Report Malwares to Malware Killers

If you are using Windows 10 or Windows 8, you have Anti-Malware software build into your PC. It is Windows Defender and it is full Anti-Malware protection. In Windows Vista and Windows 7, Windows Defender is Anti-Spyware only and it won’t protect you against all malwares but you may use Microsoft Security Essentials which is full Anti-Malware software. In general, I recommend all of you consider upgrading to Windows 10 which has the best protection against cyber-threats.

Anti-Malware products are trying their best to protect you. There are Microsoft Anti-Malware labs around the world and researchers there work on finding sample of malwares, analyze them and make sure their Anti-Malware product is capable of protecting users worldwide. There are smart engines in Anti-Malware products which are able to detect unknown malwares (the one which are not detectable) by their behaviors. There are many techniques and methods to detect, protect and remove malwares from a PC. But unfortunately, there is no Anti-Malware product which is capable of detect everything. Malware authors, try their best to bypass Anti-Malware products while Anti-Malware vendors including Microsoft try their best to make sure their product it capable of detecting every malware. While the battle between Microsoft Malware Protection team and bad guys who try to take over your Windows and bypass the Anti-Malware products is going on, you might wonder how you could help them.

If you ever faced any sample which might be suspicious and Windows Defender, Microsoft Security Essentials or any other Anti-Malware product is unable to detect it, you could submit sample to Microsoft Malware Protection Center. Your sample will be analyzed and if you already login, you may see the list of submission results. Please take note, if you believe your PC is already infect, DO NOT sign in with Microsoft Account, because there might be a keylogger or spyware which could steal your username and password. You could submit sample anonymously by just enter a name. Doing so would help people in Microsoft Malware Protection Center to analyze sample and make Anti-Malware product smarter and of course block more malwares.

Let say, if you face a website which might contains malware, you could submit sample in Internet Explorer by open Tools->Safety->Report unsafe website and in Microsoft Edge, click on tools->Send Feedback->Report unsafe website and in the menu, and select I believe this is a malicious website. It helps Microsoft to block malicious website and also investigate the website for possible unknown malwares.

In Microsoft, there are many people who are trying their best to protect you against cyber-threats, so let’s work together and help them to bring a better cyberspace. If you are using non-Microsoft Anti-Malware products, you still could report sample of malware to Microsoft Anti-Malware Protection Center just in the list, select product as Others and then explain your issue in Additional Information.

I am Looking for an Anti-Malware for Windows 10

Windows 10 recently released to the public and people are excited about it. Many people asking about Anti-Malware software for Windows 10. They are asking about whether their Anti-Malware product will be worked on Windows 10 or should they use their current Anti-Malware product or switch to something else. There are two main scenario will be discussed with regards to Anti-Malware for Windows 10 which are Microsoft Anti-Malwares and Third-party Anti-Malwares.

Microsoft Anti-Malwares: In case you are Windows 8 user, you might already know about Windows Defender. It is Anti-Malware build into Windows 8 and it is successor of Microsoft Security Essentials. As long as you don’t install any other Anti-Malware products, you could use it and it will protect you against malwares. The basic interface for Windows Defender in Windows 10 is very similar to Windows Defender in Windows 8, however there are some changes in term of interface in Settings. In Windows 10, Windows Defender settings is being manage by Settings in Windows. In case you are using earlier version of Windows like Windows 7, Windows Vista or Windows XP, then you might have used Microsoft Security Essentials. In this case, you should take a note that Windows Defender is the successor of Microsoft Security Essentials and if you are upgrading to Windows 10 make sure uninstall Microsoft Security Essentials first and then upgrade to Windows 10. In case, you are doing clean install of Windows 10, once you install it, make sure check Windows Defender and make sure it is on and running. Microsoft Security Essentials and Windows Defender both are using similar Anti-Malware protection engines and they protect you the same way. However, in Windows 10 the protection is more advance since they are technologies like ELAM which enhance protection. Consider Windows Defender as successor to Microsoft Security Essentials and enjoy it.

