Windows Defender

[Jon Light (deceased)]

Recent threads have me (on the verge of being) finally convinced to ditch my Norton 360 which is up for renewal in a couple of weeks. I have been reasonably satisfied with it. I think the only feature I use beyond AV and Firewall is Auto Log-in. I've exported that data to Firefox so that ought to cover that base.

So the question----
--Is there ANYTHING anyone can say to make me hesitate ditching Norton?
--Are there any known issues with uninstalling Norton?
--Are there any known issues with activating Windows Defender after removing Norton or any other AV?







NORTON!

[Wiz Feinberg]

Love that photo!

A lot of people operate Windows PCs without Norton AV. Uninstalling it will require a reboot. When Norton is gone, Defender will be reactivated by the Norton uninstaller. Windows Firewall will aso be reactivated.

To maintain your protection against drive-by malware downloads, operate your computer account with less than administrator user privileges. If the computer is Windows 7 or 8, that means making your daily use account a "Standard User." This is done via Control Panel > Users and Accounts (or User Accounts).

Before demoting an existing Windows user account, make sure you already have another one with administrator privileges. If you only have one account now, go to Settings > Control Panel > User Accounts and create a new account with Administrator privileges. Assign it a password that you can remember, but is not too easy to guess for outsiders. Log off your existing account. At the Welcome Screen, log into the new admin account. This sets up the desktop and other important settings and folders.

Still in the new admin account, go to Settings > Control Panel > User Accounts (whatever) > Manage Another Account. Find your other previously existing account name and click on its icon to manage it. Inside the user account there is a checkbox to change your account type. Lower it from Administrator to Standard User and apply.

Next, still in the User Accounts utility, find and click on the link to Change User Account Control Settings ("UAC"). Make sure that the slider is all the way at the top (to notify for everything important). Move it up if necessary, apply and exit everything in Control Panel.

Now, log off your new admin account (via the Start Orb/button/icon). Back at the Welcome screen, log into your previous, existing account. You will now be operating as a less privileged user. The UAC prompts that appear when anything tries to change a system setting, install or update a program, or install malware, will require you to type in your admin password. This makes you responsible for your computer security.

Defender will back you up, but only for the most widely known, long existing threats. It will not protect against zero day attacks, or freshly modified Trojan Horse downloads. The UAC prompt will be your last stronghold in these instances.

Note: there are certain types of malware that install into less privileged accounts and remain persistent. Malwarebytes' Anti-Malware may be able to find and neutralize them.

[Jon Light (deceased)]

Thank you, Wiz, for the detailed post.

A) this is windows 10
Any significant differences to the accounts procedure?

B) Is there a way to import settings (desktop, task bar, whatever)--to the new non-administrator account? I remember a few years ago setting up a new identity for this purpose and getting all confounded by not having immediate access to all sorts of programs and things that I was used to....I was basically confused and over my head and feeling like I was setting things up from scratch.

[Wiz Feinberg]

The system I described leaves your desktop settings intact. You are only creating a new account for the Administrator. Your existing account gets demoted to Standard User. This causes UAC prompts to appear when you upgrade a program, or try to uninstall one.

If you don't want the slight learning curve of operating within a less privileged account, do not remove commercial (constantly updated for the newest threats) anti-virus protection. If you must, change brands (I use and recommend Trend Micro).

There is another program you can add to the computer, from Malwarebytes. It is called Malwarebytes Anti-Exploit. It is either free or commercial (depending on how much protection you want) and specifically watches for zero day tricks targeting web browsers and their plugins.

[Jon Light (deceased)]

Cool. Thank you.
I understand that you are probably frustrated with people not just doing the simple things that you describe. My experience tells me that computer things that are simple to some people just tie me up in knots.

In your post I am reading that Win Defender needs the supplemental permission changes that you describe to bring it up to the same level of protection I currently have with Norton.
I have no complaints with Norton. The decision is between paying $$ for renewal of status quo vs risking some frustrating computer time making these system changes.

I have a couple of weeks to think about it.

Thanks again.

[Wiz Feinberg]

Jon;
Norton, McAfee, Trend Micro, Kaspersky, Bit Defender, Avira, Avast, AVG, Panda and Norman (to name a few) are companies whose reason for existence is to detect and delete viruses, spyware, Trojans and the like. Their stated mission is to protect operating systems in computers and various smart devices. They do not build operating systems. They employ people and honeypots to capture and reverse engineer malware in realtime, as it is being deployed across the Interwebs.

Microsoft is not in the anti-virus business. Windows Defender has been around for a very long time. They have a crew devoted to issuing new definitions to detect malware that has been reported directly to them, or is already in the wild and has been detected by other AV researchers. Defender does not even appear is AV comparisons because of its very low detection scores for new threats.

