Windows Defender

Ask questions and give answers about computers, mobile devices, game boxes, PC security and all manner of geeky stuff.
User avatar
yogi
Posts: 6089
Joined: 14 Feb 2015, 21:49

Windows Defender

Post by yogi »

I've come to accept the fact that Microsoft is forcing it's Windows users to use their proprietary antivirus anti-malware software. Truth be told Windows Defender always ends up in the top three when it's compared against the others. Since I can't uninstall it, and only disable it temporarily, I let it do it's own thing in the background and ignore any reports it sends to my notifications window. As you might recall, I like to claim that I don't use any antivirus software, and that is true. I don't add anything additional, but Windows Defender is part of the operating system. I'm stuck with it as a service.

I've posted in other threads how I'm preparing for a transition from Windows 7 to its unsupported status come next month about this time. One of the things I would like to do is change the disk formatting from MBR to GPT in the ASUS tower. The cleanest way to do that would be to install (or copy) Windows 7 OS from it's current location to the brand spanking new solid state disk purchased just for this purpose. Once it's installed on the new disk all I need to do is remove the old disk and it should all work. I might have to tweak BIOS, but that's a minor issue.

Part of the migration process I set in motion involves putting my backups onto a new media. That's the thread I've posted about the file names not showing correctly. I did not mention the problem I had because I wanted to solve it first before I documented it. So here goes. LOL

Aside from backing up various elements of my Windows OS, I also have backups for this website going all the way to the first year we came on line. http://brainformation.com/arch/index.php In essence I have the database for that site and the entire install directory image put in a safe place. I decided to make a copy of that safe backup and put it on the same USB memory device as the backups for Windows 7. Since these backups are going to be used to recover a trashed OS or trashed website, it is only prudent to ascertain that the backups are clean and functional. So, I told Windows Defender from my Windows 10 laptop to scan the drive - just to be safe. To my utter shock it reported problems with Trojans hidden in the Brinformation archive image. I scanned the original location too, and sure enough. The Trojans show up there too.

While I was taken back a bit and shut down the archive site temporarily, just in case, I decided to verify what Windows Defender reported. I ran the site through Virus Total and it did show a minor issue with one of it's forty or fifty virus checking tools. 1 out of 50 is no reason for concern. But, I then fired up my DrWebb CureIt live CD, which is actually a live USB. LOL This would be an external check that would not be polluted by anything on my existing backups or OS. Scanning all the copies of the site backup images showed nothing. Only Windows Defender reported the presence of trojans.

At that point I was in no mood to debate how good or how bad Defender might be. I decided to wipe out the site altogether and upgrade the software to what is current in 2019. In other words, all new files would replace those that were in question. Since that archive is so old the upgrade was not easy. The database schema changed dramatically and I had to get some special tools to clean it up. It took me three days, but now the archive site is updated and virus free. Well, I haven't checked it yet, but I have no doubt it is clean.

One reason I'm so anti antivirus software is because they are prone to false positives. I can't say if that is what is going on with Windows Defender, but I would say it is highly unlikely that they are the only ones who can find a virus that is in excess of five years old. If Virus Total can't find it, I have no idea what Windows Defender is trying to tell me. In any case, it's better to be safe than sorry. The Brainformation Archive is clean and up to date and all the backups are isolated.

That's what I've been doing the past few days.

User avatar
Kellemora
Posts: 3744
Joined: 16 Feb 2015, 17:54

Re: Windows Defender

Post by Kellemora »

Sounds like you've been super busy!

I don't run anti-virus software because it has always caused more problems than it prevented.
I do use a file checking program every so often to check for something, but if the name of the virus is not known, and not in their look-up table, then they won't find anything.

The short time Debi was running Win10, nearly every photo of her father kept showing it was an infected file.
They all came from my scanner and my computer to start with. So I ran a few different tests on them and they came up clean. Then the ones she wanted on her computer for her screensaver display I converted from TIF to BMP and then to JPG, and reloaded them on her computer. Every single one of them cause the pop-up that shows the file is infected.