Third-party Anti-Malwares: During Technical Preview of Windows 10, many people complain about compatibility of their Anti-Malware products with Windows 10. The main reason for these problems was majority of Anti-Malware vendors didn’t want to provide resources or support for pre-release version of Windows and instead they concentrate on working on developing supported version for final release of Windows 10. Right now, majority of Anti-Malware vendors announced their Anti-Malware products are ready for Windows 10. In many cases, you need to perform some updates or upgrade to the latest version to be able to take advantage of compatible Anti-Malware for Windows 10. In addition, as long as you have valid subscription for your Anti-Malware product, you are eligible to upgrade your Anti-Malware product for free (in most cases) and if it is the case, you should refer to your Anti-Malware vendor’s support website for more details. You could still enjoy using your current Anti-Malware software in Windows 10.

Now, back to the main question, should we use current Anti-Malware product or switch to another? Selecting Anti-Malware is something personal and it depends on what you expect from an Anti-Malware product and which product satisfy your requirement the best. Some people are selecting one brand because it great support, while other might select it because they like its graphical user interface or options. This is a question when answer is known only to you. You should ask yourself, how you define a good Anti-Malware product and why? Everyone might have a unique answer to this question depending on their past experience and their expectation. One other important note is, some people report about bad experience with some Anti-Malware products and they abandon them long time ago and they never used it. You may consider try them again as over time a lot of improvements happens and you might love the latest version.

In case you love Microsoft Security Essentials or Microsoft Anti-Malware products, you don’t need to install or look for anything, Windows Defender is already build in into your Windows and as long as you don’t install any other Anti-Malware product it is there to protect your PC. If you install any other Anti-Malware product, it will disable Windows Defender to avoid conflict and once you uninstall your current Anti-Malware product, Windows Defender will be enabled. Please be reminded that after installing or uninstalling Anti-Malware or any other software, it is recommended to restart your PC.

I hope everyone enjoy their Anti-Malware products in Windows 10 and enjoy new experiences in Windows 10.

Anti-Malware Products Protect You Against 0-Days Vulnerabilities

Vulnerability is a weakness in security of a software system which if it been used it could cause security risk like compromising a system or cause security attack. It is exist in any software system and could discover any time. Many security researches, spend several resources to discover new vulnerabilities and working with companies to report them privately and resolve them. Once a vulnerability have been discovered by researchers, they will work with the software vendor to resolve it. When problem been resolved, the solution will release as an update and when end user install them, they will be protected against these vulnerabilities.

In a good case, vulnerability should be discovered by trustworthy people and its details should kept confidential until solution to address it been developed and tested and release as an update. But this is not the case all the time. Sometimes, vulnerabilities been discovered by bad guys, hacker or cybercriminals and they use it for criminal purposes and they won’t even notify the software vendors to fix it. Even when software vendor notice this issue, it is not possible to release an update and fix right away and it might take some times to do more research and testing. Another case is a research is being done confidentially but it suddenly disclosure to the cybercriminals and before solution released, vulnerabilities will be used for criminal purposes. There are number of reasons that we couldn’t release updates right away. First vulnerability should be investigated thoroughly so fixing this vulnerability won’t create new vulnerability. Another issue is when fix or update developed, it should be tested to make sure it won’t cause conflict or error with other applications or programs. In addition, some vulnerabilities are complex and need more time to think about a right fix and also preventive measurement which such vulnerability or other vulnerabilities similar to this one won’t reappear in future. The other problem is when solution to vulnerability been found and released as an update end users might not apply it right away. They might delay update because they are in middle of important project or task or they need time to test update first before apply it. So this delay time between discovering vulnerabilities and releasing update to fix it , might give opportunity to cybercriminals (if the update is publicly known) to use it for criminal purposes.

