Why My Anti-Malware Product Won’t Detect All Malwares?

Common question, I am hearing from users is well, I am using Anti-Malware software and I paid the license but why it won’t be able to detect all malwares? Do we have any Anti-Malware product to be able to detect and remove all malwares?

We always say that, there is no Anti-Malware software which is able to detect and remove all malwares. Anti-Malware products are able to detect all malwares in wide-list. It is list of all malwares which has been discovered and it is keep updating. Of course, if we know about malware, we could detect it. But there are tons of new malwares which are being created every day and let say it is not possible to say our Anti-Malware product is able to detect all unknown malwares too. However, they won’t leave them to go around and harm users. Anti-Malware products comes with techniques to detect unknown malwares like using heuristic detection which uses machine learning and detect suspicious objects or applications based on similarity with other known malwares and behavior monitoring which detect unknown malwares based on abnormal behavior or similarity of their behavior to known malwares. There are several techniques which Anti-Malware vendors are using to detect unknown malwares. They are placing spam-trap or honeypot to collect sample of new malwares. They doing research on black markets for new malwares and users also submit sample to them. It is whole ecosystem and keep improving to make sure unknown malwares are being detected and discovered by good guys before get used by bad guys. However, it is not possible to detect all unknown malwares. So, what to do?

Anti-Malware is not the only thing which protects you against malware. There is beautiful concept of defense in depth in Windows, which explained you have defense layers which could stop malware even before they reach to Anti-Malware product like SmartScreen Filter, DEP, ASLR and others. In addition, you as a user should learn about threats around you, if you are visiting website which looks suspicious, you have to report it through SmartScreen filter. If you have sample of program which you believe it is malware but your Anti-Malware software says it is safe, submit it for analysis. Don’t hesitate contacting support or security forums to ask about your concerns with unknown malware and unknown programs. Keep yourself update about latest security incidents and best practices.

 

 

 

Advertisements

Questions about Windows Defender in Windows 10

Windows 10 comes with Windows Defender pre-installed (actually Windows 8 comes with Windows Defender) and it is full real-time Anti-Malware product. Windows Defender was free download for Windows XP and build into Windows Vista and Windows 7 as Anti-Malware product only. Later on, if you want to protect yourself against all malware, you could install Microsoft Security Essentials for Windows XP, Windows Vista and Windows 7. Today, Windows XP and Windows Vista are no longer supported and hence Microsoft Security Essentials are also no longer supported in these platforms and we have Microsoft Security Essentials for Windows 7 and Windows Defender pre-build into Windows 8 and Windows 10. Here I would like to answer to some of questions related to Windows Defender in Windows 10:

I am using Windows 10 , do I need another Anti-Malware product?

No, you have Windows Defender inside your Windows and it is full Anti-Malware product and it is protecting you against all malwares including Virus, Worm, Trojan, Spyware, Rootkit, Bootkit, Adware and so on.

Is Windows Defender really protecting me?

Windows Defender shows a good performance in detecting and removing all malwares according to latest test by independent researcher.

There is file I believe is a virus but it won’t be detected by Windows Defender or I have a file which is safe but being detected as virus incorrectly, what can I do?

These are known issues to all antivirus vendors like Windows Defender. You could report both cases through Microsoft Anti-Malware Sample Submission website https://www.microsoft.com/en-us/wdsi/filesubmission

Can I use different Anti-Malware product?

Yes, as long as Anti-Virus software is working fine with Windows 10 and it is compatible, you may use another Anti-Malware product and they will disable Windows Defender and replace it. Once you uninstall your Anti-Malware product, Windows Defender should get back to work.

I do have other questions or problem, what can I do?

There are other questions and answers you could find about Windows Defender and other Microsoft Anti-Malware products on https://answers.microsoft.com/en-us/protect and if your question is not answered or asked there, you may ask new question .

Enjoy using Windows Defender and have a safe cyberspace.

Report Malwares to Malware Killers

If you are using Windows 10 or Windows 8, you have Anti-Malware software build into your PC. It is Windows Defender and it is full Anti-Malware protection. In Windows Vista and Windows 7, Windows Defender is Anti-Spyware only and it won’t protect you against all malwares but you may use Microsoft Security Essentials which is full Anti-Malware software. In general, I recommend all of you consider upgrading to Windows 10 which has the best protection against cyber-threats.