Ok, back on my computer I changed the permissions on them to Executable to see if they had any hidden programs. I clicked RUN to see what if anything would happen. Nothing did! So I changed the back and made them all read only, since they are only used as a screensaver slideshow. There must be an ignore button or something, because she closed the pop-up each time it came up and now it doesn't come up anymore.

I found a way to do an internal on my Index.html page to do a redirect that Google doesn't squawk at, but don't think I'll use it. Right now on my main pages I have a Notice and a Click Button for them to go to the Secure Page if Not Secure is showing, but may have to add this to every single page if Google don't straighten itself up soon.
But also all the websites out there with links to my sites would still have the old links so perhaps I should.

I thought about completely rewriting the website again, but then I would be in the same boat I was before.
All those links out there would point to non-existent pages. This is why when I did the last major rewrite I kept the old filenames and folder, with a link to the new folders and files.
I should have did that when I had to move from Comcast to a new host, but didn't have time at the time.
Oh well.

User avatar
yogi
Posts: 6089
Joined: 14 Feb 2015, 21:49

Re: Windows Defender

Post by yogi »

Fixing the archive did tax my otherwise idle mind. It was both frustrating and challenging. The greatest challenge was with the helpdesk for our hosting service. They have scripts to walk through and no matter how much detail I give them to describe the problem they insist I start from scratch. The problem with the update was in the phpBB update documentation. If I knew that, I never would have contacted the helpdesk. The documentation that comes with each individual update is generally sufficient to cover every circumstance. In fact it had instructions on how to make the big jump of several versions minus one small detail. The helpdesk found an online update manual that I never even knew existed, and in that set of instructions was the hint that I might need to clean the database before the upgrade. Anyway, it's all up and running now and I cleaned up things I never did when I archived it. There is one more archive that should be converted. I think that would be easier now that I have experience.

I have some go-to software for solving virus problems. I never had to deal with ransomeware, but it is inevitable that I will meet up with it at some point. That is why I'm doing off line storage now and actually trying to put together a disaster recovery plan. There is one fatal flaw in my system which has to do with the NAS. As you discovered, network storage is just as vulnerable as local storage. I don't have any backups of what is on the NAS. Well, I do have the photographs backed up off line, but not much else. I'm still debating whether I should care about it or not.

User avatar
Kellemora
Posts: 3744
Joined: 16 Feb 2015, 17:54

Re: Windows Defender

Post by Kellemora »

Because the ransomware only hit jpg and doc files, and only on NTFS disks.
I'm back to making a redundant backup of everything on an EXT4 external drive for safe keeping.
Plus some really important things are on drives not connected to the computers except when I'm updating the backups.

Was talking to an IT guy the other day about how they handle backups of their clients.
I had seen an article that said they could retrieve any document including changed documents so they can revert back to before they made a change.
He said it is simple really. Whenever a document is changed, it is saved as a new document, and the old document is not over written, just moved down the queue one notch.
I asked how much memory they need to do things like that.
He said they have over 75 million gigabytes of storage in their server array and it is less than 10% in use so far.
Plus they have cloud access to over 2 petabytes of storage they use for backups and other things.
Maybe he said 75 million terabytes? Either way, it is a heck of a lot of storage, must cost a fortune.

User avatar
yogi
Posts: 6089
Joined: 14 Feb 2015, 21:49

Re: Windows Defender

Post by yogi »

One of the techniques for backup is to use mirror copies. Only the changes are written out to the mirror storage. Then periodic full backups are made from the mirror. A timedate stamp is appended to the file names in some scenarios, and that is kind of what I'm trying to do here. I don't need to filter things down to the individual file level because I don't have that much going on. I do a full backup every few days and append a timedate to the folder. Keeping five copies of past backups works fine for me, but you can get a lot more granular if you really wanted to.

