Microsoft beta AV

[raven211]

Quote:

Originally Posted by Toby75

Can someone post some screen shots of the HIPS component? I would like to compare it to Windows Defender.

Thanks,
Toby

There's no HIPS functionality in MSE, and HIPS functionality of WD is taken out in Windows 7 version. MSE's proactive defense is based on Dynamic Signatures (search for it), which typically delivers the same "prompts" as a regular detection, thus continuing unmatched simplicity.

[Toby75]

Quote:

Originally Posted by raven211

There's no HIPS functionality in MSE, and HIPS functionality of WD is taken out in Windows 7 version. MSE's proactive defense is based on Dynamic Signatures (search for it), which typically delivers the same "prompts" as a regular detection, thus continuing unmatched simplicity.

OK - Thank You Raven

Are there any other ways MSE checks if the file is valid? MD5, etc.?

[raven211]

Quote:

Originally Posted by Toby75

OK - Thank You Raven

Are there any other ways MSE checks if the file is valid? MD5, etc.?

No problem. Sorry, but I don't have that technical information, though I'm sure someone else here knows.

[trjam]

MSE does start to slooow things down after a couple of days, but it is still beta.

[Smiggy]

No problems here, been testing on 20 PC's of varying speeds, memory.

Killed the Rustok SpamBot that was plaguing one PC and showed no slowdown on even the PC with least memory/CPU power.
Initial download of signatures was slow on all but after setting up scheduler on daily 4hr intervals it updates quick as a flash now.

Thumbs up from me, and it's only a Beta!!

[Edward_Stream]

anyone tested it? how does it work? how about the balance between resource consumption and detection rate?

[raven211]

Quote:

Originally Posted by Edward_Stream

anyone tested it? how does it work? how about the balance between resource consumption and detection rate?

http://www.wilderssecurity.com/showt...ity+essentials

[Eliot]

I am not sure how it detects. I am beginning to think it is not scanning for malware but rather scanning files for them. I can't think of another way to describe it.

[funkydude]

You don't need to describe it, Microsoft describes it very well, it's based on heuristics/generic signatures/dynamic signatures, whatever you want to call it.

[Toby75]

On the Microsoft forums they say that using WD will not be necessary when using MSE...that it covers the same things and then some.

However, WD has HIPS, MSE does not. So you can bypass MSE!

[raven211]

Quote:

Originally Posted by Toby75

On the Microsoft forums they say that using WD will not be necessary when using MSE...that it covers the same things and then some.

However, WD has HIPS, MSE does not. So you can bypass MSE!

Yep, they're making a big mistake. If checking the built-in Windows Defender of Windows 7 you'll get what I mean...

[Kees1958]

Quote:

Originally Posted by raven211

Yep, they're making a big mistake. If checking the built-in Windows Defender of Windows 7 you'll get what I mean...

When you look at the I/O of MSE, it must be using the same intrusion detection agents as Windows Defender, only you can not control them. So the option to be warned when joining as an experienced member in the community is lost.

For Windows 7/Vista Users the UAC protection will cover that ground, so only the XP users are worse off in practise (well at least the 95% of them which run as admin).

Regards Kees

[raven211]

Quote:

Originally Posted by Kees1958

When you look at the I/O of MSE, it must be using the same intrusion detection agents as Windows Defender, only you can not control them. So the option to be warned when joining as an experienced member in the community is lost.

For Windows 7/Vista Users the UAC protection will cover that ground, so only the XP users are worse off in practise (well at least the 95% of them which run as admin).

Regards Kees

So what you're saying is that MSE is handling all the data which was HIPS "automatically" by itself instead, and that the same goes for the later WD?

[Kees1958]

Sorry, yes and no

MSE offers the same protection as WD at basic user level, using all standard settings. It performs the actions you defined (automatically) when a known malware touches a point protected by an intrusion agent,

Only as advanced user (spynet community) of WD you would get a warining. UAC covers these grounds, so that is problably why MS removed the WD options. As a basic user of WD, you can control/select the agents, MSE does not offer this option. But I guess 99% of the users did not change these WD settings anyway.

Cheers

[Toby75]

Quote:

Originally Posted by Kees1958

Sorry, yes and no

MSE offers the same protection as WD at basic user level, using all standard settings. It performs the actions you defined (automatically) when a known malware touches a point protected by an intrusion agent,

Only as advanced user (spynet community) of WD you would get a warining. UAC covers these grounds, so that is problably why MS removed the WD options. As a basic user of WD, you can control/select the agents, MSE does not offer this option. But I guess 99% of the users did not change these WD settings anyway.

Cheers

I used to use WD as an advanced member. Now I'm using MSE with UAC active. When I'm testing malware which try to load drivers...I'm not prompted by UAC...am I supposed to be prompted? I thought UAC only controls the execution of exe's.


Edit: I forgot to mention I'm using Vista.