Recommended default action in windows 8 defender – Making windows defender in windows 8 complete!

With Windows 8 , Microsoft has made a radical change in its approach on the operation system. Its true that the OS is in a not so beautiful transitional phase. Its embracing future interface, a modern one. But keeping desktop with the modern ui giving the twin personality is not easily digestible to some. But people resist change , and that is what made windows successful and the reason for its recent criticism. Letting aside the UI changes , there is universal agreement that the the underlying architecture of the OS has improved a lot , that includes boot speeds-  using fast boot technique, Security – with promoting windows defender as a complete antivirus, windows smart screen ( smart screen or common sense , i think the latter is enough)….

Windows defender:

Before Windows 8, Windows Defender featured anti spyware capabilities. It included a number of real-time security agents that monitored several common areas of Windows for changes which may be caused by spyware.

In Windows 8, Microsoft upgraded Windows Defender into an antivirus program comparable to Microsoft Security Essentials. This new Windows Defender greatly resembles Microsoft Security Essentials and uses the same virus definition signatures.

Defender

As part of the minimalism Microsoft  made  all OS maintenance tasks being extremely silent , mostly invisible to or less intrusive to the user. Let the user use the pc for the realization of his creativity  and not to make the end user an IT pro just to maintain  his workstation in a fair condition.

But for windows defender it went a little too lean.Being less visible to the user. This time Microsoft took out the Default actions setting from the program. Now the defender takes the recommended action  (remove,quarantine,allow) automatically based on the severity of the alert. Tray icon is also removed. Microsoft has previously done the the same act of removing “Automatically do the Default actions” but the team later revised the decision and brought it back.

Windows defender/Microsoft security essentials do have the reputation detecting very less false positives, but that is with a cost of reduction in actual detection rate of zero day threats compared to vendors like avast,avira etc as per the AVTEST.

Still we cannot guarantee that windows defender wont generate false positive. The alerting mechanism used by windows defender in windows 8’s toast notifications are such a away that there is a possibility of missing alerts  when you are not in front of the pc. I also do not want defender to quarantine files on the fly. I would like an interactive way. Most power users would love that. So how to make that happen.

1) Open Policy editor and navigate to

2) Computer Configuration ==> Administrative Templates ==> Windows Components ==> Windows Defender :

3) Enable “Turn off Routinely Taking Actions”

Enable this policy and windows defender now waits for your input before before taking the action.

Enable this policy and windows defender now waits for your input before before taking the action.

Advertisements

Making windows Firewall complete….. Block outgoing connections and get notified, Review of Binisoft’s Windows Firewall Control

Windows_Firewall_Vista_icon

Windows Firewall (old school internet connection firewall or ICF) is what is protecting most of us. More people are concerned with an antivirus and may opt one from a third party vendor.For most of them a firewall is something what comes with windows.

firewall can either be software-based or hardware-based and is used to help keep a network secure (in this case a workstation/pc). Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set. Windows firewall is a software based firewall that protects the workstation it resides on.

Background:

During the xp days windows firewall (ICF) didn’t have the ability to block the outbound connection, while it provided fair bit of protection for the pc by blocking incoming connections ( that are not in the allowed rule).

Windows firewall had a complete makeover when windows vista was released and gradual incremental evolution when time took us through windows 7 and windows 8.

windows firewall

The firewall blocks/allows are based on the predetermined rule set. There are rules for inbound connections and outbound connections separately or can be for both. We can block/allow both the inbound connection and outbound connection in Windows firewall based on rules. For the Inbound connection when the Windows firewall is set to “block” (which is the default setting) and then an application needs inbound connection we are notified and yes we can allow or deny based on the common sense.

outbound

For outbound connections its a completely different story, windows firewall lets you block outbound connection but will not give a notification , when an application needs internet access. So initially when you set the outbound connections to block , its like all the applications (applications that are not already explicitly allowed by a outbound rule) are forbidden to go out, its actually a daunting task to go to the windows firewall advanced setting (which is surprisingly powerful) and select an application and open the communication door for it.So Microsoft’s answer keep the door opened! Yes the default setting for your windows firewall is Allow all. Microsoft took this decision , so that it will be less intrusive to the user.

On Screenshot below the outbound connections are set to “block”, which is not the default windows firewall setting.

blk

Firewall is like a security officer at the gate and will allow only those people that are in his list to go out. But there is a security manager that is us , who decide whom to let through based on request. In windows firewall there is no request so the manager is now in the sweet spot to find and make the list.