However, there are many ways to protect yourselves against such a vulnerabilities which technically known as 0-Day Vulnerabilities. Your Anti-Malware software is protecting you against Virus, Worm, Trojan, Spyware, Adware and other malicious programs. It protects you against 0-day vulnerabilities too. It might take time to check and investigate an update for vulnerabilities, but releasing an update similar to the Anti-Malware signature for the same vulnerabilities is not take that much time, because Anti-Malware will see vulnerability similar to other malwares and if detect anything which similar to the vulnerability which been discovered, it could detect and quarantine it or block and remove it. Anti-Malware updates are daily and regular and many people and administrators will know they have to update their Anti-Malware products in daily bases so you will get the update faster. So if you have updated Anti-Malware product such as Microsoft Security Essentials or Windows Defender (in Windows 8, Windows 8.1, and Windows 10 Technical Preview) it will protect you against vulnerabilities while you are waiting for update. Note this does not mean you don’t need update your operating system and software. But simply you could rely on Anti-Malware products to protect you against 0-day vulnerabilities while the actual solution is being developed or you are deploying updates.

Anti-Virus for Windows 10 Technical Preview

The next version of Windows is Windows 10 which is successor to Windows 8 and Windows 8.1. Many people ask about Windows 9. Did we miss Windows 9? When it have been released? Well, there is NO Windows 9 and you didn’t miss anything and right after Windows 8 or Windows 8.1, you will see Windows 10. You may want to know about what Windows 10 is look like and what is new and you might ask how can I get involve in improving Windows 10. It is a good opportunity for you to join Windows Insider Program and you have opportunity to try Windows 10 Technical Preview and try it out and if you have any feedback or if something is not working, you may use Feedback form to report it. Important note is this release is Technical Preview and NOT the final one and it will have issues like compatibility , problem with working and installing software and you should NOT install it if you are not confident to resolve problems in Windows or for production and working environment. You may use Windows 10 Technical Preview if you want play around with it and test it and report issues and problem and just play around with it and of course share your idea with Windows team.

One common question is what Anti-Virus software I should install on Windows 10 Technical Preview? Like Windows 8 and Windows 8.1, you already have Windows Defender installed in Windows 10 Technical Preview. It protects you against Virus, Worm, Trojan, Spyware, Adware, Keylogger and other malicious programs. Windows Defender is successor to Microsoft Security Essentials and it is preinstalled in Windows 8, Windows 8.1 and Windows 10 Technical Preview.

If you want to install other Anti-Virus software in Windows 10 Technical Preview, it might or might not work. In case that it didn’t work, you should check you are installing the latest version of Anti-Virus software (the one that is working on Windows 8.1) and also look into beta website of Anti-Virus vendor (if exist) and check if they have any beta release for Windows 10. Some Anti-Malware companies might open beta programs for upcoming version of their products and also intend to test it on Windows 10. In addition, if you face any compatibility issue always use Feedback form to report it. For Anti-Virus product you should NEVER run them on compatibility view because they might run but they are unable to completely protect you in compatibility mode. It is recommended to use existing Anti-Malware in Windows 10 Technical Preview which is Windows Defender to protect yourself against malwares.

 

 

 

Detecting Potential Unwanted Software

Potentially unwanted software is not as dangerous as Virus, Worm or Rootkit but it is still cause harm to you and your computing experience and bothers you. One of the goal of computer security is to make sure you will enjoy your computing experience without bother about unwanted advertisement and software. Microsoft Anti-Malware team recently made some changes on criteria of detect a software as potential unwanted software and enforce it in new Anti-Malware technology. So if you are using any Microsoft Anti-Malware Products including Microsoft Security Essentials, Windows Defender in Windows 8, Windows Intune Endpoint Protection, System Center Endpoint Protection, Forefront Endpoint Protection, Microsoft Safety Scanner and other products, this is applicable for you and it is already being applied in your system (if your Anti-Malware product is updated. The new criteria for considering a program as potential unwanted software is as follows:

  • Unwanted behavior: Let say a software been installed and you don’t know how to uninstall it. One easy and direct way of install a software is through uninstall programs in control panel, but it is not there and you have a difficult time to remove it or it displaying several advertisements and you don’t have control to close them or disable them, these are some example of potential unwanted behavior, software behave in a way which we don’t want them to do so. It is different form a software error which is unexpected. Unwanted behavior is something which is expected and designed and developer is well aware of it and design it that way.

