Microsoft Removes Registry Tweak That Allowed Users To Permanently Disable Windows Defender (pcgamer.com) 126
An anonymous reader quotes a report from PC Gamer: A recent update to Windows 10 took away the ability for consumers to permanently disable Defender, the built-in antivirus software, no matter what the reason. However, Defender should voluntarily step aside if it detects the installation of a third-party AV program (emphasis on should). Before the update, if a user wanted to disable Defender on a permanent basis, they could edit a registry key called DisableAntiSpyware. That is no longer the case.
"DisableAntiSpyware is intended to be used by OEMs and IT Pros to disable Microsoft Defender Antivirus and deploy another antivirus product during deployment. This is a legacy setting that is no longer necessary as Microsoft Defender antivirus automatically turns itself off when it detects another antivirus program. This setting is not intended for consumer devices, and we've decided to remove this registry key," Microsoft explains in a support document.
"DisableAntiSpyware is intended to be used by OEMs and IT Pros to disable Microsoft Defender Antivirus and deploy another antivirus product during deployment. This is a legacy setting that is no longer necessary as Microsoft Defender antivirus automatically turns itself off when it detects another antivirus program. This setting is not intended for consumer devices, and we've decided to remove this registry key," Microsoft explains in a support document.
Best antivirus, so why the industry? (Score:5, Funny)
Defender is the best antivirus because it doesn't open a security hole for the antivirus vendor, Microsoft already has theirs. We've seen Norton abuse theirs in the past, so why trust anybody other than Microsoft.
Trust Microsoft? (Score:1, Informative)
Shooting the messenger, huh? (Score:5, Informative)
It's pretty simple. Either the Microsoft agreement says:
---
We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary
--
Or it doesn't.
You can try to ad hominem every reporter pointing this out:
https://www.google.com/search?... [google.com]
No matter how much you attack everyone who has reports in this, is STILL true. You could kill all rhe reporters, Microsoft would still be doing what they're doing, even if no reporters were alive to mention it.
Re: (Score:2)
Well, it does. It says it will acces the entire contents of you hard disk drive and delete what ever it wants to and install what ever it wants to, all at any time it wants, EVEN IF YOU ARE USING YOUR COMPUTER AT THE FUCKING TIME (nope fuck you, I will not install and reboot your computer). Being able to access the entire hard disk drive, means being able to access every single file on the hard disk drive.
You are PR=B$ confusing inclusions and exclusions, they are not the same thing. When they say they inc
Re: (Score:3, Informative)
I'd say "almost", as the quote above isn't verbatim and doesn't e.g. include the part about _when_/_why_ it's necessary. Below is the entire paragraph [1] from the privacy statement:
Finally, we will retain, access, transfer, disclose, and preserve personal data, including your content (such as the content of your emails in Outlook.com, or files in private folders on OneDrive), when we have a good faith belief that doing so is necessary to do any of the following:
* Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.
* Protect our customers, for example, to prevent spam or attempts to defraud users of our products, or to help prevent the loss of life or serious injury of anyone.
* Operate and maintain the security of our products, including to prevent or stop an attack on our computer systems or networks.
* Protect the rights or property of Microsoft, including enforcing the terms governing the use of the services—however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer's private content ourselves, but we may refer the matter to law enforcement.
[1] https://privacy.microsoft.com/... [microsoft.com], accessed 2020-08-23. The paragraph is in the section "Reasons we share personal data"
Re: (Score:2)
Yeah to me the most interesting reason/excuse i they'll Snoop through your stuff I order to:
"Protect the rights or property of Microsoft, including enforcing the terms governing the use of the services"
So, whenever they decide they need to. :)
Re:Best antivirus, so why the industry? (Score:5, Insightful)
Another important question is, why trust Microsoft? Having software running on your machine that can interfere with its normal operation or nuke your data by accident is not something you should do lightly.
In the pre-Windows 10 days, Microsoft's security software was the most common cause I saw of lost data or machines needing major repair work or reinstallation. It's not as if their track record with Windows 10's own updates has been reassuring either.
