Microsoft Security Essentials 2.0.657.0 Final

There's been a couple of threads that you must have missed. One member even went so far as to say that LUA is only for wimps and idiots who can't secure their systems. Real Men don't eat quiche or use a limited account...

Some will agree with you, including me. However, "some" is the right answer. Take a look at threads where someone says they need really light security due to old hardware, under-powered netbooks, etc. They get deluged with lists of security apps. If someone suggests LUA and SRP (after all, it's supposed to be light) the post usually gets ignored or the response is negative, equating LUA with wearing a hair shirt to do penance.

 

You didn't, I wasn't referring to you. This topic comes up once in a while and there are a few floating around who are pretty adamant about their rejection of LUA as a security measure. They seem to perceive a limited account as some type of digital purgatory.

I definitely agree. BTW, for those that have home versions without the group policy editor, they can use Sully's Pretty Good Security app. It does what it says on the tin.

Again, I'm not referring to you. Someone on this forum (who shall remain nameless to protect the guilty) once posted to me that it is "much safer" to run as admin with some security app than to use a limited account. I consider statements like this to be pretty ignorant and irresponsible since there are new people who come here trying to learn something, but that's just my opinion.

 

As for LUA, SRP and the likes, as much as I'm in favor of Windows hardening as one of my 1st layers, I don't think everyone is subjected to the same working manner as I do and that various individuals take different approaches to securing their PC according to what they deem fits. Furthermore, not everyone has access to these tools....even if you're going to include PGS by Sully (which doesn't work on Win7 Starter version when I tried it - caused an entire mess of it's own)

Furthermore, one also has to acknowledge that despite their effectiveness in today's malware context, the built-in security mechanisms are subjected to certain flaws that are 'by design'. E.g. UAC can be 'bypassed' by design, SRP helps to 'cover' the user-land hole not covered by LUA but matter of fact is SRP is implemented in user-mode by CreateProcess and can be 'easily' circumvented according to Didier Stevens, Process Hacker developer, wj32 and various others. Applocker 'wins over' that as it is implemented in kernel-mode but then again subjected to 'by design' flaws like the bypass thanks to enabled Macros in Excel for e.g. All of these have been discussed right on this very forum itself. Or just Google/Bing it if need be...

Here are a few links:
http://blog.didierstevens.com/2011/01/24/circumventing-srp-and-applocker-by-design/
http://blog.didierstevens.com/2011/...-applocker-to-create-a-new-process-by-design/
http://blog.didierstevens.com/2010/01/28/quickpost-shellcode-to-load-a-dll-from-memory/
https://www.wilderssecurity.com/showthread.php?t=291593
https://www.wilderssecurity.com/showthread.php?t=291467
https://www.wilderssecurity.com/showthread.php?t=287054

Whether or not you see those as threats, are worried/concerned over them, and whether or not the use of 3rd-party tools is justified all depends on how much you view whether the benefits outweigh the risk.

It's not a matter of should I use "this or that" or "this and that" but rather "which ones work right for me"?

I suggest you guys read this:
Schneier-Ranum Face-Off: Is antivirus dead?
Schneier-Ranum Face-Off: Is Perfect Access Control Possible?

Mark Ranum and Bruce Schneier - 2 security experts that I highly respect.

Mostly right. Except for Privilege Escalation exploits/attack I guess.

 

Absolutely. I was answering on the usability compared to UAC.
But on the security side, LUA/SUA is a real security boundary, while UAC is not.

To Safeguy, I believe a major concern in this forum is the fact that many focus on theoretical threats (Which may become real, but not yet) and forget about simple yet effective protections against real threats. Worse, it ends up advising complex solutions as a cure for everything while simple steps towards real security are more effective in regards to what can be found in the wild.

BTW, MSE is a brilliant light and simple antivirus. Combined with a secure windows setup (understand with SUA), and the new generation of IE browsers, Microsoft is succeeding to increase drastically the security of its OS.

