Windows Defender: Potentially Unwanted Software

Over the last month, Windows Defender has popped up over 200 irritating dialog boxes on my computer, each one warning that I'm running "potentially unwanted software", i.e., Zango. (I actually walked through my Windows Defender logs to count.) And 200 separate times, I've told Defender that no, I actually do want to run Zango – and each day, Microsoft continues to show me the same intrusive warnings.

I haven't kept track of how many ads Zango has shown me during that same time period, but a typical user sees 2-3 ads a day, so let's call it 90 ads.

In other words, Windows Defender uses an intrusive, annoying dialog box to warn me at least twice for each ad that Zango might display. That's a very interesting trade-off.

I should also note that of those two applications (Zango and Windows Defender), only one of them passes detailed information about the applications I'm running on my computer back to the mother ship – and it's not Zango. That's a very interesting assessment about which application represents the greater threat.

In this light, it's been fascinating to read the recently released Microsoft Security Intelligence Report. Two tables in particular stand out in the detailed analysis.

Note where Zango and Hotbar show up (i.e., towards at the very bottom). In other words, 75% of users who are presented with the scary Windows Defender dialog box actually choose to ignore its recommendation, and choose to keep Zango's software. Since anyone presented with this dialog box actually has to select the non-default button ("Ignore"), that's pretty good news for Zango. It shows what we've been saying for years, that users do want our software.

The problem really comes with the next table.

If you add everything up, Microsoft has prompted users over 16 million times to uninstall Zango's software. Even though people follow through on only 25% of these warnings, this still means that Windows Defender has uninstalled Zango's software some 4 million times, in 2007 alone.

Now from Zango's perspective, this is at least as problematic as Microsoft's ongoing (and entirely legitimate) complaints about piracy. Both consist of other entities illegally infringing on a company's business and establishing a strong set of headwinds that make for a difficult environment in which to compete. Please note how this works. Users install Zango's software only after they affirm several times that they want it, after they're shown a clear, accurate, plain language description of what our software does, and after they click the non-default button on at least three dialog boxes. But after someone has gone through this clear and robust process, Windows Defender will automatically uninstall Zango if the user accidentally clicks the default button on just one scary dialog box that manages, somehow, to be uninformative and misleading at the same time. It's, umm, not precisely a level playing field.

But this is problematic from Microsoft's perspective as well. I think every technical person is by now well acquainted with the annoying-as-hell "User Account Control" feature in Vista. It's supposed to protect you from yourself by putting Yet-Another-The-World-Is-Ending dialog box in front of you every time you might do something dangerous. The Cry-Wolf problem, of course, is that this eventually becomes just another dialog box, one that you click through as automatically as you click the "Next" button while setting up a program. Microsoft admits as much:

In its current form, UAC will not stop really good attackers, or ones who have the help of really good attackers. If the bad guys can't think of any other way to defeat UAC, they will almost certainly resort to asking the user to do it for them. Given the choice of dancing pigs and security, we know from experience that the dancing pigs win every time. Users have learned to dismiss dialogs, and so they will until we manage to teach them otherwise. This results from many contributing factors, including the fact that there are too many warning dialogs, that the messages in them are useless, and that many of the manuals for whatever devices users buy include a note to "please click yes to the security warning dialog to dismiss it."

To the extent, then, that Microsoft continues to present users with pointless dialog boxes that they automatically close, or dismiss, or learn to ignore – dialog boxes that Microsoft knows users will automatically close, dismiss, and ignore – it's working against its own best interests and, indeed, those of the community in general. Microsoft's own data shows that users don't want these warnings – warnings that, in the case of Zango, serve no purpose, and protect users from no threat whatsoever, whether low, medium or otherwise. If Microsoft is really looking for an easy way to get rid of, oh, say, 16 million useless dialog boxes, I know a pretty good place to start.