When you buy or lease memory in the petabyte range, the costs really comes down. What I wonder about is how long does it take to populate a petabyte.of storage. LOL

User avatar
Kellemora
Posts: 3744
Joined: 16 Feb 2015, 17:54

Re: Windows Defender

Post by Kellemora »

It would take a lifetime to go through a petabyte of storage one file at a time, hi hi.
I've looked on-line several times to see how they even have 1000 terabytes of loss free storage.
Pictures always show the server arrays with the rows of computers in them, some even close enough to see the graphics cards, but none over show an open file storage cabinet. Except in the old days of tape drives.

I did see a cartoon drawing once, in the first cel it showed the data storage room with a wall of tape drives and a couple of rows of large cubes which were the hard drives. I think the caption under this cel said 100 gigs of storage 200 gigs of backup, and the room is full.
Then in the next cel it showed an empty room, except for what looked like two pictures hanging on the wall, then a zoom in on one of the pictures to show several tiny SD cards in neat little rows. The caption said something like 100 terabytes of instant storage, 200 terabytes of instant backup, and no floor space used yet.

That' s how I do my backups, they are mirrors not backup sets.
This is how RSync works, it only copies the files that changed, which makes it very fast.
Where when you do a copy n paste it takes forever since everything gets copied again.

Although, on NTFS drives, it is good to do a copy n paste to your backup drive so all the fragments get put back together again, and is usually faster and safer than running defrag on your backup drive.

I wish they would come out with something like RSync that handles remote drives without going through all the trouble of setting up special mounts just for that purpose.
If you already have a remote drive mounted on your desktop RSync doesn't seem to be able to write to it.
Probably because it works at the root level for remote drives. I really don't remember anymore how it works under the hood. Since I got in the habit of copying a file or folder I just worked on to both backup and off-site. Although I've been way to lax on doing that lately.

User avatar
yogi
Posts: 6089
Joined: 14 Feb 2015, 21:49

Re: Windows Defender

Post by yogi »

If I backed up any of my Linux work I'd be more interested in rsync. But I'm certain that just as is the case with the rest of Linux there are a thousand ways to rsync; sometimes it works, and sometimes it doesn't.

Mirror backups are great, but probably the most prone of all choices to ransomeware attacks. My current interest is in how to recover from such an attack. I may still set up a mirror because it would save me the trouble of making so many backups so often. All I'd need to do is copy the mirror to offline storage periodically. I'd still keep at least 5 generations of backups because there are times when you don't want the last thing backed up, but you want what was there a year ago. That's not the case with ransomeware recovery, but I do have some files where that could be an issue; bookmarks as an example.

User avatar
Kellemora
Posts: 3744
Joined: 16 Feb 2015, 17:54

Re: Windows Defender

Post by Kellemora »

You can export your bookmarks into a file, and that file can also be converted to plain text.

You remember my bout with ransomware getting to the NTFS drives connected to Linux computers, by going from the Windows machine through the LAN to get to them. Thankfully it only got into the shared drives. Even so, we lost tons of images and documents, even on the attached backup drives. It didn't mess with anything on EXT4 formatted drives, so now I have a backup of everything in that format now too!

You can use Rsync on a Linux computer to copy data from a Windows computer to an External Drive or to your own internal drive. But it does take setting up a Mount for Rsync to use.

When I was more gung ho about backing up everything, I would make a copy of my /home directory every night at 3am, instead of each individual file. But I still made other copies of the important files as well.
I really do need to set up a remote drive again, just in came my office burns up. I just couldn't afford to buy a second 4 terabyte drive to set up in a remote location. My old 500 gig external drives that I kept one at the house and one up here and mirrored them manually by carrying one up here from the house to copy to then bring it back again. Both are now used to hold backups of data, different data on each. One for business, one for personal and both are NTFS so if I croak Debi can read them on her computer. They are not connected to anything for safe keeping.

