Microsoft Security Essentials

God people just don't f-ing learn. QUIT POSTING LINKS to malware. Someone not experienced could simply type that in there URL box and have a VERY bad day. Not only that its against the TOS of this SITE!

 

ok if somebody saw that picture, theyd see the AV popup... if someone goes thru all the effort to type that in from the pic to the URL bar even after seeing all that, then they deserve to be infected for stupidity.

 

The point is you never know. And frankly I don't care how stupid someone is I don't want to see anyone infected that is not why we are here. This is a place to try out AV software and talk with devs. Not a place to trade malware or infect people that don't know better.

 

MSE did a good job blocking this trojan on mrizo's channel.
http://www.youtube.com/watch?v=qD1WfImw97E&feature=channel

 

Not sure but maybe actually a link was posted in the original post? Otherwise, I couldn't imagine on someone typing a link to malware manually

 

From what I understand most of them don't last very long either.

 

This applies for both of them

 

In the original post I posted the link to the Avast forum on which is posted the link (with hxxp instead of http) to the malicious web site. So, I did not post the link to malicious web site on this forum.

I think that you are overreacting without a good reason. No one is in danger because of what I published here. What do you see in the picture below - warning that smoking causes cancer or incentive for someone to start smoking?

Edit: bad English.

~ Off-Topic, Copyrighted Image Removed as per TOS ~

 

Says everything with out saying a word.

~ Removed Copyrighted Image as per TOS ~

 

Well if that was a bag of weed, I would want to fire up! But not cigarettes. lol

 

NP mate Mine was just a thought on what Fajo said above:

 

OK, the URL in the image is removed.

 

That would be because that URL is now forwarding to a different webpage.

Did you not look at the detection? It did NOT recognize the rogue AV it detected the javascript used in the advertisement, again, MSE has been detecting these fine in the past, and has capability of detecting these scripts without a web shield. Avast however does NOT detect the rogue.

 

if MSE's Engine base off of 'OneCare'? because wouldnt this be just a 'Free' onecare?

also do you think they will add new features to it? like a email scanner?

 

Not true - I used MSE on a test PC and it did not detect anything in this case and the rogue infected the test system.

 

Two Thumbs Up, Fajo! Two Thumbs Way Up!

 

So the browser you are using can not protect you after all? MBAM does great job blocking malicious IP including all web pages on that address. Simple and effective.

I think that I never said that Avast can detect rogue antivirus on that URL and it is the point of our argue - MSE has no protection layers for stopping the malware that can not recognize by signature or by generic detection. In this case, for example, MBAM blocks IP address and Avast (by Web Shield) detects malicious javascript on web page used for delivering rogue antivirus to the users, so, the rogue antivirus will not be offered for downloading. In some other cases Avast will block URL and protects user even if can not detect rogue antivirus or other malware that is on the blocked URL.

MSE has no URLs/IP blocking capabillity (nor web scanner, behavior blocking etc...) so rogue antivirus will be offer to user for downloading and after the malware became downloaded to PC further protection depends on malware signature and generic detection, but in the case of rogue antivirus it is not of much use. So that is why blocking IP/URLs, web scanner or behavior blocking are great things.

Did you visit the URL at all? MSE is totaly blind in this case. Can not block URL, can not detect malicious script and, of course, can not recognize rogue antivirus.

P.S. Apologize for bad English.

 

What are you talking about, I wasn't even talking about MSE, I was talking about Avast. Both Avast and MSE missed that rogue.

Yeah, because guess what, just like any AV, your browser can't block 100%. It's complete luck, and in this case, it's luck that avast heuristically detects the JavaScript. Find another web page that's blocked by Firefox and not by Avast, quite simple and easy.

..... Dude.... MSE has no protection against this specific JavaScript file (which isn't even a threat, the file is a threat which Avast fails to detect) because protection hasn't been added to MSE yet, Avast has protection because protection has been added. Avast detects this JavaScript heuristically, just like MSE detects other JavaScript heuristically, you're judging MSE AGAIN on blind luck.

See: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:JS/FakeXPA

Understand now? MSE can protect against JavaScript just as well as Avast can without a web shield, AGAIN, in THIS case, it is luck that Avast does detect it and MSE does not.

Am I just repeating myself? MSE doesn't need URL/IP blocking it's built into the browser. Behavior blocking? It does behavior analysis, it's not a HIPS to block actions of files, neither is Avast.

Bashing my head against a wall repeating myself here, again, I know this, it is luck it is not detected. Why are you turning this into an Avast vs MSE thread? You want to prove that Avast has better detection than MSE? Well here is 4 tests that prove you wrong:

1. Microsoft marginally higher http://www.virusbtn.com/vb100/rap-index.xml
2. Microsoft 60% Avast 42% ~ Removed Direct PDF Link as per AV-Comparatives Request - See Main-Tests page for the actual PDF ~
3. mrizo's tests against zero-day MSE beats Avast http://www.youtube.com/watch?v=qD1WfImw97E vs http://www.youtube.com/watch?v=uu34BxI2sWI
4. Here both MSE beats Avast and Avast beats MSE, again proving that it's pretty much luck: https://www.wilderssecurity.com/showpost.php?p=1530696&postcount=4 but showing MSE has better heuristics

So now that you've successfully proved absolutely nothing and destroyed this thread can we go back on topic? Show us what MSE is lacking that is a security risk to the user. Thanks.

 

Like I said previously, URLs can change too - fast-fluxing IP addresses can be used - and it's a cat & mouse game for security researchers to keep up with these whichever AV/AM/browser is being used.

They'll always be hits & misses.

 

Ok last question I have.. When did this thread become a MSE vs Avast thread... it has completely left what the original OP even asked about and turned into this.

 

This is exactly the statement I have made in my latest post, because he has yet to prove this security risk to users he speaks of, every post has either been 1. made up comedy like "advanced malware protection" or 2. A comparison to Avast.

 

No, I am not, please stay fair in this discussion, I said that Avira Premium and MBAM also can block downloading of the malware.

What I want to say is that Avast or Avira Premium does not need to have better detection based on malware signatures and generic detection of a malware compare to MSE simply because they have some extra layers for better protection (URLs blocking, proxy for full scanning of all http files and objects, behavior blocking etc...). Avira Free does not have this extra protection (behavior analysis is in beta phase) so do need to have better detection (based on signatures and generic detection) to provide better protection than MSE.

Please, do not get me wrong, there is nothing wrong with MSE, it is excellent antimalware with basic (Microsoft Security Essentials) protection. It is comparable to Avira Free, for example, but it is not comparable with many antimalware that offer more comprehensive protection.

I would not be suprised if Microsoft, for a year or two, make more comprehensive (paid) antimalware which will have some of the modern extra-protection layers. So that every Windows users could use MSE for free or to paid for better protection from Microsoft.

In the end have fun with this topic on official MSE forum.

 

Others (like you) would debate that things like URL scanning is required others (like me or MS) would debate that it's not because the browser has this functionality already. This is where the choice in AV product comes in.

The real thing is that we can both agree there is nothing that MSE lacks that poses a security risk to the user and can keep the user protected perfectly fine, then I think we can both be happy.

It is really just a difference of opinion.

 

Very true Fajo. By posting that bad url, you could get a flood of other post's about how to fix their computers.

Ice

 

Does anyone know which folder(s) to exclude when using it with ShadowDefender so as to retain the latest virus definitions ?