Why do we need outbound filtering?

Reflecting increasing concerns about spyware and viruses that attempt to “phone home“. Outbound rules came into place in windows firewall from windows vista onwards. Notifications are not shown however for outbound connections on windows firewall.

Phoning home, in computing, refers to an act of client to server communication which is undesirable to the user and/or proprietor of the device or software. It is often used to refer to the behavior of security systems which report network location, username, or other sensitive data to another computer.There are many Malware applications that “phone home” to gather and store information about a person’s machine. Then there are legal phoning home , that is when applications try to validate its serial with a server each time the application is opened.

It is just not about phoning home or application validating or anything , ability to get notified when an application tries for an outbound connection/and having visibility gives user more control and informed about what is happening with his workstation.

How to Block outgoing connections and get notified?

Some will go in the direction of getting a third party firewall. Installing one will mostly disable your windows firewall.

There are products like

1) Checkpoint’s Zone Alarm Firewall

2) Comodo Firewall

3) Internet security suites from antivirus vendors like avira,avast  etc (end of thinking capacity)

The above mentioned products will be in command when you so with the third party route. I am not commenting on how good they are,  but some of the above mentioned definitely have followers.

My route is a much leaner solution , if you are after this , only this feature of  the ability to get notified and to have visibility to outbound connections that makes you feel that you are in control of the windows pc.

Windows Firewall Control:

Windows firewall control (WFC) is a front end to our beloved Windows Firewall , Its using the firewall api’s provided by microsoft to offer just what we need. By going the WFC way offers a much needed leaner solution. Its  our windows firewall itself that protects us. Microsoft will also be looking after your windows firewall as part of patches(windows update). Just that we will be notified so we can easily create rules for better protection.

Windows firewall control is from Binisoft. The software is under active development which is what makes this attractive.

You can follow the development how it has been unwinding @ http://www.wilderssecurity.com/showthread.php?t=293143&page=67

In the first page of the thread you can see Alexandru Dicu’s (the creator of Windows Firewall Control)  humble beginning . Being his first project in c# and now grown into the best front end for windows firewall. Thanks Alex.

Using the amazing WFC :

It runs in the system tray and allows user to control the Windows firewall easily.

Filtering

High Filtering – All outbound and inbound connections are blocked. This setting blocks all attempts to connect to and from your computer. No communication whatsoever. Its just like pulling the Ethernet cable.
Medium Filtering – Outbound connections that do not match a rule are blocked. Only programs you allow can initiate outbound connections. This setting is our favorite part. that changes the windows firewall setting from outgoing to blocked from the allow status. This is just what we need.
Low Filtering – Outbound connections that do not match a rule are allowed. The user can block the programs he doesn’t want to initiate outbound connections.  This is our Windows firewall default setting now.
No Filtering – Windows Firewall is turned off. Avoid using this setting unless you have another firewall running on your computer.

Recommended System Rules:

The setup will create some recommended rules at installation Internet Control Message Protocol, Windows Time Service,Windows Update. The rest will learned based on how you respond to the notifications.

Learning Mode/ Notifications:

This provides notifications for outgoing blocked connections. Four modes are available:

Notification

High – Display notifications for all outgoing connections that were blocked by Windows Firewall, including System and Svchost.exe
Medium – Display notifications only for regular programs, without notifications for System and Svchost.exe.
Low – Automatically allow digitally signed programs without notifications, but show notifications for unsigned programs.
Disabled – Notifications are disabled.

Notifications we get :

The feature we longed for , for the windows firewall..

Here is the notification i got for firefox, when i first opened it. Allow the program to access internet, done… a new rule is created. How easy is that.

WFC1

If you want to be more specific in the port you open / restricting to a particular remote ip,protocol etc you can click “customize this rule before creating it”  , that way you have even more of a tighter rule.

WFN2

Manage Rules:

One intuitive interface where we can search, see the firewall rules at a single glance. This view gives sufficient information to satisfy us completely.

Untitled

Managing rules in WFC is a breeze, compared to what can be achieved with windows firewall.

Getting Windows Firewall Control:

We can get the Windows Firewall Control from  http://www.binisoft.org/

Follow the Development evolution @ wilders : http://www.wilderssecurity.com/showthread.php?t=293143&page=67

Unassociate File Type in Windows!