So, like applying Windows updates, it's a reasonable default for non-techie consumers (assuming the security software does actually provide effective protection, which is another good question when it comes to anti-virus software), but the lack of ability to turn it off even for professionals who know what they're doing and may wish to institute their own security and privacy protocols is not a good sign.
Re: (Score:3, Insightful)
That is not an important question, that is redundant. You don't truat Microsoft obviously. However, for whatever reason the user needs to use Windows. Microsoft has their hooks in your system one way or another. Therefore the logic is simple: Do you use the product from the vendor that you cannot circumvent anyway or do you add another company to the "don't truat but use anyway" list?
Re: (Score:2)
It's not that simple. If we assume Microsoft's failures with bad updates are more likely due to incompetence than malice, then reducing the number of such updates still improves your chances of avoiding trouble.
Re:Best antivirus, so why the industry? (Score:4, Informative)
I have yet to find an antivirus that works acceptably. In fact, Microsoft's attempt seems to be the most stable in my experience.
Some AV kills your system, some opens up more security holes than any trojan and some bring your system to a crawl...
Re:Best antivirus, so why the industry? (Score:4, Interesting)
Once, Norton was the best AV. Then it went to shit and we all went to Kaspersky AVP. Then that went to shit and we went to Avast! Then that went to shit and everyone switched to Defender, and it was kind of OK. But you still needed Spybot, which went to shit and then we all started using MBAM.
I'll never understand the AV market, except to remember that every time an antivirus package gains dominance, it tends to be ruined shortly thereafter.
Re: (Score:2)
Marketing and Sales departments ruin products like that. "the best" Isn't good enough for them. Gotta keep adding useless features and tweaking things to "generate buzz" and "shift SKUs".
Never worked at a tech company that didn't have SOME great product ruined by demands from the non-tech departments.
Re:Best antivirus, so why the industry? (Score:4, Insightful)
Well, it is certain that MS does not trust _you_, or they would actually allow you to make decisions like the one in question.
Re: (Score:2)
MS doesn't trust their own OS to prevent malware from disabling its protection.
Re: (Score:3)
Another important question is, why trust Microsoft? Having software running on your machine that can interfere with its normal operation or nuke your data by accident is not something you should do lightly.
Right. That's why I don't run Windows 10.
In the pre-Windows 10 days, Microsoft's security software was the most common cause I saw of lost data or machines needing major repair work or reinstallation.
IME, Defender's problem isn't causing damage, it's not detecting malware. MBAM is at least ten times better at it.
So, like applying Windows updates, it's a reasonable default for non-techie consumers
More than one Windows update has caused data loss.
Yeah, you still have to do them, but Windows itself (Especially 10) is way worse malware than Defender.
Re: (Score:2, Troll)
Another important question is, why trust Microsoft?
Because for many there's no alternative. Altruism and Linux doesn't pay bills.
Re: (Score:2)
But there would be an alternative if Microsoft didn't take away the option to use it...
Re: (Score:2)
Oh you're talking about security software specifically. ... Then let me change my response: Because the alternative to not trusting Microsoft is either going for a demonstrably worse vendor, or disabling security protections altogether which is worse still.
AV software is the absolute fucking pits of the PC industry. Effectively rootkitting your systems. If I'm given the choice of death by bullet, death by beating, and death by electrocution through the testicles, I'll take the fast painless option. And why
Re: (Score:2)
MS hasn't taken away any option at all in the security department.
Has it not taken away the option to not run software with highly privileged access to your system that, by your own admission, usually sucks?
It is far from clear that any anti-virus software running on Windows actually provides much effective protection against the real threats today, if your users are competent and you have other more relevant security measures in place anyway. Not running AV at all is far from an absurd proposition.
Re: (Score:2)
Has it not taken away the option to not run software with highly privileged access to your system that, by your own admission, usually sucks?
Nope. They just took away the registry as the means to disable it. You can still disable it via the official method through the settings, administrators can still disable it by pushing out group policies, and it will still disable itself automatically if you install another package.
