Author Archive

Hi all,

We’ve gotten some great feedback from places like this blog and our support newsgroups about the recently released Windows Defender Beta 2. We really appreciate the enthusiastic participation!

Some of this feedback has allowed us to identify a couple of problems with our setup on non-English versions of Windows: 

• We have a problem installing on systems which don’t have a group named “Users”. On these systems, the group typically exists but it is in another language.
• Sometimes the link to Windows Defender creates a new group called “Programs” at the top of the start menu.

Our international users are very important to us and so we are currently testing an updated version that fixes these issues.  That update will be available soon through the same links where you installed the original version. Until we make this version available, users may follow the steps in KB915087 to workaround these issues and successfully install Windows Defender Beta 2.

Another problem that was appearing in the newsgroups:

• Uninstalling and reinstalling can temporarily cause problems updating signatures.

This will automatically get fixed in the next update of our signatures, which is scheduled for Tuesday. Please see KB915105 for more information.

Finally, we have also received a few questions about the tray icon. A consistent point of feedback from Windows users is that there are just too many icons that appear in the system tray.  With this in mind, we decided not to display a system tray icon for Windows Defender if no action is needed.  This way, we can help the industry move towards a model where the items in the system tray are programs that need a user's attention instead of items that are simply running.  As always, your comments on this are welcome.

Thanks again for all the support and please keep the feedback coming !

Adam

An updated version of Windows Defender Beta 2 is now available from the Microsoft Download Center. This update resolves the two issues described in the below blog post relating to non-English versions of Windows and referenced in KB915087.  If you are running on a non-English version of Windows, then we advise that you uninstall the previous installation and install the updated version.  If you are running on an English version of Windows, then no action is required.

Also, a new definition update package is now available from Microsoft Update which should resolve the problem described in KB915105.  Users with Automatic Updates enabled will be notified of the availability of the release in a manner consistent with their Automatic Updates settings.

In Bill Gates' keynote at RSA in February, one of the subjects he spoke on was the ability for Microsoft to have a comprehensive view of the evolving threat landscape using the information and feedback from such tools as Hotmail, Watson, the Windows Malicious Software Removal Tool, and Windows Defender.

Each month, the Malicious Software Removal Tool runs on approximately 250 million computers, mainly via Windows Update and Automatic Updates. In February's release of the tool, we added the ability to detect and remove a worm called Win32/Alcan. We believed that Alcan would be moderately prevalent based on data from Windows Live Safety Center and Windows Live OneCare but we were genuinely surprised once we sifted through the data from the February release. During the course of that month, the tool detected Alcan (and, specifically, Alcan.B) on just over 250 thousand unique machines, easily the top detection for the month. Compare this to the Win32/Mywife.E worm (aka CME-24), which we removed from approximately 40 thousand computers in February.

Alcan.B does not exploit any software vulnerabilities. Instead, it spreads through popular peer to peer applications and its prevalence is likely due to effective social engineering. Specifically, when sharing copies of itself over a P2P network, to name the copies, it contacts several websites to look for the names of recent, popular program cracks. Thus, the worm's name is always relatively up-to-date and attractive to those surfing these networks for cracks. Also, when the worm is run, instead of displaying nothing or popping up 50 browser windows, it displays what appears to be a setup wizard window, as displayed in our write-up. When the user clicks next, an error message is displayed. Thus, the user is fooled into thinking that what he or she just ran was a buggy or incomplete program, not a worm.

Threats like this reinforce the idea that malware that exploits user weakness can be as dangerous as those threats which exploit software vulnerabilities and reinforces the value of up-to-date antivirus products as well as general user vigilance.

Matt

Today, we released a refresh of Windows Defender (Beta 2) which includes updates based on the customer feedback that we have received through this blog and the newsgroups. This update also addresses some issues that have been brought to our attention around signature updating, improves upon the usability of Windows Defender and also improves our SpyNet reporting capabilities.

First off, we have added a checkbox option to continually display the system tray icon. We heard your feedback loud and clear on this one, so those who want to see our icon with the little green check in their system tray as a sign of system health can now do so. We have also improved Windows Defender's ability to report more accurate data about potentially unwanted software through SpyNet so that we can help create better definition updates.

With these upcoming changes to our reporting network and our core technology, we will improve our detection and removal capabilities even more in the upcoming months.

Hi, this is Ziv Mador again from the Microsoft Anti-Malware team. This week, the folks over at VirusTotal added the Microsoft anti-malware engine to their service. VirusTotal is a free service that enables users to submit suspicious files to be scanned by several anti-malware engines. If you choose, files that are not identified as malicious are sent to the vendors who supply the anti-malware engines to this service to be analyzed. As of April 27, the Microsoft anti-malware scanner is included in the set of scanning engines used by VirusTotal. This scanner is based on the same technology found in Windows Live OneCare, the Windows Malicious Software Removal Tool, and Microsoft Antigen, and includes our full antivirus set of signatures. We are glad to be participating in this community opportunity.