 

  • Advertising: You will see unwanted advertisements and pop-up. It is different from advertisement in websites which the web designer designed their websites in a way to show such an advertisement and you won’t get advertisement when you won’t visit a website. An advertisement consider as Adware or Potential Unwanted Software , when it take your PC and advertise for you by modifying your browser to show their advertisements usually in all or most webpage or simply show advertisement when you are using your PC.

 

  • Privacy: When software collect your personal information and especially when it won’t get permission from you and there is no proper privacy statement and how it collect, manage and use your data. There is software which collect your PC information to give you a right service, like let say a program develop in two different language, it might check your language setting and depending on that show you guide and help with language same as your PC which consider safe but if it send it over remote server without declaring it or providing reason, that is something we should consider as privacy breach.

 

  • Consumer opinion: Whether we classify software as potential unwanted or safe is very subjective, a program might consider safe for some people and for other consider unsafe and unwanted. For this reason, depending on how majority of people experiencing with a software that consider whether classify a software as unwanted or safe.

For detail information about criteria of considering a program as potential unwanted software by Microsoft Anti-Malware technology, you may have a look at How Microsoft antimalware products identify malware and potentially unwanted software

All of you could help to improve detection of potential unwanted software , so if you are using any Microsoft Anti-Malware product and there is software which you believe meet above criteria and won’t detect as potential unwanted software (simply example a program which install without your knowledge or the one which is very difficult to be removed, you could submit a sample of it to Microsoft Malware Protection Center. When you submit a sample is being analyze by Anti-Malware researchers and if it consider as a threat, a removal or definition signature for it will be created and when you update your Anti-Malware product it is able to remove it and prevent it from being installed in future.

So let us find those unwanted programs and get rid of them and if you face new and undetected one, just report them.

 

 

My Anti-Malware Could Not Detect a Malware

Companies developing Anti-Malware products are having a common goal to make sure all known malwares are being detect and remove from the system, in addition they want to make sure unknown or undiscovered malwares could not bring harm to a system. Achieving such a goal would be done in number of ways. In order to make sure all known malwares in the world are being detect and remove, they will work with several organizations and other security companies. When there is a sample of new malware, they will share it in public blacklist of malwares so other Anti-Malware vendors would have access to those samples and they could develop Anti-Malware signature which remove the malware using it. This part required on-going collaboration and international work with organizations all over the world. The difficult part is to detect an unknown or undiscovered malware. It is not easy to detect and remove something which we are not aware of it. In this case Anti-Malware vendors develops techniques to detect unknown threats based on their behaviors, similarity of actions with former malwares , analyzing previous vulnerabilities or malware infections, etc. Companies will use different ways and techniques to detect unknown malwares and sometimes such a detection might lead to incorrectly detect a safe software as malware. In most cases, when an Anti-Malware detects suspect programs that seems to be a malware, it will placed it in quarantine (a place to place malicious code which could be removed or recovered later) and will send it as sample to research team if the user permit the Anti-Malware to do so. These samples will analyze and if they been confirmed as malware, then they will release a signature through update to completely detect and remove it and its dependencies. In case that it detect as safe, then another signature will release to mark it as safe so it won’t detect as malware anymore.