My advice to anybody with a computer who can afford to purchase commercial protection, is to do so. Every AV company I know about offers a discounted rate to existing customers when it's time to renew. This is often half the price of a new purchase.

Further, most of the top security programs now use your high speed connections to check files for matching definitions "in the cloud." The two way trip might delay the download of, or opening of a file or web page by a second or so, but it is well worth the side trip. Our computers do not have large enough hard or solid state drives to hold all the definitions for not only known, but emerging threats.

If you only knew how many new and altered malware definitions are discovered every day, your head would spin.

Back to Defender. If you operate with reduced user account privileges, Windows Defender will probably protect you against known threats. Add a side program, like Malwarebytes Anti-Exploit, or MBAM, and you double or triple that protection. Hitman Pro is another player in the add-on protection business and is well spoken of in malware removal forums.

[Charlie McDonald]

I hear you, Jon; I feel the same about these simple computer tasks.
I recall Norton being hard to get rid of. It was a decade ago and I don't remember the details, but it did get done.

And Wiz, thanks for the Anti-Exploit tip. Every little bit helps.

[Dave Potter]

I hear you, Jon; I feel the same about these simple computer tasks.
I recall Norton being hard to get rid of. It was a decade ago and I don't remember the details, but it did get done.

And Wiz, thanks for the Anti-Exploit tip. Every little bit helps.

I was going to stay outta this one, because I talk too much here in general. But you rang a couple of my bells.

Being "hard to get rid of" is one of the reasons I chose years ago to finally wean myself off all the various paid anti-virus solutions out there, and I tried 'em all. I thought if I "paid" for it, I must be getting more protection than from anything "free". I've concluded the built-in Windows capabilities are sufficient, and the price is right.

On the UAC issue, I'm annoyed that Win10 now insists I grant it extra permission, by clicking on a silly "Continue" button, to perform even the mundane, daily maintenance stuff I do all the time - moving/renaming/deleting files, etc, EVEN THOUGH I'M ALREADY THE "ADMINISTRATOR", and this is with the UAC Control slider ALL THE WAY TO THE BOTTOM. Total nonsense. And, if I demoted my status below "Administrator", I'm sure I'd be presented with even more of these onerous "challenges" to my eligibility to do these common PC management tasks. I just don't have the patience for the log-off/log-back-on shuffle I'd be doing with multiple UAC-level accounts. There HAS to be a better way. If not, I'll just continue to be foolhardy.

[Charlie McDonald]

I was going to stay outta this one, because I talk too much here in general.

I wouldn't worry, Dave, your PPD index (posts per day) is way below mine, which is to the point of no return.

I get something out of your views, and you've stimulated mine: some of the things you say are why I rolled Win 10 back to where it came from.
It's practically heresy to say no to the future, but in this case, who needs it? I've yet to hear a compelling reason.

[Dave Potter]

some of the things you say are why I rolled Win 10 back to where it came from.
It's practically heresy to say no to the future, but in this case, who needs it? I've yet to hear a compelling reason.

I'm sure it was obvious from my post that Win10 is causing me some frustration and anxiety, and they're things I can't mitigate with "settings". At the top of the list is flaky USB connectivity. I'm not sure Win10 gets that right yet. I use a lot of it - front and rear PC connectors, as well as a couple of hubs, one 2.0, and the other 3.0.

Aside from speakers, I have 5 different flight simulation devices that use USB, and it's a constant struggle getting all of them to work simultaneously, despite numerous plug-ins/unplugs and rearrangement of connection points. It's a hassle. All these things used to work fine with Win 7, and it's the same PC - nothing but the OS has changed.

My UPS no longer communicates with my PC, and that worked fine in Windows 7/64-bit. Thunderbird email client freezes in composing emails frequently, and that was never a problem before. I've tried "compatibility" stuff, and "run as administrator", all that business, and nothing helps.

I was on the verge yesterday of reverting to Win7. When I looked on my hard drive for the "windows.old" folder where the roll-back stuff used to be, it's gone. MS closed the door. I still have a drive image with Win7 on it, and that's viable, but I'd lose an entire busy month of online purchase receipts, and email. Not an attractive alternative.

So I'll keep Win10 for now, with its warts and blemishes. MS keeps pushing out refinements, and maybe at some point, they'll fix these things, or 3rd parties will catch up. And, I suppose it might be working acceptably well for some users with simpler systems. I tend to push the envelope, running 3 G-Sync display port monitors and multiple external devices.