Anti-Malware products are trying their best to protect you. There are Microsoft Anti-Malware labs around the world and researchers there work on finding sample of malwares, analyze them and make sure their Anti-Malware product is capable of protecting users worldwide. There are smart engines in Anti-Malware products which are able to detect unknown malwares (the one which are not detectable) by their behaviors. There are many techniques and methods to detect, protect and remove malwares from a PC. But unfortunately, there is no Anti-Malware product which is capable of detect everything. Malware authors, try their best to bypass Anti-Malware products while Anti-Malware vendors including Microsoft try their best to make sure their product it capable of detecting every malware. While the battle between Microsoft Malware Protection team and bad guys who try to take over your Windows and bypass the Anti-Malware products is going on, you might wonder how you could help them.

If you ever faced any sample which might be suspicious and Windows Defender, Microsoft Security Essentials or any other Anti-Malware product is unable to detect it, you could submit sample to Microsoft Malware Protection Center. Your sample will be analyzed and if you already login, you may see the list of submission results. Please take note, if you believe your PC is already infect, DO NOT sign in with Microsoft Account, because there might be a keylogger or spyware which could steal your username and password. You could submit sample anonymously by just enter a name. Doing so would help people in Microsoft Malware Protection Center to analyze sample and make Anti-Malware product smarter and of course block more malwares.

Let say, if you face a website which might contains malware, you could submit sample in Internet Explorer by open Tools->Safety->Report unsafe website and in Microsoft Edge, click on tools->Send Feedback->Report unsafe website and in the menu, and select I believe this is a malicious website. It helps Microsoft to block malicious website and also investigate the website for possible unknown malwares.

In Microsoft, there are many people who are trying their best to protect you against cyber-threats, so let’s work together and help them to bring a better cyberspace. If you are using non-Microsoft Anti-Malware products, you still could report sample of malware to Microsoft Anti-Malware Protection Center just in the list, select product as Others and then explain your issue in Additional Information.

I am Looking for an Anti-Malware for Windows 10

Windows 10 recently released to the public and people are excited about it. Many people asking about Anti-Malware software for Windows 10. They are asking about whether their Anti-Malware product will be worked on Windows 10 or should they use their current Anti-Malware product or switch to something else. There are two main scenario will be discussed with regards to Anti-Malware for Windows 10 which are Microsoft Anti-Malwares and Third-party Anti-Malwares.

Microsoft Anti-Malwares: In case you are Windows 8 user, you might already know about Windows Defender. It is Anti-Malware build into Windows 8 and it is successor of Microsoft Security Essentials. As long as you don’t install any other Anti-Malware products, you could use it and it will protect you against malwares. The basic interface for Windows Defender in Windows 10 is very similar to Windows Defender in Windows 8, however there are some changes in term of interface in Settings. In Windows 10, Windows Defender settings is being manage by Settings in Windows. In case you are using earlier version of Windows like Windows 7, Windows Vista or Windows XP, then you might have used Microsoft Security Essentials. In this case, you should take a note that Windows Defender is the successor of Microsoft Security Essentials and if you are upgrading to Windows 10 make sure uninstall Microsoft Security Essentials first and then upgrade to Windows 10. In case, you are doing clean install of Windows 10, once you install it, make sure check Windows Defender and make sure it is on and running. Microsoft Security Essentials and Windows Defender both are using similar Anti-Malware protection engines and they protect you the same way. However, in Windows 10 the protection is more advance since they are technologies like ELAM which enhance protection. Consider Windows Defender as successor to Microsoft Security Essentials and enjoy it.

Third-party Anti-Malwares: During Technical Preview of Windows 10, many people complain about compatibility of their Anti-Malware products with Windows 10. The main reason for these problems was majority of Anti-Malware vendors didn’t want to provide resources or support for pre-release version of Windows and instead they concentrate on working on developing supported version for final release of Windows 10. Right now, majority of Anti-Malware vendors announced their Anti-Malware products are ready for Windows 10. In many cases, you need to perform some updates or upgrade to the latest version to be able to take advantage of compatible Anti-Malware for Windows 10. In addition, as long as you have valid subscription for your Anti-Malware product, you are eligible to upgrade your Anti-Malware product for free (in most cases) and if it is the case, you should refer to your Anti-Malware vendor’s support website for more details. You could still enjoy using your current Anti-Malware software in Windows 10.

