Tareq Saade (Expert):
Q: I can confirm Q83 with just 0x8007800d instead. Shall I file that as
well?
A: Please do.
Jeff Williams [MSFT] (Expert):
Q: Will Microsoft refuse to back down when a spyware/malware producer
threatens to sue if MS doesn't take them off the "bad" list? I should hope
not...
A: Microsoft has a set of objective criteria for analysis for exactly this
reason. It is important that we are able to have a strong position should
the scenario you suggest occur and being absolutely consistent in our
handling of all software is a key part of this. We have not removed a piece
of software which triggers our objective criteria from detection solely due
to threat of a lawsuit and have no plans to do so. Vendors who have
concerns that their software has been inappropriately flagged do have the
option of submitting either a false positive or vendor dispute.
Jason Joyce (Expert):
Q: Jason, Q5 == Q209 == still not answered as Longhorn Server is not Vista.
Please clarify. Thx.
A: Sorry for the confusion. You are correct in that "Vista" refers to the
client offerings. Longhorn Server doesn't have an official name yet. What I
meant was that Windows Defender is part of the new OS base so will be a part
of Vista and LH Server.
Adam Overton (Expert):
Q: When Defender asks if I want to allow an action, is the action done only
after authorization, or is it always done and Defender just undo the action
when I deny it?
A: There are cases for both.
Sterling Reasor (Expert):
Q: Lets say I have tuned Vista to be where I need it and allow a guest to
use the computer that in advertently surfs the web and picks up unwanted
malware, can I return it to previous known state of optimization?
A: As a guest, the user won't be able to affect the system, just his
sessions. Meaning, unless you give him your admin username and password, he
can't install a new ActiveX control, monkey with HKLM, etc. As far as
Windows Defender goes, when it does a full scan of your machine, it searchs
the whole file system. If it detects an item in our defintions that your
guest installed, you will be able to remove it from your profile.
Adam Overton (Expert):
Q: Will Windows Defender allow plugns from other vendors allowing full AV
Scanning as well as malware?
A: Windows Defender does include a plug in model for 3rd parties, however it
can coexist with 3rd party solutions side by side.
Jason Joyce (Expert):
Q: How will Defender protect against 'rootkits'
A: Yes
Sterling Reasor (Expert):
Q: How can we Beta test Windows Defender for windows 2000, XP, and Windows
2003?
A: a standalone version of Windows Defender will come out as a public beta
2. When this version is available, it would be great if you can try it out.
Release details should be out in near future.
Jason Joyce (Expert):
Q: Will we be able to control Defender settings through Group Policies?
A: Yes
Tareq Saade (Expert):
wow.. so many questions.
Sterling Reasor (Expert):
Q: will Defender also do full registry scans and BOT cleanup in an automated
process to repair attacks from "hijacker" software and adware?
A: Windows Defender comes configured to do a daily quick scan. If you
suspect that you have a BOT on your machine, you should do a full system
scan, and additionally, you should install an anti-virus solution and do a
full scan with it as well.
Jeff Williams [MSFT] (Expert):
Q: Are there any differences between the data transfered from Windows
AntiSpyware to SpyNet and those transferred from Windows Defender?
A: Yes. In Windows Defender there are two levels of participation- basic
and advanced. In the basic version we collect less information than we do
in beta 1 as we have implemented filters to strip out information we do not
require. The advanced level does collect more information than beta 1.
Both levels of SpyNet in Defender are different than what is collected in
beta 1 as we have refined the SpyNet data collection process.
Adam Overton (Expert):
Q: Do you expect corporations do use defender or is it only for the home
user/small business?
A: For fully managed capabilities, we recommend Microsoft Client Protection
http://www.microsoft.com/windowsserversystem/solutions/security/clientprotection/default.mspx
Sam White (Moderator):
Q: Will this discussion be online for a further reference?
A: Yes, in the usual places. Check the .announcements group.
Kalid Azad (Expert):
Q: regular signature updates like Windows Update downloads are useful but
not the complete answer in say a DMZ with no direct internet access, hence
the slipstream idea
A: Corporations can use Windows Server Update Services (WSUS) to federate
and approve Definition Updates for Windows Defender. WSUS supports offline
scenarios, and allows the exporting/importing of updates. More information
is available here:
http://www.microsoft.com/technet/pr...eTC/4696c613-66f3-483d-8ea9-66bcca74730e.mspx
Sam White (Moderator):
Q: Is this chat under NDA? I was interested in publishing it to my blog
(without any identifiable info. of course) later on today.
A: You can post it to your blogs, that is OK.
Jason Joyce (Expert):
Q: RE answer ro Q95 : Will this also be possible to use SMS to federate and
approve definition updates for Windows Defender in corporate environment
A: Yes. Definition updates will be available via Windows Update and can
therefore be synchronized to a WSUS server. You should be able to use the
SUS Feature Pack for SMS to synchronize and deploy definition updates.
Sterling Reasor (Expert):
Q: I will want modifyable definition sets that can be used based on age
group or user skill levels can this be possible?
A: You cannot modify the defintion package, but through WSUS, an admin can
choose which defintion package they can deploy. That said, Windows Defender
does offer a manual process to add items to your exception list. You can
either choose to always allow a detected item, or you can exclude by path.
Keep in mind you need to be an admin to do this.
Sterling Reasor (Expert):
Q: I think it's a good idea to scan during the shut down (or logoff?)
process. It should, however, be optional and mid process terminable.
A: Great suggestion. Please file a bug and send the tracking number to
(e-mail address removed)
Jason Joyce (Expert):
Q: Will Defender be in all shipping Vista SKUs with all features or will
have a Starter Edition Defender less than that of Ultimate Edition?
A: Windows Defender functionality will be the same in all versions of
Windows Vista.
Sterling Reasor (Expert):
Q: As with some current Antispyware will Defender clean better if ran in
safe mode?
A: In some instances, yes. But in general Windows Defender can clean much
more effectively than Windows AntiSpyware Beta1 because WD runs as a service
with system privilege.
Sam White (Moderator):
I would like to thank everone for coming to the chat today and if you have
any recomendations for future chats you can post them in the beta
newsgroups or send me email directly. (e-mail address removed)
Jason Joyce (Expert):
Thanks again everyone for you time and questions
Adam Overton (Expert):
Thanks everybody for joining us for the chat!
Kalid Azad (Expert):
Thanks for coming out and giving your feedback!
Tareq Saade (Expert):
Thanks for coming out everyone. We appreciated all the questions and
suggestions. Bye!
Sterling Reasor (Expert):
Thank you very much for attending this chat session. I enjoyed the questions
and feedback very much. Please continue to play with Windows Defender and I
want to encourage you all to file bugs on things you don't like, or if you
have feature suggestions.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm