Microsoft blocking updates for none compliant antivirus softwate

[captain_to_fire]

54 minutes ago, leadeater said:

Windows Defender just works and doesn't break stuff for illogical random reasons.

It does work and if we compare Windows Defender from March - June 2013 (WIndows 8) vs June - November 2017 Windows Defender (W10 FCU), it has significantly improved:

Spoiler

54 minutes ago, leadeater said:

For a very long time, Windows 7 era, I didn't even bother with an AV and just used common sense which tends to be much more successful than any AV .

What about non-tech literate people? Do you think it's good for them to do online banking with a PC that is not protected by anything? I don't think for a big corporation like a bank or government office to run their computers without any protection at all and Windows Defender is way too basic for a business setting:

• It cannot restrict access to USB ports
• It cannot restrict application access
• It cannot restrict websites
• Windows Defender only downloads signatures twice a day. Their competitors are downloading signatures every hour.

More specifically, Windows Defender's solution to ransomware is kinda bit half-assed. It's kinda like Bitdefender's solution but Windows Defender's half-assed solution only protect folders specified to be protected but it doesn't prevent the execution of the malicious payload. 

 

[leadeater]

33 minutes ago, hey_yo_ said:

What about non-tech literate people? Do you think it's good for them to do online banking with a PC that is not protected by anything? I don't think for a big corporation like a bank or government office to run their computers without any protection at all and Windows Defender is way too basic for a business setting:

Windows Defender is fine for home, also System Center Endpoint Protection simply manages Defender centrally and if you don't want to use that you can do it from Azure.

 

I've suffered through all the major/popular AV suites in business settings on desktop and servers and none of them are nice to use, awful to maintain and interferes with legitimate software requiring huge file/folder and process exclusion lists rendering them pointless. If something breaks through a web application which requires the temp/cache location it uses to be on that list, all you can eat infection sanctioned by your AV product.

 

We currently have SEPM on all desktops and servers, Trend Micro plugin to our network storage for real time file access scanning, Fortinet/FortiGate firewalls with content inspection and MailMarshal for email scanning.... stuff easily still gets through those multiple layers of protection. They're a joke so pick the least worst and don't worry about marketing spiel why something is better than another, all of them are just different kinds of turds to me.

 

P.S. I don't consider non-tech people as being able to have common sense when it comes to technology .

 

33 minutes ago, hey_yo_ said:

• It cannot restrict access to USB ports
• It cannot restrict application access
• It cannot restrict websites
• Windows Defender only downloads signatures twice a day. Their competitors are downloading signatures every hour.

These can all be done when you put the management layer over Defender, GPO is also a thing.

 

33 minutes ago, hey_yo_ said:

It does work and if we compare Windows Defender from March - June 2013 (WIndows 8) vs June - November 2017 Windows Defender (W10 FCU), it has significantly improved:

Sure it has improved, it was very new back then. However those tests I don't find very useful or informative at all and often don't correlate to actual real world observed results. Just pick the least broken and non intrusive one and use that as they all effectively deliver the same protection and all fail just as regularly as each other.

 

We take hourly snapshots of all our storage and keep those for a month because of how unreliable every AV is at stopping things like ransomware, separate from our backups that actually takes copies of the data off the system.  Snapshots are useful as you can reverse the damage of ransomware in 30 seconds but they are not a backup.

[jagdtigger]

7 minutes ago, leadeater said:

We currently have SEPM on all desktops and servers, Trend Micro plugin to our network storage for real time file access scanning, Fortinet/FortiGate firewalls with content inspection and MailMarshal for email scanning.... stuff easily still gets through those multiple layers of protection. They're a joke so pick the least worst and don't worry about marketing spiel why something is better than another, all of them are just different kinds of turds to me.

And this is why windows server should not be used. Its just too much hassle to secure it. Even a standard not hardened debian is more secure than that IMO...

[leadeater]

6 minutes ago, jagdtigger said:

And this is why windows server should not be used. Its just too much hassle to secure it. Even a standard not hardened debian is more secure than that IMO...

Windows Server is secure, that's just a myth perpetuated by the Linux community lol. The biggest threat to any Windows system is the person sitting in front of the computer and if your users are directly on your servers then you are doing it wrong, RDS is the exception and you can make that secure easily.

 

Default debain isn't that secure, less than Windows, and because of this mentality about it being so secure most people never keep the system up to date with security patches making them woefully insecure.

 

Also FYI the issue point out actually has nothing to do with Windows at all, Windows isn't running on a FortiGate firewall appliance and our network storage is Netapp cluster also not Windows in the slightest.

[captain_to_fire]

4 minutes ago, leadeater said:

We currently have SEPM on all desktops and servers, Trend Micro plugin to our network storage for real time file access scanning, Fortinet/FortiGate firewalls with content inspection and MailMarshal for email scanning.... stuff easily still gets through those multiple layers of protection. They're a joke so pick the least worst and don't worry about marketing spiel why something is better than another, all of them are just different kinds of turds to me.

Wouldn't the use of different security solutions interfere with each other? I think the likes of Symantec and Trend Micro have these bundled in their enterprise solutions like anti-spam for Microsoft Exchange, workstation and server protection, and even agent-less hypervisor solution for virtual machines. 

 

Also, I do not know what is Mail Marshal. 

9 minutes ago, leadeater said:

P.S. I don't consider non-tech people as being able to have common sense when it comes to technology .

The more reason I cannot trust my parents' PC to be completely safe without an AV warning them that a website is not safe and harboring malware. For example, many websites include crytocurrency miners secretly and aside raising electric bills, it can also brick a PC. Most AV programs now include blocking and terminating processes known to cryptocurrency miners. 

 

 

 

[jagdtigger]

8 minutes ago, leadeater said:

Windows Server is secure, that's just a myth perpetuated by the Linux community lol. The biggest threat to any Windows system is the person sitting in front of the computer and if your users are directly on your servers then you are doing it wrong, RDS is the exception and you can make that secure easily.

 

Default debain isn't that secure, less than Windows, and because of this mentality about it being so secure most people never keep the system up to date with security patches making them woefully insecure.

 

Also FYI the issue point out actually has nothing to do with Windows at all, Windows isn't running on a FortiGate firewall appliance and our network storage is Netapp cluster also not Windows in the slightest.

Well i thought it was a windows since its running an AV... BTW i doubt that debians default habit of running each software as a different non privileged user(or just simply as nobody) is less secure than windows's all programs under one user...  Then to top it off there is SELinux or making jail's.

Edited January 10, 2018 by jagdtigger

[leadeater]

1 minute ago, hey_yo_ said:

Wouldn't the use of different security solutions interfere with each other? I think the likes of Symantec and Trend Micro have these bundled in their enterprise solutions like anti-spam for Microsoft Exchange, workstation and server protection, and even agent-less hypervisor solution for virtual machines. 

They're all layers that don't directly interact with each other, layers things have to go through but no issues with interoperability like you're thinking. It's more like having to go through multiple different police check points, they don't care what happened at the last one and only takes one of them to stop you.

 

MailMarshal is an email scanner btw, think it's called Trustwave now.

[leadeater]

3 minutes ago, jagdtigger said:

Well i thought it was a windows since its running an AV... BTW i doubt that debians default habit of running each software as a different non privileged user(or just simply as nobody) is less secure than windows's all programs under one user...  Then to top it off there is SELinux or making jail's.

For a server services don't run as one user, what we do is create 'service accounts' in AD and assign them the least privileges possible for the application to work then configure the service on the server to run using that account. Quick and simple to do yet this basic knowledge is absent from most system admins who work in smaller businesses.

 

Auditing is also better this way and AD/Windows itself is heavily ingrained in using Kerberos which means you can track and control exactly where and what that service account has access to.

 

Windows Server is about as similar as Linux desktop is to Linux server, fundamentally the same but totally different and should be treated as different. 

[jagdtigger]

56 minutes ago, leadeater said:

For a server services don't run as one user, what we do is create 'service accounts' in AD and assign them the least privileges possible for the application to work then configure the service on the server to run using that account. Quick and simple to do yet this basic knowledge is absent from most system admins who work in smaller businesses.

 

Auditing is also better this way and AD/Windows itself is heavily ingrained in using Kerberos which means you can track and control exactly where and what that service account has access to.

 

Windows Server is about as similar as Linux desktop is to Linux server, fundamentally the same but totally different and should be treated as different. 

But by default it doesnt do that, you have to do it manually. Mean while in my experience services installed on debian tend to create a user for themselves when they get installed and run under them(and if i remeber correctly they also join to groups that "own" the resources that needed for the service to function so they cant access anything that they dont need).

Edited January 10, 2018 by jagdtigger

[leadeater]

21 minutes ago, jagdtigger said:

But by default it doesnt do that, you have to do it manually. Mean while in my experience services installed on debian tend to create a user for themselves when they get installed and run under them(and if i remeber correctly they also join to groups that "own" the resources that needed for the service to function so they cant access anything that they dont need).

Depends on the application, most server applications during install ask for an account to run as and if you aren't running a single server network it's not going to work at all if you leave it as default running as either local system or network service.

 

On Windows applications run as the user that runs them or if it's a service it runs as the account as configured. This is not really any different from Linux either.

 

For example if you install the IIS role on a server and install a web application that requires access to a database you must configure the IIS application pool to use a specific service account then grant that account access to the database, default configuration just won't work.

 

Both systems can easily as each other be configured improperly and have bad security, people generally understand that you actually have to configure Linux but for what ever reason think you don't need to or can't for Windows. Far as file system security goes you actually have more fine grained control with NTFS than you do with Linux, this is both a positive and a negative though as the breadth of permission options in NTFS is immense.

[Xander Cousins]

I Find the interesting because what Microsoft is saying here is pretty much they want AV software to go through proper checks instead of their Bypass BS they are doing now.

 

The only reason I would see Microsoft saying this is because they have realised that the AV Bypass BS is actually a threat and could cause easier access to the system files by Malicious viruses that actually try to use your AV software.

 

In my personal experience. AV company's could also be the source of why your computer runs slower. I Say in personal experience as my pc has been without an AV (Including Windows Defender) for over Two years and since then my Pc has actually got fatter Boot times and response times when navigating and opening applications. While before then my pc felt very sluggish  

[captain_to_fire]

1 hour ago, Alex Colson said:

In my personal experience. AV company's could also be the source of why your computer runs slower. I Say in personal experience as my pc has been without an AV (Including Windows Defender) for over Two years and since then my Pc has actually got fatter Boot times and response times when navigating and opening applications. While before then my pc felt very sluggish  

Are you sure that your anti virus is the reason that your PC is slower? Maybe what you need is a spec upgrade? Have you checked that maybe you need more RAM, HDD to SSD, and have you checked the fan of your processor? Maybe you need compressed air to blow off dust or replace the thermal paste? 

 

If you’re thinking Photoshop or Da Vinci Resolve would run fine with 4GB of RAM, then forget about it. 

[Xander Cousins]

10 minutes ago, hey_yo_ said:

-Snip-

 

I'll be honest I am bad when it comes to cleaning my Case out as it is a struggle to get to the thing let along the cables that come with it getting unplugged like damn.

 

x3 Monitor Cables,

Mouse n Keyboard,

Ethernet Cable,

Wireless Dongle for Joystick,

Usb cable for Graphics Tab,

Headset USB power cable etc.

 

I knew it was possibly my AV as my PC and Laptop both where sluggish when it was active, Pc was slow to boot at times and would hang on programs loading at times. Laptop was already slow but when that was installed it was literally a Snail. (Once took an hr just for it to log into my profile). - When I say this the Laptop was WIPED CLEAN the only thing on it was the bloatware it came with and the AV and the bloatware was all disabled for launching during star up.

 

I'm Kind of offended you think I have 4GB of Ram but I don't exactly have a spec list in my thing so eh. 

 

My Pc is currently this:

Intel i3-4170 Quad Core,

8GB DDR3 Ram (I think ddr3)

750w PSU,

A R9 Series Gpu (don't know the specific one)

1TB HDD(Slave/), 1TB HDD(Primary)

 

My primary drive has over 500GB free space while the Slave has 200GB of free space(Game Library).

I Swapped storage location for my games when I noticed it was running slower  in summer last year after I removed AV software. Swapped the Games onto the Slave Drive and to computer seems to run fine again apart from Display hiccups (Caused by the Curved TV not being on when booting up). 

