MSE?

I tend to agree, if anyone knows Windows, warts & all, it's going to be Microsoft.

I think you are right about this as well. I'm still sticking with MSE though.

 

Okay, so I did not word that part of my previous (rant) post well...let me clarify:

Microsoft is NOT saying they are experiencing slipping detection due to popularity and being widely expected therefore circumvented. That is pretty much common sense that that will happen. I know that. That is not what I meant. Sorry for the miscommunication.

What I meant was they are having their MVPs, MCCs, Community Stars, etc etc give a generic "no AV is perfect" excuse instead of trying to address why the detection has fallen. In other words, they act oblivious and naive to the fact that detection has slipped at all. That is more what I was trying to say. It is almost like the Microsoft Answers people are trying to sell you MSE when it is free...

But on the other hand, does popularity mean it is not their fault? Nah...I still blame them to a moderate degree at least for having that attitude on self-protection.

MSE's attitude on self-protection is idealistic and not realistic, in my opinion: "Let's hope the user doesn't disable UAC and integrity control, and let's hope they don't run as an admin. And let's hope that any privilege escalation exploits don't get through."

Let's see...most popular antivirus program in USA and one of the biggest around the globe now? And what's this...now you're including it in Windows 8 AND pre-installing it on Microsoft Signature Windows 7 products from the Microsoft Store? Like Suze Orman would say...ARE YOU KIDDING ME?!?! You guys should be designing the most EPIC self-protection module ever known to mankind!!!!

Now, to address the other concern about whether or not MSE has some supposed fundamental advantage over others being 1st party software...that's your call if you are going to use that as a reason to stick with it. I see the ~ Snipped as per TOS ~ poor protection scores on AV-Test consistently (believe me I wanted to stick with it as long as anyone) and the v4 release dragging on and on and that seems to far outweigh any questionable benefit that them "knowing Windows" may yield. The proof is in the pudding...and the recipe for good pudding here is good test results. They don't have them...

What I was referring to more, however, was the people that think MSE has deep access to parts of the OS (so the kernel in other words) that other AVs aren't allowed to have, and this is FALSE. MSE is good by playing by Microsoft's own rules.

So since I mentioned Suze Orman (for those that watch CNBC) I will use her lingo and give my humble opinion on Microsoft's way to an A:

1. Stop kidding yourself with Active Protection Service or SpyNet or whatever you want to call it. That technology is nothing new and is something any current generation anti-virus should have. I like the way you give users some granularity over it but the reality is if they have it enabled and undetermined software is run, IT SHOULD BE BLOCKED. This is the key to having good zero-day detection rates. Currently, all MS does is ask you to send the samples, but until they release new definitions, you are at the mercy of that zero-day malware with no option to block it just in case. Stupidly designed IMO.
2. If you know your own OS so well, why do you cause so much drama over folders with exes? 3rd party vendors have long since found ways to have less system impact. Same thing with your full scan. How about we start using some of that 1st party magic? Oh and...threat cleanup...updates...yawn.
3. And most importantly, implement the most epic self-protection module known to mankind. Hire consultants if you need to. Make it happen. Stop kidding yourself.

 

I find the problem with Microsoft software is they seem to take forever to fix anything. A problem on msn online tv just got fixed after three years. Games for windows live is shocking, major issues kicking around for years, office seems again to wait for an eternity to get updated. Live essentials again not updated anywhere near third party software.
For this reason I try to avoid Microsoft wherever possible.

 

I agree Dave, version 4 is very good. I still use and will continue, regardless of the long winded speeches, others give.

 

AFAIK, MSE has no cloud detection... So, it's not for the same reason.

Yes, it's analysis. But, what for? What's the point? From what I could understand, MAPS will send data if MSE detects malware/potentially unsafe software.

So, if MSE already has data to protect the user, then why does it need to send that same data? It just doesn't make much sense to me.

Anyway, even if there's any valid reason behind this, there's still the issue with privacy, specially in SMBs, where Microsoft Security Essentials can be installed, if they have up to 10 computers. Which is why, Microsoft should think of a different approach, IMHO.

 

What I've seen happening in the field is malware simply disables MSE. Hackers target the low hanging fruit. Why make the effort to figure out how to circumvent the self-protection of 3rd party AVs when MSE has none and can simply be killed? Whether or not an AV can detect the malware is irrelevant if the AV is immediately disabled.

 

Yes, although I haven't tried the preview release (4.0.1113.0), I'm sure it will be very good when released. I have no issues with the present stable, which is only around eight months old anyway. I've been using MSE since the #1 series & discovered that it totally transformed the performance of my notebook after using heavy suites. It is the only AV that I have ever used that has never given me any trouble & just done its job efficiently without being obtrusive &/or bugging me a lot.

My approach to security is to utilise a good, light, uncomplicated AV in conjunction with other software (such as browser hardening etc), MSE is virtually perfect for this. Additionally (depending on which computer I'm using) I have MBAM as an on-demand & SpywareBlaster. My desktop computer has the 64 bit MSE version.

MSE is popular for a variety of reasons. I can honestly see why.

 

I have been using mse for a long time along with malwarebytes pro or mamutu... EMET and sandboxie free along with windows firewall control in both 64 and 32 bit windows.I like it because its simple enough for my family and kid's.

 

+1...THANK YOU...read this Rob Koch!!!

And remember guys, if you weren't aware, Microsoft Security Essentials was in my signature next to Prevx 3.0 for a LONG time. I held on to it.