User avatar
yogi
Posts: 6089
Joined: 14 Feb 2015, 21:49

Re: Windows Defender

Post by yogi »

There are a gajillion different strategies for backup and disaster recovery. The first rule is that something is better than nothing. Unfortunately, the bad guys figured out how to get at all of it. The only reliable backup is to a disconnected device that has never been connected to a network and never will be. Done properly it will not only keep the bad guys out, but it will also prevent contamination from malware. There is also something called virtual backups which use a database instead of a physical device. It would work something like this website. The pages you see here do not exist anywhere in stand alone form; they are compiled in real time using php software and a database. Apparently you can store and recover data using the same idea.

User avatar
Kellemora
Posts: 3744
Joined: 16 Feb 2015, 17:54

Re: Windows Defender

Post by Kellemora »

When I first started using Linux when I came back to it, I downloaded the server version on one of my computers, even though I didn't know much at all about servers, still don't. Even tried Edubuntu as a learning tool to see how workstations worked, but my old computer didn't have near enough memory to use it that way.
I did set up a small database, actually a couple of them, in one I put my address book data, which worked great, since all I had to do was type a name in the little search program and it would come up in that program. I tried it with something else and I either didn't do it right, or I didn't understand how to access it. All it was in there was a bunch of files I used for testing, but I couldn't get them to come up, I think I needed to have a text editor included in my search script, which I didn't for the address book for some reason. Never did figure it out. So I ended up using the computer simply for file storage.

I'm so dumb, I can't even figure out how to MOUNT a remote drive anymore so Rsync can copy to a remote drive.
I downloaded SSH and a few other programs and for some reason it is still over my head, even though I know I did it in the past much simpler. Also the programs to show the IP numbers of my LAN computers and devices no longer works either. I tried a couple of other programs, but they are too complex and still don't show what I wanted them to show.
The old program I had would not only show the IP address it would also show the name of the computer or device. Maybe I'm just looking at it the wrong way again, I forget how to do things I don't do all the time too.
Heck, I used to backup to a hard drive connected to my brothers computer in St. Louis, but that was easy, I just addressed it like you would a website and it worked just fine with Rsync. But that was years ago now.

Rsync cannot write to a shared folder I've loaded on my desktop going through the network.
It can see it, it can open it, and a dummy write works, but not the real write, says operation not supported.
I thought Rsync stood for REMOTE Sync, hi hi.

Perhaps this is why I decided it was easier just to carry an external HD back and forth from the house, hi hi.

User avatar
yogi
Posts: 6089
Joined: 14 Feb 2015, 21:49

Re: Windows Defender

Post by yogi »

That last comment is one other reason I shied away from rsync. I recall reading someplace that it does not work on NAS equipment, i.e., Windows shares. I also don't feel comfortable enough with Linux to do anything serious like backup critical data. I'm sure I can learn the technique, but the recovery from mistakes I make are exceptionally difficult in the Linux environment. It's all simple if you know how to do it. Learning how is the hard part, and I understand in your case it's complicated by retention issues.

I'm certain you do know how to copy files from one directory to another. That would be your go-to method if all else fails. Connect your detached hard drive and simply start copying directories one by one until you have everything you need on the removable disk. A pain? Yes. Fool proof backup? Pretty darn close. :mrgreen:

User avatar
Kellemora
Posts: 3744
Joined: 16 Feb 2015, 17:54

Re: Windows Defender

Post by Kellemora »

I use Rsync with Cron jobs to make mirror copies of this computer to an external drive.
Then a second job copies the external drive to another external drive on the same computer.
I do this because I normally work from External Drive #1 and not actually from files on this computer.

If I set up SSH Rsync works just fine, but I wanted to do it with cifs.
I finally figured out what I had forgotten, and managed to get mounting down pat.
But I have permission problems on a couple of files that I haven't fixed yet.
Busy getting ready for the Christmas crowd.

Speaking of Christmas - A Very Merry Christmas to you and yours Yogi!