Now, back to the main question, should we use current Anti-Malware product or switch to another? Selecting Anti-Malware is something personal and it depends on what you expect from an Anti-Malware product and which product satisfy your requirement the best. Some people are selecting one brand because it great support, while other might select it because they like its graphical user interface or options. This is a question when answer is known only to you. You should ask yourself, how you define a good Anti-Malware product and why? Everyone might have a unique answer to this question depending on their past experience and their expectation. One other important note is, some people report about bad experience with some Anti-Malware products and they abandon them long time ago and they never used it. You may consider try them again as over time a lot of improvements happens and you might love the latest version.

In case you love Microsoft Security Essentials or Microsoft Anti-Malware products, you don’t need to install or look for anything, Windows Defender is already build in into your Windows and as long as you don’t install any other Anti-Malware product it is there to protect your PC. If you install any other Anti-Malware product, it will disable Windows Defender to avoid conflict and once you uninstall your current Anti-Malware product, Windows Defender will be enabled. Please be reminded that after installing or uninstalling Anti-Malware or any other software, it is recommended to restart your PC.

I hope everyone enjoy their Anti-Malware products in Windows 10 and enjoy new experiences in Windows 10.

Anti-Malware Products Protect You Against 0-Days Vulnerabilities

Vulnerability is a weakness in security of a software system which if it been used it could cause security risk like compromising a system or cause security attack. It is exist in any software system and could discover any time. Many security researches, spend several resources to discover new vulnerabilities and working with companies to report them privately and resolve them. Once a vulnerability have been discovered by researchers, they will work with the software vendor to resolve it. When problem been resolved, the solution will release as an update and when end user install them, they will be protected against these vulnerabilities.

In a good case, vulnerability should be discovered by trustworthy people and its details should kept confidential until solution to address it been developed and tested and release as an update. But this is not the case all the time. Sometimes, vulnerabilities been discovered by bad guys, hacker or cybercriminals and they use it for criminal purposes and they won’t even notify the software vendors to fix it. Even when software vendor notice this issue, it is not possible to release an update and fix right away and it might take some times to do more research and testing. Another case is a research is being done confidentially but it suddenly disclosure to the cybercriminals and before solution released, vulnerabilities will be used for criminal purposes. There are number of reasons that we couldn’t release updates right away. First vulnerability should be investigated thoroughly so fixing this vulnerability won’t create new vulnerability. Another issue is when fix or update developed, it should be tested to make sure it won’t cause conflict or error with other applications or programs. In addition, some vulnerabilities are complex and need more time to think about a right fix and also preventive measurement which such vulnerability or other vulnerabilities similar to this one won’t reappear in future. The other problem is when solution to vulnerability been found and released as an update end users might not apply it right away. They might delay update because they are in middle of important project or task or they need time to test update first before apply it. So this delay time between discovering vulnerabilities and releasing update to fix it , might give opportunity to cybercriminals (if the update is publicly known) to use it for criminal purposes.

However, there are many ways to protect yourselves against such a vulnerabilities which technically known as 0-Day Vulnerabilities. Your Anti-Malware software is protecting you against Virus, Worm, Trojan, Spyware, Adware and other malicious programs. It protects you against 0-day vulnerabilities too. It might take time to check and investigate an update for vulnerabilities, but releasing an update similar to the Anti-Malware signature for the same vulnerabilities is not take that much time, because Anti-Malware will see vulnerability similar to other malwares and if detect anything which similar to the vulnerability which been discovered, it could detect and quarantine it or block and remove it. Anti-Malware updates are daily and regular and many people and administrators will know they have to update their Anti-Malware products in daily bases so you will get the update faster. So if you have updated Anti-Malware product such as Microsoft Security Essentials or Windows Defender (in Windows 8, Windows 8.1, and Windows 10 Technical Preview) it will protect you against vulnerabilities while you are waiting for update. Note this does not mean you don’t need update your operating system and software. But simply you could rely on Anti-Malware products to protect you against 0-day vulnerabilities while the actual solution is being developed or you are deploying updates.

Anti-Virus for Windows 10 Technical Preview

The next version of Windows is Windows 10 which is successor to Windows 8 and Windows 8.1. Many people ask about Windows 9. Did we miss Windows 9? When it have been released? Well, there is NO Windows 9 and you didn’t miss anything and right after Windows 8 or Windows 8.1, you will see Windows 10. You may want to know about what Windows 10 is look like and what is new and you might ask how can I get involve in improving Windows 10. It is a good opportunity for you to join Windows Insider Program and you have opportunity to try Windows 10 Technical Preview and try it out and if you have any feedback or if something is not working, you may use Feedback form to report it. Important note is this release is Technical Preview and NOT the final one and it will have issues like compatibility , problem with working and installing software and you should NOT install it if you are not confident to resolve problems in Windows or for production and working environment. You may use Windows 10 Technical Preview if you want play around with it and test it and report issues and problem and just play around with it and of course share your idea with Windows team.