It is far from clear that any anti-virus software running on Windows actually provides much effective protection against the real threats today
That's a load of rubbish. "threats today" are no different than threats from years ago. A shit-ton of old malware is floating around that gets blocked.
if your users are competent
Stop. They aren't. No user is competent. If you don't assume all users are fla
Re: (Score:2)
We're living in different worlds. You seem to be talking about the kind of enterprise IT management where you have lots of users who are non-technical and open random email attachments. I'm talking about small businesses whose entire staff might be reasonably clued-up technical people.
The threats today are different because the consequences are different. I am far more concerned with, for example, a spear phishing attack that results in exfiltrating sensitive data than I am with malware deleting or encrypti
Re: (Score:3)
the alternative to not trusting Microsoft is either going for a demonstrably worse vendor, or disabling security protections altogether which is worse still.
Do you work for Microsoft? LOL
Re:Best antivirus, so why the industry? (Score:4, Informative)
In the pre-Windows 10 days, Microsoft's security software was the most common cause I saw of lost data or machines needing major repair work or reinstallation.
To be fair, it was the 3rd-party anti-virus products that started this. I purged my system of all security products when they started to delete stuff automatically without asking for permission or bothering to quarantine. Microsoft Security Essentials took over the industry very quickly because it wasn't as invasive or destructive as the alternatives.
Re: (Score:3)
Not that I disagree, but I've seen enough BSODs and system reinstalls due to bad updates for MS security software over the years not to give them a free pass either.
Re: (Score:2)
I trust other "security" vendors much less than I trust Microsoft.
They have opened "root" shell access on an Internet accessible port, added instability to the kernel, and even when they were working correctly, they would occasionally lock up the system to do the real time scans. And then they will nag you to pay a subscription fee after you disable them.
I want as little interaction with the "security" industry as possible.
Re: (Score:2)
I want as little interaction with the "security" industry as possible.
I sympathise. But I've seen MS security software stop a PC from booting or cripple its performance too, so it's not as if they're that much better. One way or another, this kind of tool running locally on a PC is always going to require privileged access to the OS, and that is always going to carry a risk of screwing things up more badly than any normal software can if there is a bug or simply a bad definitions update.
Re: (Score:2)
Besides, it looks like the key was only ever there for OEM/Enterprise deployment imaging. Were you using it to disable Defender?
Re: (Score:2)
Well, it looks like this only touches the Pro and Home SKUs, so Enterprise remains the choice for "pros who might want to do unusual stuff".
The thing is, Enterprise never was that choice for many small businesses; Professional was. Now it isn't, but you can't get Enterprise instead without jumping through all the other hoops and paying a fortune for the privilege, which many small businesses won't want to do.
Besides, it looks like the key was only ever there for OEM/Enterprise deployment imaging. Were you using it to disable Defender?
We don't run 10 at all right now except for specific testing or applications where it's firewalled off from the rest of our network. As long as things like forced upgrades and mandatory telemetry are included, it will remain that way if at
Re: (Score:2)
And if you don't even run windows machines, why do you care? Would it help if I told you that "forced upgrades and mandatory telemetry" aren't a real thing if you're using the appropriate versions (Pro, Enterprise or Education)? Or pointed out that Catalina's built-in security is far more heavy-handed, cannot at all be disabled, and requires a number of end-user hoops b
Re: (Score:2)
Well, how many small businesses would be interested in completely disabling their security software? Is it even a double-digit number?
I don't know. I doubt you do either. Depending on your environment and what other security measures you have in place, it might be a reasonable thing to do. The important point is that a sysadmin should always have the choice of how their own systems will work.
And if you don't even run windows machines, why do you care?
We do run some Windows machines, but we don't use Windows 10 for anyone's day-to-day workstation because of the issues I'm asking about. I care because if there were ever a change of heart from Microsoft, there are some things we're currently doing us
Re: (Score:2)
Because there are use-cases where you need to not have AV active.
Re: (Score:2)
Remember, W10 Enterprise is Professional, Professional is Home, and Home is 'Dog-Doodoo'.
Re: (Score:3)
Remember, W10 Enterprise is Professional, Professional is Home, and Home is 'Dog-Doodoo'.