 

So ya I think it was the AV software. TBF is was NORTON

 

 

[Misanthrope]

While I can somewhat understand the technical reasons, this is really not going to sit well with antitrust commissions. 

[captain_to_fire]

2 minutes ago, Alex Colson said:

-snip-

Maybe what you need is a Windows reinstall and a new SSD.

[Xander Cousins]

Just now, hey_yo_ said:

-Snip-

Pc's running fine now. if you mean for the Curved Tv it's gonna do that as when the tv powers of the computer won't detect the single and I have it placed as my main monitor so if it aint on whe ni boot up then I need to bootdown and boot up. if it is well the boot speed is fine. 

 

Secondly, Ya I need an SSD just CBA to get one atm . The Reinstalling windows would take too much time when I use that pc a lot. The speed it is at I am happy with. I can boot up pc and Launch Steam, Discord, Teamspeak and Chrome and they will be ready to use within 3minutes  eta. 

[captain_to_fire]

@vorticalbox, here are the list of AV vendors who is now compatible with the Microsoft patch as of January 8, 2018. 

https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true 

 

https://doublepulsar.com/important-information-about-microsoft-meltdown-cpu-security-fixes-antivirus-vendors-and-you-a852ba0292ec 

 

RIP users of McAfee and Trend Micro

[SpaceGhostC2C]

19 hours ago, M.Yurizaki said:

You don't need any valuable data to be considered a target. If someone wants to turn your computer into a botnet, the fact you have a computer on the internet is all they need.

That is true, but that makes you a potential  victim of un-targeted attacks, while I think he was referring to "being a target", i.e., being someone who an attacker would specifically would want to target, hence exerting the effort required for targeted attacks (or that's at least how I understood it). Many vulnerabilities require some case-by-case implementation by the attackers, making them largely irrelevant for random consumers (that's not to say that an Equifax-grade ordeal, which could ensue from a targeted attack, can't be a concern for consumers in the end).

Anti-viruses were conceived with non-targeted attacks in mind (hence the "virus" behavior, it just randomly spread wherever it can), and botnets are created through similar "infect everything" logic. It's kind of the difference between stealing your car, which is always possible, no matter which car you have, and stealing a car, in which case any small counter-measure will deflect the attack towards someone else's  

Anyway, I don't think I'm explaining anything you weren't aware of here, other than what kind of "target" the original post had in mind.

 

 

6 hours ago, leadeater said:

The biggest threat to any Windows system is the person sitting in front of the computer and if your users are directly on your servers then you are doing it wrong

That's just a myth perpetuated by the sysadmin community (and, by extension, the Linux community)! 

 

[Mira Yurizaki]

1 minute ago, SpaceGhostC2C said:

That is true, but that makes you a potential  victim of un-targeted attacks, while I think he was referring to "being a target", i.e., being someone who an attacker would specifically would want to target, hence exerting the effort required for targeted attacks (or that's at least how I understood it). Many vulnerabilities require some case-by-case implementation by the attackers, making them largely irrelevant for random consumers (that's not to say that an Equifax-grade ordeal, which could ensue from a targeted attack, can't be a concern for consumers in the end).

Anti-viruses were conceived with non-targeted attacks in mind (hence the "virus" behavior, it just randomly spread wherever it can), and botnets are created through similar "infect everything" logic. It's kind of the difference between stealing your car, which is always possible, no matter which car you have, and stealing a car, in which case any small counter-measure will deflect the attack towards someone else's  

Anyway, I don't think I'm explaining anything you weren't aware of here, other than what kind of "target" the original post had in mind.

I liken this more to "I don't have anything in my house worth stealing, so I don't care for locking the doors or leaving them closed"

 

Just don't be upset if a hobo decides to crash in there.

[Matu20]

Fuck every AV, creates more problems, common sense is the best AV imo.

[leadeater]

3 hours ago, SpaceGhostC2C said:

That's just a myth perpetuated by the sysadmin community (and, by extension, the Linux community)! 

Hey now, we all know most server screw ups are due to operator error  lol.

[vorticalbox]

11 hours ago, Arokhantos said:

So which anti virus are fine to use and which need to be patched ?

Added list to op on what information I could find.