Microsoft's dirty strategy on security

[RoboMan]

I blame Microsoft for making users believe Defender is all they need, despite how noob or stupid you are.

I blame Microsoft for deliberately throwing suspicious updates that break O.S if you have any 3rd party antivirus.

I blame Microsoft for beta testing features for Defender on final home versions.

I blame Microsoft for literally telling their users other AV is malware.

According to Windows Defender, BitDefender trial executable is malware. Software bundler if we must be specific. Basically saying: "Oh, you're installing another AV. Of course you don't want to do this, that's just stupid. Some other program must be doing it for you. I'm gonna block it."

Best part: Alert level: HIGH

I hear opinions on Microsoft's strategy for pushing Windows Defender.

 

[roger_m]

According to Windows Defender, BitDefender trial executable is malware. Software bundler if we must be specific.

I'm sure it's just a false positive, rather than specifically targeting Bitdefender. As you should know, it is reasonably common for security software to sometimes mistakenly detect the installer for a competing product as malware.

 

[Vasudev]

That exe with another opdownload really sounds suspicious.

 

[LDogg]

Microsoft can/could be blamed for quite a lot of mistakes out there (updates as the primary pron), however with BD this could be false positive and not a blatant excuse as a direct target.

~LDogg

 

[ForgottenSeer 72227]

I agree, I do not think that Microsoft is purposefully flagging security software as malware, but some will try to spin this as another Microsoft conspiracy. It's definitely a false positive, the same happened with VS. Microsoft definitely has a big issue with FP right now and they need to seriously fix it.

 

[RoboMan]

I hope it is. I don't think so. Why would it flag as software bundler a legit executable signed by a security provider leader which was downloaded directly from the official website? Of course soon it will be removed from detections claiming FP, however we will never know if it was the case.

 

[ForgottenSeer 72227]

I think there has been alot of back and forth going on lately when it comes to Microsoft and their practices. I don't for one second disagree that they have done some very questionable things over the years (and continue to), but right now I think we are very much heading into anti Microsoft paranoia. Every little thing that happens automatically gets people on the "Microsoft is up to something bandwagon." As I've said this happened very recently to VS, and it's a signed piece of software that was downloaded from the VS site. I've had Emsisoft flag new updated versions of Firefox on more than one occasion when I was using it, so FP happen. I think with the improvements they have made in regards to detection, it has significantly increased their FP rate and as I've said they really need to fix this issue as its slowly starting to get out of hand.

I really want to stress that I am NOT a fanboy of Microsoft and I am NOT blindly saying they are the greatest company on earth. Quite frankly I have just as much scepticism as everyone else, but unless someone can provide actual proof from within Microsoft showing that they planned to do this on purpose, then it's just speciation at this point. We cannot always assume that because of past issues that they are always up to no good.

 

[TairikuOkami]

MS is pushing their software and apps and they do not even hide it, they just do not admit it openly, like blocking chrome or being unable to properly setup default apps since 1803 throughout 1809. There are many "bugs" like those. Windows just is not 3rd party software friendly.

 

[Sunshine-boy]

I'm sure it's just a false positive, rather than specifically targeting Bitdefender

+1 also Bitdefender is in partnership with Microsoft!
Security Solutions | Windows Defender Advanced Threat Protection

 

[Eddie Morra]

+1 also Bitdefender is in partnership with Microsoft!

I was going to say this just as you posted that, but then I remembered that Microsoft still mess around partnered vendors, so decided not to post it.

For example, look at Antimalware Scan Interface (AMSI). In my opinion, they intentionally withhold documentation, even from well-known vendors, probably because they feel like keeping it as a weapon for Windows Defender. Due to this, there's lack of information about implementing AMSI from an AV/AM point-of-view, and Microsoft pretty much remain on the throne for AMSI with Windows Defender. And even if you can implement it normally, there's hidden truths when it comes to supporting other script interpreters.

Is it really that difficult for Microsoft to share public documentation about how certain script interpreters are very limited when it comes to AMSI support? In my opinion, it's a real troll when you're trying to test if your implementation works or not, unless you've read the Cylance article, the thread I made here awhile ago, or resort to reverse-engineering. They won't even add a few sentences to clear up confusion on that. Talk about being lazy and lousy!

Before I had to actually work with features like AMSI, I was under the impression that Microsoft were really focused on helping other third-parties advance and be more compatible with Windows, allowing them to enhance things like script scanning without doing anything undocumented/hacky. Obviously, I have since become aware that I used to be under a terribly wrong impression, in my opinion.

Anyway... nothing is going to change for as long as people continue to give Microsoft a dip into their wallets. Until there is a day where Microsoft's income is cut off enough for them to care enough and make a change, things will probably remain as they are.