User avatar
yogi
Posts: 6089
Joined: 14 Feb 2015, 21:49

Re: Windows Defender

Post by yogi »

I'm here in a Chicago suburb hotel room reading what you are posting. It's a bit surprised that you found some time to contribute to the discussions today, Christmas Day. We spent last night at my daughter's home having dinner and exchanging presents. Today we will be going out to my wife's brother for the traditional Christmas family gathering. I'm not positive, but I think we are going to be on the road back home tomorrow. Friday the latest.

In the past I have sent out a Christmas message to all our Brainformation members Since you are literally the only active member I will simply wish you and your family all the best of the Christmas spirit right here. When I left St Louis yesterday morning there was about 50% snow cover in the area. Up here in the Chicago area not a single flake of snow is visible and the temperatures are in the 50's. Then again, it's ten degrees warmer down south and I expect I might have to mow the lawn when I get back down there. :mrgreen:

User avatar
Kellemora
Posts: 3744
Joined: 16 Feb 2015, 17:54

Re: Windows Defender

Post by Kellemora »

Talked to my brother in St. Charles and he said it was close to 70 degrees.
I hope so, because we usually get what happens their 3 days later here and normally at 10 degrees warmer.
However, I know it is only going to get up to 64 here by the weekend.
So he might have been fibbing, hi hi.

I had some free time in the morning before the vampires arrived to eat all the food, and a little later on after dinner when they finally all got their fill and waddled out, hi hi.

User avatar
yogi
Posts: 6089
Joined: 14 Feb 2015, 21:49

Re: Windows Defender

Post by yogi »

I'm still in that hotel room and scheduled to depart for the southern regions early tomorrow morning - Friday. The temperature in O'Fallon on Christmas Day did reach 70F, or so say the weather web sites. I think we have a couple more days of this extra warm weather before it goes back to normal in the 40's. That should make the trip home very pleasant. I've done this run in the snow and am really terrorized at that thought.

Today we went to the shopping mall which nothing of it's kind exists anywhere near O'Fallon. It was a grand reunion with old memories and we even purchased a few items. I had my watch band replaced for nearly the same price as the watch when it was new. That's the main reason we didn't shop at the mall that often, but still, it was available if we wanted a reminder. Lunch was at one of our old time favorite restaurants. Haven't had eggs Benedict like that since we left this town. Tonight, if we are hungry, there is an old time favorite Chicago Hot Dog type restaurant we will visit for a departing dinner. LOL It's nice to be back in a place that is familiar as is the back of my hand. We are visitors now, and I have some mixed feelings about that.

User avatar
Kellemora
Posts: 3744
Joined: 16 Feb 2015, 17:54

Re: Windows Defender

Post by Kellemora »

I know just what you mean. I used to love having a chance to visit back home.
But, after close to 20 years of being away, so much has changed, I don't recognize it anymore.
Most of my favorite places are no longer there anymore, lots of new or changed roads.
A couple of the places I always got good deals from, we planned on going to before we made the drive back home.
But both of them had moved to a more upscale area and naturally raised their prices a lot to cover it.
I guess I'm just getting used to living here too much, and here is changing fast too!

User avatar
yogi
Posts: 6089
Joined: 14 Feb 2015, 21:49

Re: Windows Defender

Post by yogi »

Since I left Chicago to get married and raise a family, I've not found a place that I feel is truly home. The neighborhood in the city where I grew up, and did feel at home, might as well be on another planet now. It's nothing like it was during my youth save for the names of the streets. Most people adapt one way or another to their new residence. That doesn't mean they feel good about it, but they quickly learn how to live in different surroundings. I think that's just human nature. Unfortunately, i have memories of times when things were different. It's the memories that tend to be uncomfortable.

