Microsoft Security Essentials 2.0.657.0 Final

Discussion in 'other anti-virus software' started by Nanobot, Dec 16, 2010.

Thread Status:
Not open for further replies.
  1. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    hobby, plus being safe for worst case scenarios and to help friends and family with the problems they encounter (personally at least)

    but idk, IMO i think malware is out there, i think most people will get infected, but i dont think soon as u open ur browser hundreds of infections get thrown at u at every single site u visit. its just not THAT extreme. these forums seem to put people into a "hide in the bunker, and be warry of ever leaving" state of mind.
     
  2. TheIgster

    TheIgster Registered Member

    Joined:
    Jul 25, 2009
    Posts:
    719
    Location:
    Canada
    I know, it's definitely a hobby for most of us, why else would we be here and yeah, to the previous poster, LOVE trying out new stuff... :D

    And I don't think anyone was saying it's that extreme out there. Obviously in my tests for example, no one is going to stumble into 10 or 15 malware links in a single session. That simply is not going to happen. But, with that being said, most users might come into contact with one link or one piece of malware and get infected that easily.

    WE know what to do about it. Normal, average users do not. I can't count how many PC's I have encountered that come with some sort of AV trial installed and the user never does anything with it, so when it expires and even when they get pop up notification about not being protected, etc. They simply just close the pop ups and continue on their merry way, with NO PROTECTION at all. I see it all the time.
     
  3. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,797
    You're right but it's often easier said than done. Would you learn about the common viruses that infect human beings in order to prevent yourself from the infection? Most of the time, you won't unless you're interested in the subject...OR you're a doctor/nurse/someone in the medical field and as such required to do so OR you've been infected once and you don't wish to ever repeat the incident.

    Those are the 3 major differences that separates members here, techies, security experts/researchers from the rest: "interest", "obligation" and "experience".

    As much as I hate to say it, I don't believe that user education will ever work for the masses. The members on this forum (and other tech forums) are an exception....we seek for these info.

    Even if they've got anyone to teach them, I doubt many would bother listening. You can try to teach but if a person simply has no interest/willingness to absorb the info and put it into practice, chances are likely they'll fail. That's the problem and there is nothing much we can do to change it. In my opinion as usual...
     
  4. Zimzi

    Zimzi Registered Member

    Joined:
    Jul 10, 2005
    Posts:
    289
    Why do you think that for the average users would be best to install CIS? You think that users who are willing to pay deceived by the fake AVs will be able to manage with all the CIS's options and popup windows? I'm not sure about that.

    Imho, average users need user-friendly antivirus, such as MSE, with good detection rate which by default automatically removes malware in quarantine as it does Avast for example. Finding ways to achieve better detection (such as Norton does it with SONAR and Reputation) is the key to protect average users from malware.

    HIPS, sandboxing etc. just not for the average users.
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    That's the third variant in the equation, which I forgot. :)

    Perhaps, once these people get their first alert, they'll reconsider and want to learn? :D
     
  6. DBone

    DBone Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    1,041
    Location:
    SoCal USA

    Well, their first alert with CIS will be, "svchost.exe is trying to connect to a protected comm interface, what do you want to do?" At which point the user will unplug the machine and never use it again.......................So I guess, yea, CIS will protect the avg user, but not in a good Las Vegas way.
     
  7. Zimzi

    Zimzi Registered Member

    Joined:
    Jul 10, 2005
    Posts:
    289
    That is first alert, but very first alert also could be:

    "New private network detected! What do you want to do?" or even "New network detected! What do you want to do?". :)

    For the average user is not an easy decision ...
     
  8. TheIgster

    TheIgster Registered Member

    Joined:
    Jul 25, 2009
    Posts:
    719
    Location:
    Canada
    I didn't say they should. I said, I recommend CIS to friends, family and associates. I also train them on how to use it and explain what the pop ups are.

    My wife is not computer savy at all, and she has CIS on her system. She has no issues using it.
     
