QuixoticOne
Golden Member
So I've been using Vista on a couple of systems since SP1 came out, and I'm aghast at a new behavior I'm seeing from what I'm presuming is Windows Defender.
I'm not on the system(s) affected right now, and didn't make any screen shots to get the dialog or the exact wording, but I'm sure this will be familiar to any 'power user' who has seen it before.
I'm a programmer and sysadmin and have used Windows-whatever & UNIX for decades, so I don't think I'm being too clueless or too astray in my expectations that it should NOT do this.
Basically I used IE7 to download some software from trusted sites like, say, Mozilla for Firefox, Thunderbird, programs like SCRIBUS, etc.
I'm running as a restricted (standard) user normally, though I believe it has done the same thing to me when I've been logged in as an Administrator account.
The downloads proceed, finish, and then about one minute later I get a pop-up saying something to the effect that "Windows has detected that this file is potentially harmful and has blocked access to it [OK]". There is no option to NOT block access to the file. When I do select [OK] (the ONLY option in the dialog) the file is DELETED from the hard disc. The dialog just says "Windows has....", nothing about defender specifically.
When I look in Defender's settings under Control Panel it shows NO quarantined files or any apparent indication that it HAS taken any such actions. I guess I could check the event logs but haven't done that yet. Reviewing the Defender options (they'd been pretty much at default) I didn't see anything that seemed tantamount to "DELETE ALL EXECUTABLES OTHER THAN MICROSOFT'S WITHOUT A TRACE OR OTHER CHOICE". In fact I recall seeing an activated option to TRUST software that was digitally signed by a provider.
For instance the following VERY well known and reputable program, digitally signed by Mozilla was immediately deleted as being 'potentially harmful' in that way:
http://releases.mozilla.org/pu...%20Setup%202.0.0.9.exe
I believe it has happened with Firefox as well, and a few related Mozilla downloads for Firefox.
WTF? How can they get away with blacklisting and deleting without a trace MAJOR 3rd party software that was EXPLICITLY downloaded from a TRUSTED zone site with IE7 into a non-restricted directory i.e. not a location under the control of IE's downloads sandbox???
"Potentially harmful" to what, Microsoft's bottom line, if people want to download Firefox, Thunderbird, OpenOffice, et. al. instead of using the Microsoft tools???
Admittedly I could turn OFF Defender (though actually on the one system that I swear I DID do that on, it KEPT happening even afterward), but that's not the point. The point is why isn't there a MAJOR uproar about this BROKENNESS of the DEFAULT settings for Defender and IE7? It would basically make downloading reputable 3rd party programs literally IMPOSSIBLE for 99% of the people out there who aren't clueful enough to get around the problem via reconfiguring Defender or whatever at a low level with Administrator elevated access etc.
It sure LOOKED (at first glance) like the options in Defender for various kinds of actions for files were either to IGNORE them or to apply the "Default" action or to REMOVE them. Well I certainly don't think I or anyone else wants actual potential malware to be unconditionally IGNORED. But for things that aren't 100% verifiably on the MALWARE hash list, how about SCANNING them and then NOTIFYING the user that they're UNKNOWN and ASK if they should be quarantined or something BY DEFAULT?
In all my decades of IT I have NEVER seen such a BROKEN anti-virus / anti-malware default setup as this. I can see why Microsoft is getting investigated / fined by the DOJ and EU for anti-competitive behaviors. I have no problem with them integrating IE/Media player into the OS bundle, but to actively PREVENT you from installing known-safe known-reputable digitally signed & user-trusted 3rd party applications from their major competitors BY DEFAULT is like lawsuit-worthy.
Anyway nothing (bad/flaky) really surprised me anymore about Microsoft software so I have put investigating this technically on the back burner to actually getting work done, but hopefully someone can tell me it's just a bug or that I somehow missed some really obvious option that 99% of the other people in the world would have known about to make it NOT this broken by default or whatever.