 

moved back to mse and yea I must say improvement improvement improvement

 

And, what theoretical threats would those be? Are you referring to malware installing to user-space?

 

Forgive my ignorance, Lucy....but, what is "SUA?"

 

standard user account
http://windows.microsoft.com/en-US/windows-vista/What-is-a-standard-user-account

 

Err whats the diff between sua and lua ?!

 

I believe they are the same thing

 

According to Microsoft...
administrator:Administrators have complete access to the computer and can make any changes.
Standard: Standard account users can use most software and change system settings that do not affect the security or other computer users.
Guest:For users who don't have a permanent account on your computer, network, or domain. It allows people to use your computer without having access to your personal files unless you allow this account to share a file or folder. People using the guest account can't install software or hardware, change settings, or create a password.

 

I downloaded MSE 2.0 on my desktop.My daughter uses for school. It really works good. I did hav Norton on there but the pc is a 4 gig ,XP ,2.0 ghz machine. For whatever reason the former did not like it. MSE works great,it was an easy install and very low on resources. For the older machines I think this is best. I did try other security software but they all dragged on the system.

Win XP
4 gig ram
2.4 ghz
SAS
Hitman pro
Mbam
keyscramble pro

 

Regarding that prevx blog.....its the local security policy combined with the LUA that makes it so much more powerful than 3rd party tools (including prevx).

Back on topic, I'm running MSE 2.0 on wifes new Windows7 laptop, along applocker and Win7 Firewall control. Runs like a dream.

 

SUA is the new name for Vista and above. LUA is the old name for XP and below.

 

That was my point. Yes, people should use LUA, but not solely rely on it for everything. There must exist a security policy combined with as you well mention.

And, as a way of returning back to the topic, yes MSE really runs great. I've also installed it to some relatives. They've never been happier. No resource hog, at all.

 

thanx for explaining

 

Back to the original topic, a rootkit usually doesn't have to wait until a version update; it can be handled in a definition update. A non-detected malware can be submitted at https://www.microsoft.com/security/portal/Submission/Submit.aspx

Here's an extra tip: You'll notice in the submission page, there's a place where you can sign in. If you sign in, you can track the status of your submission. If you're signed in when you submit, you get higher priority because we know you're interested in checking back on your submission.

 

I used to do this a year or so ago. Some tickets would get a response within a few hours, the rest are still open, over a year later. I gave up wasting my time on reporting since I'm not paid.

 

I have some simple questions:

1 - MSE has a web filter?
2 - If you have, is fully compatible with IE9 64Bit?
3 - It updates automatically? With what frequency?

I thank those who respond.

 

MSE2 uses the Windows Filtering Platform for filtering network activity which as far as I'm aware, avoids the need for browser specific code.

 

Thanks, was very helpful!

But the updates, you know answer me?

 

#2 Yes it is
#3 Once a day

 

AFAIK, by default it checks for updates once a day? Just as what happened with version 1.
But, you can create a scheduled task to update more frequently. It seems that Microsoft provides definitions updates three times a day. You could schedule a task (with Windows Scheduler, for example) to update 8 in 8 hours, if your computer/internet connection is turned on 24 hours. Otherwise, see what scheduling would fit better.

 

MSE's 1 time per day updating is puzzling to me. MSE says it's up to date, even if there are updates waiting for it to download at the next check. That doesn't make sense to me? If MSE only needs 1 update a day to be "up to date", then why does MS put out 2,3,4 updates per day

Why doesn't MS put out 1 update a day, and then MSE could download that update, and it would truly be up to date each day. MS feels that multiple daily updates are essential (or they wouldn't produce them), yet they program their AV to work the vast majority of the time, out of date.

Something seems wrong here.

 

Microsoft Forefront for businesses. I personally don't actually care how many times it updates, AV shouldn't be your first line of defense, only a backup.