People are constantly talking about how Microsoft are just trying to make Windows more secure... why do they need to focus on things like enterprise security solution/s to do this and go on about it 24/7 like it is something made from the man in the sky himself? In my opinion, they are trying to milk as much money as they possibly can, which makes sense to me because they are a business and making more money will be in their best interest. I think that the real reason they have moved into the security market so much suddenly is not because they truly want more people to be protected by default, and to help companies stay safer, but because they saw the potential it could have for making more money.

The extensive marketing is fabulous. Check out this awesome quote about the sandbox-container introduction: 'Windows Defender Antivirus becomes the first complete antivirus solution to have this capability'.

In my opinion, all they need to focus on to make Windows more secure is: patch more vulnerabilities, implement designs for functionality which are more secure than current ones, reduce bloat-ware/features enabled by default which a majority aren't going to need, and work more with third-parties. They have ways for people to submit feedback but if the feedback is ignored most of the time, then there's no point in collecting it at all!

I understand I have gone way off-topic, and moving back to the topic, I would say that this is probably a case of a genuine and accidental false positive.

 

[ForgottenSeer 72227]

I was going to say this just as you posted that, but then I remembered that Microsoft still mess around partnered vendors, so decided not to post it.

For example, look at Antimalware Scan Interface (AMSI). In my opinion, they intentionally withhold documentation, even from well-known vendors, probably because they feel like keeping it as a weapon for Windows Defender. Due to this, there's lack of information about implementing AMSI from an AV/AM point-of-view, and Microsoft pretty much remain on the throne for AMSI with Windows Defender. And even if you can implement it normally, there's hidden truths when it comes to supporting other script interpreters.

Is it really that difficult for Microsoft to share public documentation about how certain script interpreters are very limited when it comes to AMSI support? In my opinion, it's a real troll when you're trying to test if your implementation works or not, unless you've read the Cylance article, the thread I made here awhile ago, or resort to reverse-engineering. They won't even add a few sentences to clear up confusion on that. Talk about being lazy and lousy!

Before I had to actually work with features like AMSI, I was under the impression that Microsoft were really focused on helping other third-parties advance and be more compatible with Windows, allowing them to enhance things like script scanning without doing anything undocumented/hacky. Obviously, I have since become aware that I used to be under a terribly wrong impression, in my opinion.

Anyway... nothing is going to change for as long as people continue to give Microsoft a dip into their wallets. Until there is a day where Microsoft's income is cut off enough for them to care enough and make a change, things will probably remain as they are.

People are constantly talking about how Microsoft are just trying to make Windows more secure... why do they need to focus on things like enterprise security solution/s to do this and go on about it 24/7 like it is something made from the man in the sky himself? In my opinion, they are trying to milk as much money as they possibly can, which makes sense to me because they are a business and making more money will be in their best interest. I think that the real reason they have moved into the security market so much suddenly is not because they truly want more people to be protected by default, and to help companies stay safer, but because they saw the potential it could have for making more money.

The extensive marketing is fabulous. Check out this awesome quote about the sandbox-container introduction: 'Windows Defender Antivirus becomes the first complete antivirus solution to have this capability'.

In my opinion, all they need to focus on to make Windows more secure is: patch more vulnerabilities, implement designs for functionality which are more secure than current ones, reduce bloat-ware/features enabled by default which a majority aren't going to need, and work more with third-parties. They have ways for people to submit feedback but if the feedback is ignored most of the time, then there's no point in collecting it at all!

I understand I have gone way off-topic, and moving back to the topic, I would say that this is probably a case of a genuine and accidental false positive.

I agree with all of this. They are definitely not our, or their partner's friend. They will do anything to have an advantage over others, after all windows is their product and at the end of they day they can do what ever they want with it as its their property. I guess we could probably also loop in Google, Apple, Facebook, etc... becuase all of these large companies have very similar mentalities and at the end of the day we are the ones cought in the middle of it all.

 

[Eddie Morra]

I agree with all of this.

I edited my post slightly because the original version was a bit more "hostile" sounding, and that was never my intention. Is it possible for you to update the quoted section in your post, please?

There are things which I like about Microsoft...

1. I am happy that they bought GitHub instead of it being a vendor like Google, Facebook, Yahoo or Avast.
2. I am in love with Visual Studio and wouldn't switch to anything else in a million years.
3. I like VS Code for Mac OS X and Linux.
4. I am good with the new mobile version of Skype (which was in beta for months).
5. I think the Windows phones could have done much better with more flexibility on the application compatibility side.

I think the most important thing that can happen before Microsoft can really start moving forward in putting things right and improving things for everyone who are in disagreement and objectification of some of their actions would be for them to understand the true importance and value of "team-work".