For whatever reason if you feel that you need to unassociate or remove the file type association to a program there is a way.

The best way to do it is this without downloading anything:

1) Open up notepad. Type something like “to remove” .

2) Save as, to_remove.exe. File type should be .exe

Note : Please check that you saved it as to_remove.exe & not to_remove.exe.txt . To see there is a double extention or not please uncheck ” Hide extentions of known file types in Organize –> Folder & Search Options –>

3) Right click on the file with that file type you want to unassociate and click Open With –> Choose default program

Browse to “to_remove.exe”  and click “always use the selected program” and click ok.

4) Delete “to_remove.exe”. Not you have unassociated that file type.

Microsoft Office Metro…. glorified metro opportunity for Microsoft

When Microsoft introduced Metro user interface with Zune HD we didnt know the potential it had. Fast forward to the birthday of Windows phone , the reboot of windows mobile now we can confidently say that this is the most intuitive and futuristic User interface that is very different from the competitors. Though Windows phone has yet to take some traction in the market the UI has been met with universal praise.

Microsoft and Nokia are aggressively on to the market with the introduction of Nokia Lumia series of devices which will hopefully make a dent in the market share of the competitors. Some columnists disregard the the future of windows phone 7 & Microkia but hey are these the columnists who did the same to XBOX!

As part of the unification of the design of all Microsoft platforms Windows, Windows Phone, XBOX Microsoft is going the Metro Way. When the Metro interface is met with universal praise for the touch devices Windows Phone & Windows 8 in the tablet form factor , the interface and the idea is met with a little skepticism for the Desktop, Laptop, Ultrabook form factors.

Another issue is with the capability of metro interface, Whether the design language is capable of giving us series applications like Photoshop, Microsoft Office suite ….

Microsoft once said the Metro interface is better suited for doing limiter tasks very effectively and easily than doing a lot of tasks in a mediocre way.

Microsoft has stripped away chrome from the design giving complete full screen space for the app to shine itself.

But can serious apps shine in this interface. To show the complete potential (If it has) then microsoft should put out Microsoft Office suite in Metro. We all saw a leaked screen shot of Microsoft Outlook in metro interface and that look fine. If microsoft can release complete Microsoft office in metro style that is almost fully capable as the desktop versio that we currently have then people will have much confidence in metro!!

Microsoft Office Metro…. glorified metro opportunity for Microsoft !!

Windows 8 ….. How should it be?

This is based on my experience with Windows 8 developer preview. So listing out the shortcomings of an OS that is not even “half baked” is not fair! But when Windows 8 goes gold we want it fully baked we dont want another “mango” to fix everything!

I will list out the shortcomings

1) Metro apps need a close button –

Now we cannot close the  Metro apps we open , OS will do it for us by suspending it freeing the cpu/gpu but its still memory resident. If you open too many apps you will have a terrible time switching the apps to get the one you want ( you can Alt+tab if you have a keyboard). OS will terminate the suspended app when in need of memory and finds inactivity. But what if the user intends to have it running and os terminates that app. Now the only option to close an app is through the task manager which is not so friendly to the fat finger! Metro apps need close button!

2) A multitasking view of the metro apps –

A multitasking view of all running/suspended apps (see nokia N9’s multitasking interface for meego) will make app switching more easy , also give a clear perspective of the apps. Stephen Elop is still there he will give you the interface he he….

The multitasking view should also have close buttons for apps.

3) Improved Windows 7 start menu  & equal importance to traditional ui-

The traditional ui is equally important as the metro ui. Windows is the largest ecosystem for desktop/laptop form factors. App base that windows enjoying currently is the traditional apps. Metro is completely chromeless… But as jensen harris said applications like photoshop needs to have chrome .. There are many applications that fall into the same category. Many applications have a long history to tell,got refined through years of development just like you did with windows ! You/we are new in the metro scene & a refined awesomeness in traditional platform which is your strength. We may also need an app that do a bunch of mediocre things for the next 6 years atleast.

I believe  metro is not the future, “Metro/platform & Windows traditional ui/platform are the future” .

Giving equal importance to both. We should have an improved start menu of Windows 7 in windows 8. We should have a complete Metro experience and a complete traditional experience and not in between.Associate windows key with metro start screen. But when clicking start button should pull up the start menu (win 7 style). May be we can have another gui button in the desktop to take us back to metro like we have the desktop tile in metro ui.

