Microsoft Security Essentials 2.0.657.0 Final

Discussion in 'other anti-virus software' started by Nanobot, Dec 16, 2010.

Thread Status:
Not open for further replies.
  1. Johnny123

    Johnny123 Registered Member

    Joined:
    May 4, 2006
    Posts:
    548
    Location:
    Bremen, Germany
    There's been a couple of threads that you must have missed. One member even went so far as to say that LUA is only for wimps and idiots who can't secure their systems. Real Men don't eat quiche or use a limited account...
    Some will agree with you, including me. However, "some" is the right answer. Take a look at threads where someone says they need really light security due to old hardware, under-powered netbooks, etc. They get deluged with lists of security apps. If someone suggests LUA and SRP (after all, it's supposed to be light) the post usually gets ignored or the response is negative, equating LUA with wearing a hair shirt to do penance.
     
  2. Johnny123

    Johnny123 Registered Member

    Joined:
    May 4, 2006
    Posts:
    548
    Location:
    Bremen, Germany
    You didn't, I wasn't referring to you. This topic comes up once in a while and there are a few floating around who are pretty adamant about their rejection of LUA as a security measure. They seem to perceive a limited account as some type of digital purgatory.

    I definitely agree. BTW, for those that have home versions without the group policy editor, they can use Sully's Pretty Good Security app. It does what it says on the tin.

    Again, I'm not referring to you. Someone on this forum (who shall remain nameless to protect the guilty) once posted to me that it is "much safer" to run as admin with some security app than to use a limited account. I consider statements like this to be pretty ignorant and irresponsible since there are new people who come here trying to learn something, but that's just my opinion.
     
  3. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,797
    As for LUA, SRP and the likes, as much as I'm in favor of Windows hardening as one of my 1st layers, I don't think everyone is subjected to the same working manner as I do and that various individuals take different approaches to securing their PC according to what they deem fits. Furthermore, not everyone has access to these tools....even if you're going to include PGS by Sully (which doesn't work on Win7 Starter version when I tried it - caused an entire mess of it's own)

    Furthermore, one also has to acknowledge that despite their effectiveness in today's malware context, the built-in security mechanisms are subjected to certain flaws that are 'by design'. E.g. UAC can be 'bypassed' by design, SRP helps to 'cover' the user-land hole not covered by LUA but matter of fact is SRP is implemented in user-mode by CreateProcess and can be 'easily' circumvented according to Didier Stevens, Process Hacker developer, wj32 and various others. Applocker 'wins over' that as it is implemented in kernel-mode but then again subjected to 'by design' flaws like the bypass thanks to enabled Macros in Excel for e.g. All of these have been discussed right on this very forum itself. Or just Google/Bing it if need be...

    Here are a few links:
    http://blog.didierstevens.com/2011/01/24/circumventing-srp-and-applocker-by-design/
    http://blog.didierstevens.com/2011/...-applocker-to-create-a-new-process-by-design/
    http://blog.didierstevens.com/2010/01/28/quickpost-shellcode-to-load-a-dll-from-memory/
    https://www.wilderssecurity.com/showthread.php?t=291593
    https://www.wilderssecurity.com/showthread.php?t=291467
    https://www.wilderssecurity.com/showthread.php?t=287054

    Whether or not you see those as threats, are worried/concerned over them, and whether or not the use of 3rd-party tools is justified all depends on how much you view whether the benefits outweigh the risk.

    It's not a matter of should I use "this or that" or "this and that" but rather "which ones work right for me"?

    I suggest you guys read this:
    Schneier-Ranum Face-Off: Is antivirus dead?
    Schneier-Ranum Face-Off: Is Perfect Access Control Possible?

    Mark Ranum and Bruce Schneier - 2 security experts that I highly respect.:D

    Mostly right. Except for Privilege Escalation exploits/attack I guess.:p
     
    Last edited: Feb 7, 2011
  4. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    404
    Location:
    France
    Absolutely. I was answering on the usability compared to UAC.
    But on the security side, LUA/SUA is a real security boundary, while UAC is not.

    To Safeguy, I believe a major concern in this forum is the fact that many focus on theoretical threats (Which may become real, but not yet) and forget about simple yet effective protections against real threats. Worse, it ends up advising complex solutions as a cure for everything while simple steps towards real security are more effective in regards to what can be found in the wild.

    BTW, MSE is a brilliant light and simple antivirus. Combined with a secure windows setup (understand with SUA), and the new generation of IE browsers, Microsoft is succeeding to increase drastically the security of its OS.
     
  5. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    moved back to mse and yea I must say improvement improvement improvement :) :thumb:
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    And, what theoretical threats would those be? Are you referring to malware installing to user-space?
     