Upgrade is inevitable, as you say, but the devil's in the details, it seems.

[Wiz Feinberg]

Dave's experience with Windows 10 and the disappearance of the rollback files reinforces the necessity of having a third part imaging program. Jack and a few other members use Macrium Reflect, while I and others use Acronis True Image (see my affiliate page for details). Yet others rely upon Windows (7/8) Backup to save full system images to other disks or storage devices/places.

An image file contains everything on the boot/system disk. All licenses, activations, setups and settings are preserved. If something goes awry with your computer, restoring a saved image from a better day will restore the computer to that exact state of things. This includes a previous OS, or Service Pack.

Image backups are not incremental, so you will lose any additions, modifications, edits, or deletions made since that image was saved. To minimize the amount of changes that might be lost, I advise making at least weekly image backups. If space is a problem, you can set them to delete previous backups after verifying that the new one is valid. Or, save two or more.

Why not just use Windows Backup?

Because, Microsoft makes changes in system files for new operating systems and the new version under Win 10 may or may not not recognize an image saved under Windows 7. (please correct me if I am mistaken)

[Dave Potter]

Dave's experience with Windows 10 and the disappearance of the rollback files reinforces the necessity of having a third part imaging program. Jack and a few other members use Macrium Reflect, while I and others use Acronis True Image. Yet others rely upon Windows (7/8) Backup to save full system images to other disks or storage devices/places.

Why not just use Windows Backup? Because, Microsoft makes changes in system files for new operating systems and the new version under Win 10 may or may not not recognize an image saved under Windows 7. (please correct me if I am mistaken)

Makes sense to me.

I'm actually pretty intense on backups. I have two external RAID drives, 3TB and 8TB. I'm a Macrium user, and I image my boot drive several times a week to one or the other, for redundancy. I also use the OS'es Windows Backup, and save those there too, along with selected raw data files like my Thunderbird profile and my passwords for various sites.

The problem with trying to use an image to roll back to Windows 7 is that it does not contain any of the new data I've generated since the Win10 upgrade.

I'm giving thought to restoring the (month-old) Win7 Macrium image, then using current Win10 images to "cherry pick" data files as required, and just restoring them to their original locations. Seems like it could work; an email is an email; a .jpg is a .jpg. I doubt Win10 changes the file structures of 3rd party data files.

[Wiz Feinberg]

Does your version of Macrium make file and folder backups? If so, drag and drop the newer files. I do this with Acronis True Image when I foobar a file during an edit. My backups of important files are made every night.

My system images are backed up every weekend.

[Dave Potter]

Does your version of Macrium make file and folder backups? If so, drag and drop the newer files.

If I understand your question, I only do total drive images, Wiz, but I think I can restore files and folders from within those. I do have raw "un-Macriumed" copies of the critical files/folders.

But I *DID* decide to take the plunge a while ago, and am typing this on a newly-restored Macrium drive image I made on 7/31 of my Windows 7 64-bit OS. Re-imaging took about 9 minutes. - and Macrium is creating a new image of my restored C: drive now, as well.

I'm getting updates from everybody, but the OS seems solid, and my USB devices are basking in the glory of functionality again.

It'll be some time before everything's back in order, but things seem normal at this point. Win10 was interesting, but not in a good way.

[Jon Light (deceased)]

I'm mostly over my head with a lot of these discussions but:

I do weekly image backups (done as Wiz describes, replacing the previous one so as to not eat up space---I also have one image from a while ago that I save, in the event that a weekly back goes wrong.)

In addition, I have a backup that updates in real time. This, I presume, provides me with file & folder backup.

In addition to these, I also have a separate backup of just stuff I really really really don't want to lose--mostly media--audio, video and photo. I also have a copy of this stuff on a different external drive.

I hope that this will cover most of my ass.

[Dave Potter]

I hope that this will cover most of my ass.

I learned long ago that with this stuff, you pays you money, and you takes your chances, meaning that, despite all your best efforts to try to understand what's what, and what will work, and what won't, sometimes, it's when the chips are down, and you need something to work, that it doesn't. I've had situations in which I planned to the nth degree, and still found I was unable to access a backup I needed desperately, and found no way to access it.

Sometimes you 'da windshield, and sometimes, you 'da bug.