It is always better to give best of both worlds. Remember the success of amd-64/x64 over IA-64 in the consumer space.

4) We need Ribbon UI but in office 2010 style –

 I am “for” the ribbon ui. But please make it visually appealing like Microsoft office 2010 suite, the 2007 look we have now seems dated.

5) Presence of  Apps in their respective interfaces –

Now we have the presence of traditional apps in the metro ui as it is getting pinned to the start screen. Let the metro apps stay in Metro and traditional in traditional.

6) Change but dont make the end users alienated –

” People resist change” . But for innovations, changes are inevitable. By making the end users traditional ui available in its entirety and metro ui in its entirety seems reasonable. When should they converge? Let the people get used to the metro. Let the store gets filled with 1 million metro apps. Then slowly converge. May be in windows 9!

I am not a developer and this is an end user perspective of a developer preview!


Pros :


1) Metro ui is so fluid,immersive.

2) Metro will bring forward apps that do few specific tasks than do a bunch of mediocre tasks,

3) Yes metro is the future

Is apple’s success favourable for windows 8

As we all know apple rose to its prime recently with iphone, ipad and  making those users successful salesmen and  also get the macbooks . Apple is still lingering with an extremely low market share in the desktop/laptop segment while windows enjoys a “lions” share. But coming to the tablet space Apple rules the segment. The current market condition is that there is no tablet market there is only ipad market.

 Apple as a company revolves around one great man “Steve Jobs”. Looking back to the history apple was going through a terrible time when steve jobs was not there under the leadership of Gil Amelio.

“Apple is like a ship with a hole in the bottom, leaking water, and my job is to get the ship pointed in the right direction” this is what Gil Amelio said about apple. And Steve Jobs had to fix the whole mess apple was in. He not only fixed it but made it one of the richest companies in the world with a huge fan following and was able to create a “class apart” aura to its products!

How this will create a favourable situation for windows 8?

 

Samsung,acer,lenovo, (android),Hp(webos) and many more tried their luck in tablet space but didnt go anywhere till date. When windows 8 comes which obviously will be the largest ecosystem in the planet all these companies will launch the biggest marketing campaign in the history. Apple has the advantage of being first in the market and microsoft has the advantage of being “late” in the market.

Windows 8… Do you still care? Yes… I do…

Windows 8… Do you still care? Yes… I do…
When someone asked Steve balmer what is the biggest risk that microsoft is going to take.. He said the next version of windows.. Windows 8 brings the biggest change in the user interface of windows since windows 95. But the biggest risk involved in that is that “people resist change”.and that is human nature.
Windows Everywhere…
In the windows 8 keynote… there was a strong emphasis on windows everywhere on all form factors. This is a bold move to bring one os to all the devices around you. The reception to this statement was somewhat mixed. Windows 8 Touch UI is praised for its tile interface, gesture features and touch first approach to the most widely used OS in the world, but that was only for the touch based devices.
What about the traditional desktop do we need the touch ui? What about tablets do we need the traditional desktop ui? 
Isnt it awkward leaning towards  monitor of your desktop for the touch XPerience provided you’ve got a touch lcd panel?
But here is my take on the above skeptic questions… The OS UI change will bring out the innovations that are hiding somewhere in the labs of the hardware manufacturers.. You will see a tilted screen full touch in front of you with the onscreen keyboard.. Dont think of traditional desktops.. We will see new devices, new form factors and this OS will drive innovations.
One Big Ecosystem!
In Desktops/Laptops we have huge windows ecosystem, a small linux ecosystem ( Oh my god its too fragmented with flavours) , and apple in between.
In the smartphone arena we have a huge android ecosystem, huge ios ecosystem,a budding Windows phone 7 ecosystem & dying mammoth symbian and many more like meego that is in the verge of an abortion , & the Blackberry OS.
In Tablets we have huge ios ecosystem. Andoid for tablets are not going any where till now.
Windows 8 plans to bring 1 big ecosystem in all form factors. Microsoft plans to attack from the top (Desk/Lap tops) to the bottom tablets/smartphone and google/apple will/are attacking the top segment. We will see more unification in the smart phone os in the next iteration of the windows phone.
Windows 8… Do you still care? Yes… I do…