Well, we made it back home to O'Fallon without incident. It was 70F yesterday but today it never got above 45. I'm looking forward to spring already. LOL

User avatar
Kellemora
Posts: 3744
Joined: 16 Feb 2015, 17:54

Re: Windows Defender

Post by Kellemora »

The frau asked me if I could get my house back in Creve Coeur would I want to move back?
I said no, it's not the same place as it was when I lived there, or when you lived there for a short time after we got married. Besides, I've come accustomed to down here.
What brought it up is down here has changed so much over the past few years, even living in the home she grew up in, she says it doesn't feel like home anymore, the entire area changed into something she no longer recognizes.
All I could say was, now you know how I felt about my home town, and the reason we moved out in 1966, and shut down our business there in 1984.

I guess no matter where we live, it is only going to go from bad to worse, and at breakneck speed too!

User avatar
yogi
Posts: 6089
Joined: 14 Feb 2015, 21:49

Re: Windows Defender

Post by yogi »

The only constant in life is change. Nothing stays the same. The secret to success is to be willing to adapt. Of course that is easier said (or written) than it is possible to do. Part of the problem is perception and the feelings evoked by it. Most of the things I saw up north this week were familiar in spite of me being away for three years. That made me feel comfortable. But we left for a reason and not on a whim. Being older we could not breathe in the smog as well as we once did, and the cost of living just went out of sight. None of those things are problems for new people moving in for the first time. The people that bought my house thought they were getting a deal. I felt as if I was robbing them. So, I don't know if it's truly all downhill. However I can say that being placed in a totally new environment with a different culture is exhilarating in some respects. We are constantly discovering new things about our new home. Unfortunately, I still have those memories of my roots. That takes some of the novelty off of the experience but overall I'd have to say life is easier down here in Missouri.

User avatar
Kellemora
Posts: 3744
Joined: 16 Feb 2015, 17:54

Re: Windows Defender

Post by Kellemora »

My family has a warm and wonderful history to remember.
Unfortunately, those days of how things were in the 1940's to 1960's or 1980's even cannot be duplicated by the newer generations. The world they existed in no longer exists.

At one time I owned four 12-unit apartment buildings.
I bought them for a song and a dance, for several reasons really.
The owner was old and could no longer do any of the work himself, had to hire it all out.
Most of the apartments no longer passed code to get occupancy permits, although the buildings themselves passed code OK.
I had been doing work for him for about three years already, and with the change of city inspectors including the fire marshal, there was a ton of things he had to do immediately.
He let it slip that when he built those four apartments, they cost him less than 8 grand each, and now the taxes on them are more than that, and they were coming due again as well. His income from them, with several that were empty was a little over 10 grand per month, and he had not raised rents on existing tenants for at least 5 years. Those were only paying like 150 to 175 a month, while newer tenants were up around 275 to 300, and the going rate for apartments in that area at the time was 350 for those larger size apartments.
His expenses on those apartments were also high, especially after the individual apartments were not passing code for new tenants to move in.
He had them appraised in as-is condition by three different appraisers and the highest one was 88,000 for all four, I think the lowest was 72,000 which is why he said he couldn't afford to sell them either, as he needed the income from them.
After some dickering I agreed to pay him 20 grand up front now and 5 grand a month beginning in one year, so I had funds to pay the taxes and start on renovations.
He actually lowered the down payment to 15 grand if I would pay him 1 grand per month for one year, then 2 grand per month for the next year, and on up increasing by only 1 grand per month, up to the limit of 5 grand per month until he died, with no payments after his death as my original contract called for to go to his heirs.
After I got the place all fixed up and fully-occupied with most apartments at 350 per month, I had several offer to buy the place from me. But I couldn't sell it as long as he was alive as part of our agreement.
That old guy lived for another 8 years!
So technically I paid way too much for the apartments when you add it all up, however, after he passed away, he had left me like 154 thousand bucks, or the amount he had left over after paying all of his medical bills and other expenses. After taxes I only got about 80 grand, but I didn't expect to get anything so it was a surprise.
After expenses I was taking in about ten grand per month from those apartments, but the area was going downhill a little, so I figured it was time to get out. I sold it to an apartment management company for 10 grand down and 2 grand per month for six years. Unfortunately, half of the monthly payment went to my ex wife, hi hi.

Post Reply