That's disturbingly close to the truth. As someone who works mostly in the world of SMEs, I have observed before that Windows 10 Pro is not like the Pro edition of earlier versions, and that there doesn't really seem to be a natural home for the prosumer or small business on the Windows 10 platform. You either get the hand-holding (and hand-cuffing) of Home, or the power (and administrative hassle) of Enterprise. I have no idea who Windows 10 Pro is supposed to appeal to, nor which edition of Windows 10 is
Re: (Score:2)
Re: (Score:2)
You can still manage W10 Pro via group policy, either efficiently via Domain, or less efficiently via local.
And if you really want to, you can set the startup type of any service to '4' aka disabled, although you might have to seize ownership. A pain, but still do-able.
Re: Best antivirus, so why the industry? (Score:2)
Re: (Score:2)
You can still manage W10 Pro via group policy, either efficiently via Domain, or less efficiently via local.
Sure, but even then, can you do things like disabling all telemetry if you want to, or controlling whether to install updates (or only to install essential security and compatibility updates)?
Re: (Score:2)
You can't stop telemetry collection, but you can stop it uploading. Look in Task Scheduler.
And there are GPOs that give some control over updates, particularly the one that sets "download and notify"
Re: (Score:2)
So can you decide you don't want a certain update, ever? That's the deal-breaker. If you don't have that choice, no other choice you have matters, because a change you don't want can be forced on you at any time anyway.
Re: (Score:2)
Indeed. And, of course, buying W10 Enterprise is not even possible anymore for anybody small. My current W10 installation (unfortunately I need it because of customers insisting on 3rd rate MS "productivity" crap) is locked inside a vbox on Linux.
Re: Best antivirus, so why the industry? (Score:3)
They still allow you to temporarily disable it just not permanently disable it
Re: (Score:2)
Re: (Score:3)
Notice we have a lot of knocks at Microsoft here, but no defenses of the other brands...
My argument against Defender (Score:2)
Re: (Score:2)
But Microsoft already has "killbit" tech... they can wipe you out after you've been distributed. And add on top of that, Microsoft is headed to an all-appstore model soon.
proof of weakness (Score:2, Troll)
Re: (Score:1)
And I guess you're going to also charge a 30% fee for everything you allow the users to install on their devices a la Apple.
But Apple charge 30% for doing nothing, you could charge 50% for declaring the programs you allow 'virus free' or 'safe'. You'll be rolling in it.
Re: (Score:2)
This move simply shows that MS still do not trust their own platform to stay virus free by intrinisc securty/stability.
Wrong. If trust of platform (product) was a concern, we would not see so many painfully obvious bad products offered by established industry "leaders".
The key driver of company planning is market domination, because, the bigger the market share, the more revenue generated. Which means third-party products have to be treated as a direct threat to the "brand". Their use must be discouraged as much as possible, by whatever means available.
Re: (Score:2)
Indeed. The surprising thing is that some people at MS apparently know their "OS" is a joke...
DisableAntiSpyware (Score:5, Funny)
Larger Issue (Score:5, Insightful)
The larger issue is that Microsoft's defenders (pun intended) always say insipid things like, "there's an option to disable [insert Microsoft's offensive behavior]." Of course, they offer up a willful cognitive dissonance against the inescapable inevitability that, being the only one that controls Windows, Microsoft can disable those options at any time and for any (or no) reason at all.
Microsoft's users are being boiled alive, but they always have some insane reason for why the rising water temperature is for their benefit.
Re: (Score:2)
The larger issue is that Microsoft's defenders (pun intended) always say insipid things like, "there's an option to disable [insert Microsoft's offensive behavior]."
Errr. It literally disables itself right in the summary, and literally gives you a button to do it. The only thing this registry entry did was provide an admin override preventing users from inadvertently re-enabling Defender if another package was installed.
The only thing which needs defending here is logic and understanding.
Re: (Score:2)
The only thing which needs defending here is logic and understanding.
Thank you for helping to make my point.
Re: (Score:2)
This is blatant gaslighting. Defender cannot be permanently disabled other than via "installing a pre-approved replacement", and there's no button to do so. Not even in versions before this one. You have to go for registry tweak.
Button in defender's interface temporarily disables it. It will re-enable itself in a few minutes.
Re: (Score:3)
It will re-enable itself in a few minutes.