  9. iTrendsNET

    iTrendsNET Registered Member

    Joined:
    Aug 6, 2008
    Posts:
    93
    Agreed! Here is an example from my family's experience. I installed the English language version of CIS 5.x on all eight of our family computers, the users include:

    Wife - clueless about computers and doesn't speak English
    Daughter 15 - knows some English and surfs like typical girls her age
    Daughter 12 and Son 11 - they speak English, but have no clue about computer security other than that I help protect them
    Daughter 6 - does not speak English, heavy computer user for 3 years and currently on her own netbook - frequent daily Google searches after we write down the spelling of words for her!

    They each do their own thing and never call or ask me about computer settings. CIS kept them protected and we never had any issues with them disabling services that should be running. It's not that difficult.

    Getting back on topic, I have been installing MSE on a bunch of client computers and so far this latest version has really been doing great. ;)
     
  10. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Some people care about computers and some people feel they're just wasting time machines (Most users takes this one). ;)
     
  11. Chris _MS_

    Chris _MS_ Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    9
    We'd like as a first priority to get samples of malware and false positives that are actually affecting customer computers. I can't really recommend that users put themselves at risk seeking out malware. If you are a researcher or aggregator who gets a constant stream of new samples or links, that doesn't need a reply, let us know and we'll set up something more efficient for both of us.
     
  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    You mean infected computers? Why not gather as many samples as you can get, hence having to avoid that scenario (as most as possible)?

    By the way, any particular reason why upon MSE installation, Windows Defender service is set to Manual rather than Disabled?
     
  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I have been running a scheduled task to update MSE more often. The process used for such is MpCmdRun.exe.

    I've been monitoring connections, and every update seems to still be handled by svchost.exe (Windows Update). Shouldn't MSE update via MpCmdRun.exe?

    Wasn't this actually a trick those who have Windows Update disabled could use to update MSE? Or, if Windows Update is enabled, the updates still occur via svchost.exe, via scheduled task?
     
  14. Chris _MS_

    Chris _MS_ Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    9
    Well, it just makes sense to help the customers who are actually infected; and then focus on what might infect customers. We already get sample feeds from aggregators, vendors, honeypots, etc; we don't ignore those either.
     
  15. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    OK.

    By the way, how about you guys make possible to upload URLs, at the image of what happens with VirusTotal, so that those who only want to send sample to Microsoft, can do it so using such form?

    Right now, it's possible to send the samples. But, what about you're the ones actually collecting them, by grabbing the file/sample from the URL provided? (This way, even people having limited monthly traffic can send samples and save a lot traffic.)

    Something to think about?
     
  16. Chris _MS_

    Chris _MS_ Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    9
    We have an e-mail address that people can send links to and we automatically process. If you have a feed of links, we can set something up for you.
     
  17. doc77

    doc77 Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    55
    Although I don't completely agree with your post there is some validity. I don't have access to a lot of data, but vast majority of infections are from the more popular pieces of malware 'doing the rounds' at a given time. The odds of getting hit by something that the 40 vendors on virustotal.com would all miss is going to be unlikely. What are the odds MSE or Avast or AVG miss a very common malicious file? I imagine slim. I'm tired of hearing the term 0 day and they can bypass all security measures (AV's, SRP, DEP, HIPS, virtualization, etc). On the MS Technet forum they basically advise users to just use MSE on default, use IE9 with smartscreen filter enabled, and keep UAC enabled. Simple and effective.

    Since I don't use an AV as a front line of defense and use second opinion scanners I am happy with MSE or Avast even though they aren't always 100% best in AV comparatives and similar tests, but they perform pretty good on a consistent basis and I like how they run on my system.

    As far as MSE, I unchecked scan outgoing files and turned MSE icon green to red. Anyway to customize MSE, say turning off features that I may not always want and not have the icon turn red?
     
  18. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    I changed it to monitor incoming files, and it stayed green.
     
  19. Bambo

    Bambo Registered Member

    Joined:
    Dec 10, 2006
    Posts:
    194
    Technet is really happy with MS stuff but if relaxed about horrors of 0day stories may be they have read this Seven myths about zero day vulnerabilities debunked I especially like conficker reference which sum up the level REAL world is on, here in most cases even on network level. I remember how that incident was dealt with by my local media, not 1 word about patches or anything. Even in more pro outlets the little patching trick was hardly mentioned. Hackers and crackers attack!!! A PR dude from any security company could not have done it better - if not they were behind to begin with,heh.