 

[notabot]

I edited my post slightly because the original version was a bit more "hostile" sounding, and that was never my intention. Is it possible for you to update the quoted section in your post, please?

There are things which I like about Microsoft...

1. I am happy that they bought GitHub instead of it being a vendor like Google, Facebook, Yahoo or Avast.
2. I am in love with Visual Studio and wouldn't switch to anything else in a million years.
3. I like VS Code for Mac OS X and Linux.
4. I am good with the new mobile version of Skype (which was in beta for months).
5. I think the Windows phones could have done much better with more flexibility on the application compatibility side.

However... it seems to me that they are trying to throw themselves into every single market they possibly can, and the only reason I can think of which would explain why they would do what they are doing is if they wanted to take advantage of people, because I imagine a lot of people will think "Microsoft are really rich and well-known, I should go with them for this because they will have more employees and resources!"... and there you go, more money into their pocket for something which is probably half-baked in reality.

There are people all over the world who assume Windows Defender is going to be great because of reasons like, "Microsoft own Windows and will know how to stop malware on it better than everyone else!". The reality of it is that this isn't the case at all, in my opinion. Microsoft did not even start in the security industry as a new market competitor on their own originally... they actually ended up buying other people's work and re-branding with their own changes. Which seems to be the new normal for large companies like Microsoft, because Google used to be heavily reliant on other people's work (e.g. for Google Pixel phones, Google bought out the R&D of HTC).

Microsoft threw themselves into the console market a very long time ago and were competing mainly with Sony (console) and Steam (PC). Why did they have to do this? They could have benefited from trying to work with Sony, and this would have also benefited the customers... more players to communicate with, more resources for server maintenance and development of new features as well as security checks, more future potential for new revelations. Nope! They wanted more control/power so they competed instead.

I understand that Microsoft are a company and it is in their best interest to move into new markets and close in old markets... they want more financing to fund new ideas and do new things. But... it doesn't always have to be about them being number one compared to everyone else. I think that they need to slow down and try and maintain what they already have to offer... improve things they have already released to the public and work more with third-parties.

I think the most important thing that can happen before Microsoft can really start moving forward in putting things right and improving things for everyone who are in disagreement and objectification of some of their actions would be for them to understand the true importance and value of "team-work". Something I think they have always lacked an understanding of.

They aren't a pack of entrepreneur teenagers at a market trying to make a quick buck, they are a very large company who's actions affect millions/billions world-wide on a daily basis... this is something I think they need to be reminded of more often.

GitHub was a great acquisition- esp given that git client was buggy only on windows, I’m sure integration with git will be top notch

Regarding Xbox two things: directX runtime was a huge advantage they wanted to leverage. Also I think Xbox became Cutler’s pet project and a motivated genius is always an asset.

Regarding phones, sad to see them fail, there is need for more competition in the case smartphone market

 

[DeepWeb]

Eh... I get that with any AV when a file is very fresh and just recently updated. Even Smartscreen screams at me that it has never seen this before so I submit a sample to VirusTotal and even VT didn't even know about it yet and just shrug it off. This is the price you pay when you update bleeding edge. Wait a few hours or a day and it will be in the signature database of everyone.

This is a good reminder to actually trust your AV. Sometimes the FPs are right. Check the md5, double check if you downloaded from a legitimate server, etc

 

[ForgottenSeer 72227]

I edited my post slightly because the original version was a bit more "hostile" sounding, and that was never my intention. Is it possible for you to update the quoted section in your post, please?

There are things which I like about Microsoft...

1. I am happy that they bought GitHub instead of it being a vendor like Google, Facebook, Yahoo or Avast.
2. I am in love with Visual Studio and wouldn't switch to anything else in a million years.
3. I like VS Code for Mac OS X and Linux.
4. I am good with the new mobile version of Skype (which was in beta for months).
5. I think the Windows phones could have done much better with more flexibility on the application compatibility side.

I think the most important thing that can happen before Microsoft can really start moving forward in putting things right and improving things for everyone who are in disagreement and objectification of some of their actions would be for them to understand the true importance and value of "team-work".

I agree and I updated my post

 

[509322]

There's a whole lot of mis-placed trust in Microsoft. Or alternatively people that know better have a quite warped sense of trust.

 

[ForgottenSeer 72227]

This is a good reminder to actually trust your AV. Sometimes the FPs are right. Check the md5, double check if you downloaded from a legitimate server, etc

This is a very good point, event legitimate software can be compromised. We cannot always assume that it's safe because it's signed and downloaded from a safe source. The CCleaner fiasco is a good example. This also happend to Linux mint as well awhile back. I don't want people stressing out about figuring out if all of their software is safe, but if you suspect a FP report it and let the vendor assess it.

In this case I too think its an innocent FP.