I'm sure there are WORKAROUNDS, but, again, I'm just sanity checking here, is this kind of INSANITY really the DEFAULT they INFLICT upon their users? WTF?
I'm not on the system(s) affected right now, and didn't make any screen shots to get the dialog or the exact wording, but I'm sure this will be familiar to any 'power user' who has seen it before.
I'm a programmer and sysadmin and have used Windows-whatever & UNIX for decades, so I don't think I'm being too clueless or too astray in my expectations that it should NOT do this.
Basically I used IE7 to download some software from trusted sites like, say, Mozilla for Firefox, Thunderbird, programs like SCRIBUS, etc.
I'm running as a restricted (standard) user normally, though I believe it has done the same thing to me when I've been logged in as an Administrator account.
The downloads proceed, finish, and then about one minute later I get a pop-up saying something to the effect that "Windows has detected that this file is potentially harmful and has blocked access to it [OK]". There is no option to NOT block access to the file. When I do select [OK] (the ONLY option in the dialog) the file is DELETED from the hard disc. The dialog just says "Windows has....", nothing about defender specifically.
When I look in Defender's settings under Control Panel it shows NO quarantined files or any apparent indication that it HAS taken any such actions. I guess I could check the event logs but haven't done that yet. Reviewing the Defender options (they'd been pretty much at default) I didn't see anything that seemed tantamount to "DELETE ALL EXECUTABLES OTHER THAN MICROSOFT'S WITHOUT A TRACE OR OTHER CHOICE". In fact I recall seeing an activated option to TRUST software that was digitally signed by a provider.
For instance the following VERY well known and reputable program, digitally signed by Mozilla was immediately deleted as being 'potentially harmful' in that way:
http://releases.mozilla.org/pu...%20Setup%202.0.0.9.exe
I believe it has happened with Firefox as well, and a few related Mozilla downloads for Firefox.
WTF? How can they get away with blacklisting and deleting without a trace MAJOR 3rd party software that was EXPLICITLY downloaded from a TRUSTED zone site with IE7 into a non-restricted directory i.e. not a location under the control of IE's downloads sandbox???
"Potentially harmful" to what, Microsoft's bottom line, if people want to download Firefox, Thunderbird, OpenOffice, et. al. instead of using the Microsoft tools???
Admittedly I could turn OFF Defender (though actually on the one system that I swear I DID do that on, it KEPT happening even afterward), but that's not the point. The point is why isn't there a MAJOR uproar about this BROKENNESS of the DEFAULT settings for Defender and IE7? It would basically make downloading reputable 3rd party programs literally IMPOSSIBLE for 99% of the people out there who aren't clueful enough to get around the problem via reconfiguring Defender or whatever at a low level with Administrator elevated access etc.
It sure LOOKED (at first glance) like the options in Defender for various kinds of actions for files were either to IGNORE them or to apply the "Default" action or to REMOVE them. Well I certainly don't think I or anyone else wants actual potential malware to be unconditionally IGNORED. But for things that aren't 100% verifiably on the MALWARE hash list, how about SCANNING them and then NOTIFYING the user that they're UNKNOWN and ASK if they should be quarantined or something BY DEFAULT?
In all my decades of IT I have NEVER seen such a BROKEN anti-virus / anti-malware default setup as this. I can see why Microsoft is getting investigated / fined by the DOJ and EU for anti-competitive behaviors. I have no problem with them integrating IE/Media player into the OS bundle, but to actively PREVENT you from installing known-safe known-reputable digitally signed & user-trusted 3rd party applications from their major competitors BY DEFAULT is like lawsuit-worthy.
Anyway nothing (bad/flaky) really surprised me anymore about Microsoft software so I have put investigating this technically on the back burner to actually getting work done, but hopefully someone can tell me it's just a bug or that I somehow missed some really obvious option that 99% of the other people in the world would have known about to make it NOT this broken by default or whatever.
I'm sure there are WORKAROUNDS, but, again, I'm just sanity checking here, is this kind of INSANITY really the DEFAULT they INFLICT upon their users? WTF?
