MSE; Does Anyone Still Use It?

I realise MSE has not performed too well of late, that wasn't my point, but it once had well above average test scores. In my book, test scores need to be taken with a firm dose of sodium chloride anyway.

 

Nope, that is not marketing talk, I am being realistic in stating that independent tests have shown that MSE only offers basic protection and that it should not be seen as the best performer on the market.
As further reference, here is an article regarding the fact that MSE only offers a basic level of protection: http://www.infoworld.com/article/26...s-offers-bare-bones-protection-by-design.html

 

I haven't used MSE for some time, but I find Windows Defender too heavy for my liking under Windows 10. It takes a few seconds and causes noticable CPU load when scanning finished downloads.

 

It certainly seems to be improving, which can only be good. What I've always liked about MSE is it has virtually no false positives of any kind. They can be almost as harmful to your computer as malware.

 

Well, I was just about to dump Defender because of this "You haven't run a scan..." annoyance. There are a zillion hits about this same issue in google going back years. Someone actually waited 56 hours for a Quick scan completion.

So, in an epiphany on par with the visions of ancient prophets, I excluded the D: partition and everything on C: except for Users, hit the big brownish Scan button and it was over in a a couple of minutes. My system is no longer a yellow-yuck potentially unprotected but go-go green and protected! And yes, I removed the exclusions. BTW, just selecting Users in Custom scan didn't clear the status.

 

Don't know if it's in the default config, but if you have a Premium license, you can add it manually.

 

OK, thanks.

 

Ropchain, are you not feeling well today ??

You are usually a lot smarter then that.

The article you post a link to are a article that several tech-sites posted at the time.
An article that are twisting the word of the Microsoft employee into the complete opposite of what was actually said.
And ever since it was posted, a group of third-party security vendors have been quoting it over and over again trying to promote themselves while badmouthing MSE.
Makes you wonder who paid for it in the first place.

Microsoft did NOT say that they designed MSE to be at the bottom.
Microsoft said that they stopped caring about hunting fictive samples only to look good in test like the rest of the industry does.
They would from that moment on use all manpower on real threats that actually hits end-users.
And that they would offer their entire signature collection to all AV partners.

The "journalist" then twisted that into that Microsoft no longer cared and that MSE was a basic AV at the bottom.

Nothing could be further from the truth.

Microsoft are with MSE/Defender protecting against malware that are actually affecting users.

Any of the 45+ AV partners can then get all those signatures practically free of charge (the required number of samples to submit to be a partner are ridiculously small) and they can then add signatures for a couple of PUPs that are not in the Microsoft signatures and next have one of the "independent" AV testing groups doing a test that points out exactly the few samples they added themselves, making them look, oh so superior.

There's a certain group of third-party vendors that ought to be ashamed of themselves.

Don't bite the hand that feeds you.

Another well-known trick in those test is that they run tests of MSE/Defender with SmartScreen either turned off or they ignore any prompt from it.
If test should be fair, then the tests should also disable the webfilter in the third-party solutions.

Since you like links, then I will supply you with a link to when Microsoft had enough of tests that focused on fictive/pointless samples not hitting anybody.
This test is sorted after what malware is ACTUALLY hitting users and who protects you then.
Suddenly things looks a LOT different.
Microsoft are placed as nr 6 and no longer at the bottom.

Direct link to AV Comparative report (PDF) : http://www.av-comparatives.info/wp-content/uploads/2014/08/avc_prevalence_201403_en.pdf

Also a couple of links that show that the story you linked to are not true :

http://blogs.technet.com/b/mmpc/archive/2013/10/09/our-commitment-to-microsoft-antimalware.aspx

https://askleo.com/do-i-need-to-stop-using-microsoft-security-essentials/

There where a lot more articles at the time that proved that the story you linked to where twisting the truth, but they are bookmarked at home so that will have to wait.

 

Thanks for the link. I don't currently use Windows Defender, but I will give it a try on the next PC I upgrade to Windows 10.

 

Thanks for the comparatives link on malware prevelence (makes no sense, to buy an insurance against spring tide damage in the dessert).

A friend of mine is a malware reverse engineer. He always tells me that user base and localization matters:

1. URL blacklisting is more a numbers game than a localization issue. Although most people from the Netherlands only visit NL and COM domains. He says it is better to apply a mix and match URL blacklisting approach: Use a mainstream browser (Google and Microsoft are on top with Baidu and Yandex), Use a DNS service from an AV with with DNS affilaite (like Norton, Sophos, Trend Micro and Fortinet) and install a browser plug-in from an AV with a large customer base (Bitdefender, Avast).

2. PE blacklisting depends on installed user base and analysis and manpower of malware analysts/reverse engineers team. Since user base and telemetry are location relevant he always adviced Avira Free when friends asked him what free AV to use (Netherlands borders to Germany). Kapersky and McFee score better in the link you provided on malware prevelence as Avira, but they are paid. With Mcfee also providing a free antivirus, I guess I will have check to try new Mcfee free when it comes out of Beta.