No it doesn't and the setting even persists through reboots. What it does do is give you a standing notification that Windows Security actions are required. Nothing more.
Re: (Score:2)
https://www.pcgamer.com/perman... [pcgamer.com]
>All that said, you can still temporarily disable Defender rather easily. There is a switch in the 'Virus & protection settings' page to disable real-time protection "for a short time before it turns back on automatically."
You are a lying scumbag and should be ashamed of yourself.
Re: (Score:2)
Not really. Maybe my PC is lying to me and you're just a moron who doesn't know how to computer.
Re: (Score:2)
It takes a special kind of moron to triple down on their stupidity, after it's been totally and comprehensively debunked.
Re:Larger Issue (Score:5, Insightful)
Shouldn't I decide what runs on my computer? Why should ms have any say on when antivirus software runs?
Re: (Score:2)
Re: (Score:2)
If you want to decide what runs on your computer, install Linux or a BSD. If you install Windows, you abdicate that right. Everything you do is subject to the whims of Microsoft. And given the abilities of the average (or even above average) computer users out there, I'm not sure it is a completely bad thing having an entity look out for them and prevent malicious actors from doing things they probably don't want, like disabling their virus scanner.
It is kind of a PITA for more capable people who need to
You can never have enough (Score:2)
You can never have enough anti-virus checks on Windows why not have 20 going. Even at work on my Linux Workstation we are required to run anti-virus (Symantic). Probably because a MBA created a pretty presentation and showed it to some high-level VP.
If you know what you are doing, you do not need to have one (probably even on Windows), people here should know enough to avoid getting 'infected'. All it will catch is known viruses, no new ones,
Re: (Score:3)
Because the whole security system is dumb AF. why is it any software can set itself to run at start-up? Any software can install drivers.
Scrap the pointless "do you wish to run" prompts which are only for valid software - Malware won't cause a security pop-up because it's running already under a different process. What security software should be doing is say "it looks like you are trying to install a driver, are you sure you wish to do this?" And "It looks l
"Consumers" are not intended to own their Windows (Score:2)
permissions (Score:2)
Re: (Score:2)
Better: why not remove the executable or replace with HelloWorld.exe ?
Re: (Score:2)
Because system file protection is applied whether or not defender is running or not. MS introduced the ability to override attempts to play with windows files back in early windows 7.
Sigh. (Score:5, Insightful)
Someone just needs to make some freeware "antivirus" that does nothing and advertises that it just turns off the Windows junk.
Register as an antivirus program, then literally just NOP whenever called.
Re: (Score:2)
Someone just needs to make some freeware "antivirus" that does nothing and advertises that it just turns off the Windows junk.
Register as an antivirus program, then literally just NOP whenever called
That's what I was thinking. In the interim, find the smallest virus program you can, install it, then disable it.
Of course you've got the problem that Microsoft might determine each program to be ineffective and as such NOT an "AV" and not disable. There's also the problem of "if it detects the installation of a third-party AV program"; do you mean "detects installation", or "detects functioning operation". In that latter case the "install but disable" option might not work -- I'm sure you've seen the
Re: (Score:2)
That's an awful lot of hassle to go through when you can just turn the various components off. Though why you'd want nothing blocking malicious files, exploits and network connections instead of just adding exclusions I do not know.
But but but ... (Score:2)
What about virus writers? You mean, they can't do it in Windows? Hardly seems fair, eh?
Not only that (Score:2)
I couldn't connect to the internet after that update, because I had blocked all the snooping Windows-phone-home sites since day 1, once I disabled the block, everything worked again.
Why do people put up with this? (Score:2)
Re: (Score:2)
Re: (Score:2)
Because the registry entry changes nothing and the option to disable defender still exists with a simple button press in the settings option.
In general case you're right. In this specific case if you have a complaint it's most likely because you have no idea what's going on.
Re: (Score:2)
As soon as companies start porting engineering software to Linux I'll start using it.
Replaced with ... (Score:2)
i used a better tweak (Score:4, Insightful)
Comment removed (Score:3)
I't my PC, BITCH! (Score:2)
I will revive my teenage crack writing skills, and just patch the damn installation binaries.