    You see the same extreme focus on this with browser flaws/bugs. Fire up Secunia one day and your IE is highly vulnerable and they suggest uninstalling (has Windows not always been highly crappy with bugs - and kind of make all further check futile?), next day it is Firefox. Some security service company will sniff it up and put out a statement in full agreement. This nonsense is also part of the game :) In some cases more official sources even eat it up with no checking at all. Must remember that there are companies down to simple websites which are fed by this. Doomsday scenarios are good for business. Can also argue that if they did not act hysteric 24/7, people like at for example Mozilla or Adobe, would thanks to human instinct (and lousy leaders) start to go zzzzzzzz. Or that when the less hysteric products get improvements it could originate from some paranoid dude who have been screaming since long. At some point his screaming started to make sense to normal people. Nobody knows what tomorrow brings so better to scream one too many times and if nothing else very few will complain about warnings and caring for security ;)
     
  20. sm1

    sm1 Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    570
    I have never got infected for the past 3 years. Yesterday when I was browsing (sandboxed Firefox) MSE detected JS/Agent.FA and on a google search I found that it was there since 2007. I am yet to come across a zero day infection in real PC environment.
     
  21. Matthijs5nl

    Matthijs5nl Guest

    I might have exaggerated a bit in my original post, I completely agree with you.

    To be honest I feel sorry for certain persons when I look in the "What is your security setup?" thread, how can you live with OS hardening AND virtualization AND sandboxing AND HIPS AND antivirus AND multiple on-demand scanners? Maybe a little bit extreme example, but I generally feel sorry for people having more than three security products.

    My advice to normal pc users:
    • get behind a router;
    • use Microsoft Windows 7 Home Premium 64-bit with default settings;
    • use the most recent version with default settings of your favourite major browser (Internet Explorer, Opera, Mozilla Firefox or Google Chrome);
    • use the most recent version with default settings of your favourite major free antivirus (Microsoft Security Essentials, Panda Cloud Antivirus Free Edition, AVG Anti-Virus Free Edition, Avira Personal - Free Antivirus or avast! Free Antivirus). Schedule a scan, or manually scan around once per 2 weeks;
    • keep all your software up-to-date (people might need some help here);
    • stick to the golden security rules (common sense).
    And additional for the pc users with a more risky behavior, or with less common sense:
    • use Malwarebytes' Anti-Malware, and run a quick scan once per week;
    • for protection against unknown threats which bypass the above mentioned (won't be a lot though) there are two options:
      1. if you like and can handle such kind of programs, get BufferZone Pro for free;
      2. OR PREFERABLY: if you don't like or can't handle such kind of programs, or only want one security program running (like me), use an Standard user account.
    By using that recommendation one get's an absolutely bulletproof, light, unobtrusive and free setup.

    If someone is a fan of a particular vendor, or want to use a suite for it's ease of use, replacing the Windows Firewall and the free antivirus with an paid security program is an option, like I am using ESET Smart Security (my only security product).
     
    Last edited by a moderator: Feb 28, 2011
  22. sm1

    sm1 Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    570
  23. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    I commented about this on another thread. I think it's their way of implementing self protection. If you disable the mspeng process or turn MSE real protection off, or update the defs, it does this. My problem with it was that I couldn't find a way to trust it with Malware Defender because the unique indentifier number changes each time which means every time it does this, I had to manually allow the changes. It is suppose to delete the previous entries in the registry but being in that part of the registry, it can't. It doesn't have the permissions to do it. Any how, I've dumped MSE once again. It wasn't because of this but because one of the last def updates caused a very high CPU issue with mspeng process. I may install it again later but right now, I'm enjoying an AV free setup.
     
  24. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    I believe someone said earlier it's normal behaviour. MSE randomizing the names so malware can't defeat it.

    FYI: It doesn't do that on my Windows 7 machine, I assume it cleans up properly.
     
  25. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Funny, I don't see any entries resembling those?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.