One common question is what Anti-Virus software I should install on Windows 10 Technical Preview? Like Windows 8 and Windows 8.1, you already have Windows Defender installed in Windows 10 Technical Preview. It protects you against Virus, Worm, Trojan, Spyware, Adware, Keylogger and other malicious programs. Windows Defender is successor to Microsoft Security Essentials and it is preinstalled in Windows 8, Windows 8.1 and Windows 10 Technical Preview.

If you want to install other Anti-Virus software in Windows 10 Technical Preview, it might or might not work. In case that it didn’t work, you should check you are installing the latest version of Anti-Virus software (the one that is working on Windows 8.1) and also look into beta website of Anti-Virus vendor (if exist) and check if they have any beta release for Windows 10. Some Anti-Malware companies might open beta programs for upcoming version of their products and also intend to test it on Windows 10. In addition, if you face any compatibility issue always use Feedback form to report it. For Anti-Virus product you should NEVER run them on compatibility view because they might run but they are unable to completely protect you in compatibility mode. It is recommended to use existing Anti-Malware in Windows 10 Technical Preview which is Windows Defender to protect yourself against malwares.

 

 

 

Detecting Potential Unwanted Software

Potentially unwanted software is not as dangerous as Virus, Worm or Rootkit but it is still cause harm to you and your computing experience and bothers you. One of the goal of computer security is to make sure you will enjoy your computing experience without bother about unwanted advertisement and software. Microsoft Anti-Malware team recently made some changes on criteria of detect a software as potential unwanted software and enforce it in new Anti-Malware technology. So if you are using any Microsoft Anti-Malware Products including Microsoft Security Essentials, Windows Defender in Windows 8, Windows Intune Endpoint Protection, System Center Endpoint Protection, Forefront Endpoint Protection, Microsoft Safety Scanner and other products, this is applicable for you and it is already being applied in your system (if your Anti-Malware product is updated. The new criteria for considering a program as potential unwanted software is as follows:

  • Unwanted behavior: Let say a software been installed and you don’t know how to uninstall it. One easy and direct way of install a software is through uninstall programs in control panel, but it is not there and you have a difficult time to remove it or it displaying several advertisements and you don’t have control to close them or disable them, these are some example of potential unwanted behavior, software behave in a way which we don’t want them to do so. It is different form a software error which is unexpected. Unwanted behavior is something which is expected and designed and developer is well aware of it and design it that way.

 

  • Advertising: You will see unwanted advertisements and pop-up. It is different from advertisement in websites which the web designer designed their websites in a way to show such an advertisement and you won’t get advertisement when you won’t visit a website. An advertisement consider as Adware or Potential Unwanted Software , when it take your PC and advertise for you by modifying your browser to show their advertisements usually in all or most webpage or simply show advertisement when you are using your PC.

 

  • Privacy: When software collect your personal information and especially when it won’t get permission from you and there is no proper privacy statement and how it collect, manage and use your data. There is software which collect your PC information to give you a right service, like let say a program develop in two different language, it might check your language setting and depending on that show you guide and help with language same as your PC which consider safe but if it send it over remote server without declaring it or providing reason, that is something we should consider as privacy breach.

 

  • Consumer opinion: Whether we classify software as potential unwanted or safe is very subjective, a program might consider safe for some people and for other consider unsafe and unwanted. For this reason, depending on how majority of people experiencing with a software that consider whether classify a software as unwanted or safe.

For detail information about criteria of considering a program as potential unwanted software by Microsoft Anti-Malware technology, you may have a look at How Microsoft antimalware products identify malware and potentially unwanted software

All of you could help to improve detection of potential unwanted software , so if you are using any Microsoft Anti-Malware product and there is software which you believe meet above criteria and won’t detect as potential unwanted software (simply example a program which install without your knowledge or the one which is very difficult to be removed, you could submit a sample of it to Microsoft Malware Protection Center. When you submit a sample is being analyze by Anti-Malware researchers and if it consider as a threat, a removal or definition signature for it will be created and when you update your Anti-Malware product it is able to remove it and prevent it from being installed in future.

So let us find those unwanted programs and get rid of them and if you face new and undetected one, just report them.