MSE; Does Anyone Still Use It?

As Krusty13 replied, it has been explained earlier in this thread.

To sum up quickly, the situation are like this :

First, several years ago Microsoft had enough of the constant fight between vendors that meant that vendors where focusing on fictive samples or samples that where not hitting anybody in the real world.
Vendors did this just to look good in test, but seen from a protection point of view this way of deploying available manpower actually produced lower protection capabilities in real world use.

Microsoft shifted focus to protect users, both home and enterprise, against malicious code that are actually a threat.

Shortly thereafter we witnessed that "journalist" that wrote the story that said that Microsoft had given up and would from that point on be a basic AV on the bottom.

The story was a falsum and the "journalist" twisted Microsoft's word into the complete opposite of what Microsoft actually said.

There are links further back in this thread about this.

HOWEVER, that untrue story has ever since been linked to again and again by a big group of third-party AV vendors.
Any Wilders regular will have seen this both on their own forums, on their blogs and even when representatives from these vendors made posts on other forums like Wilders and on other forums.

That is why you meet so many end users that have heard that story at some point.

Second, the third party AV vendors and the "independent" AV testing companies, have agreed on a testing model that is a propaganda tool designed to blur the reality and produce enough fear among end users so they will run for a third party solution.

The mechanism used are very simple and I explained it before in this thread, but I'll be happy to explain it again.

This will be very simplistic so that no one are in doubt about how this is done.

You take 100 malicious samples.

99 of these only hits one user each.
We call them A1, A2 .... and all the way up to A99.

Then we have the last malicious sample.
That one hits 100.000 users.
We call that one B1.

In the test that you see everywhere, you will typically see a range of third party products that protects against all the A1 to A99 samples but not against the B1 sample.

Those third party products will get a score of 99% blocked.

Then you will see another product that does not protect against any of the A1 to A99 samples, but will protect against the B1 sample.

That product will get a protection score of 1%.

Those tests are quickly posted everywhere and as always there are tons of posts from users that do not understand how these test are spinning the truth.

Because - if you look at the example above, then those third party products that protected against all the A1 to A99 samples but not against the B1 sample and got a 99% rating - these products actually only protected 99 users and let 100.000 users be infected since they missed the B1 sample.

And the product that missed all the A1-A99 samples but blocked the B1 sample and only got a score of 1% - that product actually protected 100.000 users and only let 99 get infected.

This is what Microsoft had been saying all along, that Microsoft still says and that Microsoft proved when they asked AV Comparative to take all the data from their latest test and order it according to prevalence.

Link are posted further back in this thread.

There are nothing basic or "bottom of the available options" about MSE or Windows Defender.

There are just massive forces that has an economical interest in badmouthing MSE/Windows Defender.

Considering that MSE/Windows Defender actually provides great protection in the real world, false positives are light years between and that both MSE and Windows Defender are perfectly integrated into the OS meaning that daily use of PC are smooth, updating PC are smooth and free from trouble and your OS actually works AND works as intended.

Considering all that, combined with how often we have seen third party security product make PCs crash, BSOD and suffer loss of data - look around on ANY forum or helpdesk, and you will see exactly what I'm talking about - considering all that and I will say that MSE/Windows Defender are by far the superior solution.

As a side note, I will round this of by mentioning all the horror stories in campaigns run in news medias over the years that third party vendors have funded only to spread fear and make people cash out to third party AV - all that FUD has hurt the Windows ecosystem as a whole and affected every other developer in the world, because frightened end users do not buy nearly as many regular programs, games and so forth when they are bombarded with security horror stories.

One more reason, why it is wise for Microsoft to protect Windows by themselves with MSE/Windows Defender, instead of relying on third parties.

 

@Martin_C,

Well put!

I do have a question regarding MSE / Defender - Are you equally protected on non-Microsoft browsers, like Firefox and / or Chrome? MSE / Defender rely on Smart Screen Filter as a first layer of protection in IE / Edge, correct?

Thanks.

 

@Martin_C Thanks for the very informative post.

 

You should be protected anyway because starting from windows 8, the smart screen filter is system-wide. Whenever you run a file downloaded from internet, it is scanned by smart screen filter no matter what browser you use. Different thing if you run an older windows version.

 

Ah! OK, thanks. I was mainly wondering about Win10 and WD, but didn't realise that Smart Screen Filter was now system-wide.

Good to know.

 

Thank you, Krusty13 and Roger_M.

MSE / Windows Defender will protect you equally well, regardless of your browser choice.

SmartScreen are a reputation database and integrates into desktop, IE and Edge, Windows Store, all Apps and also email clients like Outlook.
And on everything from PCs, tablets, phones, XBox and so forth.