Including patching in an automatic patcher that keeps it patched through updates.
If necessary right via my deep-packed-inspection firewall.
Re: (Score:2)
Re: (Score:2)
I am saying this not to start a holy war, but as someone who has done the same thing with a spouse and children's PCs. Try Mint or change Ubuntu from stock UI to Cinnamon as it will ease the shock for your other users (family). Just a thought.
Same old monopoly game (Score:2)
Re: (Score:2)
Trusted installer to the rescue (Score:2)
Run services manager or task scheduler manager as trusted installer and you can mostly disable whatever you please including windows defender.
Also be sure to wipe out the medic which will actively fuck with you if you let it live. del c:\windows\system32\WaaSM*
If files are in use rename them to something harmless and reboot.
Just tried updating to 2004 with current patches on a VM and had no issues keeping defender from ever even executing.
Re: (Score:2)
Re: (Score:2)
Most humans love being told what to do. Especially US citizens. As long as its a private company.
And the government just loves doing an end run around the rules/laws by paying private companies to do what it's not allowed to do itself.
Re: (Score:1)
Re: (Score:3)
Most humans love being told what to do. Especially US citizens. As long as its a private company.
I really must reincarnate on a different planet than fuckup central next time. I hope I can arrange that.
Seriously though, yes most users like this. (Score:2)
Most (but not all) PC users HATE technical complexity with a passion and they DO NOT want to be bothered with it AT ALL. They are happy to let Microsoft take care of it all for them, and are happy to give up privacy and control in order to do so. Sure, they might get a bit annoyed when directly confronted with the scope of what is tracked, or when they are forced to do an update at an inconvenient time, etc. But that annoyance will be completely overpowered by the overall convenience that they DO get fro
Re: (Score:2)
Only weird computer nerds like us care about that kind of technical detail, and we are too small a demographic to matter.
That might be true, though I suspect it is less true than a lot of people assume. Talking to people 10-20 years younger than me, who are almost invariably digital natives unlike my generation, there is an assumption that you have to have a smartphone and be on certain social networking sites and so on. You can't live what that generation considers a normal life without those things. At the same time, there is also more awareness of the invasion of privacy and the lack of reliability that come with many of t
Re: (Score:2)
Yeah. That seems like a problem. But if people were really upset about it, they would be making noise, rejecting, and resisting.
Just because a life is "normal" that doesn't automatically make it good. It may be normal to waste one's time streaming drivel, eating junk food, and suffering depression from social media addiction, but none of that is good. So, "it's normal" is no justification.
So here's me, being a total weirdo, using my dumbphone (cell phone that has no internet access, costs less than a te
Re:Seriously though, yes most users like this. (Score:4, Insightful)
But if people were really upset about it, they would be making noise, rejecting, and resisting.
They are resisting in their way. They switch accounts frequently, give false information routinely, etc.
But speaking as someone who also held out for a long time on some of these technologies and still does to a degree, you might be happy with that lifestyle, but most people won't be. If 99% of your friends and family organise everything on Facebook and you're not on it, you're going to miss out on loads of things you'd have enjoyed doing. If local facilities only accept payments via mobile apps or tedious phone menu systems, you're going to spend 20 minutes on the phone trying to pay for parking on your credit card while everyone else just tapped a short number into the app and pressed a button. If you prefer to pay for your shopping with cash, right now a lot of stores would rather not have your custom at all.
At some point, the argument that people should forego everything that these modern technologies offer or they are some how enablers of the abuse just doesn't stand up to reason. It is not normal to require members of society to live as hermits with very limited social contact and no access to many useful and/or entertaining facilities, just to avoid being abused. This is why we have laws and regulations to protect our society from the big guy taking advantage of all the little guys. We're just way too slow getting those to catch up with the implications of modern technologies.
Re: (Score:2)
Can they stop me from putting it back?
Your elevator doesn't quit go all the way up does it? :-P
Re: (Score:2)
Re: So they removed a registry key (Score:2)
I wrote that "malware" myself, kid!
Ever heard if IDA Pro?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Nobody wants solutions anymore, they just want money.