  7. Luxeon

    Luxeon Registered Member

    Joined:
    Mar 20, 2007
    Posts:
    128
    Forgive my ignorance, Lucy....but, what is "SUA?"
     
  8. brainrb1

    brainrb1 Registered Member

    Joined:
    Mar 15, 2010
    Posts:
    491
  9. ReverseGear

    ReverseGear Guest

    Err whats the diff between sua and lua ?!
     
  10. AdamL

    AdamL Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    116
    Location:
    France/Fife
    I believe they are the same thing o_O
     
  11. brainrb1

    brainrb1 Registered Member

    Joined:
    Mar 15, 2010
    Posts:
    491
    According to Microsoft...
    administrator:Administrators have complete access to the computer and can make any changes.
    Standard: Standard account users can use most software and change system settings that do not affect the security or other computer users.
    Guest:For users who don't have a permanent account on your computer, network, or domain. It allows people to use your computer without having access to your personal files unless you allow this account to share a file or folder. People using the guest account can't install software or hardware, change settings, or create a password.
     
  12. dan323

    dan323 Registered Member

    Joined:
    Jun 16, 2010
    Posts:
    55
    I downloaded MSE 2.0 on my desktop.My daughter uses for school. It really works good. I did hav Norton on there but the pc is a 4 gig ,XP ,2.0 ghz machine. For whatever reason the former did not like it. MSE works great,it was an easy install and very low on resources. For the older machines I think this is best. I did try other security software but they all dragged on the system.

    Win XP
    4 gig ram
    2.4 ghz
    SAS
    Hitman pro
    Mbam
    keyscramble pro
     
  13. doc77

    doc77 Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    55
    Regarding that prevx blog.....its the local security policy combined with the LUA that makes it so much more powerful than 3rd party tools (including prevx).

    Back on topic, I'm running MSE 2.0 on wifes new Windows7 laptop, along applocker and Win7 Firewall control. Runs like a dream.
     
  14. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    SUA is the new name for Vista and above. LUA is the old name for XP and below.
     
  15. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    That was my point. Yes, people should use LUA, but not solely rely on it for everything. There must exist a security policy combined with as you well mention.

    And, as a way of returning back to the topic, yes MSE really runs great. I've also installed it to some relatives. They've never been happier. No resource hog, at all.
     
  16. ReverseGear

    ReverseGear Guest

    thanx for explaining
     
  17. Chris _MS_

    Chris _MS_ Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    9
    Back to the original topic, a rootkit usually doesn't have to wait until a version update; it can be handled in a definition update. A non-detected malware can be submitted at https://www.microsoft.com/security/portal/Submission/Submit.aspx

    Here's an extra tip: You'll notice in the submission page, there's a place where you can sign in. If you sign in, you can track the status of your submission. If you're signed in when you submit, you get higher priority because we know you're interested in checking back on your submission.
     
  18. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    I used to do this a year or so ago. Some tickets would get a response within a few hours, the rest are still open, over a year later. I gave up wasting my time on reporting since I'm not paid. :)
     
  19. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,351
    I have some simple questions:

    1 - MSE has a web filter?
    2 - If you have, is fully compatible with IE9 64Bit?
    3 - It updates automatically? With what frequency?

    I thank those who respond.
     
  20. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    MSE2 uses the Windows Filtering Platform for filtering network activity which as far as I'm aware, avoids the need for browser specific code.
     
  21. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,351
    Thanks, was very helpful!

    But the updates, you know answer me?
     
  22. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    #2 Yes it is
    #3 Once a day
     
  23. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    AFAIK, by default it checks for updates once a day? Just as what happened with version 1.
    But, you can create a scheduled task to update more frequently. It seems that Microsoft provides definitions updates three times a day. You could schedule a task (with Windows Scheduler, for example) to update 8 in 8 hours, if your computer/internet connection is turned on 24 hours. Otherwise, see what scheduling would fit better.
     
  24. DBone

    DBone Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    1,041
    Location:
    SoCal USA
    MSE's 1 time per day updating is puzzling to me. MSE says it's up to date, even if there are updates waiting for it to download at the next check. That doesn't make sense to me? If MSE only needs 1 update a day to be "up to date", then why does MS put out 2,3,4 updates per dayo_O

    Why doesn't MS put out 1 update a day, and then MSE could download that update, and it would truly be up to date each day. MS feels that multiple daily updates are essential (or they wouldn't produce them), yet they program their AV to work the vast majority of the time, out of date.

    Something seems wrong here.
     
  25. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Microsoft Forefront for businesses. I personally don't actually care how many times it updates, AV shouldn't be your first line of defense, only a backup.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.