It does not integrate into Chrome or Firefox, but Chrome has its own reputation database.

Therefore you will not have SmartScreen prompts in Chrome or Firefox. But you will have them on desktop.

SmartScreen targets malicious or unknown downloads in both IE, Edge and such attachments in Outlook.
It targets shady advertisements in IE and Edge.
It targets spam in Outlook.
It targets malicious or unknown code on desktop.
It targets malicious URLs in IE, Edge, Windows Store and Apps.

As of Windows 8 and newer, it's an OS-wide reputation database that compliments Windows Defender.

It is VERY efficient.

And as I noted earlier in this thread, it is another well-known trick that testing organizations use when they try to badmouth MSE / Windows Defender.
They test with SmartScreen either turned off or ignores its prompt in the results.

If results should be fair, then webfilter in the third party solutions should be disabled also.

But the short answer to your question - Yes, MSE / Windows Defender will protect you equally well regardless of browser choice.

 

Ah, I see Garrett76 already answered you, Krusty13.

Sorry about my doubleposting, Garret76.

 

I appreciate both replies.

Thanks guys.

 

You are welcome

 

I think this says it all.

 

Starting last month, I have seen frequent entries in the event viewer stating that MSE used dynamic signatures to provide protection, usually immediately after I downloaded some software. I had never seen such entries in the past.

I haven't observed any slowdowns or FP's during this time. I believe MSE/WD is querying the cloud much more aggressively now, to the ultimate benefit of the user.

 

Is the reputation data base you refer to Google's Safe Browsing API?

If not, what?

If so, Firefox uses the same (and I believe it is enabled by default) as well properly developed Mozilla spin-offs. Here's a screenie from Cyberfox64-Intel Portable taken at 2:55 PM; some of the files are 10 minutes old.

 

So, an Illuminati-like cabal engaged in subterfuge equivalent to a "9-11 insider" job?

 

I knew it!

 

With 84.7% of all Wilders posts being "thank you/you're welcome" and "what version of ... are you using" and the majority of posts in the thousands-plus posts single "support" topics defining the concept of redundancy, there is no need to apologize for a mere double post. Or triple.

 

You also have all the people who just hate Microsoft for whatever reason, and gladly believe and pass on every rumor about how evil MS is. Seems to be the majority of people, even though they'll probably never use any OS besides Windows.

 

Have tried about 6 different AV's on WIN 10; not surprisingly in these early days of this OS, all of them have given some sort of problem/or some feature is not yet working.

Staying with WD for now. As part of a layered defense and regular imaging I am confident it will do its job.

 

Yes, Microsoft has integrated the cloud extremely well.
They used it in the past also, but not on a level anything near what we have now.

Anyone that has used MSE/Windows Defender for years must have noticed that growth in reactions.

And as JRViejo mentions in his examples in this thread, then you now see MSE/Windows Defender react during actions and in places where you never saw it before.

I like it.

And I like the balance between fairly short intervals between signature releases, that are then used during offline work - and the snappy response from the cloud during work while online.

I fully agree with you - every end user, both home and enterprise, will benefit hugely from this.

 

Well, I can whinge about Microsoft with the best of them as sometimes MS seems to be its own worst enemy, but I've never totally bought into the propaganda BS about MSE. I used it for years. Although I don't run it on my Win 7 box at the moment it's nice to know that it is there if I need it. I never understood it when people would say they'd rather have no AV at all than use MSE.

 

If only MSE / WD would automatically check for updates more than once a day.

 

They claim they surf safer knowing they're not protected at all. I see it the same as saying they drive safer if they don't wear seat belts.

 

Similar logic lol.

 

This can be done with a scheduled task, with high privileges, and a powershell CMDlet : PS C:\> Update-MpSignature (for WIN8 and higher)
"%programfiles%\Microsoft Security Essentials\MpCmdRun.exe" SignatureUpdate (for WIN7 and MSE)

 

MSE installed 130MB today via Mpcmdrun. MSE was up to date, set to update in real time. It successfully updated the defs file yesterday with 1.205.2225.0. This morning it ran a scheduled scan (clean). Then right after the scan completed, 2 definition updates appeared in WU, 2284 and 2325 . Definition file 1.205.2325 failed (the 130MB download happened at the same time). The def file 1.205.2284 installed successfully. MSE is showing the current def file is at 1.205.2331 right now, however WU shows no instance of 2331. WU and MSE are out of sync for some reason.

Last month a def file failed and MSE sent 171MB. I really would like to know what this is all about. Has anybody else seen this activity?

 

based upon this matrix here....MSE remains lacking re root/bootkits.
Presume, W8.1/W10 Secure Boot looks after root/bootkits.