Even though Anti-Malwares companies spending several resources on research and detect malwares, there are still possibilities that an Anti-Malware product could not detect a malware. This issue applies to all Anti-Malware products and in all operating systems. Some users said that we are switching to platforms like Linux or Mac, so we don’t have issue with malwares. Well, that is NOT true, you are not safe from getting infected with unknown malware, no matter what platform or what Anti-Malware are you going to use. This is unfortunate fact and we should deal with it. However, there are ways to control situations and keep malwares far away from ourselves. In order to protect yourselves against unknown malicious programs:

1)      Use operating systems with strong security foundation like Windows 8.1, in architecture of Windows there is a concept of defense in depth, it means your Anti-Malware is only one of defense layer of your system and if a malwares bypass it, there are other protection features in Windows like DEP or ASLR which could protect you.

 

2)      If you see any suspect files or programs, report it to your Anti-Malware manufacturer. All Anti-Malware companies will have a ways to ask user to do a manual submission of suspect files. For Microsoft, you could submit to Microsoft Malware Protection Center.

 

 

3)      If you run scan with another Anti-Malware scanner and it detects samples which might not detect with your current Anti-Malware product, report them as well. In many cases, there are cases of incorrect detection (technically false-positive detection) and when you submit those samples, please explain that those been detected by which scanner.

 

4)      Your Anti-Malware manufacturer is your friend. One of the biggest mistake of many users is when they face undetected malware, they just switch to other operating system or other Anti-Malware products. Instead of doing that, get help of your Anti-Malware company support and ask them about best practices and how to handle unknown threats.

 

Battle against malwares requires working together with international communities and users and security vendors should work as one team to combat against malwares.

Anti-Virus for Windows 8.1 Preview

Windows 8.1 Preview is available and many of you might already tried it or you are planning to do so. Windows 8 comes with Anti-Malware which is Windows Defender and it will remains for Windows 8.1 Preview. You don’t have to be worry about Anti-Malware solution because is pre-loaded in Windows. However, you might want to try different Anti-Malware product. For Windows 8, most of security vendors provide Anti-Malware product that is working with Windows 8 and you probably using them. For Windows 8.1 Preview, some users come across problem that their existing Anti-Virus product is not working in Windows 8.1 Preview while it was working just fine in Windows 8 and it was compatible.

This is because Windows 8.1 Preview is under development and testing and is NOT the final release product and issues like compatibility issues, errors, crash, etc. are expected in preview version. There are Anti-Malware vendors who are open beta participation for next version of Anti-Virus product that will be working on Windows 8.1 Preview, it is good idea to participate in beta program and help product team to improve their products by submit feedback and report errors. There are other Anti-Virus products that might not work in Windows 8.1 Preview at the moment and there is no beta program for upcoming release, in that case you could search their forum for discussions about their Anti-Virus product in Windows 8.1 Preview and continue discussion, if there is no discussion, you could create one. If your Anti-Virus product is not working in Windows 8.1 Preview and there is no compatible of the Anti-Virus at the moment, you could just use Windows Defender that is pre-installed in your Windows 8.1 Preview for time being.

In general, if you face issue that you have Anti-Virus that was working in Windows 8 and is NOT compatible with Windows 8.1 Preview, then follow these steps:

1. Visit the Anti-Virus company website and look into beta or testing center and look for beta programs of Anti-Virus products that is working on Windows 8.1 Preview.

2. If there is no such program, search company website for Windows 8.1 Preview and look for discussion, news and articles in their website. You could refer to their forum and follow up discussion on Anti-Virus on Windows 8.1 Preview or open a new discussion , if there is no such discussion.

3. If there is no solution at the moment, you could just use Windows Defender in Windows 8.1 Preview and you could access it by search for Windows Defender. If you already installed any Anti-Virus, you could use Windows Defender by uninstall your existing Anti-Virus.

If you have Anti-Virus that is working on Windows 8 and is compatible with Windows 8, it will work in final release of Windows 8.1, but for preview version you might wait for a while for compatible version or wait for final release. Note that Windows 8.1 Preview is under development and testing and Anti-Virus companies are working to make sure their products will work in Windows 8.1. You could try Windows 8.1 Preview by download it from its official website.