I do not find my words offensive and I did not mean to be offensive - apologies if you interpreted them that way. I was just listing some facts.
Lodore, I am not working @ MS and I can't say from first party but I suppose the reasons are: WD/WI/MSE/FEP/SCEP are not meant for the absolute 0-day / 0-minute protection - there are other technologies for that. By updating just once in 24 hours users are better protected against potential false positive alarms (despite the in-depth testing performed by MMPC) - users are less likely to reach a false positive. And should a FP appears, MMPC will have more time to fix it and not to affect many users worldwide. If you are interested, you can notice that MMPC releases updates for home user first and slightly later for business users - for example MSE gets newer updates (update version) - SCEP latest update is slightly older - this is another indirect precautionary step to make guarantee no false positive. Advanced users can configure more often updates but if someone is that advanced, they will for sure know how to deal with false positive by themselves
I don't know, I've always thought that definitions from 4 hours ago will protect me the same as definitions from 5 minutes ago. I mean 0-day malware is 0-day malware anyway, if you have defs for it, then it's not 0-day anymore. Now, if your AV relies only on definitions... oh well...
MSE mostly uses signatures anyway and signatures 24 hours ago and signatures 5 minutes ago aren't the same either...
I use MSE on one of my computers, Avast on the other. Frankly, I think that a good HIPS will trump an AV any day of the week. So AV choice is far less important than it used to be.
Depends on the user. I can't stand clicking agree 20x times a day, 140x times a week, 560x times a month and ~6,000x times a year. I have my HIPS recognize only most critical breaches while allowing most by default.
You can prevent over 80% of malware by keeping all software up to date. I would say all my customers that have been infected have had at least one outdated vulnerable third party product. The amount of computers that have java 6 installed from hp, dell etc and the older versions where never removed if a newer version was installed. I know that alot of people install windows updates but dont know about updating third party programs. If you could update all programs with one system like on linux,phones and tablets we would have less issues.
That's been my observation from watching the MSE support forum. The great majority of users asking for malware help there report using very old versions of Flash, Java, etc., even if they keep Windows up to date.
A truly effective AV is the one that protects you when you visit the risky areas of the Internet. If you do Not visit the risky areas of the Internet, then you can keep MSE...
No AV is perfect though. Just using a bit of common sense can stop 80% of infections, whichever AV you're running.
Some AVs also have 'Vulnerability' scanner eg BullGuard i believe licences from Secunia that would pick up the old versions of Java, Flash etc- most AV that have it require it be run manually though which many users won't do or know it's even there. It would be helpful for vendors to incorporate the 'vulnerability scan' as part of the regular AV scan unless the user ops out of that scan.
100% agree. For those that just go on the internet to check email, read news and do occasional google search, MSE is just perfect. For others, you can still use MSE, just beef it up with extra HIPS, AM, and FW. I used Outpost and MBAM Pro.
Unless one is a malware tester, why would anyone in his/her perfect mind go to the darkside of the Internet? (I'm excluding redirects to domains spreading malicious content, such as what happens with drive-by downloads.) By simply checking e-mail, reading news, Google search, etc., users can be redirected to malicious domains/phishing domains. Therefore, I'd say there's always a risk, so either MSE is great enough to protect them or it isn't. There's no middle term. The same applies to any other such product. The naked truth is none is perfect, and will always failt at any given time, and when it fails it may mean ABC user saw his/her bank account compromised, etc. I'm a believer of a layered security approach, and MSE fits just fine. Plus, I'm pretty confident that none of my relatives will ever complain about totally ruined systems, because the previous antimalware with bad definitions deleted a system file. But, most of the security comes from the browser itself, the application they use the most. I agree to an extent. There are some easy ways to pretty much automatically detect something as being dubious, and this is where common sense plays. But, at times it won't be enough to have common sense. One could argue what common sense means within computer security, though. For instance, my common sense says only to allow my web browser to connect to specified domain names.
The "issue" is that you do not recommend 1st party solutions but 3rd party ones - Microsoft has many 1st party technologies already available to be combined with their antivirus.
For those who say MSE is not effective against zero-day malware. I came across supposedly fresh malware sample. AVIRA on the machine did not detect the problem. The obvious problem was BSOD. The hidden one was Trojan Necurs. When I picked the sample - you can see that very small amount of the vendors could find it according to the popular service (9/44). Even 5 hours ago -> 13/44. When I noticed Microsoft detects this, I cleared the problem with Microsoft Safety Scanner. N.B.! VT is not always a reliable service to compare vendors and detection - just an example.
Why is it an issue? Not everybody likes to use IE10, has windows 7 ultimate with applocker and UAC doesn't protect as well as fully featured HIPS. But by all means, I am not implying that people must use my set up.
I see your point, & in the main I agree. When I was thinking of common sense, I was thinking of not surfing Russian porn sites (or any dodgy sites renown for malware), bit torrenting, clicking on spam email links or clicking on anything that moves on your monitor etc.
To me, common sense means avoiding any place on the Internet where people have a motivation to be sleazy.
If you really need to visit sites which almost certainly contain malware, apart from the fact that you are not now using any common sense, I doubt if any single AV program would protect you completely.
I don't know why those places are necessary except for, perhaps, malware testing. In which case, use a VM.
Gee... so much fuzz about MSE. I mean, it's your average AV. So are all the other AV's. I remember when I first came in to Wilders, my computer had loooong booting times because of all the security I was running. Experience showed me that I can rely on ANY free av, and all I need to add is some extra measures like browser extensions (Chrome) and DNS filtering. That's all I use now and I've never been infected for 748 days and counting...
Does MSE4 still requires to have Windows Update service enabled in order to update definitions? Haven't you figured it by now? It's not about the AV, it's about a hobby and contagious paranoia. I 've been over a year without any AV. As soon as i returned to Wilders, i started trying AVs again. It's contageous. If you put a poll "when was the last time your AV saved you", the majority will come out "i don't remember".