MSE is still my favorite free AV mostly because of the performance, usability, GUI, only the essential settings, and the lack of advertisements.

I only give long-winded speeches because I am passionate and I want strongly for Microsoft to improve on it...NOT because I'm trying to bash it.

Now let me say something very positive about MSE's development: they are more proactive than it may seem.

As many of you are aware they removed Default Actions. I, among many others, started protest threads. As expected, our feedback was read by the community stars and we were basically asked if we wanted cheese with our wine.

Then, Microsoft surprised everyone when they just did the right thing and brought Default Actions back.



To Mod: Sorry about my poor choice of words in the previous post.

 

Just reverse-engineer the 3rd party AV's official stand-alone uninstaller. I'm sure their own uninstallers by-pass self protection. All vendors seem to have their own uninstall tools.

 

Well, on that Microsoft WindowsXP SP3 machine that I have been ranting about on various Posts throughout Wilders
Security Forums, the one where safe surfing is intentionally not practiced. Yes, the machine behind an Router with
Microsoft Windows Firewall Enabled and Microsoft Security Essentials installed and enabled.

That Microsoft WindowsXP SP3 machine has been running with an Administrative Account with Full NTFS Permissions
since the begenning of time. I edited the NTFS Permissions and gave every file on the system Full NTFS Permissions
for that Administrative Account.

The key to any network security is placing the network behind an Firewall Router.....I will express it again.....

THE KEY TO ANY NETWORK SECURITY IS PLACING THE NETWORK BEHIND AN FIREWALL ROUTER


NTFS = New Technology File System


HKEY1952

 

Changing established code takes time, any slip or mistake in the coding can cause hovic, breach in security, or open
holes for new exploites. The operating system is responsible for all the events that trigger within its environment.
The operating system must be compatable with everything that it is designed to support. The operating system must be
compatable with and support third party software and hardware where applicable. It is just not that easy to fix established code, it takes Time, Time, Time, and Testing, Testing, Testing, and Testing.


HKEY1952

 

So which is it in regards to performance?


EDIT: spelling/reference


HKEY1952

 

I'm not sure what your point is. I said I'm actually seeing instances where MSE is simply being disabled by malware. The lack of self-protection makes that easier then if it had self-protection. Your saying that self-protection can be defeated is hardly an argument against implementing it.

 

Malware can attempt to have Webroot SecureAnywhere (for an example that which I have some knowledge about) uninstall itself, but it likely will NOT be successful.

Neil Rubenking at PCMag tested this specifically and the worst junk he threw at it at best would simply give the user a prompt where they could say no. Most things probably would not even get that far.

The default settings allow all users to make some setting changes for convenience, but the defaults specifically disallow the uninstallation by non-administrators.

Let's say you unchecked that setting for some stupid reason and wanted guests on your computer to be able to remove your security software (not to mention at that point you don't deserve to own a computer)...well then, Webroot still would have the uniquely implemented CAPTCHA to stop automated attempts from malicious software to uninstall it.

Now let's say you are really not thinking and you disabled that and turned off CAPTCHA...then Webroot would STILL have its self-protection/response cloaking module (by default on Maximum) protecting its processes from tampering. If the malware specifically targeted that, well, that is always a possibility. I think it is safe to say that the Prevx team know what they are doing and have a smart group of people in charge. Not to mention, they are nowhere near top dog position so the bad guys are most likely going after Norton, McAfee, etc. But even worse is MSE, which has no self-protection module, and is extremely popular.

So in closing, my viewpoint is every security software should have some sort of self-protection IN ADDITION to Least User Access (LUA). LUA is a fantastic place to start, and I shall say it again, too many overlook it...but that doesn't eliminate the need for self-protection.

 

Better to be in beta too long than not long enough. There are some A/V companies that don't keep their software in beta long enough and their users feel the pain.

 

Very true......

 

Just saying that anything that can be done can be undone. I'm sure there are instances of every AV being disabled or crippled by malware all over the internet.

 

Excuse me for butting into this interesting & rather technical discussion, but does that include the upcoming MSE 4.0.1113.0 release?

 

There is a theory that all software is essentially in a beta state. Some people believe that MS Vista was a beta for Seven.

 

If you mean that software is constantly evolving, then yes, everything is beta. On the other hand, if you mean lack of or minimal bugs and issues in a release, then some releases fall far short and are more beta than others...

 

Yes, v4 also has no self-protection technology.

Rob Koch's statements were shooting down my suggestion for v4 and beyond.

 

Yes, you are quite correct of course. LibreOffice is a classic recent example of this.

As for Microsoft, they aren't exactly shy of premature releases. Hopefully MSE 4 should be OK. I'd rather it was well developed than released too early as well.

 

OK, so in your opinion, just how much of a problem is this for MSE?

What I am trying to say, as I run MSE, is how does this compare with the other similar freeware AVs, & should it be something I need to worry about?

 

Great question, mate.

I'm not going to sugar coat it. It's very concerning if you run full-time as an administrator or you have disabled UAC.

If you are using MSE, your best bet is to:

1) Never ever disable UAC. In fact, you'd best bump it up to Always Notify.
2) Use a standard user account for daily computing
3) Always keep Windows up-to-date automatically. Use Microsoft Update.
4) Leave the Windows Firewall on at all times and preferably unless you are using file sharing specifically, use public setting.
5) Do NOT for any reason modify the file access permissions of any MSE related folders.

That list may sound relatively generic and maybe even over-stated, but when dealing with an AV that relies fully on UAC and integrity control for self-protection, it becomes just that much more necessary imo.