[Jim Priebe]

It seems to me that most discussion on backups and images etc. and particularly when a full recovery is necessary, rarely emphasises the very basic need for some media that can be loaded into the offending empty computer, boot it, and then create an environment whereby the image etc. can actually be restored. Software like those mentioned above generally can produce a boot disk but computers vary so much even that may not work 100%.
This can be very important (especially in servers) where the drives, RAID etc. need to be activated correctly with a boot so that the recovery can then proceed and put the computer back 'together'.
Generally a boot DVD (or suitable boot media - remember many laptops now don't have a DVD/CD drive built in) - is required which will start the computer sufficiently so that a recovery can proceed. It needs to be able to recognise all the features of the computer/mainboard, get it up and running and also recognise the media which the image etc. is stored on. If a hard drive fails, then the built in recovery systems that rely on a specific partition (on that hard rive) to hold the recovery may be useless.
You will really start to appreciate this point after you have been caught 'with your pants down' and have a great image/backup that is right up to date but then have nothing that will successfully let the recovery happen (been there - done that - especially on, as I mentioned some servers) even though you thought you did. So, you need to TEST that boot system when all is well to ensure it actually works.

[Wiz Feinberg]

It never dawned on me that somebody would take this talk about PC backup and restore to the server level. This didn't seem pertinent to the OPs who only have individual PCs.

Nonetheless; if you have no DVD drive, you can use an image burning program, like ISO To USB, to create a bootable image on a USB drive, on a large enough thumb drive, or USB external hard or solid drive. These programs are normally used to burn bootable CDs and DVDs from .ISO system image files. Microsoft now offers their own image burning program for Windows 10 users who want to do a clean install (link).

There is an older version of the Microsoft Image to USB bootable media tool here. It works on Win XP through Win 7.

Some people might have a BIOS that allows one to boot from a physical (network cable) network drive, like we used to do in a computer builder shop in Benton, Ar.

Finally, Acronis True Image has the ability to restore to RAID arrays, especially the business versions. I assume Macrium has a pro version as well. Further, Acronis now offers a special version that includes unlimited image storage and restores in their cloud. This gets real technical and expensive, quickly.

[Jim Priebe]

Spot on Wiz. I guess I only mentioned servers to try to make the point of how important it is to have something or system along with your backup that will enable you to make use of that backup (didn't mean to make things more complicated).
As a technician, I always had a device devoted to restoring systems on any type of hard drive (after I was burned once) but the average end user would be wise to be aware that having an image/backup is really only part of the process of restoring.
Having a bootable USB drive would be an obvious solution for laptops. Preparing them may be a bit challenging for some users but well worth the effort.

[Dave Potter]

Folks, I think my reversion from my Windows 10 adventure back to Win 7 64-bit is completely successful.

I used an image of my entire C (boot) drive I created using Macrium Home Edition v6.0 prior to upgrading to Win10. That was done on 31 July, so obviously, it did not include anything I've done since that date. Most important were emails and purchase receipts for items I ordered online since that time. I use the Windows snipping tool to make .jpgs of the screen copies of the order confirmations, and there were about a half dozen of those.

Before I restored the Win7 Macrium image of my boot drive, and with Win10 still running, I made raw copies of my Thunderbird profile (845MB), and the folder containing my online order confirmation .jpgs, with the intent to just copy those files back into their respective locations, and hope Win10 hadn't changed them in some way so a Win7 restore wouldn't be able to access them.

All that's done now, and I'm seeing no issues with file access or anything else. Best of all, all my USB ports are working as they should, which definitely was not the case in Win10. I restored the Win7 image using a Macrium Rescue DVD which runs under WinPE, as I recall. I restored the image from a 3TB external RAID USB drive. Restoration of the image took less than 10 minutes.

So, email's current, online order confirmations are current, the hardware's working, and I'm a happy camper again, with multiple redundant images of my restored Win7 drive, just in case something goes wrong down the road.

[Charlie McDonald]

Welcome home, Dave. Glad you made it back with all your base.
I've always been much happier in the present. It's simpler than the future.

[Dave Potter]

Welcome home, Dave. Glad you made it back with all your base.

Thanks, I think, Charlie.

Feels good to be home again.

[Jon Light (deceased)]

For the record, I ditched Norton (a few days early so that I can still re-up should I have a change of mind).
During the uninstall my computer warned me and prompted me to activate Defender (rather than after the reboot).

The only thing that was not simple was that Norton gave me the option to save all my settings in case I changed my mind. Even though I'd intended to rid my system of as much trace as possible, they caught me wavering and I opted for this since my plan is to maintain the option of renewal for the next few days.
AND...they allowed me to opt to keep running "Identity Safe" -- their auto log-in and form filling app. Free, they claim.
I caved and opted in for this too even though Firefox has the log-in feature and there are FF add-ons for form filling.
I acknowledge that I am weak. In the interest of trying to run clean, I will probably go for a cleaner uninstall in the future and get rid of this redundant stuff. For now, I am grateful for any keystroke that doesn't plunge me into WTF?