 

1. The report from AV Comparative you're linking to has been commissioned by MS.
2. Because you like test results from AV Comparative, here are some more reports showing that MSE cannot compare with the well-known AV companies (Tests are not randomly picked):

Real-World March-June 2015:
Protection rate: 89.6% (Place 21 / 21 tested)
Link: http://www.av-comparatives.org/wp-content/uploads/2015/07/avc_prot_2015a_en.pdf

Real-World August-November 2014:
Protection rate: 83.5% (Place 23 / 23 tested)
Link: http://www.av-comparatives.org/wp-content/uploads/2014/12/avc_prot_2014b_en.pdf

Heuristic Test March 2015:
Proactive Protection rate: 53% (Place 10 / 12 tested)
Link: http://www.av-comparatives.org/wp-content/uploads/2015/07/avc_beh_201503_en.pdf

Heuristic Test March 2014:
Proactive Protection rate: 75% (Place 8 / 13 tested)
Link: http://www.av-comparatives.org/wp-content/uploads/2014/07/avc_beh_201403_en.pdf

File Detection March 2015:
Detection rate: 86.3% (Place 21 / 21 tested)
Link: http://www.av-comparatives.org/wp-content/uploads/2015/04/avc_fdt_201503_en.pdf

File Detection September 2014:
Detection rate: 90.2% (Place 23 / 23 tested)
http://www.av-comparatives.org/wp-content/uploads/2014/10/avc_fdt_201409_en.pdf

File Detection March 2014:
Detection rate: 90.0% (Place 22 / 23 tested)
http://www.av-comparatives.org/wp-content/uploads/2014/04/avc_fdt_201403_en.pdf


As I mentioned before: MSE only offers basic protection and does not offer the best protection available
I am not going to continue this discussion.

 

There have been users
who went back to the MSE + MBAM combo
as 3rd party Anti-Malware products were very Heavy on their old PCs.

 

This isn't the issue or the main impetus why I started this thread though. I was just curious how many people still use MSE, considering recent events in its development, as I have been forced to return to it for various reasons.

Now, I'm not going to knock on Mr Panda's door about this, I'm sure in time they'll get their bamboo shoots together and fix the borks that are affecting the Panda AV. I just needed a relatively effective and trouble free preferably freeware AV.

When MSE was initially released it had very high protection rates, but due to various events it has not shown to be quite as effective as it once was, I have already speculated on the reasons for this earlier.

According to this page at AVTest:

https://www.av-test.org/en/antiviru...015/microsoft-security-essentials-4.7-151547/

'Detection of widespread and prevalent malware discovered in the last 4 weeks (the AV-TEST reference set)' ~ op cit

This shows an improved score of 93% compared to a 99% industry average. That's just 6% less than the average industry standard. As this seems to be steadily improving this doesn't seem to fit with your corollary that it is only a basic or fundamental protection.

An AV is only one layer in a defensive strategy anyway, albeit an important one, so 93% should suffice if supplemented with other measures. The fact that in several years of using MSE on multiple computers I have never had an infection is a testament to that.

I'm not actually sure why you started it in the first place, as you haven't really contributed anything I didn't already know or wasn't previously aware of.

 

I don't doubt it. I'm only really interested in MSE though. I was just wondering if anyone still used it after all the controversy surrounding its recently perceived test scores, especially after it was effectively bundled with post Win 7 operating systems.

 

You are welcome.

True. As you might know, Microsoft has provided major updates to their telemetry lately.

This will be beneficial to both MSE and Defender, and when you then add in all the improvements that has been added in Windows 10 like interception of scripts, context awareness and so forth then you have a mighty powerful solution in Windows Defender.

More here :

http://blogs.technet.com/b/mmpc/arc...lication-developers-new-malware-defenses.aspx

And here :
https://channel9.msdn.com/Events/Ignite/2015/BRK2327

(This one requires an attention span of an hour. But to all who are interested in the subject, it is very informative)

 

Apparently you didn't understand the report I posted a link to.
It doesn't matter that Microsoft commissioned it.
It is a test that was ALREADY done by AV Comparatives before.
As always these test focus on a few samples that has absolutely no relevance to anybody in the real world, and as always the tests show that third-party solutions protects better against malware that are not affecting anybody.

Then Microsoft had enough of the constant slander and stepped in and said "let try and take all the data from the latest test you did and then rank it according to prevalence".

That is what you see in the report.

It's not a new test or a new test set.

Maybe you feel warm and fuzzy about using a third-party solution that protects against 10 samples that only hits one user each but at the same time doesn't protect against a widespread sample that are hitting 100.000's of users

Be my guest.

But that is not a valid excuse for spreading FUD about other products.

I notice that you have no intention of continuing this debate, so I guess you won't return and post that you properly misinterpreted the subject we have in this thread.

Nevertheless, have a nice Sunday.

 

In keeping with the exciting discussion about Defender definition updates, just for grins I dialed up my scheduled task to every hour at 45 minutes past the hour. I'm in the US MST zone.

Today in the 14 hours my 8.1 system was up, there were seven updates with time stamps
0320
0455
0555
0855
1419
1519
1817

I don't know the time zone those relate to; I would think UTC. Maybe Redmond?

Only one def updater came in via Windows Update which I ignored.

FYI:
The task is "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate -MMPC as a SYSTEM account.

 

Running MSE without a compliment (i.e. without an on-Demand Scanner) is like looking for troubles...

 

Yes, it's pre-configured for Maxthon.

 

Yes, but you can say that for any AV, and I've been using SAS and MBAM as a compliment for years. I'm sorry I didn't make myself clearer before but I meant that I was essentially interested in the use of MSE regardless of anything supplemental which can be a variety of programs.

Anyway, as I started to notice MSE having a slightly detrimental effect on performance (as usual) I decided to give Avast! a trial. I've used it before and find it quite light and effective especially with a minimal install.

 

OK, thanks.

 

Yes I had seen that one, I am curious how the context aware feature will proof itself in tests.